ÇѱÛÁ¦¸ñ(Korean Title) |
PC¿¡ žÀçµÈ OTPÀÇ Ãë¾àÁ¡ ºÐ¼® |
¿µ¹®Á¦¸ñ(English Title) |
Vulnerabilities Analysis of the OTP Implemented on a PC |
ÀúÀÚ(Author) |
È«¿ìÂù
À̱¤¿ì
±è½ÂÁÖ
¿øµ¿È£
Woochan Hong
Kwangwoo Lee
Seungjoo Kim
Dongho Won
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 17-C NO. 04 PP. 0361 ~ 0370 (2010. 08) |
Çѱ۳»¿ë (Korean Abstract) |
OTP(One Time Password)¶õ »ç¿ëÀÚ°¡ ÀÎÁõ½Ã ¾ÈÀüÇÑ ¸ÞÄ¿´ÏÁòÀ» ÀÌ¿ëÇÏ¿© ¸Å¹ø ´Ù¸¥ Æнº¿öµå¸¦ »ý¼ºÇÏ¿© ÀÎÁõÇÏ´Â ¹æ½ÄÀ» ¸»ÇÑ´Ù. OTP ÀÎÁõ ¹æ½ÄÀ» ÀÌ¿ëÇÒ °æ¿ì °ø°ÝÀÚ´Â Æнº¿öµå¸¦ °¡·Îä¾î Á¤´çÇÑ »ç¿ëÀÚ·Î À§ÀåÇÒ ¼ö ¾ø°Ô µÈ´Ù. ÀÌ·¯ÇÑ OTP´Â H/W ±â¹Ý ¶Ç´Â S/W ±â¹Ý ÇüÅ·Π±¸ÇöµÉ ¼ö ÀÖ´Ù. H/W¸¦ ±â¹ÝÀ¸·Î ÇÏ´Â ´Ü¸»±âÇü°ú Ä«µåÇüÀÇ °æ¿ì ¹èÆ÷ ¹× »ç¿ëÀÇ ÆíÀǼº ¹®Á¦·Î ÀÎÇØ ´ëÁßÈ¿¡ ¾î·Á¿òÀÌ Á¸ÀçÇÏ¿´´Ù. À̸¦ ´ëüÇϱâ À§ÇÑ ¹æ¹ýÀ¸·Î ¸ð¹ÙÀÏÀ̳ª PC¿¡ S/W ÇüÅ·Π±¸ÇöÇÏ´Â OTP°¡ µµÀԵǰí ÀÖ´Ù. ÇÏÁö¸¸ S/W Á¦Ç°Àº ±¸Çö»ó¿¡ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÒ °æ¿ì ¾ÇÀÇÀûÀÎ °ø°ÝÀÇ ´ë»óÀÌ µÉ ¼ö ÀÖ´Ù´Â ¹®Á¦Á¡ÀÌ ÀÖ´Ù. ½ÇÁ¦·Î ±ÝÀ¶º¸¾È¿¬±¸¿øÀÇ º¸°í¼¿¡¼´Â ¸ð¹ÙÀÏ »ó¿¡ žÀçµÈ OTPÀÇ °æ¿ì ±¸Çö»ó¿¡ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù°í ¹àÇû´Ù. ÇÏÁö¸¸ PC»ó¿¡ žÀçµÈ OTP¿¡ ´ëÇؼ´Â ÇöÀç±îÁö Ãë¾àÁ¡ ºÐ¼® »ç·Ê°¡ Á¸ÀçÇÏÁö ¾Ê´Â´Ù. ÀÌ¿¡ º» ³í¹®¿¡¼´Â PC¿¡ žÀçµÈ OTPÀÇ º¸¾È °ËÅä»çÇ×À» µµÃâÇÏ°í, ½ÇÁ¦ ¿ª°øÇÐÀ» ÅëÇØ OTP »ý¼º ¸ÞÄ¿´ÏÁòÀ» ÆľÇÇÏ¿© Ãë¾àÁ¡ ºÐ¼®À» ¼öÇàÇÏ¿´´Ù. |
¿µ¹®³»¿ë (English Abstract) |
OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC. |
Å°¿öµå(Keyword) |
OTP
S/W ¹æ½Ä OTP
PC¿¡ žÀçµÈ OTP
ÀÎÁõ
¿ª°øÇÐ
S/W OTP
OTP Implemented on a PC
Authentication
Reverse Engineering
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|