DOI QR코드

DOI QR Code

Passwordless Protection for Private Key Using USIM Information

USIM 정보를 활용한 패스워드리스 방식의 개인키 보호 방안

  • Received : 2017.04.28
  • Accepted : 2017.05.08
  • Published : 2017.06.28

Abstract

Despite the opinion that certificate is useless, half of the population in Korea (approx. 35 million) get an certificate, and use it for internet banking, internet shopping, stock trading, and so on. Most users store their certificates on a usb memory or smartphone, and certificates or passwords stored on such storage media can be easily attacked and used to disguise as legitimate users. Due to these security problem of certificate, a various authentication technologies has been proposed such as smartphone owner authentication using SMS, and a personal authentication using biometric authentication. However, a safe technique is not presented yet without user password, and certificate. In this paper, I proposed a method to secure certificate/private key without a user password using a combination of USIM card and smartphone's information. Even if a hacker gets the user password, the certificate, and the private key, he can not use the certificate. User do not need to remember complex password which is a combination of alphabetic / numeric / special characters, and use his certificate safely.

Keywords

Private Key;Certificate;USIM;Smartphone Information;Passwordless

References

  1. 미래창조과학부, "연도별 공인인증서 발급현황," 2016(8).
  2. 한국인터넷진흥원, "15년도 대국민 전자서명 이용실태 조사," 2015(12).
  3. http://www.boannews.com/media/view.asp?idx=37950&kind=3&search=title&find=%BD%BA%B8%B6%C6%AE%C6%F9+%B0%F8%C0%CE%C0%CE%C1%F5%BC%AD, 2013.10.08
  4. http://www.boannews.com/media/view.asp?idx=35172&kind=3&search=title&find=%BD%BA%B8%B6%C6%AE%C6%F9+%B0%F8%C0%CE%C0%CE%C1%F5%BC%AD, 2013.03.13.
  5. 김선주, 조인준, "OTP를 이용한 PKI 기반의 개인 키 파일의 안전한 관리방안," 한국콘텐츠학회논문지, 제14권, 제12호, pp. 565-573, 2014.
  6. 김선주, 조인준, "USB 메모리의 컨테이너ID를 이용한 PKI 기반의 개인키 파일 안전한 관리방안," 한국콘텐츠학회논문지, 제15권, 제10호, pp. 607-615, 2015.
  7. 박영진, 김선종, 이동훈, "인증서와 개인키 유출방지를 위한 보안키 저장소," 정보보호학회 논문지, 제24권, 제1호, pp. 31-40, 2014.
  8. https://ko.wikipedia.org/
  9. http://word.tta.or.kr
  10. http://www.zdnet.co.kr/column/column_view.asp?artice_id=20100401115240&type=det&re=
  11. B. Kaliski, PKCS #8: Private-Key Information Syntax Standard V1.2, RSA Laboratories, 2008.
  12. B. Kaliski, PKCS #5, Password Based Cryptography Standard V2.1, RSA Laboratories, 2000.
  13. 나준채, "차세대 USIM 기술," TTA Journal No. 116 pp. 80-85.
  14. 인선준, "SIM, UIM과 USIM," TTA Journal No. 83 pp. 89-101.
  15. https://namu.wiki/w/IMEI