Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Design of Smart Banking System using Digital Signature based on Biometric Authentication

바이오인증 기반의 전자서명을 이용한 스마트 뱅킹 시스템 설계

  • Received : 2015.08.21
  • Accepted : 2015.09.11
  • Published : 2015.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.

최근 공인인증서 유출 사고가 급증하고 있으며 이로 인한 전자금융사기가 빈번하게 일어나고 있다. 공인인증서와 개인키는 파일 형태로 존재하여 접근이 용이하고 쉽게 복사가 가능하기 때문에 PC의 하드디스크나 이동식디스크 등에 저장해두는 경우 악성코드에 의한 파밍, 피싱, 스미싱 등의 해킹 공격에 의하여 유출될 위험이 높다. 따라서 안전한 저장매체인 보안토큰, 저장토큰 등을 권고하고 있지만 분실 위험, 비용 문제 등의 이유로 실제로 사용하는 사람은 소수에 불과하다. 본 논문에서는 이러한 문제를 해결하고 단점을 보완하기 위하여 인증서와 개인키를 인증기관에서 보관하도록 하고 사용자는 본인 소유의 단말에서 바이오인증절차를 거쳐 인증기관에게 기기 고유 식별자와 인증토큰을 전달함으로써 인터넷 뱅킹을 위한 본인확인 및 전자서명을 수행할 수 있는 시스템을 제안한다. 제안하는 시스템은 인증서 비밀번호 입력 없이 바이오인증만으로 인증기관을 통하여 전자서명을 수행할 수 있어 기존 시스템에 비하여 서비스 이용이 간편하며 키로깅, 저장매체 분실, 인증서 유출 등의 위협요소를 무력화시킴으로써 안전한 인터넷 뱅킹 환경을 제공한다.

Keywords

References

  1. Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), ANSI X9.31-1988, September 1998.
  2. Korea Internet & Security Agency, Research on the Actual condition of Electronic Signature System usage, Dec. 2013.
  3. Financial Security Agency, Financial sector encryption technology Administration Guide, Jan. 2010.
  4. Korea Internet & Security Agency, "KCAC.TS.CM-Certificate Management in Mobile Device" v1.30, Feb, 2012.
  5. Korea Internet & Security Agency, "KCAC.TS.UI-User Interface Specification for the Interoperability between Accredited Certification Authorities", v2.10, Apr. 2015.
  6. Korea Internet & Security Agency, "KCAC.TS.CMPAccredited Certificate Management Protocol Specification", v1.21, Sep. 2009.
  7. National Assembly, "Digital Signature Act(DSN)", Mar, 2013.
  8. S.R. Cho, D.S. Choi, S.H. Jin, H.H. Lee, "Passwordless Authentication Technology-FIDO", Electronics and Telecommunications Trends, Vol. 29, No. 4, pp.101-109, Aug. 2014.
  9. RSA, "PKCS #5 v2.0 : Password-Based Cryptography Standard", Mar. 1999.
  10. S.O. Hwang, "On the Security Proof of the Cramer-Shoup Public Key Cryptosystem," The Journal of The Institute of Webcasting, Internet Television and Telecommunication, Vol. 8, No. 6, pp. 15-20, 2008.
  11. Jong-Gun Song, Tae-Yong Kim, Hoon-Jae Lee, Won-Tae Jang, "A new password authentication scheme using two-way password in Smartphone Banking," The Journal of The Institute of Webcasting, Internet and Telecommunication, VOL. 12, No. 3, pp. 195-200, 2012. DOI: http://dx.doi.org/10.7236/JIWIT.2012.12.3.195
  12. Min-Sup Kang, "Design of Security-Enhanced RFID Authentication Protocol Based on AES Cipher Algorithm," The Journal of The Institute of Webcasting, Internet Television and Telecommunication Vol. 8, No. 6, pp. 83-89, 2012.
  13. Soeui Kim, Duri Choi, Beongku An, "Detection and Prevention Method by Analyzing Malignant Code of Malignant Bot," The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 13 No. 2, pp. 199-207, 2013. DOI: http://dx.doi.org/10.7236/JIIBC.2013.13.2.199
  14. Jang-Il Kim, Hee-Seok Lee, Yong-Gyu Jung, "Malware Behavior Analysis based on Mobile Virtualization," The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 15 No. 2, pp. 1-7, 2015. DOI: http://dx.doi.org/10.7236/JIIBC.2015.15.2.1
  15. Jae-Kwan Choi, Ki-Young Lee, "Design and Implementation of the Security System using RFID and Biometric Information," The Journal of The Institute of Webcasting, Internet and Telecommunication, Vol. 10, No. 6, pp. 251-256, 2010.
  16. Farkhod Alisherov, "The Security in the Vehicular Ad Hoc Network (VANET) Using Expedite Message Authentication Protocol (EMAP)," Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, ISSN:2383-5281, Vol. 1 No. 1, pp. 99-106, Dec. 2011. DOI: http://dx.doi.org/10.14257/AJMAHS.2011.12.03"
  17. C.-W. Park, J.-W. Son, H.-K. Hwang, K.-C. Kim, "Detection of systems infected with C&C Zeus through technique of Windows API hooking," Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology, Vol. 5 No. 2, pp. 297-304, Apr. 2015. DOI: http://dx.doi.org/10.14257/AJMAHS.2015.04.11