• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.620-623
• /
• 2022

최근 이메일 해킹사고의 유형을 살펴보면 사회공학적인 기법을 활용한 피싱메일 공격이 대다수를 차지하고 있는 상황이다. 그중 사용자의 패스워드를 빼내기 위한 공격메일이 기존 첨부파일에 악성코드를 삽입해서 보내지는 방식보다 월등히 높아졌다고 할 수 있다. 이는 공격자가 이메일 내용에 관심이 높아진 것으로 이메일은 사용자의 성향, 직업, 라이프스타일 파악뿐만 아니라 해커가 원하는 중요자료가 저장되어 있을 가능성이 매우 높으며 또 다른 공격대상자를 선정할 수 있는 좋은 창구가 될 수 있을 것이기 때문이다. 만일 피싱메일에 노출되어 패스워드가 해커의 손에 넘어 갔다면 많은 보안대책이 무용지물이 된다. 많은 보안 전문가들은 패스워드를 8자리 이상으로 하되 영문대·소문자와 숫자 그리고 특수문자를 포함하고, 사이트별 규칙성이 없이 모두 다르게 설정해야 하며, 정기적으로 바꿔야 한다고 조언한다. 이러한 조언은 패스워드를 크랙할 경우 안전할 수 있지만 요즘처럼 한 개인이 100여개 이상의 사이트에 대한 패스워드를 관리해야 한다면 현실적으로 불가능한 조언이 되고 말 것이다. 이러한 상황에 2017년 6월 미국 국립표준기술연구소(NIST)에서 '특별 간행 800-63-3: 디지털 인증 가이드라인'을 발표하게 된다. 내용은 그동안 보안전문가들이 권고했던 내용과는 많은 차이가 있다. 오히려 자주 바꾸는 것이 문제가 될 수 있다는 내용이다. 자세한 내용은 본 논문에서 살펴보도록 한다. 우리는 스마트폰 등을 사용함으로써 2-Factor인증에 활용하고 있다. 스마트폰 인증의 대표적인 방법은 지문·얼굴인식 등 생체인증 방식을 사용한다. 패스워드 없이도 편리하고 안전하게 인증을 할 수 있다는 점이 장점이다. 이러한 상황에 FIDO라는 인증 프레임워크가 인기를 얻고 있다. FIDO(Fast IDentity Online)는 비밀번호의 문제점을 해결하기 위한 목적으로 FIDO 얼라이언스에 의해 제안된 사용자 인증 프레임워크다. 향후 FIDO로의 대체가 패스워드 문제의 대안이 될 수 있을 것이다. 이제는 패스워드 대신 생체인증 체계로 대체할 수 있는 시대가 되었다고 할 수 있다. 본 논문에서는 패스워드의 문제점을 살펴보고 이를 대체할 수 있는 FIDO기반의 인증체계가 대안이 될 수 있는 근거를 제시하고자 한다.

• Smart Media Journal
• /
• v.6 no.3
• /
• pp.29-40
• /
• 2017

Lately weight for smartphone mounted to function for NFC is increasing, rapidly. Because of this, NFC related technology is made by many companies. We developed Gallery-Auction for security enhancements and new services of NFC-based 2 factor electronic payment system. Enhanced security features development of user authentication module through fingerprint recognition to apply FIDO authentication technology and developed electronic contract voice service of Gallery-Auction using TTS(Text to Speech). Therefore we enhanced convenient and simple authentication method and security through NFC mobile electronic payment.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.373-383
• /
• 2016

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.

• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.183-193
• /
• 2017

Digital accredited certificates issued under the Digital Signature Act provide essential functionalities for online service, so certificates are used for various services such as online banking, e-government. However, certificates can be stolen by hackers and users need to install separate software to use certificates. Recently FIDO, which aims to solve the problems of password-based authentication and the lack of interoperability between authentication methods, is used for biometric authentication and TrustZone, hardware-based secure environment, is used for safe smartphone usage. In this paper, the new service method is suggested which uses FIDO-based biometric authentication and stores certificates in TrustZone. This method can not only improve security and convenience but also be easily applied to the service because it uses built-in functionalities of new smartphones such as biometric sensors and TrustZone. It is expected that people can use certificates in a safe and convenient way with this method.

• TTA Journal
• /
• s.164
• /
• pp.70-75
• /
• 2016

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.879-888
• /
• 2018

Along with the recent worldwide development of fintech, FIDO (Fast IDentity Online) using biometric technology is rapidly growing in the mobile payment market, replacing the existing password system. This FIDO authentication must be processed in a reliable environment that requires high level of security, as sensitive biometrics is being processed. However, this environment is currently dependent on the manufacturer as it is supported by certain hardware on the smartphone. Therefore, this thesis proposes a server-based authentication model using distributed management of compliance based biometric information that can be used universally safely without the need for specific hardware in mobile environments.

• Smart Media Journal
• /
• v.7 no.1
• /
• pp.24-30
• /
• 2018

Acquisition of the FIDO authentication technology in pursuit of improved security function of the NFC-based 2 factor electronic payment system enabled GenoTech Ch., Ltd. to develop its new service, Gallery-Auction, demoed at Daegu Exhibition. The demonstration was followed by the improvement requests in banner creation & installation, changes in UI, changes in order of operation, etc, which were taken into account for the succeeding update. During the second demonstration held at 'Art: Gwangju: 17,' it analyzed and visualized the number of visitors per hour there.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.3
• /
• pp.41-48
• /
• 2017

Recently, there has been a lot of ongoing research regarding financial transactions and payments due to the emergence of financial technology (FinTech). Payments have been processed through cash and credit cards, and payment methods have been simplified and are more convenient, with mobile payment via mobile cards and mobile phones. This study offers a new mobile payment method by using a mobile phone instead of a card reader or terminal. For payments, authentication is processed with the user's biometrics and a built-in fingerprint scanner, and the payment is processed after receiving an authentication code issued by the authorizing institution to confirm the user's identity. User biometrics and payment information is secured from any kind of malicious hacker by saving it in a Fast Identity Online (FIDO) Trusted Execution Environment (TEE) section in a smartphone. Regarding key security, every key is securely created in the FIDO TEE section, providing secure mobile payment by neutralizing various malicious attacks, including sniffing and the man-in-the middle attack.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.129-135
• /
• 2019

Recently, studies have been conducted to improve the m-commerce process in the NFC-based mobile environment and the increase of the number of smart phones built in NFC. Since authentication is important in mobile electronic payment, FIDO(Fast IDentity Online) and 2 Factor electronic payment system are applied. In addition, block-chains using distributed raw materials have emerged as a representative technology of the fourth industry. In this study, for the mobile gallery auction of the traders using NFC embedded terminal (smartphone) in a small gallery auction in which an unspecified minority participates, password-based authentication and biometric authentication technology (fingerprint) were applied to record transaction details and ownership transfer of the auction participants in electronic payment. And, for the cost reduction and data integrity related to gallery auction, the private distributed director block chain was constructed and used. In addition, domestic and foreign cases applying block chain in the auction field were investigated and compared. In the future, the study will also study the implementation of block chain networks and smart contract and the integration of block chain and artificial intelligence to apply the proposed method.

• Smart Media Journal
• /
• v.5 no.2
• /
• pp.77-83
• /
• 2016

Today, the great revolution in all financial industrial such as bank have been progressing through the utilization of IT technology actively, it is called the fintech. In this paper, we draw the draft design of NFC-based electronic payment and coupon system using FIDO framework to apply the 2 factor authentication technique for strength security. In detailed, we will study that the terminal device in front-end will be applied the 2 factor authentication and electric signature, and cloud-based payment gateway in back-end will be applied malicious code detection technique of distributed avoidance type.