The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Countermeasures Against Phishing/Pharming via Portal Site for General Users

일반 사용자를 위한 포털 사이트 경유 피싱/파밍 방지 방안

  • 김소영 (서울여자대학교 정보보호학과) ;
  • 강지윤 (KAIST 정보보호대학원) ;
  • 김윤정 (서울여자대학교 정보보호학과)
  • Received : 2015.03.23
  • Accepted : 2015.06.18
  • Published : 2015.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The number of phishing/pharming attacks occurring has increased and consequently, the number of studies on anti-phishing/pharming has also increased. The target sites of phishing/pharming are financial sites, and these have a low connection rate compared to those of portal sites. In this paper, we propose an anti-phishing/pharming method that uses a portal site as a stopover. The proposed method is based on the reliability of portal sites. This method is intended for general users rather than for professional users or developers. We also analyze the safety of the proposed method by separating the method into sub components of module safety assumption.

피싱 및 파밍에 대한 공격이 증가하고 있어, 이를 방지하기 위한 많은 연구들이 진행되어 오고 있다. 피싱/파밍의 대상 사이트는 금융권 사이트 등이며, 이들은 포털 사이트 등에 비하여 사용자의 접속 빈도가 상대적으로 적은 편이다. 본 논문에서는, 포털 사이트가 건전하게 자사의 책임을 다한다는 가정 하에, 포털 사이트를 경유하여 금융권 사이트를 접속함으로써 피싱/파밍을 방지하는 방안을 제안한다. 본 방안은, 개발자나 전문적인 사용자가 아닌, 특별히 일반 사용자를 대상으로 한 피싱/파밍 방지안이라 할 수 있다. 이들 방안의 각 부분별 취약성을 나누어 안전성 분석을 수행함으로써, 본 방지안이 최대로 효과적일 수 있는 환경 분석도 수행하였다.

Keywords

References

  1. Korean National Police Agency, Phishing (2015), Retrieved June 2015, from http://www.police.go.kr/portal/main/contents.do?menuNo=200289
  2. Korean National Police Agency, Pharming (2015), Retrieved June 2015, from http://www.police.go.kr/portal/main/contents.do?menuNo=200288
  3. J.-Y. Kang, J. Yoon, and Y. Kim, "Phishing/ pharming examples and countermeasure analysis," in Proc. KIISE KCC, pp. 738-740, Yeosu, Korea, Jun. 2013.
  4. S. Kim, J. Kang, and Y. Kim, "Security analysis of phishing countermeasures," in Proc. KIISE Winter Conf., pp. 756-758, Pyongchang, Korea, Dec. 2014.
  5. J. S. Shin, "Study on anti-phishing solutions, related researches and future directions," J. The Korea Inst. Inf. Security & Cryptology, vol. 23, no. 6, pp. 1037-1047, Dec. 2013. https://doi.org/10.13089/JKIISC.2013.23.6.1037
  6. J. H. Sa and S. Lee, "Real-time phishing site detection method," J. The Korea Inst. Inf. Security & Cryptology, vol. 22, no. 4, pp. 819-825, Aug. 2012.
  7. M. Lee, H. Lee, and H. Yoon, "An anti-phishing approach based on search engine," in Proc. KIISE KCC, vol. 37, no. 1(D), pp. 121-124, Jeju, Korea, Jun. 2010.
  8. D. Min, T. Shon, and J. Moon, "A study on the phishing attack protection using URL spoofing," J. The Korea Inst. Inf. Security & Cryptology, vol. 15, no. 5, pp. 35-45, Oct. 2005.
  9. J. H. Kim, Y. J. Maeng, D. H. Nyang, and K. H. Lee, "Cognitive approach to anti-phishing and anti-pharming," J. The Korea Inst. Inf. Security & Cryptology, vol. 19, no. 1, pp. 113-124, Feb. 2009.
  10. B. Parno, C. Kuo, and A. Perrig, "Phoolproof phishing prevention," Financial Cryptography and Data Security, LNCS, vol. 4107, pp. 1-19, 2006.
  11. M. Mannan and P. C. van Oorschot, "Using a personal device to strengthen password authentication from an untrusted computer," Financial Cryptography and Data Security, LNCS, vol. 4886, pp. 88-103, 2007.
  12. H. Sun, Y. Chen, and Y. Lin. "oPass: A user authentication protocol resistant to password stealing and password reuse attacks," IEEE Trans. Inf. Forensics and Security, vol. 7, no. 2, pp. 651-663, Apr. 2012. https://doi.org/10.1109/TIFS.2011.2169958
  13. T.-H. Kim, J.-H. Lee, and D.-H. Lee, "Study on mobile OTP(One Time Password) mechanism based PKI for preventing phishing attacks and improving availability," J. The Korea Inst. of Inf. Security & Cryptology, vol. 21, no. 1, pp. 15-26, Feb. 2011.
  14. G. Varshney, R. C. Joshi, and A. Sardana, "Personal secret information based authentication towards preventing phishing attacks," Advances in Intell. Syst. and Comput., vol. 176, pp. 31-42, 2012. https://doi.org/10.1007/978-3-642-31513-8_4
  15. R. Dhamija and J. D. Tygar, "The battle against phishing: Dynamic security skins," Symp. Usable Privacy and Security (SOUPS), pp. 77-88, Pittsburgh, PA, USA, Jul. 2005.
  16. J. Lee, H. You, C. Cho, and M. Jun, "A design secure QR-Login user authentication protocol and assurance methods for the safety of critical data using smart device," J. KICS, vol. 37C, no. 10, pp. 949-964, Oct. 2012. https://doi.org/10.7840/kics.2012.37C.10.949
  17. S. Seo, C. Choi, G. Lee, and H. Choi, "QR code based mobile dual transmission OTP system," J. KICS, vol. 38B, no. 5, pp. 377-384, May 2013. https://doi.org/10.7840/kics.2013.38B.5.377
  18. J.-Y. Park, J. Kim, M. Shin, and N. Kang, "QR-code based mutual authentication system for web service," J. KICS, vol. 39B, no. 4, pp. 207-215, Apr. 2014. https://doi.org/10.7840/kics.2014.39B.4.207

Cited by

  1. 쿠키 기반의 TLS/SSL 인증서 공개키의 확인 vol.41, pp.1, 2015, https://doi.org/10.7840/kics.2015.41.1.101
  2. 피싱 공격에 대응하기 위한 패스워드 기반의 상호 인증 프로토콜 vol.7, pp.2, 2015, https://doi.org/10.3745/ktccs.2018.7.2.41