Browse > Article
http://dx.doi.org/10.7472/jksii.2017.18.4.69

Implementation, Security, and Usability Analysis of Accredited Certificate-based Internet Banking  

Park, Hye-Seung (School of Computer Science and Engineering, Korea University of Technology and Education)
Lee, Jae-Hyup (School of Computer Science and Engineering, Korea University of Technology and Education)
Park, Seung-Chul (School of Computer Science and Engineering, Korea University of Technology and Education)
Publication Information
Journal of Internet Computing and Services / v.18, no.4, 2017 , pp. 69-78 More about this Journal
Abstract
We expect that the accredited certificate-based open banking, which is actively deployed in recent times, will solve the Galapagosization problem of the existing accredited certificate-based closed banking by supporting standard communication protocol and web compatibility. However, it is questionable how much the open banking will answer the security and usability problems of the existing closed banking. This paper is focused on analyzing the differences between the existing closed banking and the open banking, and then evaluates how much the security and usability problems of the existing closed banking are resolved by the open banking. The study firstly analyzes the security vulnerabilities raised in the process of providing closed banking services for the past 15 years or more, the countermeasures applied to enhance security, and the convenience impact of countermeasures. And then, the security and convenience of the open banking is inferred by analyzing the implementation difference between the closed banking and the open banking. The paper also briefly discusses how to improve the open banking to resolve the remaining problems of the open banking.
Keywords
Internet banking; banking security; NPKI banking; open banking;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. H. Lee, "Usability and Problems of Accredited Certificate in Smart Environments," Internet & Security Focus, March 2013, pp. 23-53 http://www.kisa.or.kr/uploadfile/201306/201306121702079155.pdf
2 National Information Agency, and et. al, "2016 National Information Security White Paper," White Paper, p. 345, April 2016. http://isis.kisa.or.kr/ebook/download_pdf/2016.pdf
3 H. S. Kim, J. Mun, J. H. Huh, and R. Anderson, "On the Security of Internet Banking in South Korea," Oxford Univ. Computing Laboratory Research Report(CS-RR-10-01), p. 19, Oct 2010. https://www.cs.ox.ac.uk/files/2916/RR-10-01.pdf
4 Korea Internet & Security Agency, "Research on the Actual Condition of Electronic Signature System Usage," KISA Research Report (KISA-WP-2015-0032), p. 122, Dec. 2015. https://www.kisa.or.kr/public/library/report_View.jsp?r egno=022108
5 FIDO Alliance, "Specifications Overview," https://fidoalliance.org
6 Ministry of Science, ICT and Future Planning and Korea Internet & Security Agency, "Technology Guideline for Improving Internet Usability Environment," MSIFP and KISA Special Publication, p. 259, Sept. 2014. https://www.kisa.or.kr/notice/press_View.jsp?mode=view&p_No=8&b_No=8&d_No=1302
7 H. S. Yeom, "Banks, Enforce Internet Banking without Active X", Daehan Finance News, Nov. 2015. http://www.kbanker.co.kr/news/articleView.html?idxno=57708
8 S. I. Lee, "Open Banking Service of Banks, Enforce Integration into Main Page", Digital Daily, March. 2017. http://www.ddaily.co.kr/news/article.html?no=154198
9 KISA RootCA, "Secure and User-friendly Accredited Certificate," http://www.rootca.or.kr/
10 Financial Services Commission, "Memory Hacking Related Press Release," FSC Press Release, Jan. 2014. https://www.fsc.go.kr/downManager?bbsid=BBS0030&no=88525
11 Financial Security Agency, "A Management Guide for Financial Part Encryption Technologies," FSA Special Publication, p. 105, Jan. 2010. cfile1.uf.tistory.com/attach/2677683B5407CCEF088377
12 CA/Browser Forum, "Guidelines for the Issuance and Management of Extended Validation Certificates Version 1.5.5," CA/Browser, p. 44, March. 2015. https://cabforum.org/wp-content/uploads/EV-SSL-Certificate-Guidelines-Version-1.4.6.pdf