The Considerable Security Issues on the Security Enforcement of Cryptographic Technology in Finance Fields

금융부문 암호기술의 안전성 강화를 위한 보안고려사항

  • Kim, Young-Tae (lnterdisciplinary Program of Information Security, Chonnam National University) ;
  • Lee, Su-Mi (Financial Security Agency) ;
  • Noh, Bong-Nam (System Security Research Center, Chonnam National University)
  • Published : 2009.08.31

Abstract

By known attacks against cryptographic technology and decline of security, internal and external major institutions have defined their recommendations in kinds, expiration, safe parameters of cryptographic technology and so on. Internal financial fields will change some cryptographic technology to follow these recommendations. To keep strong security of financial systems against sudden security changes of cryptographic technology, this article finds pre-steps : status of applied cryptographic technology, selection of vulnerable cryptographic technology. And plans for management of cryptographic technology in financial fields will be proposed.

References

  1. P. Oorschot and M.J, Wiener. 'A known-plaintext attack on two-key triple encryption,' EURO CRYPT'90, LNCS 473, pp. 318-325, 1990
  2. J. Kelsey, B. Schneier, and D. Wagner. 'Related-key cryptanalysis of 3-WAY, Biham- DES, CAST, DES-X, NewDES, RC2, and TEA' ICICS, pp. 233-246, Nov. 1997
  3. S. Lucks, 'Attacking Triple Encryption,' Fast Software Encryption, LNCS 1372, pp. 239-253, 1998
  4. X. Wang and H. Yu, 'How to Break MD5 and Other Hash Functions,' EURO CRYPT'05, LNCS 3494, pp. 1-18, 2005
  5. 한국은행 금융결제국, '금융분야의 안전한 암호이용에 대한 연구.' p.71, 2007년 11월
  6. National Institute of Standards and Technology (NIST), 'Cryptographic Algorithms and Key Sizes for Personal Identity Verification,' Special Publication 800-78-1. p. 22, Aug. 2006
  7. National Institute of Standards and Technology (NIST), 'Recommendation for Key Management - Part 1: General (Revised) ,' Special Publication 800-57, p. 142, July 2007