Case study of the vulnerability of OTP implemented in internet banking systems of South Korea

The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Multimedia tools and applications 2015-05, Vol.74 (10), p.3289-3303
Hauptverfasser:	Yoo, Changsok, Kang, Byung-Tak, Kim, Huy Kang
Format:	Artikel
Sprache:	eng
Schlagworte:	Analysis Banking Banks Case studies Computer Communication Networks Computer Science Customer services Cybercrime Data Structures and Information Theory Electronic banking Internet Keyboards Malware Methods Multimedia computer applications Multimedia Information Systems Network security Reverse engineering Security management Security services Security systems Special Purpose and Application-Based Systems Studies
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	3303
container_issue	10
container_start_page	3289
container_title	Multimedia tools and applications
container_volume	74
creator	Yoo, Changsok Kang, Byung-Tak Kim, Huy Kang
description	The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking services. However, attack methods which can detour OTP have been developed that additional security for OTP is now needed. In this study, we discovered that a new kind of attack through OTP is theoretically possible through an analysis of the currently implemented OTP system and known attack methods. Based on our theory, we tested the new attack method on Korean internet banking services, and empirically proved that it could effectively detour around all of the currently implemented OTP security systems in Korea. To prevent this, we also suggested solutions based on the root cause analysis of the OTP vulnerabilities.
doi_str_mv	10.1007/s11042-014-1888-3
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1761832236</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3939955591</sourcerecordid><originalsourceid>FETCH-LOGICAL-c386t-319bd1412968fa466534ea9c1dd317e684974c38910aad99d64f22f1b3ff6c13</originalsourceid><addsrcrecordid>eNp1kE1LxDAQhosouK7-AG8Bz9FMkibtURa_UFjBvUpI22S3a5uuSSrsvzdrPXgRBmYYnncGniy7BHINhMibAEA4xQQ4hqIoMDvKZpBLhqWkcJxmVhAscwKn2VkIW0JA5JTPsveFDgaFODZ7NFgUNwZ9jZ0zXldt18af5XL1itp-15neuGga1LpU0XhnIqq0-2jdGoV9iKYPB_xtGOMGPQ_e6PPsxOoumIvfPs9W93erxSN-WT48LW5fcM0KETGDsmqAAy1FYTUXImfc6LKGpmEgjSh4KXlCSyBaN2XZCG4ptVAxa0UNbJ5dTWd3fvgcTYhqO4zepY8KpICCUcpEomCiaj-E4I1VO9_22u8VEHWQqCaJKklUB4mKpQydMiGxbm38n8v_hr4Bo_d0Hw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1761832236</pqid></control><display><type>article</type><title>Case study of the vulnerability of OTP implemented in internet banking systems of South Korea</title><source>SpringerLink Journals - AutoHoldings</source><creator>Yoo, Changsok ; Kang, Byung-Tak ; Kim, Huy Kang</creator><creatorcontrib>Yoo, Changsok ; Kang, Byung-Tak ; Kim, Huy Kang</creatorcontrib><description>The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking services. However, attack methods which can detour OTP have been developed that additional security for OTP is now needed. In this study, we discovered that a new kind of attack through OTP is theoretically possible through an analysis of the currently implemented OTP system and known attack methods. Based on our theory, we tested the new attack method on Korean internet banking services, and empirically proved that it could effectively detour around all of the currently implemented OTP security systems in Korea. To prevent this, we also suggested solutions based on the root cause analysis of the OTP vulnerabilities.</description><identifier>ISSN: 1380-7501</identifier><identifier>EISSN: 1573-7721</identifier><identifier>DOI: 10.1007/s11042-014-1888-3</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Analysis ; Banking ; Banks ; Case studies ; Computer Communication Networks ; Computer Science ; Customer services ; Cybercrime ; Data Structures and Information Theory ; Electronic banking ; Internet ; Keyboards ; Malware ; Methods ; Multimedia computer applications ; Multimedia Information Systems ; Network security ; Reverse engineering ; Security management ; Security services ; Security systems ; Special Purpose and Application-Based Systems ; Studies</subject><ispartof>Multimedia tools and applications, 2015-05, Vol.74 (10), p.3289-3303</ispartof><rights>Springer Science+Business Media New York 2014</rights><rights>Springer Science+Business Media New York 2015</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c386t-319bd1412968fa466534ea9c1dd317e684974c38910aad99d64f22f1b3ff6c13</citedby><cites>FETCH-LOGICAL-c386t-319bd1412968fa466534ea9c1dd317e684974c38910aad99d64f22f1b3ff6c13</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11042-014-1888-3$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11042-014-1888-3$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,41488,42557,51319</link.rule.ids></links><search><creatorcontrib>Yoo, Changsok</creatorcontrib><creatorcontrib>Kang, Byung-Tak</creatorcontrib><creatorcontrib>Kim, Huy Kang</creatorcontrib><title>Case study of the vulnerability of OTP implemented in internet banking systems of South Korea</title><title>Multimedia tools and applications</title><addtitle>Multimed Tools Appl</addtitle><description>The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking services. However, attack methods which can detour OTP have been developed that additional security for OTP is now needed. In this study, we discovered that a new kind of attack through OTP is theoretically possible through an analysis of the currently implemented OTP system and known attack methods. Based on our theory, we tested the new attack method on Korean internet banking services, and empirically proved that it could effectively detour around all of the currently implemented OTP security systems in Korea. To prevent this, we also suggested solutions based on the root cause analysis of the OTP vulnerabilities.</description><subject>Analysis</subject><subject>Banking</subject><subject>Banks</subject><subject>Case studies</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Customer services</subject><subject>Cybercrime</subject><subject>Data Structures and Information Theory</subject><subject>Electronic banking</subject><subject>Internet</subject><subject>Keyboards</subject><subject>Malware</subject><subject>Methods</subject><subject>Multimedia computer applications</subject><subject>Multimedia Information Systems</subject><subject>Network security</subject><subject>Reverse engineering</subject><subject>Security management</subject><subject>Security services</subject><subject>Security systems</subject><subject>Special Purpose and Application-Based Systems</subject><subject>Studies</subject><issn>1380-7501</issn><issn>1573-7721</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>8G5</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><sourceid>GUQSH</sourceid><sourceid>M2O</sourceid><recordid>eNp1kE1LxDAQhosouK7-AG8Bz9FMkibtURa_UFjBvUpI22S3a5uuSSrsvzdrPXgRBmYYnncGniy7BHINhMibAEA4xQQ4hqIoMDvKZpBLhqWkcJxmVhAscwKn2VkIW0JA5JTPsveFDgaFODZ7NFgUNwZ9jZ0zXldt18af5XL1itp-15neuGga1LpU0XhnIqq0-2jdGoV9iKYPB_xtGOMGPQ_e6PPsxOoumIvfPs9W93erxSN-WT48LW5fcM0KETGDsmqAAy1FYTUXImfc6LKGpmEgjSh4KXlCSyBaN2XZCG4ptVAxa0UNbJ5dTWd3fvgcTYhqO4zepY8KpICCUcpEomCiaj-E4I1VO9_22u8VEHWQqCaJKklUB4mKpQydMiGxbm38n8v_hr4Bo_d0Hw</recordid><startdate>20150501</startdate><enddate>20150501</enddate><creator>Yoo, Changsok</creator><creator>Kang, Byung-Tak</creator><creator>Kim, Huy Kang</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M2O</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20150501</creationdate><title>Case study of the vulnerability of OTP implemented in internet banking systems of South Korea</title><author>Yoo, Changsok ; Kang, Byung-Tak ; Kim, Huy Kang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c386t-319bd1412968fa466534ea9c1dd317e684974c38910aad99d64f22f1b3ff6c13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Analysis</topic><topic>Banking</topic><topic>Banks</topic><topic>Case studies</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Customer services</topic><topic>Cybercrime</topic><topic>Data Structures and Information Theory</topic><topic>Electronic banking</topic><topic>Internet</topic><topic>Keyboards</topic><topic>Malware</topic><topic>Methods</topic><topic>Multimedia computer applications</topic><topic>Multimedia Information Systems</topic><topic>Network security</topic><topic>Reverse engineering</topic><topic>Security management</topic><topic>Security services</topic><topic>Security systems</topic><topic>Special Purpose and Application-Based Systems</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yoo, Changsok</creatorcontrib><creatorcontrib>Kang, Byung-Tak</creatorcontrib><creatorcontrib>Kim, Huy Kang</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Research Library</collection><collection>Research Library (Corporate)</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>Multimedia tools and applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yoo, Changsok</au><au>Kang, Byung-Tak</au><au>Kim, Huy Kang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Case study of the vulnerability of OTP implemented in internet banking systems of South Korea</atitle><jtitle>Multimedia tools and applications</jtitle><stitle>Multimed Tools Appl</stitle><date>2015-05-01</date><risdate>2015</risdate><volume>74</volume><issue>10</issue><spage>3289</spage><epage>3303</epage><pages>3289-3303</pages><issn>1380-7501</issn><eissn>1573-7721</eissn><abstract>The security risk of internet banking has increased rapidly as internet banking services have become commonly used by the public. Among the various security methods, OTP (one time password) is known as one of the strongest methods for enforcing security, and it is now widely used in internet banking services. However, attack methods which can detour OTP have been developed that additional security for OTP is now needed. In this study, we discovered that a new kind of attack through OTP is theoretically possible through an analysis of the currently implemented OTP system and known attack methods. Based on our theory, we tested the new attack method on Korean internet banking services, and empirically proved that it could effectively detour around all of the currently implemented OTP security systems in Korea. To prevent this, we also suggested solutions based on the root cause analysis of the OTP vulnerabilities.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s11042-014-1888-3</doi><tpages>15</tpages></addata></record>
fulltext	fulltext
identifier	ISSN: 1380-7501
ispartof	Multimedia tools and applications, 2015-05, Vol.74 (10), p.3289-3303
issn	1380-7501 1573-7721
language	eng
recordid	cdi_proquest_journals_1761832236
source	SpringerLink Journals - AutoHoldings
subjects	Analysis Banking Banks Case studies Computer Communication Networks Computer Science Customer services Cybercrime Data Structures and Information Theory Electronic banking Internet Keyboards Malware Methods Multimedia computer applications Multimedia Information Systems Network security Reverse engineering Security management Security services Security systems Special Purpose and Application-Based Systems Studies
title	Case study of the vulnerability of OTP implemented in internet banking systems of South Korea
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T23%3A08%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Case%20study%20of%20the%20vulnerability%20of%20OTP%20implemented%20in%20internet%20banking%20systems%20of%20South%20Korea&rft.jtitle=Multimedia%20tools%20and%20applications&rft.au=Yoo,%20Changsok&rft.date=2015-05-01&rft.volume=74&rft.issue=10&rft.spage=3289&rft.epage=3303&rft.pages=3289-3303&rft.issn=1380-7501&rft.eissn=1573-7721&rft_id=info:doi/10.1007/s11042-014-1888-3&rft_dat=%3Cproquest_cross%3E3939955591%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1761832236&rft_id=info:pmid/&rfr_iscdi=true