DOI QR코드

DOI QR Code

탈중앙화 신원증명에 기반한 본인 인증 모델

A Model for Self-Authentication Based on Decentralized Identifier

  • 김호윤 (동명대학교 컴퓨터미디어공학과) ;
  • 한군희 (백석대학교 컴퓨터공학부) ;
  • 신승수 (동명대학교 소프트웨어융합보안학과)
  • Kim, Ho-Yoon (Dept. of Computers & Media Engineering, Tongmyong University) ;
  • Han, Kun-Hee (Division of Computer Engineering, Baekseok University) ;
  • Shin, Seung-Soo (Dept. of Software Convergence Security, Tongmyong University)
  • 투고 : 2021.09.13
  • 심사 : 2021.11.20
  • 발행 : 2021.11.28

초록

인터넷이 발달하면서 온라인에서 나를 증명하는 사용자 인증기술은 고도화되고 있다. 기존 ID 방식은 서비스 제공자가 개인정보를 관리하며 보안이 취약할 경우 개인정보 유출의 위협이 있고, 정보 주체가 서비스 제공자에게 있다. 본 연구에서는 온라인 신분 확인 기술이 발전함에 따라 중앙집중 형식에서 오는 개인정보 유출 위협을 낮추고 사용자 주권 강화를 위한 DID 기반 본인 인증 모델을 제안한다. 제안 모델은 발행기관으로부터 발급받은 VC를 통해 사용자가 직접 개인정보를 관리하고 정보 주제가 사용자에게 있어 주권을 강화할 수 있다. 연구 방법으로는 분산원장 기술을 기반으로 한 탈중앙화 신원증명 방법을 이용하여 보안성과 무결성을 보장하는 본인 인증 모델을 제시하고, 공격방식에 대한 보안성을 분석한다. 공개키 암호 알고리즘을 사용하는 DID Auth를 통해 인증하여 스니핑, 중간자공격 등으로부터 안전하며 제안 모델은 실물 신분증을 대체할 수 있다.

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

키워드

과제정보

This research was supported by the BB21plus funded by Busan Metropolitan City and Busan Institute for Talent & Lifelong Education(BIT).

참고문헌

  1. J. Fang, C. Yan & C. Yan. (2009). Centralized Identity Authentication Research Based on Management Application Platform. First International Conference on Information Science and Engineering, 2292-2295.
  2. D. Choi, S. Jin & H. Yoon. (2007). Trust Management for User-Centric Identity Management on the Internet. IEEE International Symposium on Consumer Electronics, 1-4.
  3. W. Li & C. J. Mitchell. (2020). User Access Privacy in OAuth 2.0 and OpenID Connect. IEEE EuroS&PW. DOI : 10.1109/eurospw51379.2020.00095
  4. Y. Kortesniemi, D. Lagutin, T. Elo & N. Fotiou (2019). Improving the Privacy of IoT with Decentralised Identifiers (DIDs). Journal of Computer Networks and Communications, 1-10. DOI : 10.1155/2019/8706760
  5. M. H. Rhie, K. H. Kim, D. Y. Hwang & K. H. Kim. (2021). Vulnerability Analysis of DID Document's Updating Process in the Decentralized Identifier Systems. 2021 International Conference on Information Networking (ICOIN), 517-520. DOI : 10.1109/icoin50884.2021.9334011
  6. Sovrin Protocol and Token White Paper. (2018). Sovrin. (Online). https://sovrin.org/wp-content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf
  7. What is self-sovereign identity. (2018). Sovrin. (Online). https://sovrin.org/faq/what-is-self-sovereign-identity
  8. GDPR. (2018). General Data Protection Regulation. (Online). https://gdpr.eu/tag/gdpr/
  9. M. Chisholm. (2018). California Consumer Privacy Act of 2018 vs. GDPR. (Online). https://www.firstsanfranciscopartners.com/blog/california-consumer-privacy-act-of-2018-vs-gdpr
  10. L. Determann. (2018). California Privacy Law : Practical Guide and Commentary U.U. Federal and California Law. International Association of Privacy Professionals (IAPP). (Online). https://iapp.org/media/pdf/publications/IAPP-California-Privacy-Law-2018-SAMPLE.pdf
  11. L. Determann. (2018). Analysis: The California Consumer Privacy Act of 2018. (Online). https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/
  12. J. K. Lee. (2020). Hyperledger Fabric Configuration and Channel Development Case Study for Google Cloud-based Distributed Ledger Processing. Korean Association Of Computers And Accounting, 18(1), 19-39.
  13. W. Y. Hwang & H. K. Kim. (2020). A Study on Implementation of BlockChain Voting System using Hyperledger Fabric. Korea Information Electron Communication Technology, 13(4), 298-305.
  14. Decentralized identity Foundation. (2019). DIF. (Online). https://identity.foundation
  15. W3C DID WG. (2019). W3C. (Online). https://www.w3.org/2019/did-wg
  16. C. Brunner, U. Gallersdorfer, F. Knirsch, D. Engel & F. Matthes. (2020). DID and VC: Untangling Decentralized Identifiers and Verifiable Credntials for the Web of Trust. International Conference on Blockchain Technology and Applications (ICBTA 2020), 61-66. DOI : 10.1145/3446983.3446992
  17. S. R. Cho, Y. S. Cho & S. H. Kim. (2016). Introduction to FIDO 2.0 Universal Certification Technology. Korea Institute Of Information Security And Cryptology, 26(2), 14-19.