Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.4.145

Extensional End-to-End Encryption Technologies to Enhance User's Financial Information Security and Considerable Security Issues  

Seung, Jae-Mo (Financial Security Agency)
Lee, Su-Mi (Financial Security Agency)
Noh, Bong-Nam (Chonnam National University System Security Research Center)
Ahn, Seung-Ho (Chonnam National University System Security Research Center)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.4, 2010 , pp. 145-154 More about this Journal
Abstract
End-to-End(E2E) encryption is to encrypt private and important financial information such as user's secret access numbers and account numbers from user's terminal to financial institutions. There has been found significant security vulnerabilities by various hacking in early E2E encryption system since early E2E encryption is not satisfied the basic security requirement which is that there does not exist user's financial information on plaintext in user's terminal. Extensional E2E encryption which is to improve early E2E encryption provides confidentiality and integrity to protect user's financial information from vulnerabilities such as alteration, forgery and leakage of confidential information. In this paper, we explain the extensional E2E encryption technology and present considerable security issues when the extensional E2E encryption technology is applied to financial systems.
Keywords
Encryption; Financial system; Security requirement;
Citations & Related Records
연도 인용수 순위
  • Reference
1 금융감독원, "전자금융거래 보안 종합대책", pp. 1-81, 2005. 9월.
2 금융감독위원회, "전자금융감독규정시행세칙", pp. 1-15, 2006. 12월.
3 김인석, "전자금융 사고유형 분석을 통한 정보보호정책에 관한 연구," 고려대학교 정보보호대학원 박사학위논문, pp. 5-48, 2008. 2월.
4 한국은행, "2009년 중 국내 인터넷 뱅킹 서비스 이용현황," http://www.bok.or.kr/contents/total/ko/boardView.action?menuNaviId=559&boardBean.brdid=67921&boardBean.menuid=559, 2009. 5월.
5 금융보안연구원, "종단간 암호화 적용 가이드," pp. 1-70, 2007. 7월.