Case study of the vulnerability of OTP implemented in internet banking systems of South Korea
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Yoo, Changsok | - |
dc.contributor.author | Kang, Byung-Tak | - |
dc.contributor.author | Kim, Huy Kang | - |
dc.date.accessioned | 2021-09-04T16:24:41Z | - |
dc.date.available | 2021-09-04T16:24:41Z | - |
dc.date.created | 2021-06-18 | - |
dc.date.issued | 2015-05 | - |
dc.identifier.issn | 1380-7501 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/93665 | - |
dc.description.abstract | The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking services. However, attack methods which can detour OTP have been developed that additional security for OTP is now needed. In this study, we discovered that a new kind of attack through OTP is theoretically possible through an analysis of the currently implemented OTP system and known attack methods. Based on our theory, we tested the new attack method on Korean internet banking services, and empirically proved that it could effectively detour around all of the currently implemented OTP security systems in Korea. To prevent this, we also suggested solutions based on the root cause analysis of the OTP vulnerabilities. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | SPRINGER | - |
dc.title | Case study of the vulnerability of OTP implemented in internet banking systems of South Korea | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Kim, Huy Kang | - |
dc.identifier.doi | 10.1007/s11042-014-1888-3 | - |
dc.identifier.scopusid | 2-s2.0-84929521524 | - |
dc.identifier.wosid | 000354493000003 | - |
dc.identifier.bibliographicCitation | MULTIMEDIA TOOLS AND APPLICATIONS, v.74, no.10, pp.3289 - 3303 | - |
dc.relation.isPartOf | MULTIMEDIA TOOLS AND APPLICATIONS | - |
dc.citation.title | MULTIMEDIA TOOLS AND APPLICATIONS | - |
dc.citation.volume | 74 | - |
dc.citation.number | 10 | - |
dc.citation.startPage | 3289 | - |
dc.citation.endPage | 3303 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Theory & Methods | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.subject.keywordAuthor | OTP (one time password) | - |
dc.subject.keywordAuthor | Man-in-the-middle attack | - |
dc.subject.keywordAuthor | Reverse engineering | - |
dc.subject.keywordAuthor | Internet banking | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.