Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2010.17C.3.223

A Study of Protection Profile and Analysis of Related Standard for Internet Banking Systems  

Jo, Hea-Suk (성균관대학교 전자전기컴퓨터공학과)
Kim, Seung-Joo (성균관대학교 정보통신공학부)
Won, Dong-Ho (성균관대학교 정보통신공학부)
Publication Information
The KIPS Transactions:PartC / v.17C, no.3, 2010 , pp. 223-232 More about this Journal
Abstract
Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above.
Keywords
Internet Banking System; Protection Profile; Common Criteria;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 유진호, 지상호, 임종인, “개인정보 유.노출 사고로 인한 기업의 손실비용 추정”, 정보보호학회논문지, 2009.08   과학기술학회마을
2 정보시스템의 구축.운영 기술 지침, 정보통신부 고시 제2006-37호, 2006. 9. 11.
3 James C. Foster, Vitaly Osipov and Nish Bhalla, “Buffer Overflow Attacks,” 2005.
4 ISO/IEC 2nd WD 15446, Guide for the production of protection profiles and security targets, 2007. 01. 22.
5 The Open Web Application Security Project, “OWASP TOP 10” www.owasp.org., 2010.
6 조혜숙 외5, “상이한 DRM 시스템의 호환성을 위한 보호프로 파일 개발에 관한 연구”, 정보처리학회논문지C, 제16-C권, 제1호, 2009.2.   DOI
7 International Standard ISO/IEC 18045, “Common Methodology for Information Technology Security Evaluation,” Version 3.1, Revision 3, 2009.07.
8 International Standard ISO/IEC 15408, “Common Criteria for Information Technology Security Evaluation, Part1,” Version 3.1, Revision 3, 2009.07.
9 International Standard ISO/IEC 15408, “Common Criteria for Information Technology Security Evaluation, Part2,” Version 3.1, Revision 3, 2009.07.
10 International Standard ISO/IEC 15408, “Common Criteria for Information Technology Security Evaluation, Part3,” Version 3.1, Revision 3, 2009.07.
11 정보통신부, “전자거래 안전성 강화 종합대책”, 2005.09.
12 전자금융거래법, 법률 제9325호, 2008.12.
13 한국정보통신기술협회, “OTP 암호키관리 보안 요구사항”, 2009.12.
14 송성현, 남형준, 권태경, “MITM 공격에 강인한 OTP시스템 설계”, 한국정보보호학회, 2009.6.
15 한국정보통신기술협회, “웹 환경 구축 및 운영을 위한 보안 관리 지침”, TTAS.KO-10.0090, 2006.12.
16 조혜숙, 이성진, 조성규, 김승주, 원동호, “온라인 금융거래 시스템을 위한 관련 표준 분석에 관한 연구”, COMSW2009,2009.7.
17 ISO, International Standards ISO/IEC 27001, “Information technology Security Techniques-Information security management Systems-Requirements,” 2005.
18 김성천, 장희만, 신용녀, “범금융 산업 메시지 체계 표준화 동향”, TTA Journal No.126, 2009.