Analyzing Security of Korean USIM-Based PKI Certificate Service
نویسندگان
چکیده
This paper analyzes security of Korean USIM-based PKI certificate service. Korean PKI certificate consists of public key and password encrypted private key on disk. Due to insufficient security provided by single password, Korean mobile operators introduced USIM-based PKI system. We found several vulnerabilities inside the system, including private key’s RSA prime number leakage during certificate installation. We also suggest possible improvments on designing secure authentication system (Preliminary work of this paper was published previously [1]. This work was responsibly disclosed to the vendor and associated government
منابع مشابه
Privacy-awareness in Blockchain-based PKI
Conventional public key infrastructure (PKI) designs are not optimal and contain security flaws; there is much work underway in improving PKI. The properties given by the Bitcoin blockchain and its derivatives are a natural solution to some of the problems with PKI in particular, certificate transparency and elimination of single points of failure. Recently-proposed blockchain PKI designs are b...
متن کاملEfficient and User Friendly Inter-domain Device Authentication/Access Control for Home Networks
Device authentication can reinforce the security of the home network services by ensuring that only specific authorized devices by specific authorized users can access the services. And it is also a mandatory technology for context-aware services in which users are not participant in the service flow. In this paper, we propose a device authentication and access control scheme based on two-layer...
متن کاملA Know ledge -Based Approach to Inte rne t Auth orization Using PKI
In this paper, a knowledge-based approach to Internet authorizations is proposed by using Public-Key Infrastructure (PKI) based digital certificates, trust models, Role-Based Access Control (RBAC), and intelligent backtracking. Security policies are expressed as the rules in a knowledge base. An inference engine is utilised to evaluate policies, dynamically assign roles to Internet users, and r...
متن کاملA Secure Access Control Mechanism Web Service-based in Extended Organization PKI Networks
Organizations use PKI (Public Key Infrastructures) to support internal business processes, but some businesses have industrial partnerships with others, and these alliances can exploit B2B (Business to Business) e-commerce capabilities by connecting corporate PKI. The paper deals with two methods to realize access control in extended organization PKI business processes: BCAs (Bridge Certificati...
متن کاملA hybrid approach to secure hierarchical mobile IPv6 networks
Establishing secure access and communications in a hierarchical mobile IPv6 (HMIPv6) network, when a mobile node is roaming into a foreign network, is a challenging task and has so far received little attention. Existing solutions are mainly based on public key infrastructure (PKI) or identity-based cryptography (IBC). However, these solutions suffer from either efficiency or scalability proble...
متن کامل