Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.IF-RFC8210 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2018-12-19 ÃÑÆäÀÌÁö 49
ÇѱÛÇ¥Áظí HTTP¸¦ À§ÇÑ »óÈ£ ÀÎÁõ ÇÁ·ÎÅäÄÝ
¿µ¹®Ç¥Áظí Mutual Authentication Protocol for HTTP
Çѱ۳»¿ë¿ä¾à º» Ç¥ÁØ¿¡¼­ Á¦¾ÈÇÏ´Â »óÈ£ ÀÎÁõ ÇÁ·ÎÅäÄÝÀº ¾ÏÈ£ ÀÎÁõÀ» À§ÇÑ °­·ÂÇÑ ¾Ïȣȭ ¼Ö·ç¼ÇÀ¸·Î, ¾Æ·¡ µÎ °¡Áö ÁÖ¿ä ±â´ÉÀ» Á¦°øÇÑ´Ù.

o ¾ÏÈ£ Á¤º¸°¡ ÀüÇô ±³È¯µÇÁö ¾Ê´Â´Ù. ¼­¹ö¿Í »ç¿ëÀÚ°¡ ¼­·Î ÀÎÁõÇÏÁö ¸øÇϸé, ÇÁ·ÎÅäÄÝÀº »ç¿ëÀÚÀÇ ¾ÏÈ£¿¡ ´ëÇÑ °¡Àå ÀÛÀº Á¤º¸µµ Ç¥½ÃÇÏÁö ¾Ê´Â´Ù. À̸¦ ÅëÇØ, ÇÇ½Ì °ø°ÝÀÌ ¹ß»ýÇÏ´õ¶óµµ ¸ðµç Á¾·ùÀÇ ¿ÀÇÁ¶óÀÎ ¾ÏÈ£ »çÀü °ø°ÝÀ» ¹æÁöÇÒ ¼ö ÀÖ´Ù.

o ¼º°øÀûÀ¸·Î ÀÎÁõÇϱâ À§Çؼ­, Ŭ¶óÀ̾ðÆ®¿Í ¼­¹ö°¡ À¯È¿ÇÑ µî·ÏµÈ ÀÚ°Ý Áõ¸í (ÀÎÁõ ºñ¹Ð)À» ¼ÒÀ¯ÇØ¾ß ÇÑ´Ù. ÀÌ´Â ÇÇ½Ì °ø°ÝÀÚ°¡ »ç¿ëÀÚ¸¦ ¼Ó¿©¼­ "ÁøÂ¥" ¼­¹ö¶ó°í »ý°¢Çϵµ·Ï ¼ÓÀÏ ¼ö ¾øÀ½À» ÀǹÌÇÑ´Ù. (Basic ¶Ç´Â Digest ÀÎÁõÀ» »ç¿ëÇÏ´Â ¼­¹ö´Â ½ÇÁ¦·Î ÀÎÁõÀ» È®ÀÎÇÏÁö ¾Ê°í ¸ðµç Ŭ¶óÀ̾ðÆ®¿¡°Ô "¿¹"·Î ÀÀ´äÇÒ ¼ö ÀÖ´Ù) Ŭ¶óÀ̾ðÆ®´Â Åë½Å ÁßÀÎ ´ë»óÀÌ Á¤¸» ÀÚ½ÅÀÇ °èÁ¤À» µî·ÏÇÑ "¼­¹ö"ÀÓÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. Áï, ¼­¹ö¿Í Ŭ¶óÀ̾ðÆ® °£¿¡ »óÈ£ ÀÎÁõÀ» Á¦°øÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à The Mutual authentication protocol, as proposed in the standard, is a strong cryptographic solution for password authentications. It mainly provides the following two key features.

o No password information at all is exchanged in the communications. When the server and user fail to authenticate with each other, the protocol will not reveal even the tiniest bit of information about the user's password. This prevents any kind of offline password dictionary attacks, even with the existence of phishing attacks.

o To successfully authenticate, the server, as well as client users, must own the valid registered credentials (authentication secret). This means that a phishing attacker cannot trick users into thinking that it is an "authentic" server. (It should be pointed out that this is not true for Basic and Digest authentication; for example, servers using Basic authentication can answer "YES" to any clients without actually checking authentication at all.) Client users can ascertain whether or not the communicating peer is truly "the server" that registered their account beforehand. In other words, it provides "true" mutual authentication between servers and clients.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.IF-RFC8210.pdf TTAE.IF-RFC8210.pdf            

ÀÌÀü
IMT-2000 3GPP - À̵¿ ¹«¼± ÀÎÅÍÆäÀ̽º °èÃþ 3 - ºÎ°¡¼­ºñ½º ±Ô°Ý; Æ÷¸Ë°ú ÄÚµù (R7)
´ÙÀ½
IMT-2000 3GPP-IP ¸ÖƼ¹Ìµð¾î ÇٽɸÁÀ» »ç¿ëÇÏ´Â ÇÁ·¹Á𽺠¼­ºñ½º; 3´Ü°è(R7)