Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.4.941

An Attack of Defeating Keyboard Encryption Module using Javascript Manipulation in Korean Internet Banking  

Lee, Sung-hoon (University of Science and Technology)
Kim, Seung-hyun (Electronics and Telecommunications Research Institute)
Jeong, Eui-yeob (University of Science and Technology)
Choi, Dae-seon (Electronics and Telecommunications Research Institute)
Jin, Seung-hun (Electronics and Telecommunications Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.4, 2015 , pp. 941-950 More about this Journal
Abstract
Internet banking is widely used in our life with the development of the internet. At the same time, phishing attacks to internet banking have been increased by using malicious object to make unfair profit. People using internet banking service in Korea is required to install security modules such as anti-virus and keyboard protection. However phishing attack technique has been progressed and the advanced technique such as memory hacking defeats the security module of internet banking service. In this paper, we describe internet banking security modules provided by Korean internet banks and analyze how keyboard encryption module works. And we propose an attack to manipulate account transfer information using javascript. Although keyboard protection module provides two functions that protect leakage and manipulation of account transfer information submitted by users against the malicious program of hackers. Our proposed technique can manipulate the account transfer information and result html pages.
Keywords
Internet banking; Keyboard protection; Key encryption module; javascript manipulation; Phishing attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Chang-hun Yu and Jong-sub Moon, "A study on protecting for forgery modification of user-input on webpage," Journal of The Korea Institute of Information Security & Cryptology, 24(4), pp. 635-643, Aug. 2014.   DOI
2 The Bank of Korea, "Use of Internet Baning Services during 2014," Feb. 2015.
3 Financial News, "phishing attack status of Korean banks," http://www.fnnews.com/news/201502161501395040, Feb. 2015.
4 Seung-hyun Kim, Dae-sun Choi, Seung-hun Jin, Sung-hoon Lee, "Geo-location based QR-Code authentication scheme to defeat active real-time phishing attack," In Proceedings of the 2013 ACM workshop on Digital identity management, pp. 51-62, Nov. 2013.
5 Han-wook Lee and Hyu-keun Shin, "Study on strong authentication to defeat memory hacking attack," Korea Institute of Information Security and Cryptology, 23(6), pp. 67-75, Dec. 2013.
6 SoftCamp, "Secure KeyStroke 4.0," http://www.softcamp.co.kr/, Jun. 2015.
7 Raon Secure, "TouchEnKey," https://www.raonsecure.com, Jun. 2015.
8 AhnLab, "Ahnlab Online Security 2.0," http://www.ahnlab.com/kr/site/product/productView.do?prodSeq=34, Jun. 2015.
9 w3schools.com, "HTML DOM innerHTML Property," http://www.w3schools.com/jsref/prop_html_innerhtml.asp, Jun. 2015.
10 Young-jae Maeng, Dong-oh Shin, Sung-ho Kim, Dae-hun Nyang, Mun-Kyu Lee, "A vulnerability analysis of MITB in online banking transactions in Korea," Internet and Information Security, 1(2), pp. 101-118, Nov. 2010.