DOI QR코드

DOI QR Code

Evolution of PKI Internet Banking in Korea

Park, Seungchul

  • Received : 2019.01.07
  • Accepted : 2019.01.21
  • Published : 2019.03.31

Abstract

Most banks in Korea have provided Internet banking services based on PKI(Public Key Infrastructure) certificates since the early 2000s when Internet banking began in Korea. To support PKI Internet banking, the Korean government backed the electronic signature law and supported the rapid spread of PKI-based Internet banking by regulating the application of PKI certificates to be compulsory in Internet banking until 2015. PKI Internet Banking in Korea has been developed as a pioneer in this field through many challenges and responses until its present success. Korea's PKI banking, which started with soft-token-based closed banking, has responded to various types of cyber attack attempts and promoted the transition to open banking by accepting various criticisms due to lack of compatibility with international standards. In order to improve the convenience and security of PKI Internet banking, various attempts have been made, such as biometric-integrated smartphone-based PKI authentication. In this paper, we primarily aim to share the experience and lessons of PKI banking by analyzing the evolution process of PKI Internet banking in Korea. It also has the purpose of presenting the challenges of Korea's PKI Internet banking and sharing its development vision.

Keywords

PKI;Internet banking;Authentication;Cyber attacks;SSL/TLS

References

  1. National Institute of Standards and Technology, Guidelines for the selection, configuration, and use of Transport Layer Security(TLS) implementations, NIST Special Publication 800-52 Revision 1, 2014.
  2. J. H. Lee, "Usability and problems of accredited certificate in smart environments," Internet & Security Focus, pp. 23-53, March 2013.
  3. TTA Standard, 128-bit Symmetric Block Cypher(SEED), TTA.KO-12.004, 1999
  4. H. S. Kim, J. H. Huh, and R. Anderson, On the security of Internet banking in South Korea, Oxford Univ. Computing Laboratory, Technical Report CS-RR-10-01, 2010.
  5. S. W. Chai, K. S. Min, and J. H. Lee, “A study of issues about accredited certification methods in Korea,” International Journal of Security and Its Applications, Vol. 9, No. 3, pp. 77-84, 2015. DOI: http://dx.doi.org/10.14257/ijsia.2015.9.3.08
  6. Ministry of Science, ICT and Future Planning and Korea Internet & Security Agency, Technology guideline for improving Internet usability environment, MSIFP and KISA Special Publication, Sept. 2014.
  7. Korea Internet & Security Agency, Implementation Guideline for Safe Usage of Accredited Certificate Using Bio Information in Smartphone, KCAC.TG.IMP V1.00, May 216.
  8. S. Kiljan, K. Simoens, D. D. Cock, M. V. Eekelen, and H. Vranken, Technical report : security of online banking systems, Technical Report of Open Universiteit, Feb. 2014.
  9. National Institute of Standards and Technology, Electronic authentication guideline, NIST Special Publication 800-63-2, 2013.
  10. National Institute of Standards and Technology, Personal Identity of Verification(PIV) of Federal Employees and Contractors, FIPS PUB 201-2, 2013.
  11. Hyperledger Fabric, https://hyperledger-fabric.readthedocs.io/en/release-1.1/identity/identity.html
  12. National Information Agency, and et. al, 2016 National Information Security White Paper, White Paper, April 2016.
  13. Korea Internet & Security Agency, Research on the Actual Condition of Electronic Signature System Usage, KISA-WP-2015-0032, Dec. 2015.
  14. Financial Security Agency, A Management Guide for Financial Part Encryption Technologies, FSA Special Publication, Jan. 2010.
  15. FIDO Alliance, Specifications Overview, https://fidoalliance.org.

Acknowledgement

Supported by : Korea University of Technology and Education