Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Status and Future of Security Techniques in the Internet Banking Service

인터넷 뱅킹 서비스 보안기술의 현황과 미래

  • Lee, Kyungroul (R&BD Center for Security and Safety Industries (SSI), Soonchunhyang University) ;
  • Yim, Kangbin (Dept. of Information Security Engineering, Soonchunhyang University) ;
  • Seo, Jungtaek (Dept. of Information Security Engineering, Soonchunhyang University)
  • Received : 2017.02.01
  • Accepted : 2017.03.02
  • Published : 2017.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

As Internet banking service became popular, many users can exchange goods by online. Even though this advantage, there are incident cases in the Internet banking service due to security threats. In order to counteract this problem, various security techniques have been applied over whole area in the Internet banking service. Therefore, we described that analyzed results of security techniques applied in the financial institutions area and network communication area in this paper. We consider that this paper will be useful as a reference to protect security threats occurred by insiders and vulnerabilities in implementation.

인터넷 뱅킹 서비스가 보편화되면서 많은 사용자들이 온라인을 통한 재화의 교환이 가능하였다. 하지만 이러한 이점에도 불구하고 인터넷 뱅킹 서비스에서 존재하는 보안위협에 의하여 사고사례가 지속적으로 발생하는 실정이다. 이러한 문제점을 보완하기 위하여 인터넷 뱅킹 서비스의 전 구간에 걸쳐 다양한 보안기술이 적용되었으며, 본 논문에서는 금융기관 구간과 네트워크 구간에 적용된 보안기술에 대한 조사 결과를 서술한다. 본 논문의 결과를 통하여 내부자에 의하여 발생하는 피해사례와 구현과정에서의 취약점으로 인하여 발생하는 위협에 대응하기 위한 참고 자료로써 활용 가치가 있을 것으로 사료된다.

Keywords

References

  1. Jaemo Seung, "Effective Electronic Financial Security Response System by Analyzing Domestic and International Electronic Financial Security Policies", Interdisciplinary Program of Information Security Graduate School of Chonnam National University, PH.D. thesis, Feb. 2011. http://www.riss.kr/search/detail/DetailView.do?p_mat_type=be54d9b8bc7cdb09&control_no=4cf156faf6a619d7ffe0bdc3ef48d419#redirect
  2. Financial Security Agency(FSA), "Technical report of information leakage threats and countermeasures", research report, 2010(13), Dec. 2010.
  3. National law information center, "Guidelines for the protection of integrated information and communication facilities", Retrieved Feb., 15, 2017, from http://www.law.go.kr/LSW/admRulInfoP.do?admRulSeq=2000000070960
  4. Financial Security Agency(FSA), "DoS/DDoS attack countermeasure guidelines", research report, 2007(01), Oct. 2007.
  5. Hyung-Ik Lee, "A Study on Real-time IP Blocking System about prevent of Internet Banking Fraud", Master's Thesis, Graduate School of Engineering & Technology, Korea University, Aug. 2010. http://www.riss.kr/link?id=T12167198
  6. K. Lee, J. Byun, M. Park, and K. Yim, "A Search-Mask Technique on Privacy-Severe Web Contents", Proceedings of the 2nd International Conference on Internet(ICONI), pp.809-810, Dec. 2010.
  7. Jae-Chul Park, "Detection and classification of web-based attack for security of internet banking", Review of the Korea Institute of Information Security and Cryptology(KIISC), 18(5), pp.62-72, Oct. 2008. http://www.dbpia.co.kr/Journal/ArticleDetail/NODE01075878
  8. D. E. Denning, "An Intrusion-Detection Model", Journal of the IEEE Transactions on Software Engineering, SE-13(2), pp.222-232, Feb. 1987. https://doi.org/10.1109/TSE.1987.232894
  9. C. Kruegel and G. Vigna, "Anomaly detection of web-based attacks", Proceedings of the 10th ACM Conference on Computer and Communications Security(ACM CCS), pp.251-261, Oct. 2003. https://doi.org/10.1145/948109.948144
  10. M. Roesch, "Snort: Lightweight Intrusion Detection for Networks", Proceedings of the 13th USENIX Conference on System Administration, pp.229-238, Nov. 1999. http://static.usenix.org/publications/library/proceedings/lisa99/full_papers/roesch/roesch.pdf
  11. Financial Security Agency(FSA), "DB encryption trend and security technology", research report, 2012(3), Sep. 2012.
  12. Financial Security Agency(FSA), "E-finance new authentication technology", research report, Mar. 2011.
  13. Financial Security Agency(FSA), "Comparison and analysis of BCP(Business Continuity Planning) of financial sector in major countries", research report, 2013(2), Jul. 2013.
  14. Kyungroul Lee, Kangbin Yim, et al., "Implementation of large-capacity secure storage system for backing up confidential information based on USB 3.0", Small and Medium Business Administration, research report, May. 2012.
  15. Jinwoo Lee, Junghyun Nam, Seungjoo Kim, and Dongho Won, "Present and Future of SSL/TLS, and WTLS", Review of Korea Institute of Information Security and Cryptology(KIISC), 14(4), pp.27-36, Aug. 2004. http://www.dbpia.co.kr/Journal/ArticleDetail/NODE00897965
  16. Telecommunications Technology Association(TTA), "Security Threats Analysis and Management Methods in Electronic Financial Services", Technical report TTAR-12.0008, Dec. 2011. http://www.tta.or.kr/data/ttas_view.jsp?rn=1&pk_num=TTAR-12.0008
  17. Financial Security Agency(FSA), "Application guide for end-to-end encryption", Security guide, 2007(2), Oct. 2007.
  18. Jeong-Hoon Jeo, "A study on the classification systems of domestic security fields", Journal of the Korea Society of Computer and Information, 20(3), pp.81-88, Mar. 2015. https://doi.org/10.9708/jksci.2015.20.3.081
  19. Jeong-hoon Jeon, Chnag Hoon Ahn, and Sang-Choon Kim, "Study on the physical vulnerability factors in the convergence IT environment", Journal of the Korea Convergence Security Association, 16(1), pp.59-68, Feb. 2016. https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART002087087
  20. Han-na You, Jae-Sik Lee, Jung-Jae Kim, Jae-Pio Park, Moon-Seog Jun, "A Study on the Two-channel Authentication Method which Provides Two-way Authentication using Mobile Certificate in the Internet Banking Environment", Journal of the Korean Institute of Communications and Information Sciences (KICS), 36(8), pp.939-946, Aug. 2011. https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001585271 https://doi.org/10.7840/KICS.2011.36B.8.939
  21. Sang-ho Lee, Sung-ho Kim, Jeon-il Kang, Je-sung Byun, Dea-hun Nyang, Kyung-hee Lee, "A Method of Enhancing Security of Internet Banking Service using Contents-Based CAPTCHA", Journal of the Korea Institute of Information Security & Cryptology (KIISC), 23(4), pp.571-583, Aug. 2013. https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART001795943 https://doi.org/10.13089/JKIISC.2013.23.4.571

Cited by

  1. Classification and Analysis of Security Techniques for the User Terminal Area in the Internet Banking Service vol.2020, pp.None, 2020, https://doi.org/10.1155/2020/7672941