Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

User Integrated Authentication System using EID in Blockchain Environment

블록체인 환경에서 EID를 이용한 사용자 통합 인증 시스템

  • Received : 2020.01.02
  • Accepted : 2020.03.06
  • Published : 2020.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Centralized systems in computing environments have various problems, such as privacy infringement due to hacking, and the possibility of privacy violations in case of system failure. Blockchain, one of the core technologies for the next generation of converged information, is expected to be an alternative to the existing centralized system, which has had various problems. This paper proposes a blockchain-based user authentication system that can identify users using EID in an online environment. Existing identification (ID)/password (PW) authentication methods require users to store personal information in multiple sites, and receive and use their respective IDs. However, the proposed system can be used without users signing up at various sites after the issuing of an EID. The proposed system issues an EID with a minimum of information, such as an e-mail address and a telephone number. By comparing the stability and efficiency of a centralized system, the proposed integrated authentication system proved to be excellent. In order to compare stability against existing systems, we chose attack methods and encroachments on the computing environment. To verify efficiency, the total throughput between the user's app, the issuance and certification-authority's servers, and the service provider's servers was compared and analyzed based on processing time per transaction.

기존의 컴퓨팅 환경에서 사용되는 중앙 집중형 시스템은 해킹에 의한 개인정보 침해 사례와 시스템 장애 발생시 가용성 침해 문제 등의 다양한 문제점을 가지고 있다. 현재 신뢰받는 차세대 융합 정보 핵심 기술 중 하나인 블록체인은 다양한 문제점을 가지고 있던 기존의 중앙 집중형 시스템의 대안 기술로 기대 되고 있으며, 블록체인 환경에 맞는 사용자 인증 시스템의 필요성이 증가 하고 있다. 본 논문은 온라인 환경에서 EID를 이용하여 사용자 식별이 가능한 블록체인 기반의 사용자 통합 인증 시스템을 제안한다. 기존 ID/PW 인증 방식은 사용자가 여러 사이트에 개인정보를 저장하고 각각의 ID를 발급 받아 사용해야 한다. 그러나 제안하는 시스템은 EID 발급 후 여러 사이트에서 회원가입 없이 사용이 가능하다. 제안 시스템은 이메일 및 전화번호 등 최소한의 정보로 EID를 발급한다. 기존 중앙 집중형 시스템과 제안하는 통합 인증 시스템의 안정성과 효율성을 비교하여 우수함을 입증하였다. 컴퓨팅 환경에서 발생하는 공격방법과 침해 요소를 선택하여 기존 시스템과의 안정성을 비교 하였다. 또한 효율성의 검증을 위하여 인증과정에서 발생하는 사용자의 App, 발행 및 인증기관의 서버, 서비스 제공기관 서버 사이의 총 처리량을 트랜잭션 당 처리시간으로 비교 분석하였다.

Keywords

References

  1. J. C. Park, "A Secure Single Sign-On Scheme across Multiple Allied Websites using Smartphones". Journal of Security Engineering, Vol.14, No.3, pp. 189-204, 2017. DOI: http://dx.doi.org/10.14257/jse.2017.06.01
  2. Y. Choi, H. Kwon, "A Study on Legal Issues between the Application of Blockchain Technology and Deletion and the Third Party Supply of Personal Information", Journal of the Korea Institute of Information Security & Cryptology, Vol.28, No.6, pp.1607-1621, 2018. DOI: https://doi.org/10.13089/JKIISC.2018.28.6.1607
  3. S. J. Han, S. T. Kim, S. Y. park, "A GDPR based Approach to Enhancing Blockchain Privacy", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.19, No.5, pp.33-38, 2019. DOI: https://doi.org/10.7236/JIIBC.2019.19.5.33
  4. S. G. Moon, M. S. Kim, H. J. Kim, "Design of an Integrated University Information Service Model Based on Block Chain", Journal of the Korea Academia-Industrial cooperation Society Vol. 20, No. 2 pp. 43-50, 2019. DOI: https://doi.org/10.5762/KAIS.2019.20.2.43
  5. M. J. Cho, C. H. Lee, "Access Control Mechanism for Industrial Control System Based Smart Contract", Journal of The Korea Institute of Information Securty & Cryptology, Vol.29, No.3, pp.579-588, 2019. DOI: https://doi.org/10.13089/JKIISC.2019.29.3.579
  6. S. D. Yoo, "A Study on Consensus Algorithm based on Blockchain", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.19, No.3, pp.25-32, 2019. DOI: https://doi.org/10.7236/JIIBC.2019.19.3.25
  7. J. K. Lee, J. G. Son, H. M. Kim, H. K. Oh, "An Authentication Scheme for Providing to User Service Transparency in Multicloud Environment", Journal of The Korea Institute of Information Security & Cryptology, Vol.23, No.6, pp.1131-1141, Dec 2013. DOI: https://doi.org/10.13089/JKIISC.2013.23.6.1131
  8. H. Kim, I. Lee, "A Study on Secure and Improved Single Sign-On Authentication System against Replay Attack", Jr. of the Korea Institute of Information Security & Cryptology, Vol.24, No.5, pp.769-780, 2014. DOI: https://doi.org/10.13089/JKIISC.2014.24.5.769
  9. Security Technology Research Team, Comparison of Changes and Characteristics of Identity Information Management Types, Security Research Department, Financial Security Agency, Korea, pp.1-6, 2017.
  10. BSI, Common Criteria Protection Profile-Machine Readable Travel Document with ICAO Application, Extended Access Control with PACE(EAC pp), BSI-PP-0017, Version1.3.0, 20th January 2012.
  11. Gaurav S.,Kcand Paul A.,Karger, Security and privacy issues in machine readable travel documents(MRTDs), IBM Technical Report(RC 23575), IBM T.J, Watson Research Labs, Apr 2005.
  12. BSI, Advanced Security Mechanisms Machine Readable Travel Documents - Extended Access Control(EAC), Version 2.05, TR-03110, 2010.
  13. NIST. "FIPS Publication186-1:Digital Signature Standard(DS-S)", November 2008.
  14. G. W. Kuk, Application Cases by Blockchain Technology and Industry Sectors, Weekly ICT Trends, Institute of Information & Communications Technology Planning & Evaluation, Vol.1900, pp.13-27, 2019.
  15. Y. J. Lee, Taeyeol Jeon.. "An Fingerprint Authentication Model of ERM System using Private Key Escrow Management Server", Journal of the Korea Academia-Industrial, Vol.20, No.6, pp.1-8. 2019. DOI: https://doi.org/10.5762/KAIS.2019.20.6.1
  16. J. H. Jang, S. H. Song, S. T. Kim, "A Survey on Blockchain Platforms for Supply Chain Management", The Journal of The Institute of Internet, Broadcasting and Communication, Vol.18, No.5, pp.259-265, 2019. DOI: https://doi.org/10.7236/JIIBC.2018.18.5.259