Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.4.571

A Method of Enhancing Security of Internet Banking Service using Contents-Based CAPTCHA  

Lee, Sang-Ho (INHA University)
Kim, Sung-Ho (INHA University)
Kang, Jeon-Il (INHA University)
Byun, Je-Sung (INHA University)
Nyang, Dea-Hun (INHA University)
Lee, Kyung-Hee (The University of Suwon)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.4, 2013 , pp. 571-583 More about this Journal
Abstract
Internet banking service has a advantage that is unrestricted by time. If automated programs are able to attack Internet banking services, a number of accounts can be attacked at the same time and as a result, damage will be considerably increased. To cope with such attacks, two methods, VPS and MS watermark, were introduced by Arcot and MS respectively. The methods use text-based CAPTCHAs in the process of transfer approval to distinguish automated programs from legal human users. In this paper, we point out the security threats of the methods when those are applied to Internet banking services. Especially, we consider the attack that are performed by extract specific string from text-based CAPTCHAs and it's countermeasure. Also we suggest a method of enhancing security of internet banking services. Our method is based on contents-based CAPTCHAs that are consist of known transfer information between user and server.
Keywords
CAPTCHA; Internet banking; MITB; secure card; OTP;
Citations & Related Records
연도 인용수 순위
  • Reference
1 L.V. Ahn, M. Blum, N.J. Hopper, and J. Langford, "CAPTCHA: telling humans and computers apart," Euro-crypt 03, LNCS 2656, pp. 294-311, May. 2003
2 R.A. Gopalakrishna, "Authentication using a turing test to block automated attacks," US 2009/0199272 A1, US Patent, Aug. 2009
3 D.J. Steeves and M.W. Snyder, "Secure online transactions using a CAPTCHA image as a watermark," US 2007/0005500 A1, US Patent, Jan. 2007.
4 Finjan Malicious Code Research Center, "Cybercriminals use trojans & money mules to rob online banking accounts," http://www.finjan.com/getobject.aspx?objid=679
5 P. Guhring, "Concepts against man-inthe- browser attacks," http://www2.futureware.at/svn/sourcerer/CAcert/SecureClient.pdf
6 맹영재, 신동오, 김성호, 양대헌, 이문규 "국내 인터넷뱅킹 계좌이체에 대한 MITB 취약점 분석," Internet and Information Security, 1(2), pp. 101-118, 2010년 11월.
7 S.Y. Huang, Y.K. Lee, G. Bell, and Z.h Ou, "A projection based segmentation algorithm for breaking MSN and YAHOO CAPTCHAs," In Proc. of the 2008 International Conference of Signal and Image Engineering, pp. 727-730, July. 2008.
8 A. Harada, T. Isarida, T. Mizuno, and M. Nishigaki, "A user authentication system using schema of visual memory," In Proc. of Bio-ADIT'06, pp. 338-345. Jan. 2006.