Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.5.825

The Vulnerability Analysis of CA Arcot VPS  

Lee, Sang-Ho (INHA University)
Kim, Sung-Ho (INHA University)
Nyang, Dea-Hun (INHA University)
Lee, Kyung-Hee (The University of Suwon)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.5, 2013 , pp. 825-830 More about this Journal
Abstract
CA Arcot corporation in U.S.A has secure on-line financial trade solution and patent that verify whether transaction had change using virtual session. But, VPS(Virtual Private Session) has another vulnerability by way to construct CAPTCHA. We can't fully trust safety of VPS, Cause it could be attacked by using color information of CAPTCHA. In this paper, We suggest the method of attack VPS, and also point out the vulnerability of VPS though simulation.
Keywords
CAPTCHA; MITB; VPS;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Guhring, "Concepts against man-in-the -browser attacks," http://www2.future ware.at/svn/sourcerer/CAcert/Secure Client.pdf
2 Arcot Systems, "Protecting Online Customers from Man-in-the-Browser and Man-in-the-Middle Attacks," http:// www.ca.com/-/media/Files/whitepape rs/protection-from-mitm-mitb-attackswp. pdf
3 R.A. Gopalakrishna, "Authentication using a turing test to block automated attacks," US 2009/0199272 A1, US Patent, Aug. 2009.
4 L.V. Ahn, M. Blum, N.J. Hopper, and J. Langford, "CAPTCHA: telling humans and computers apart," Euro-crypt'03, LNCS 2656, pp. 294-311, May. 2003.
5 S.Y. Huang, Y.K. Lee, G. Bell, and Z.h Ou, "A projection based segmentation algorithm for breaking MSN and YAHOO CAPTCHAs," In Proc. of the 2008 International Conference of Signal and Image Engineering, pp. 727-730, July. 2008.
6 맹영재, 신동오, 김성호, 양대헌, 이문규, "국내 인터넷뱅킹 계좌이체에 대한 MITB 취약점 분석," Internet and Information Security, 1(2), pp. 101-118, 2010년 11월.
7 D. Arthur and S. Vassilvitskii, "K-means++: the advantages of careful seeding," In Proc. of the eighteenth annual ACM-SIAM symposium on Discrete algorithms, pp. 1027-1035, Jan. 2007.