ABSTRACT
Some governments like South Korea require the submission of a valid national identification number in order for users to register an account in Web services. Unfortunately, this validation system can cause a big privacy threat. Recently in South Korea, identifiers of about 2/5 Korean population were leaked by some hacking accidents. In order to lower the chances of forgery and privacy invasion using exposed information, Korean government introduced an alternative identifier system. However, we are concerned that neither old nor new identifer systems are safe against a phishing attack. In this paper, we empirically analyze the vulnerability of the alternative system. We conducted a real phishing attack experiment to complete our analysis.
- ]]i-pin. http://i-pin.kisa.or.kr/.Google Scholar
- ]]Identity theft and identity fraud. http://www.justice.gov/criminal/fraud/websites/idtheft.html.Google Scholar
- ]]2008 survey on information security. http://www.kisa.or.kr/, 2008.Google Scholar
- ]]Phishing activity trends report, 4th quarter 2009. http://www.antiphishing.org/, 2009.Google Scholar
- ]]R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581--590, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- ]]T. Dierks and C. Allen. The TLS protocol version 1.0. RFC 2246 (Informational), 1999. Google ScholarDigital Library
- ]]T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Commun. ACM, 50(10):94--100, 2007. Google ScholarDigital Library
- ]]M. Jakobsson. Modeling and preventing phishing attacks. In In Financial Cryptography. Springer Verlag, 2005. Google ScholarDigital Library
- ]]H. Kim, J. H. Huh, and R. Anderson. On the security of internet banking in south korea. Technical Report RR-10-01, March 2010.Google Scholar
- ]]A. Litan. Phishing attack victims likely targets for identity theft, May 2004.Google Scholar
- ]]Microsoft. Description of activex technologies, 2007.Google Scholar
Index Terms
- Empirical analysis of internet identity misuse: case study of south Korean real name system
Recommendations
Has globalization strengthened South Korea's national research system? National and international dynamics of the Triple Helix of scientific co-authorship relationships in South Korea
We trace the structural patterns of co-authorship between Korean researchers at three institutional types (university, government, and industry) and their international partners in terms of the mutual information generated in these relations. Data were ...
Trust and Trustworthiness in Northeast Asia
Cross-Cultural Design. Experience and Product Design Across CulturesAbstractThis study examines the levels of trust and trustworthiness in northeast Asia, including the northeast, southeast, and central regions of China as well as South Korea. Trust and trustworthiness were measured using a simulated two-tier supply chain ...
Comparison of national e-health implementation in the United States and South Korea
With the development of the health care industry, there has been growing recognition that e-health implementation is needed to improve the efficiency, quality, and safety of care. In addition, a review of previous studies suggests that much can be ...
Comments