DOI QR코드

DOI QR Code

A Security Assessment on the Designated PC service

  • Received : 2015.08.31
  • Accepted : 2015.10.05
  • Published : 2015.12.30

Abstract

In this paper, we draw a security assessment by analyzing possible vulnerabilities of the designated PC service which is supposed for strengthening security of current online identification methods that provide various areas such as the online banking and a game and so on. There is a difference between the designated PC service and online identification methods. Online identification methods authenticate an user by the user's private information or the user's knowledge-based information, though the designated PC service authenticates a hardware-based unique information of the user's PC. For this reason, high task significance services employ with online identification methods and the designated PC service for improving security multiply. Nevertheless, the security assessment of the designated PC service has been absent and possible vulnerabilities of the designated PC service are counterfeiter and falsification when the hardware-based unique-information is extracted on the user's PC and sent an authentication server. Therefore, in this paper, we analyze possible vulnerabilities of the designated PC service and draw the security assessment.

Keywords

References

  1. Su-Mi Lee, Jarmo Seung, "Domestic Electronic Financial Status and Classification of Security Threats", Review of Korea Institute of Information Security and Cryptology(KIISC), 21(7), pp. 53-61, Nov. 2011
  2. Kong Hoi Kim, Ji Min Ahn, Min Jae, Kim, and Yong Sik Joo, "Security threats and countermeasures of certificate password attack by performing SEED algorithm in GPU", Review of Korea Institute of Information Security and Cryptology(KIISC), 20(6), pp.43-50, Dec. 2010
  3. Yunyoung Lee, Soonhaeng Hur, Sangjoo Park, Donghwi Shin, Dongho Won, and Seungjoo Kim, "CipherSuite Setting Problem of SSL Protocol and It's Solutions", The KIPS Transactions: Part C, 15-C(5), pp.359-366, Oct. 2008
  4. Chasung Lim, Wookey Lee, and Tae-Chang Jo, "An Effective Protection Mechanism for SSL Man-in-the-Middle Proxy Attacks", Journal of the Korean Institute of Information Scientists and Engineers(KIISE), (16)6, pp.693-697, Jun, 2010
  5. Woo Hyun Ahn and Hyungsu Kim, "Attacking OpenSSL Shared Library Using Code Injection", Journal of the Korean Institute of Information Scientists and Engineers(KIISE), 37(4), pp.226-238, Aug. 2010
  6. Byung-Tak Kang and Huy Kang Kim, "A study on the vulnerability of OTP implementation by using MITM attack and reverse engineering", Journal of the Korea Institute of Information Security and Cryptology(KIISC), 21(6), pp.83-99, Dec. 2011
  7. Woochan Hong, Kwangwoo Lee, Seungjoo Kim, and Dongho Won, "Vulnerabilities Analysis of the OTP Implemented on a PC", The KIPS Transactions: Part C, 17-C(4), pp.361-370, Aug. 2010
  8. Telecommunications Technology Association(TTA), "Security Requirement for Virtual Keybord", TTAK.KO-12.0180, Dec. 2011
  9. Kyungroul Lee, Hyeungjun Yeuk, Youngtae Choi, Sitha Pho, and Kangbin Yim, "Security Vulnerability Analysis of Touchpad on Image-Based Login Method", Proceedings of the Winter Conference on Korean Society for Internet Information(KSII), pp.171-175, Dec. 2010
  10. Wan-soo Kim, Kyung-roul Lee, Pho Sitha, and Kangbin Yim, "Analysis on Ivasion of Privacy using Display Device Vulnerability", Proceedings of the Winter Conference on Korean Society for Internet Information(KSII), 11(2), pp.81-82, Oct. 2010
  11. Neowiz games corporaion, "Internet connection blocking method through a fixed PC service using an IP address and hardware information", G06F 21/20, Nov. 2011
  12. Kangwon Lee, Kyungroul Lee, Jaecheon Byun, Sunghoon Lee, Hyobeom Ahn, and Kangbin Yim, "Extraction of Platform-unique Information as an Identifie", Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Application(JoWUA), 3(4), pp.85-99, Dec. 2012
  13. Kyungroul Lee, Hyeungjun Yeuk, Habin Yim, and Kangbin Yim, "Security Assessment of the Designated PC Solution", Proceedings of the Spring Conference on Korean Institute of Smart Media(KISM), Apr. 2015
  14. Jonghoi Kim, Jinyoung Lee, and Seong-Je Cho, "A New Malware Propagation Technique based on the Send Function Hooking and Its Countermeasure", Journal of Korean Institute of Information Scientists and Engineers(KIISE): System and theory, 38(4), pp. 178-185, Aug. 2011
  15. Kangwon Lee, Kyungroul Lee, Jaecheon Byun, Sunghoon Lee, Hyobeom Ahn, and Kangbin Yim, "Extraction of Platform-unique Information as an Identifie", Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Application(JoWUA), 3(4), pp.85-99, Dec. 2012
  16. Hyeungjun Yeuk, Kyungroul Lee, Habin Yim, and Kangbin Yim, "An Analysis of the Vulnerability of the Designated PC solution", Proceedings of the Spring Conference on Korean Institute of Smart Media(KISM), Apr. 2015