Case study of the vulnerability of OTP implemented in internet banking systems of South Korea

Case study of the vulnerability of OTP implemented in internet banking systems of South Korea

The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Multimedia tools and applications 2015-05, Vol.74 (10), p.3289-3303
Hauptverfasser: Yoo, Changsok, Kang, Byung-Tak, Kim, Huy Kang
Format: Artikel
Sprache:eng
Schlagworte:
Analysis
Banking
Banks
Case studies
Computer Communication Networks
Computer Science
Customer services
Cybercrime
Data Structures and Information Theory
Electronic banking
Internet
Keyboards
Malware
Methods
Multimedia computer applications
Multimedia Information Systems
Network security
Reverse engineering
Security management
Security services
Security systems
Special Purpose and Application-Based Systems
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking services. However, attack methods which can detour OTP have been developed that additional security for OTP is now needed. In this study, we discovered that a new kind of attack through OTP is theoretically possible through an analysis of the currently implemented OTP system and known attack methods. Based on our theory, we tested the new attack method on Korean internet banking services, and empirically proved that it could effectively detour around all of the currently implemented OTP security systems in Korea. To prevent this, we also suggested solutions based on the root cause analysis of the OTP vulnerabilities.
ISSN:1380-7501
1573-7721
DOI:10.1007/s11042-014-1888-3