• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1271-1283
• /
• 2019

The fourth industrial revolution and digital transformation are also bringing major changes to the financial ecosystem in Korea. Already, global financial firms overseas are opening their financial markets and exploring new financial businesses by seeking ways to co-prosperity with fintech firms. However, it is also true that the domestic financial environment has failed to respond to the changes due to its monopolistic and closed structure. In response, the government began pushing for the introduction of open banking in December 2019 with the aim of fully opening the financial settlement system. However, unlike the existing simple financial transaction structure, open banking still has an unresolved part due to the unclear relationship of responsibilities between interested parties in the event of financial accidents due to the complex linkage structure of transactions such as financial firms, fintech firms and customers. This study analyzed the security threat of open banking in depth. By doing so, the government and financial firms want to present policy proposals that need to be improved to enhance the safety of open banking in korea and protect financial consumers, as well as new financial models that have improved the vulnerable parts of existing models.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.65-70
• /
• 2016

As network communication increases by using public WiFi to check e-mail and handling Internet banking, the danger of hacking public routers continues to rise. While the national policy is to further propagate public routers, users are not eager to keep their information secure and there is a growing risk of personal information leakage. Because wireless routers implement high accessibility but are vulnerable to hacking, it is thus important to analyze hacking to tackle the attacks. In this study, an analysis is made of the encryption method used in WiFi and cases of hacking WiFi by security attacks on wireless routers, and a method for tackling the attacks is suggested.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6282-6289
• /
• 2015

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.

• Review of KIISC
• /
• v.23 no.1
• /
• pp.9-17
• /
• 2013

인터넷과 스마트폰을 이용하는 전자금융거래가 보편화됨에 따라 안전한 거래를 위한 보안 기술이 중요해지고 있다. 현재 많은 보안 솔루션들이 사용되고 있으나, PC만을 이용한 거래 혹은 스마트폰만 이용하는 거래는 공격자에게 단말기가 해킹당한 경우, 사용자가 단말기에 입력하는 정보가 공격자에게 유출될 수 있는 문제점이 존재한다. 이러한 정보 유출 문제를 해결하기 위해서 우리는 다중 채널을 이용하여 입력과 출력을 분리하는 새로운 접근 방법을 제안하고, 안드로이드 스마트폰과 윈도우즈 기반의 PC에 직접 구현하여 인터넷뱅킹 시나리오에 적용하여 실효성을 검증한다. 제안하는 방식은 전자금융거래 뿐만 아니라 사용자 입력이 필요한 모든 입력방식의 안전성을 높이는데 활용될 수 있다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.1-9
• /
• 2015

Recently, with smart device proliferation and providing the various services using this, they have interested in mobile and Smart TV security. Smartphone users are enjoying various service, such as cloud, game, banking. But today's mobile security solutions and Study of Smart TV Security simply stays at the level of malicious code detection, mobile device management, security system itself. Accordingly, there is a need for technology for preventing hacking and leakage of sensitive information, such as certificates, legal documents, individual credit card number. To solve this problem, a variety of security technologies(mobile virtualization, ARM TrustZone, GlobalPlatform, MDM) in mobile devices have been studied. In this paper, we propose an efficient method to implement security technology based on TYPE-I virtualization using ARM TrustZone technology.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2002.11a
• /
• pp.215-219
• /
• 2002

인터넷의 급속한 성장으로 e비즈니스의 인터넷 사용이 증대되었다. 인터넷 환경에서는 새로운 인터넷 사용자라는 소비자를 대상으로 인터넷 소비자 행동에 관한 연구가 중요한 분야로 자리잡게 되었다. 인터넷상에서의 소비자 행동을 설명하기 위해 온라인 인지절차 (Cognitive process)에 관한 연구로, 웹 사이트에 대한 소비자의 태도에 미치는 영향을 밝히는 연구들이 수행되었다. 웹 사이트에 대한 소비자의 태도에 따른 개인화된 마케팅을 위해서는 웹사이트를 소비자의 특성을 고려해서 개인화된 웹사이트를 운영해야 한다. 개인의 정보 시스템 사용에 대한 설명을 위하여 많은 모형들이 개발되어 왔다. 기술 수용 모형(Technology Acceptance Model: TAM)은 개인의 정보 시스템 수용에 영향을 미치는 요소를 설명하기 위하여 가장 폭 넓게 사용되고 있는 모형이다. TRA 모형에 따르면, 개인의 사회적 행위는 그 행위의 결과에 대한 신념에 의해 영향을 받는다고 할 수 있다. 본 연구에서는 고객의 신념을 신뢰 (Trust), 유용성 (Usefulness), 사용의 편의성 (Ease of Use), 위험 (Risk), 보안통제 (Security control)로 분류하고, 고객의 실제 사용 (Usage)을 인터넷 뱅킹 환경에서 측정하여 고객세분화에 적용하였다. 세분화된 고객집단을 분류하기 위해서 인공신경망, 판별 분석 기법을 적용하여 웹 사이트에서 사용할 수 있는 개인화 모형을 개발하였다.

• Management & Information Systems Review
• /
• v.31 no.1
• /
• pp.149-165
• /
• 2012

Nowadays due to the development of IT, hacking has become a major issue and importance of information system security is rapidly increasing. This research focuses on problems of training system security experts within Korea by analysing university's management information system curriculum and proposes an alternative way to solve this problem. The result of this research is the following. First, reformation of university's curriculum for successfully training system security experts is crucial. Second, theories that was learned in university courses need to be coherent to the actual work that the system security experts do in the field. Lastly, advanced IT countries like the US and Japan have already made standards on training system auditors and reinforced it with laws. Therefore Korea should establish a formal standard system like the other IT industry advanced countries.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.40-46
• /
• 2020

Safe security technology is required for the startup ecosystem according to the construction and service of a joint open platform in the financial sector. Financial industry standard open API recommends that payment-related fintech companies develop/apply additional security technologies to protect core API authentication keys in the mutual authentication process. This study proposes an enhanced API security protocol using multiple channels. It was designed in consideration of the compatibility of heterogeneous platforms by further analyzing the problems and weaknesses of existing open API related research. I applied the method of concealment to remove the additional security channels into a single channel of the existing security protocols. As a result of the performance analysis, the two-way safety of the communication session of the multi-channel and the security of the man-in-the-middle attack of the enhanced authentication key were confirmed, and the computational performance of the delay time (less than 1 second) in the multi-session was confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

• Journal of Digital Convergence
• /
• v.12 no.10
• /
• pp.299-308
• /
• 2014

Today, a number of users using smartphone is very rapidly increasing by development of smartphone performance and providing various services. Also, they are using it for enjoying various services(cloud service, game, banking service, mobile office, etc.). today's mobile security solution is simply to detect malicious code or stay on the level of mobile device management. In particular, the services which use sensitive information, such as certificate, corporation document, personal credit card number, need the technology which are prevented from hacking and leaking it. Recently, interest of these mobile security problems are increasing, as the damage cases been occurred. To solve the problem, there is various security research such as mobile virtualization, ARM trustzone, GlobalPlatform for mobile device. Therefore, in this paper, I suggested efficient method that uses the mobile virtualization techniques of certification, security policy and access control, password/key management, safe storage, etc. and Trustzone of ARM for preventing information leakage and hacking.