Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89
-
pISSN : 1975-7700 / eISSN : 2734-0570
- https://journal.kci.go.kr/kkits
KJCKorea
Journal Central
Analysis and Evaluation of a Need of Safeguard in Korean’s Internet Banking Based on PDR Matrix
- Journal of Knowledge Information Technology and Systems
- Abbr : JKITS
- 2016, 11(2), pp.119-154
- Publisher : Korea Knowledge Information Technology Society
- Research Area : Interdisciplinary Studies > Interdisciplinary Research
- Published : April 30, 2016
허건일 1, Chang Min Park 2, Huy-Kang Kim 3
1고려대학교 정보보호대학원
2웹케시 정보보호센터
3고려대학교
Accredited
ABSTRACT
Complaints among users have increased because of insufficient explanation about safeguard and forced use of safeguard. Someone has said that Internet banking safeguard(hereafter safeguard) is unnecessary because large-scale Internet banking fraud has happened continuously although financial companies have taken complaints among users lying down. But this is a misconception that people try to couple inconvenience caused by ActiveX with use of safeguard. We should judge necessity of respectively safeguard based on objective capacity and interrelation, as opposed to safeguard is unnecessary because of inconvenience. Therefore in this paper we analyzed and evaluated existing domestic safeguard’s necessity based on PDR matrix namely, information security lifecycle which is classified Prevention, Detection, Response and six of Internet banking threats(account theft, public certificate snatch, malware infection, input data modification, input data snatch, phishing/pharming). This made us identify four overlapped sections and two empty sections of safeguard and know that all safeguards are certainly necessary except graphic authentication in P section of account theft and phishing/pharming, phishing prevention program in P section of phishing/pharming in case of overlapped section by evaluating their capacity. But we recognized a gap between the findings of our research and user’s thought by surveying Internet banking users. So we proposed three ways to narrow the gap such as giving specific information regarding Internet banking threat and safeguard to user, giving information considered user’s level to user, guaranteeing user’s a choice regarding use of safeguard.
Statistics
-
1,067 Viewed
-
144 Downloaded
Tools
Issue List
Citation status
* References for papers published after 2023 are currently being built.
[journal]
C. A. Kim
/ 1999
/ Change of the export regulation policy of the cryptographic product in United States
/ Information Society Development
224(11-1)
: 44~47
[web]
/ 2015
/ SEED
/ https://seed.kisa.or.kr/iwt/ko/sup/EgovSeedInfo.do
[other]
Korea Internet & Security Agency
/ 2014
/ Internet 30th anniversary, 2012 Korea Internet White Paper
[journal]
J. K. Yoo.
/ 2010
/ Application of security technology for Internet banking compatibility
/ Payment and Information Technology
41
: 59~84
[other]
/ 2014
/ Joint ministries concerned, Countermeasure for simplifying payment in e-commerce
[other]
/ 2015
/ Financial Services Commission, Action plan in 2015
[other]
/ 2014
/ National Assembly, Partial revision of Electronic Financial Transaction Act
[other]
/ 2015
/ Financial Services Commission, Notification 2015-3rd
[other]
/ 2015
/ Financial Services Commission, Notification 2015-7th
[other]
/ 2015
/ Ministry of Science, ICT and future planning, Countermeasure for improving use of ActiveX in private
[web]
Microsoft
/ 2015
/ MBrowser: Microsoft Edge and Internet Explorer 11
/ https://technet.microsoft.com/en-us/library/mt156988(v=vs.85).aspx
[web]
/ 2014
/ The Final Countdown for NPAPI
/ http://blog.chromium.org/2014/11/the-finalcountdown-for-npapi.html
[web]
/ 2015
/ Danish Bankers Association
/ http://www.finansraadet.dk/en/Facts-and-figures/Pages/Statistics-and-figures/Online-bank-hackings-–-Statistics.aspx
[other]
/ 2013
/ Telecommunication Financial Fraud Prevention Council, Comprehensive countermeasure for preventing telecommunication financial fraud
[web]
/ 2015
/ Safe internetbanking.be
/ https://www.safeinternetbanking.be/en/figures/cases-fraud
[web]
/ 2015
/ Dutch Basnking Association
/ http://www.nvb.nl/thema-s/veiligheid-fraude/166/fraude.html
[other]
/ 2015
/ Financial Fraud Auctoin UK, Fraud the facts 2015
[other]
Bruce Schneier
/ 2000
/ The process of security
[other]
James LaPiedra
/ 2001
/ The information security process - prevention, Detection and response
/
[other]
CBSS
/ 2014
/ A Resource guide for BANK EXECUTIVES
[journal]
이상진
/ 2007
/
Internet Banking Service Vulnerability Analysis and Security Solution
/ 융합보안 논문지
/ 한국융합보안학회
7(2)
: 119~128
[journal]
S. Y. Kim
/ 2009
/ E-banking fraud’s type and countermeasure
/ Payment and Information Technology
38
: 34~62
[other]
/ 2011
/ Telecommunications Technology Association, Analysis and management of e-commerce service’s threat
[journal]
S. M. Lee.
/ 2011
/ Current status of e-commerce and classification of security threat in domestic
/ Review of The Korea Institute of Information Security & Cryptology
21(7)
: 53~61
[journal]
L. Peotta.
/ 2011
/ A formal classification of internet banking attacks and vulnerabilities
/ International Journal of Computer Science &Information Technology
3(1)
[web]
Ministry of Science
/ 2015
/ ICT and Future Planning, We intend to increase information security industry in earnest as creative economy’s blue ocean
/ http://www.msip.go.kr/web/msipContents/contents.do?mId=NzM=
[web]
/ 2015
/ Telecommunications Technology Association
/ http://www.tta.or.kr/index.jsp
[web]
/ 2015
/ The Tolly Group
/ http://www.tolly.com/Default.aspx
[web]
/ 2015
/ National Software Testing Laboratories
/ http://www.intertek.com/it
[web]
/ 2015
/ ICSA Labs
/ https://www.icsalabs.com
[web]
/ 2015
/ NSS Labs
/ https://www.nsslabs.com/
[web]
/ 2015
/ RFC 2544 - Benchmarking Methodology for Network Interconnect Devices
/ https://www.ietf.org/rfc/rfc2544.txt
[web]
/ 2015
/ RFC 3511 - Benchmarking Methodology for Firewall Performance
/ https://tools.ietf.org/html/rfc3511
[web]
/ 2015
/ Performance Measurement Methodologies for Network Security Devices(TTAS_KO-12_0044)
/ http://www.tta.or.kr/data/weeklyNoticeView.jsp?pk_num=1876&nowSu=211&search=&data=&totalSu=1&ag_code=0000100004
[book]
H. S. Kim.‚
/ 2010
/ On the security of internet banking in South Korea
/ Computing Science Group
[journal]
C. S. Weir.
/ 2010
/ Usable security : User preferences for authentication methods in eBanking and the effects of experience
/ Interacting with Computers
22(3)
: 153~164
[other]
/ 2007
/ Genise, and Pauline, Usability evaluation:methods and techniques: Version 2.0
[web]
/ 2015
/ KB Kookmin Bank’s Secrutiy Center
/ https://obank.kbstar.com/quics?page=osecure
[web]
/ 2015
/ Standard Chartered Bank’s security program installation
/ https://open.standardchartered.co.kr/service/programInstall?P_name=IPInside&url=https%3A%2F%2Fopen.standardchartered.co.kr%2Flogin%2Findex%3FredirectURL%3D%2Fservice%2FH93301%3Fmenuid%3DOIB08060500000
[web]
/ 2015
/ Shinhan Bank’s Security Center
/ http://cs.shinhan.com/cs_index.jsp
[web]
/ 2015
/ KEB Bank’s Security Center
/ http://www.keb.co.kr/
[web]
/ 2015
/ Woori Bank’s Security Center
/ https://spot.wooribank.com/pot/Dream?withyou=CQSCT0001
[web]
/ 2015
/ Hana Bank’s Security Center
/ http://www.hanabank.com/nhana/smartbk/smartbk06/smartbk061/CaCus000201/index.jsp
[web]
/ 2015
/ Citibank’s Security Center
/ http://www.citibank.co.kr
[web]
/ 2015
/ Kyongnam Bank’s Security Center
/ http://www.knbank.co.kr/knbweb/knbweb.jsp?w2xPath=/xml/cust/security/SCN-HO-34010100.xml
[web]
/ 2015
/ Kwangju Bank’s Security Center
/ http://www.kjbank.com/banking/index.jsp
[web]
/ 2015
/ Daegu Bank’s Security Service
/ https://www.dgb.co.kr/com_ebz_hlp_main.act
[web]
/ 2015
/ Busan Bank’s Security Service
/ https://www.busanbank.co.kr/ib20/mnu/BHPCSC352000001
[web]
/ 2015
/ JB Bank’s Security Center
/ https://www.jbbank.co.kr/
[web]
/ 2015
/ Jeju Bank’s Security Center
/ https://www.e-jejubank.com/JeJuBankInfo.do
[web]
/ 2015
/ Industrial Bank of Korea’s Security Center
/ http://www.ibk.co.kr/common/navigation.ibk?linkUrl=/financetech/efinance/safe/safe_main.jsp&pageId=SC00000000
[web]
/ 2015
/ NH Bank’s Security Center
/ https://banking.nonghyup.com/so/jsp/initech/sandbox/index.jsp
[web]
/ 2015
/ Suhyup Bank’s Security Service
/ https://www.suhyup-bank.com
[web]
/ 2015
/ National Forestry Cooperatives Federation’s Banking Security Center
/ http://banking.nfcf.or.kr/index.jsp
[web]
/ 2015
/ MG Community Credit Cooperatives’ PC Security Service
/ http://www.nprotect.co.kr/service/kfcc
[web]
/ 2015
/ National Credit Union Federation of Korea’s Additional Service
/ https://openbank.cu.co.kr
[web]
/ 2015
/ KoreaPostBank
/ http://www.epostbank.go.kr
[web]
/ 2015
/ AhnLab Online Security 2.0
/ http://www.ahnlab.com/kr/site/product/productView.do?prodSeq=34
[web]
/ 2015
/ nProtect Netizen v5.5
/ http://www.nprotect.com/index.html
[web]
/ 2015
/ Raonsecure USIM Smart Authorization
/ http://www.usimcert.com
[web]
/ 2015
/ Wizvera Safehard
/ https://www.safehard.co.kr
[web]
/ 2015
/ Mirageworks’ public certification protection technology based Sandbox
/ http://www.mirageworks.co.kr/Solutions/Certlocker.aspx
[web]
/ 2015
/ FlyHigh’s public certification storage technology based CPU
/ https://www.facebook.com/myflyhigh
[web]
/ 2015
/ OPEN WEB nFilter of NSHC
/ http://www.nshc.net/wp/portfolio-item/open-web-nfilter/
[web]
/ 2015
/ GOTP of DigitalZone
/ http://www.doculink.co.kr/service_03_GOTP.html
[web]
/ 2015
/ Dementor Web of Dementor
/ http://www.dementor.co.kr/
[web]
/ 2015
/ TouchEn key of Raonsecure
/ http://touchen.raonsecure.com/pc/pc_01.php
[web]
/ 2015
/ SecureKeyStroke of SoftCamp
/ http://www.softcamp.co.kr/sub/sub_2_7.php
[web]
/ 2015
/ NaRu of Wizvera
/ http://www.wizvera.com/naru.html
[web]
/ 2015
/ INISAFE Sandbox of INITECH
/ http://www.initech.com/www/html/inisafe/goMenu3_19_1.html
[web]
/ 2015
/ iFDS of INTEREZEN
/ http://www.interezen.co.kr/izh6/1_product/p_ipinside_ifds.jsp
[web]
/ 2015
/ nProtect SecuLogMaster of INCA In tern et
/ http://www.nprotect.com/index.html
[web]
/ 2015
/ Real IP of KTB Solution
/ http://www.ktbsol.co.kr
[web]
/ 2016
/ Microsoft Cryptographic Service Providers
/ https://msdn.microsoft.com/ko-kr/library/windows/desktop/aa386983(v=vs.85).aspx
[web]
/ 2016
/ RSA Laboratories, PKCS #11:Cryptographic Token Interface Standard
/ http://germany.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm
[web]
PC/SC Workgroup
/ 2016
/ PC/SC Workgroup Specifications Overview
/ http://www.pcscworkgroup.com/specifications/overview.php
[web]
I. S. Kim
/ 2016
/ The time is for Transaction Singing OTP in July
/ http://www.etnews.com/20160125000271
[web]
GReAT
/ 2014
/ Use the force Luuuk
/ https://securelist.com/blog/incidents/63704/use-the-force-luuuk/
[web]
D. Venkatesan.
/ 2016
/ android.Bankosy: All ears on voice call-based 2FA
/ http://www.symantec.com/connect/blogs/androidbankosy-all-ears-voice-call-based-2fa
[other]
McAfee
/ 2014
/ McAfee Labs Threat Advisory -PWS-Zbot
[web]
Y. C. Lee
/ 2015
/ Virtual keyboard is bypassed RCS in 31 of 35 financial corporations
/ http://www.thescoop.co.kr/news/articleView.html?idxno=17500
[web]
S. H. Kwon
/ 2015
/ The attacker stole 26million won from victim’s account by applying call forwarding
/ http://www.yonhapnews.co.kr/bulletin/2015/02/23/0200000000AKR20150223017751060.HTML
[web]
E. S. Kang
/ 2014
/ SMS authorization code is abused in smishing
/ http://www.dt.co.kr/contents.html?article_no=2014030302010660800002
[web]
D. W. Kim
/ 2015
/ Bank’s public certification must be stored in HSM
/ http://www.edaily.co.kr/news/NewsRead.edy?SCD=JA21&newsid=03112726609404344&DCD=A00102&OutLnkChk=Y
[journal]
Y. G. Jung
/ 2015
/ Recent trend and improvement of OTP authorization technology
/ Payment and Information Technology
61
: 30~69
[journal]
A. Rosenan
/ 2006
/ Protecting our keystrokes
/ THE ISSA(Information Systems Security Association) JOURNAL
[journal]
M. Seese
/ 2008
/ Beating a keystroke logger on a public PC
/ THE ISSA(Information Systems Security Association)JOURNAL
[other]
/ 2008
/ AhnLab, White paper - AhnLab online security white paper ver. 1.0.1
/
[web]
M. K. Gil
/ 2015
/ The finishing up of pharming technique for stealing financial information
/ http://www.dailysecu.com/news_view.php?article_id=8530
[web]
Comodo SSL
/ 2016
/ Kind and price of SSL Certification
/ https://www.comodossl.co.kr/products/ssl-certificate.aspx
[web]
/ 2016
/ FIDO Alliance
/ https://fidoalliance.org
[web]
J. W. Lee
/ 2015
/ Combination public certification based PKI and biometric
/ http://www.dt.co.kr/contents.html?article_no=2015120702101560813001
[other]
/ 2015
/ Financial Services Commission, Regular press conference related financial reform
[journal]
G. Lindsey.
/ 1999
/ Willingness to pay for urban greenway projects
/ Journal of the American Planning Association
65(3)
: 297~313
[web]
Bank of America
/ 2016
/ Online Banking Security from Bank of America
/ https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/online-bankingsecurity.go
[web]
NAVER
/ 2016
/ Easy version of privacy policy
/ https://nid.naver.com/user2/privacycenter/info.nhn?m=viewTermOfUseSimple
[web]
NAVER
/ 2016
/ Infographic of privacy policy
/ https://nid.naver.com/user2/privacycenter/info.nhn?m=viewInfoGraphic
[other]
Frontier Economics
/ 2013
/ Reducing violence and aggression in A&E: Through a better experience
[web]
/ 2016
/ Markit Hub
/ https://www.hub.com/hub/?loginfailed=true
[web]
/ 2016
/ Shinhan Bank’s Digital Kiosk
/ http://mbank.shinhan.com/pages/financialInfo/electronic_finance/Digital_Kiosk.jsp
[web]
/ 2016
/ Industrial Bank of Korea’s Security Center Weekly Hot News
/ http://blog.ibk.co.kr/1827
[web]
/ 2016
/ Introduction to Institution of Smart OTP and Fingerprint Authorization Service
/ https://open.hanabank.com/contents/customer/news/1416933_93638.jsp?Ctype=B&cid=OpenB_main_Center&oid=1416933
[web]
/ 2016
/ Chip Guard OTP Display Card
/ http://www.surepassid.com/why-we-are-unique/multi-factor-authentication-mfa/otp-display-cards/
[web]
/ 2016
/ Woori Bank’s one touch remote control
/ https://spib.wooribank.com/pib/Dream?withyou=PSBKM0147
[web]
/ 2016
/ Digital Hyundai Card
/ https://www.hyundaicard.com/cpl/en/CPLEN0501_01.hc