Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Analysis of Security Threats and Security Requirements on the Designated PC Solution

  • Lee, Kyungroul (R&BD Center for Security and Safety Industries (SSI), Soonchunhyang University) ;
  • Lee, Sun-Young (Dept. of Information Security Engineering, Soonchunhyang University) ;
  • Yim, Kangbin (Dept. of Information Security Engineering, Soonchunhyang University)
  • Received : 2015.08.10
  • Accepted : 2017.04.25
  • Published : 2017.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we analyse security threats and security requirements about the designated PC solution which restricts usable PCs that are only an user own PCs or a registered PC for online banking or very important services. Accordingly, causable threats of the designated PC solution are classified a process, a network layer, a software module, and an environment of platform, and we draw security requirements based on analysed security threats. Results of this research are considered utilization of criteria for improving security of the designated PC solution and standards for giving hint of imposition of the designated PC solution.

Keywords

References

  1. Financial Security Agency(FSA), "Issue Report", 2012(1), Jan. 2012
  2. Su-Mi Lee and Jarmo Seung, "Domestic Electronic Financial Status and Classification of Security Threats", Review of Korea Institute of Information Security and Cryptology(KIISC), 21(7), pp. 53-61, Nov. 2011
  3. Neowiz games corporaion, "Internet connection blocking method through a fixed PC service using an IP address and hardware information", G06F 21/20, Nov. 2011
  4. Kyungroul Lee and Kangbin Yim, "A Guideline for the Fixed PC Solution", In proceedings of Smart Convergence Technologies and Applications(SCTA), pp. 74-76, Aug. 2012
  5. Telecommunications Technology Association(TTA), "Security Requirement for Virtual Keyboard", TTAK.KO-12.0180, Dec. 2011
  6. Mikro Tik, "Packet Sniffer", Mikro Kifls SIA, 2004
  7. Jung-Yoon Kim and Hyoung-Kee Cho, "Weaknesses of the new design of wearable token system proposed by Sun et al.", Journal of the Korea Institute of Information Security and Cryptology(KIISC), 20(5), pp. 81-88, Oct. 2010
  8. YoungJae Maeng and DaeHun Nyang, "An Analysis of Replay Attack Vulnerability on Single Sign-On Solutions", Journal of the Korea Institute of Information Security and Cryptology(KIISC), 18(1), pp. 103-114, Feb. 2008
  9. Yang-Seo Choi and Dong-Il Seo, "Privacy information exposure techniques and countermeasures through Social engineering attacks", Review of Korea Institute of Information Security and Cryptology(KIISC), 16(1), pp. 40-48, Feb. 2006
  10. Dong Hwi Lee, Kyong-ho Choi, Dong Chun Lee, Kuinam J. Kim, and Sang Min Park, "Intelligence Report and the Analysis Against the Phishing Attack Which Uses a Social Engineering Technique", Journal of Information and Security by Korea Information Assurance Society(KIAS), 6(4), pp. 171-177, Dec. 2006
  11. Byung-Tak Kang and Huy Kang Kim, "A study on the vulnerability of OTP implementation by using MITM attack and reverse engineering", Journal of the Korea Institute of Information Security and Cryptology(KIISC), 21(6), pp. 83-99, Dec. 2011
  12. Woochan Hong, Kwangwoo Lee, Seungjoo Kim, and Dongho Won, "Vulnerabilities Analysis of the OTP Implemented on a PC", Journal of the Korea Information Processing Society(KIPS) Transactions: Part C, 17-C(4), pp. 361-370, Aug. 2010
  13. Kyungroul Lee, Hyeungjun Yeuk, Habin Yim, and Kangbin Yim, "Security Assessment of the Designated PC Solution", The Korean Institute of Smart Media(KISM) Spring Conference, Apr. 2015
  14. Hyeungjun Yeuk, Kyungroul Lee, Habin Yim, and Kangbin Yim, "An Analysis of the Vulnerability of the Designated PC solution", The Korean Institute of Smart Media(KISM) Spring Conference, Apr. 2015
  15. Jonghoi Kim, Jinyoung Lee, and Seong-Je Cho, "A New Malware Propagation Technique based on the Send Function Hooking and Its Countermeasure", Journal of Korean Institute of Information Scientists and Engineers(KIISE): System and theory, 38(4), pp. 178-185, Aug. 2011
  16. Kangwon Lee, Kyungroul Lee, Jaecheon Byun, Sunghoon Lee, Hyobeom Ahn, and Kangbin Yim, "Extraction of Platform-unique Information as an Identifie", Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Application(JoWUA), 3(4), pp.85-99, Dec. 2012
  17. Jong-Ik Shim, Tae-Kyou Park, and Jin-Tae Kim, "Protecting Memory of Process Using Mandatory Access Control", Journal of the Korea Institute of Maritime Information & Communication Sciences, 15(9), pp. 1947-1954, Sep. 2011 https://doi.org/10.6109/jkiice.2011.15.9.1947
  18. Kyung-Roul Lee and Kang-Bin Yim, "A New Analysis Method for Packed Malicious Codes", Journal of the Korea Navigation Institute(KONI), 16(3), pp. 488-494, Jun. 2012
  19. Non Thiranant, Yvonne Tan Ying Hui, Taeyong Kim, and HoonJae Lee, "Challenge-Response Authentication with a Smartphone", In Proceedings of the Korea Society of Computer & Information(KSCI), 20(2), pp. 187-190, Jul. 2012
  20. Woongryul Jeon, Jeeyeon Kim, Youngsook Lee, and Dongho Won, "Analysis of Threats and Countermeasures on Mobile Smartphone", Journal of the Korea Society of Computer & Information(KSCI), 16(2), pp.153-163, Feb. 2011. https://doi.org/10.9708/jksci.2011.16.2.153
  21. Seong-Yoon Shin and Kang-Ho Lee, "A Study of Definition of Security Requirements on Encryption and Audit Logging", Journal of the Korea Society of Computer & Information(KSCI), 19(9), pp.85-91, Sep. 2014. https://doi.org/10.9708/jksci.2014.19.9.085
  22. Jae-Chan Moon and Seong-Je Cho, "Vulnerability Analysis and Threat Mitigation for Secure Web Application Development", Journal of the Korea Society of Computer & Information(KSCI), 17(2), pp.127-137, Feb. 2012. https://doi.org/10.9708/jksci.2012.17.2.127
  23. Mi-Og Park, "Weaknesses Cryptanalysis of Khan's Scheme and Improved Authentication Scheme preserving User Anonymity", Journal of the Korea Society of Computer & Information(KSCI), 18(2), pp.87-94, Feb. 2013. https://doi.org/10.9708/jksci.2013.18.2.087
  24. Young-Back, Sung-Soo Kim, Kyung-Ho Chung, Soo-Yong Kim, Tae-Jin Yun, and Kwang-Seon Ahn, "A Vulnerability Analysis of Multi-Context RFID Mutual Authentication Protocol", Journal of the Korea Society of Computer & Information(KSCI), 18(10), pp.71-80, Oct. 2013. https://doi.org/10.9708/jksci.2013.18.10.071