Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.1.115

Security Analysis on the Home Trading System Service and Proposal of the Evaluation Criteria  

Lee, Yun-Young (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Choi, Hae-Lahng (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Han, Jeong-Hoon (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Hong, Su-Min (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Lee, Sung-Jin (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Shin, Dong-Hwi (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Won, Dong-Ho (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Kim, Seung-Joo (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.1, 2008 , pp. 115-137 More about this Journal
Abstract
As stock market gets bigger, use of HTS(Home Trading System) is getting increased in stock exchange. HTS provides lots of functions such as inquiry about stock quotations, investment counsel and so on. Thus, despite the fact that the functions fur convenience and usefulness are developed and used, security functions for privacy and trade safety are insufficient. In this paper, we analyze the security system of HTS service through the key-logging and sniffing and suggest that many private information is unintentionally exposed. We also find out a vulnerable point of the system, and show the advisable criteria of secure HTS.
Keywords
HTS; Home Trading System; Security Analysis;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 금융보안연구원, "국내 금융관련 동향", 금융보안주간정보 2007. 2. 26, 2007
2 네이버 용어사전 (http://terms.naver.com)
3 신동휘, 최윤성, 박상준, 김승주, 원동호, "네이트온 메신저의 사용자 인증 메커니즘에 대한 취약점 분석", 정보보호학회논문지, pp. 67-80, February 2007   과학기술학회마을
4 ISO/IEC 2nd WD 15446, Guide for the production of protection profiles and security targets, 2007. 01. 22
5 잉카 인터넷 홈페이지 (http://www.inca.co.kr)
6 소프트캠프 홈페이지(http://www.softcamp.co.kr)
7 이니텍 홈페이지 (http://www.initech.com)
8 킹스정보통신 홈페이지 (http://www.kings.co.kr)
9 정보통신부, "정통부, 인터넷 전송구간 개인정보 보호 강화나서", 정보통신부 보도자료 2007.2.6, 2007
10 소프트포럼 홈페이지 (http://www.softforum.co.kr)
11 안철수 연구소 (http://www.ahnlab.com)
12 STI security 홈페이지 (http://www.stitec.com)
13 김병조, "은행 인터넷뱅킹 첫 해킹당해 거액 빠져 나가", 연합뉴스 2005. 6. 30 뉴스, 2005
14 성재모(금융보안연구원), "국내 금융정보보호 현황 및 동향", NETSEC-KR, 2007
15 한국정보인증 홈페이지 (http://www.signgate.com)
16 비티웍스 홈페이지 (http://www.btworks.co.kr)
17 진강훈, 후니의 쉽게 쓴 시스코 네트워킹, (주)사이버출판사, 2002 - 2004
18 금융감독위원회, "연간 전자금융 취급실적", 금융감독원 보도참고자료, 2004 - 2007
19 Common Criteria for Information Technology Security Evaluation, Version 3.1, CCMB, 2006. 9
20 뱅크타운 홈페이지 (http://www.banktown.com)