스테가노그라피(은밀통신)를 활용한 공인인증서 심층암호화 방안 연구
- 주제(키워드) 스테가노그라피 , 공인인증서
- 발행기관 고려대학교 공학대학원
- 지도교수 엄두섭
- 발행년도 2010
- 학위수여년월 2010. 8
- 학위구분 석사
- 학과 공학대학원 전자·컴퓨터공학전공
- 원문페이지 63 p
- 실제URI http://www.dcollection.net/handler/korea/000000023215
- 본문언어 한국어
- 제출원본 000045608352
초록/요약
ABSTRACT A Thesis of encryption in-depth on official certificate using Steganography (secret communication) Hwan Kim Advised by Prof. Doo-Seop Eom Dept. of Electronics Computer Engineering Graduate School of Engineering & Technology Korea University For information and communications technology according to the development e-commerce and financial transactions over the Internet have become commonplace. The Internet service is available if the transfer of data sent in plain text can cause problems such as fake and falsification. As a way to solve this problem, public key-based electronic signatures are used. The electronic signature system for e-commerce in the official certificate to confirm the identity of users, document forgery and tampering, repudiation of transactions, such as that for the purpose of a recognized certification authority (CA) issued as electronic information, a sort of cyber dealing Seal certification role. Qualified certificate guarantees the reliability of the information like personal or card information, bank account numbers, etc. on for exchanging. Used as means of personal identification and personal information such as Social Security numbers and are replaced by the official certificate. Certified for safe use of the certificate system, public certificate and private key encryption technology is applied to save the file in the difficult as well as counterfeiting and tampering, the user's private key encryption to establish eight-digit password is used to increase safety. However, despite these security systems certified certificate and private key encryption, passwords, etc. are often stolen by hackers, unauthorized users of the deposits and withdrawals can cause accidents. The fundamental reason for such an accident occurs, the official certificate (certified certificate, private key file) can easily be exposed, and Private-key encryption by password hacking programs such as key-logger are leaked. In this thesis, in order to resolve these vulnerabilities using steganography in-depth public certificate and private key encryption method is presented. Accredited certificate and private key file, hidden in an image file of your choice, make them stego image stored on a hard disk or a removable storage device, an attacker with the malicious purpose of the user's PC, even if the attack is difficult to identify the public certificate file is to make. Even if an attacker to identify the stego image are hidden in a certificate file using the private key password is randomly determined by a random number combined with the certificate file can not be recovered from the stego image characteristics. To verify this, official certificates were stashed it in the image file. Then, Using visual detection and detection tools to detect hidden data, experiments were conducted. Detection results were virtually impossible to detect. The reason is that steganography is the hiding scheme. So. if official certificates are in-depth encrypted using steganography, damage can be significantly reduced
more목차
목 차
Ⅰ. 서론 1
Ⅱ. 스테가노그라피(Steganography) 3
2.1 스테가노그라피 배경 3
2.2 스테가노그라피 개요 4
2.2.1 스테가노그라피 특징 6
2.2.2 스테가노그라피 시스템 프로토콜 8
2.3 스테가노그라피 기법 11
2.3.1 LSB 방법 12
2.3.2 패치워크(patchwork) 방법 13
2.3.3 이미지 다운그레이딩(image downgrading) 방법 14
2.3.4 팔레트 기반 이미지(pallete-based image) 방법 14
2.3.5 양자화와 디더링(dithering) 방법 15
2.4 스테가노그라피 탐지 기법 16
Ⅲ. 공인인증서 시스템의 취약점 분석 19
3.1. 공인인증서 시스템 개요 19
3.1.1. 공인인증서 프로파일 20
3.1.2 개인키 저장 파일 프로파일 21
3.1.3. 사용자 패스워드를 이용한 개인키의 보호 기술 22
3.2 공인인증서 시스템 취약점 24
3.2.1 키로그 해킹을 통한 개인키 암호화 패스워드 획득 25
3.2.2 공인인증서 개인키 암호화 패스워드 검출 27
3.3 2008년 사이버 침해사고 현황 30
3.3.1 웜․바이러스 현황 30
3.3.2 해킹사고 현황 32
3.3.2 해킹사고 분석 33
Ⅳ. 제안하는 공인인증서 심층암호화 방안 34
4.1 스테가노그라피 기반의 공인인증서 심층암호화 34
4.1.1 현재의 공인인증서 발급 절차 36
4.1.2 공인인증서 심층암호화 발급 절차 37
4.2 공인인증서 은닉 도구 및 은닉실험 38
4.2.1 스테가노그라피 은닉 도구 선정 38
4.2.2 샘플을 이용한 공인인증서 은닉 39
4.3 원본 영상과 스테고 영상 비교 43
4.4 은닉된 이미지의 탐지 결과 실험 45
4.4.1 시험그룹(10명)을 이용한 육안 탐지 45
4.4.2 탐지도구(XSteg)를 사용한 스테고 이미지 탐지 46
4.5 탐지 결과에 대한 안전성 고찰 48
4.5.1 스테가노그라피의 강인성 48
4.5.2 안전한 스테가노그라피 사용방법 49
4.5.3 제안방안의 효율성 제고 50
Ⅴ. 결론 51
참고문헌 53
