http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
RISS 인기검색어
- 검색키워드
- 저자 : 유홍렬(Hong Ryeol Ryu) (검색결과 5 건)
- 무료
- 기관 내 무료
- 유료
-
-
-
피싱 및 파밍 공격에 의한 다수의 패스워드 유출 요인에 관한 연구
유홍렬(Hong Ryeol Ryu),홍모세(Moses Hong),권태경(Taekyoung Kwon) 한국정보보호학회 2013 정보보호학회논문지 Vol.23 No.6
오늘날 많은 인터넷 서비스들은 사용자를 식별하고 데이터를 보호하기 위해 아이디와 패스워드 이용한 인증을 이용한다. 만약 피싱이나 파밍으로 인해 사용자의 아이디와 패스워드가 탈취되고 서비스 권한이 도용된다면 2차 피해가 발생할 수 있다. 본 연구는 피싱 및 파밍 사이트에서 아이디와 패스워드를 입력할 때 사용자의 부주의로 인해 탈취될 수 있는 요인들을 연구했다. 특히 사용자가 패스워드 관리를 기억에 의존하고, 무의식적인 인증 과정 수행할 때 얼마나 많은 패스워드를 유출할 수 있는지 실험을 통해 확인했다. In this paper, we studied threats and risks that users might enter their passwords without awareness onto phishing and pharming sites, and particularly showed that it was highly likely to leak the secret information of multiple passwords by user experiments. The novel methodology of verifying those threats and risks is the major contribution of this paper. We will extend this work for further verification of our findings.
-
사용자의 패스워드 인증 행위 분석 및 피싱 공격시 대응방안 - 사용자 경험 및 HCI의 관점에서
유홍렬 ( Hong Ryeol Ryu ),홍모세 ( Moses Hong ),권태경 ( Taekyoung Kwon ) 한국인터넷정보학회 2014 인터넷정보학회논문지 Vol.15 No.3
User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people` lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website`s traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.
-
ScienceON연관 검색어 추천
이 검색어로 많이 본 자료
활용도 높은 자료
