The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
조회수
99
최근 범죄자들은 ATM에서 무단 현금 인출을 목적으로 ATM(현금자동입출금기) PC에 악성코드를 설치하는 등 논리적 공격을 활용하는 경우가 많다. PC에 있는 악성코드는 승인되지 않은 현금 지급 명령을 디스펜서에 보내 거래를 생성하지 않고 현금을 인출합니다. 기존 보안 조치는 주로 악성코드에 의해 침해되지 않도록 PC 내 정보자산을 보호하는 데 중점을 두고 있습니다. 이러한 보안 조치는 PC에 현재 ATM 운영 환경에서 엄격하게 제어하기에는 너무 많은 보호 항목이 포함되어 있기 때문에 그다지 효과적이거나 효율적이지 않습니다. 본 논문에서는 보안 주변기기를 기반으로 한 새로운 ATM 보안 대책을 제안한다. ATM의 보안지급기는 ATM의 보안카드리더에서 안전하게 전송된 출금거래증거를 통해 수신된 지급명령의 진위 여부를 검증한다. 스마트 카드 거래에서는 모든 거래 데이터가 카드 리더기를 통해 흐르므로 카드 리더기는 거래 증거를 캡처할 수 있습니다. PC가 해킹되더라도 보안디스펜서에서는 승인되지 않은 디스펜서 명령을 받아들이지 않습니다. 결과적으로 새로운 보안 조치는 금융 기관의 PC에 대한 보안 관리를 강화하는 부담을 주지 않으면서 ATM에 대한 논리적 공격에 대한 보안을 강화합니다.
Hisao OGATA
Hitachi-Omron Terminal Solutions, Corp.,Yokomaha National University
Tomoyoshi ISHIKAWA
Hitachi-Omron Terminal Solutions, Corp.
Norichika MIYAMOTO
Hitachi-Omron Terminal Solutions, Corp.
Tsutomu MATSUMOTO
Yokomaha National University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Hisao OGATA, Tomoyoshi ISHIKAWA, Norichika MIYAMOTO, Tsutomu MATSUMOTO, "An ATM Security Measure for Smart Card Transactions to Prevent Unauthorized Cash Withdrawal" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 3, pp. 559-567, March 2019, doi: 10.1587/transinf.2018EDP7136.
Abstract: Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDP7136/_p
부
@ARTICLE{e102-d_3_559,
author={Hisao OGATA, Tomoyoshi ISHIKAWA, Norichika MIYAMOTO, Tsutomu MATSUMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={An ATM Security Measure for Smart Card Transactions to Prevent Unauthorized Cash Withdrawal},
year={2019},
volume={E102-D},
number={3},
pages={559-567},
abstract={Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.},
keywords={},
doi={10.1587/transinf.2018EDP7136},
ISSN={1745-1361},
month={March},}
부
TY - JOUR
TI - An ATM Security Measure for Smart Card Transactions to Prevent Unauthorized Cash Withdrawal
T2 - IEICE TRANSACTIONS on Information
SP - 559
EP - 567
AU - Hisao OGATA
AU - Tomoyoshi ISHIKAWA
AU - Norichika MIYAMOTO
AU - Tsutomu MATSUMOTO
PY - 2019
DO - 10.1587/transinf.2018EDP7136
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 3
JA - IEICE TRANSACTIONS on Information
Y1 - March 2019
AB - Recently, criminals frequently utilize logical attacks to install malware in the PC of Automated Teller Machines (ATMs) for the sake of unauthorized cash withdrawal from ATMs. Malware in the PC sends unauthorized cash dispensing commands to the dispenser to withdraw cash without generating a transaction. Existing security measures primarily try to protect information property in the PC so as not to be compromised by malware. Such security measures are not so effective or efficient because the PC contains too many protected items to tightly control them in present ATM operational environments. This paper proposes a new ATM security measure based on secure peripheral devices; the secure dispenser in an ATM verifies the authenticity of a received dispensing command with the withdrawal transaction evidence, which is securely transferred from the secure card reader of an ATM. The card reader can capture the transaction evidence since all transaction data flows through the card reader in a smart card transaction. Even though the PC is compromised, unauthorized dispensing commands are not accepted by the secure dispenser. As a result, the new security measure does not impose heavy burden of tighter security managements for the PCs on financial institutes while achieving stringent security for the logical attacks to ATMs.
ER -