Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Security System using Protocol-Based Security Module for Secure Data Transmission in Web Environment

웹 환경에서 안전한 데이타 전송을 보장하는 프로토콜 기반의 보안 모듈에 근거한 보안 시스템

  • 장승주 (동의대학교 컴퓨터공학과) ;
  • 임동훈 (경상대학교 통계정보학과)
  • Published : 2002.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.

본 논문은 웹 시스템 환경에서 안전한 데이타 전송을 만족하는 Protocol-Based Security Module(PBSM) 구조를 제안한다. PBSM 구조는 크게 두개의 모듈로 구성된다. 하나는 웹 서버에서 동작하는 Web Server Sorority Module(WSSM)이고, 다른 하나는 클라이언트에서 동작하는 Winsock Client Security Module(WSCSM)이다. WSCSM 보안 모듈은 WSSM으로부터 받은 암호된 메시지를 정상적인 메시지로 변환하여 웹 브라우저에 나타나게 한다. WSSM 보안 모듈은 HTML 파일에 대한 암호화(Encryption)기능과 WSCSM 모듈로부터 받은 Common Gateway Interface(CGI) 데이타에 대한 복호화 기능을 가지고 있다. PBSM 보안 시스템의 보안 정확성을 검증하기 위하여 정형화 분석 기법을 이용했다.

Keywords

References

  1. 김병천, 이경호, 박성준, 원동호, '전자 서명 방식의 구현 및 성능분석', 제4회 통신정보 합동학술대회 논문집, pp.662-666, 1994
  2. W. Diffie and M. E.Hellman, 'New directions In cryptography,' IEEE Trans. on Information Theory IT-22 No.6, pp.644-654, 1976
  3. Warwick Ford, Michael S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall, 2000
  4. Niemeyer, R.E., 'Using Web technologies in two MLS environments: a security analysis,' Computer Security Applications Conference, 1997. Proceedings, 13th Annual, Page(s): 205-214, 1997 https://doi.org/10.1109/CSAC.1997.646191
  5. 박일환, 장청룡, 원동호, '증명이 가능한 전자서명기법', 한국통신정보보호학회 논문지, 제4권/1호, pp.41-50, 1994
  6. Lala, C,; Panda, B., 'Evaluating damage from cyber attacks: a model and analysis Systems, Man and Cybernetics,' Part A, IEEE Transactions on, Volume: 31 Issue: 4, Page(s): 300-310, July 2001 https://doi.org/10.1109/3468.935047
  7. Lincoln D. Stein, Web Security: A Step-by-Step Reference Guide, Addison-Wesley, 1999
  8. Donna Woouteiler, Web Security; A Matter of Trust, O'Reilly & Associates, 1997
  9. Younglove, R.W., 'IP security: what makes it work?,' Computing & Control Engineering Journal, Volume: 12 Issue: 1 , Pagers): 44-46, Feb 2001 https://doi.org/10.1049/cce:20010107
  10. Rubin, A.D.; Geer, D.E., Jr., 'A survey of Web security,' Computer, Volume: 31 Issue: 9, Page(s): 34-41, Sept. 1995 https://doi.org/10.1109/2.708448
  11. A.O. Frier, P. Karlton, and P.C. Kocher, The SSL protocol version 3.0, dratt-ietf-tls-ssl-version3-00.txt, November 18, 1996
  12. Wangham, M.S.; Lung, L.C. Westphall, C.M.; Fraga, J,S. 'Integrating SSL to the JaCoWeb security framework: project and implementation,' Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on, Page(s): 779-792, 2001 https://doi.org/10.1109/INM.2001.918080
  13. Gutzmann, K, 'Access control and session management in the HTTP environment,' IEEE Internet Computing, Volume:5 Issue: 1 , Page(s): 26-35, Jan.-Feb. 2001 https://doi.org/10.1109/4236.895139
  14. Debary, P.; Caswell, D., 'Uniform Web presence architecture for people, places, and things,' IEEE Personal Communications, Volume: 8 Issue: 4, Page(s): 46-51, Aug. 2001 https://doi.org/10.1109/98.944003
  15. Anup K. Ghosh, E-Commerce Security: Weak Links, Best Defenses, John Wiley & Sons, 1995
  16. Liu, S.; Sullivan, J.: Ormaner, J' 'A practical approach to enterprise it security,' IT Professional, Volume: 3 Issue: 5, Page(s): 35-42, Sep/Oct 2001 https://doi.org/10.1109/6294.952979
  17. D.L.Dill., 'The Murpi verification system,' In Computer Aided Verification 8th International Conference, pages 390-403, 1996 https://doi.org/10.1007/3-540-61474-5_86
  18. 염흥렬, '전자 서명 방식 고찰,' 한국통신정보보호학회 학회지, 제3권/2호, pp.7-18. 1993
  19. R.C. Merkle and M. E. Hellman 'Hiding Information and signatures in trap-door knapsacks,' IEEE Trans. On Information Theory IT-24, No.5 pp.525-530, 1978
  20. K. Nyberg and R. A. Rueppel, 'Message recovery for signature scheme based on the discrete logarithm problem,' Eurocrypt'94 Proceedings, Springer-Verlag, 1995 https://doi.org/10.1007/BFb0053434
  21. Ronald L. Rivest, Adi Shamir, Len Adelman, 'On Digital Signatures and Public Key Crypto systems,' MIT Labatory for Computer Science Technical Memorandum 82, 1972
  22. S. C. Pohlig and M. E. Hellman, 'An improved algorithm for computing logarithm over GF(p) and its cryptographic significance,' IEEE Trans. on Information Theory IT -24, No.5, pp.106-110, 1978
  23. R. L. Rivest, A. Shamir and L. Adleman, 'A method of obtaining digital signature and public key cryptosystem,' ACM Communication 21 No.2, pp.120-126, 1978 https://doi.org/10.1145/359340.359342
  24. Mohammed J. Kabir, 'Apache Server Bible,' IDG Books Worldwide, 1998
  25. Bob Quinn, Dave Shute, Windows Sockets Network Programming, Addison-Wesley, 1995