DOI QR코드

DOI QR Code

A Study on Definitions of Security Requirements for Identification and Authentication on the Step of Analysis

분석단계 보안에서 식별 및 인증의 보안 요건 정의에 대한 연구

  • Shin, Seong-Yoon (Dept. of Computer Information Engineering, Kunsan National University)
  • 신성윤 (군산대학교 컴퓨터정보공학과)
  • Received : 2014.06.26
  • Accepted : 2014.07.30
  • Published : 2014.07.31

Abstract

TIn analysis as the first step of S/W development, security requirements of identification and authentication, ID and password management, authentication process, authentication method, ete. should be defined. Identification is to uniquely identify certain users and applications running on a certain system. Authentication means the function to determine true or false users and applications in some cases. This paper is to suggest the security requirements for identification and authentication in analysis step. Firstly, individual ID should be uniquely identified. The second element is to apply the length limitations, combination and periodic changes of passwords. The third should require the more reinforced authentication methods besides ID and passwords and satisfy the defined security elements on authentication process. In this paper, the security requirements for the step of identification and authentication have been explained through several practical implementation methods.

S/W 개발의 첫 번째 단계인 분석 단계에서는 식별 및 인증 요건 정의 원칙, 아이디 및 패스워드 관리 요건, 인증 프로세스 요건, 그리고 인증수단 요건 등에 관한 보안 요건들을 정의해야 한다. 식별은 어떤 시스템의 사용자나 시스템에서 실행 중인 애플리케이션을 특유하게 식별하는 기능을 말한다. 인증은 사용자나 애플리케이션이 진짜인지 가짜인지를 실제 예를 들어서 밝혀내는 기능을 말한다. 본 논문에서는 분석 단계의 이러한 식별 및 인증의 보안 요건을 제시한다. 첫째, 각자 가지고 있는 개별 ID는 유일하게 식별되어야 한다는 것이다. 둘째, 패스워드는 길이제한 및 표준 조합을 적용해야 하며, 주기적으로 변경해 줘야 한다는 것이다. 셋째, ID/PW 이외의 보다 강화된 인증 방식을 제공해야 하며, 인증 프로세스는 정의된 보안 요건을 만족해야 한다. 본 논문에서는 식별 및 인증단계의 보안 요건들을 실제 구현 방법을 들어 설명하고 있다.

Keywords

References

  1. http://terms.naver.com/entry.nhn?docId=2073350&cid=208&categoryId=208#TABLE_OF_CONTENT1
  2. http://northface32.blog.me/50120464405
  3. http://cafe.naver.com/softwarequality/book1621832/758
  4. http://www.cyworld.com/B166er/6718585
  5. Daniel D. Lam, "Automated user authentication identification for customized converged services, " US Patent, US 8650628 B2, 2014
  6. Sviatoslav Voloshynovskiy, Oleksiy Koval, Thierry Pun, "Secure item identification and authentication system and method based on unclonable features," US Patent, US 8705873 B2, 2014
  7. Won-Hee Nam, Dea-Woo Park, "A Study on Cloud Network and Security System Analysis for Enhanced Security of Legislative Authority, " The Journal of the Korean Institute of Information and Communication Engineering, Vol. 15, No. 6, pp. 1320-1326, 2011. 6 https://doi.org/10.6109/jkiice.2011.15.6.1320
  8. G. McGraw, "Software assurance for security, " IEEE Computer, vol. 32, pp. 103-105, Apr. 1999. https://doi.org/10.1109/2.755011
  9. Yoon Jae-Ho, "A Study on Identification & Authentication in Enrollment Systems," Thesis of Master of Engineering, Dept. of Graduate School of Sejong University, 2004
  10. Yoon-Su Jeong, "Design of Patient Authentication Model in u-healthcare Environment using Coalition ID," Jouranl of Digital Convergence Vol. 11, No. 3, pp. 3-5-310, 2013. 2 https://doi.org/10.14400/JDPM.2013.11.3.305
  11. Jonghoon Lee, Jungsoo Park, Seung Wook Jung, Souhwan Jung, "The Authentication and Key Management Method based on PUF for Secure USB," J-KICS, Vol. 38B, No. 12, pp. 944-953, 2013.12 https://doi.org/10.7840/kics.2013.38B.12.944
  12. Seong-Yoon Shin, Dai-Hyun Jang, Hyeong-Jin Kim, "A Study on Security Measure of Step-Wise Project," Journal of the Korea Institute of Information and Communication Engineering, Vol. 18, No. 4, pp. 771-778, Apr. 2012

Cited by

  1. 안정적인 DB보안 시스템 구축을 위한 보안기술요소 분석에 관한 연구 vol.19, pp.12, 2014, https://doi.org/10.9708/jksci.2014.19.12.143