This paper analyzes security of Korean USIM-based PKI certificate service. Korean PKI certificate consists of public key and password encrypted private key on disk. Due to insufficient security provided by single password, Korean mobile operators introduced USIM-based PKI system.We found several vulnerabilities inside the system, including private key’s RSA prime number leakage during certificate installation. We also suggest possible improvments on designing secure authentication system (Preliminary work of this paper was published previously [1]. This work was responsibly disclosed to the vendor and associated government organizations.).
CITATION STYLE
Park, S., Park, S., Yun, I., Kim, D., & Kim, Y. (2015). Analyzing security of korean USIM-based PKI certificate service. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8909, pp. 95–106). Springer Verlag. https://doi.org/10.1007/978-3-319-15087-1_8
Mendeley helps you to discover research relevant for your work.