KR101634785B1 - Apparatus and method for preventing MITM attack - Google Patents
Apparatus and method for preventing MITM attack Download PDFInfo
- Publication number
- KR101634785B1 KR101634785B1 KR1020140055316A KR20140055316A KR101634785B1 KR 101634785 B1 KR101634785 B1 KR 101634785B1 KR 1020140055316 A KR1020140055316 A KR 1020140055316A KR 20140055316 A KR20140055316 A KR 20140055316A KR 101634785 B1 KR101634785 B1 KR 101634785B1
- Authority
- KR
- South Korea
- Prior art keywords
- screen
- security
- unit
- client
- server
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
MITM attack prevention device and method are presented. The proposed device is a MITM attack prevention device included in a screen connected to a server through a client. The MITM attack prevention device includes a key storage unit for storing a key shared with a server, a decryption unit for decrypting data inputted through a client based on a key, An encryption unit for encrypting and outputting input data requiring security from the user based on the key, a decryption unit for decrypting the decrypted input data in the decryption unit, And a control unit controlling the screen security display unit to display the result of the decryption and the encryption according to the decryption in the decryption unit, when the decryption in the decryption unit is abnormal.
Description
The present invention relates to an apparatus and method for preventing an MITM attack, and more particularly, to an apparatus and method for effectively preventing a man in the middle attack by extending a client in a server / client model to a screen level .
On-line user authentication technology is essential because personalized services such as online shopping malls, online financial transactions, and electronic complaints are performed on the non-contact Internet.
In order to provide online user authentication securely, a service provider uses various methods of sharing secret information (e.g., a password, a public certificate, a security card, an OTP, a TAN, etc.) with a user, using a cryptographic protocol, and installing a security program.
In other words, the security elements of online user authentication (hereinafter referred to as user authentication) can be roughly divided into three parts. The first part is secret information shared between the service provider and the user (password, authorized certificate, secure card, OTP, etc., hereinafter referred to as "shared secret"), the second part is the encryption protocol, And the like.
The shared secret is used as evidence to authenticate the user, the cryptographic protocol is used to ensure a secure channel between the service provider and the user, and the security program is used to counter the security threats that may occur in the client.
The cryptographic protocol is secure from the attacker unless the cryptographic key is exposed. However, since security programs are designed to provide security services against known malicious code, they can not be expected to be secure against unknown malicious code.
The shared secret is input to the client through an input device such as a keyboard and a mouse, and the encryption key of the encryption protocol is also present in the client. Since malicious code is assumed to be able to acquire all the resources of the client, it is not easy to block all paths of malicious code that can obtain such input values and cryptographic keys.
That is, current user authentication is made on the assumption that the client is secure, but in reality it can not be considered secure because the assumption may not apply.
In the related art, a content providing security for a portion where personal information is displayed on the screen is disclosed in Korean Patent Registration No. 10-1230055. However, Korean Patent No. 10-1230055 is software level screen security.
Other related prior arts include, in setting a secret function such as a secure print job rather than a general function setting in a touch screen operation, permitting only an operation input using an input tool other than a body rather than a finger operation, The disclosure of Korean Patent Application No. 10-2009-0013567 discloses that the possibility of leakage of secret information due to traces is excluded. Korean Patent Publication No. 10-2009-0013567 requires a special input device.
SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above problems of the prior art, and provides an apparatus and method for preventing an MITM attack by extending a client in a server / client model to a screen level so as to respond to an MITM attack occurring at a client level It has its purpose.
In order to achieve the above object, an MITM attack prevention apparatus according to a preferred embodiment of the present invention is an MITM attack prevention apparatus included in a screen connected to a server through a client,
A key storage unit for storing a key shared with the server; A decryption unit for decrypting data input through the client based on the key and outputting the decrypted data on a screen; A screen security display unit for performing screen security on or warning of the screen based on whether or not the decryption is normal in the decryption unit; An encryption unit for encrypting and outputting input data requiring security from a user based on the key; And a screen security ON state in response to the decryption in the decryption unit being normal, causing the decryption unit and the result of encryption to be output respectively, and controlling the screen security display unit in response to the decryption in the decryption unit being abnormal And a control unit for performing display corresponding thereto.
At this time, the key may be provided directly from the server, or may be generated based on secret information.
At this time, the secret information may be any one of a password, a secure card, an authorized certificate, an OTP, and a TAN.
At this time, the secret information may be input by touching the virtual screen on the screen.
At this time, the secret information may be input through a keyboard and a mouse connected to input terminals provided on the screen.
At this time, the secret information may be input through a camera installed on the screen.
In this case, the screen security indicator includes a light emitting element, and the screen security indicator may output green light indicating the screen security on if the decryption in the decryption unit is normal.
In this case, the screen security indicator includes a light emitting element, and the screen security indicator may output a red light when the decryption in the decryption unit is abnormal.
In this case, the screen security pattern storage unit may store a screen security pattern displayed on the screen when the screen security is on.
At this time, the control unit may warn the user through the screen security display unit if the screen security pattern is included in the data from the client.
Meanwhile, the MITM attack prevention method according to a preferred embodiment of the present invention is an MITM attack prevention method in an MITM attack prevention apparatus included in a screen connected to a server through a client,
Receiving data input through the client; Decrypting the data based on a key shared with the server; And performing screen security on or warning of the screen of the screen based on whether or not the decryption is normal in the decrypting step.
The method may further include displaying a previously stored screen security pattern on the screen when the screen security is on.
At this time, if the data from the client includes the screen security pattern, the step of warning may be further included.
According to the present invention having such a configuration, a client in an existing server / client model is extended to a screen (for example, a monitor) level so as to ensure security so that malicious code existing in the client can be accessed .
This ensures the security of encrypted communication between the server and the screen. This is different from the server / client model, where security can be compromised due to malicious code even though the security of the cryptography is high.
1 is a diagram illustrating a server / screen model to which the present invention is applied.
2 is a configuration diagram of an MITM attack prevention apparatus according to an embodiment of the present invention.
3 is a flowchart illustrating an exemplary MITM attack prevention method according to an embodiment of the present invention.
Figs. 4 to 7 are views employed in the description of Fig. 3. Fig.
FIG. 8 is a flowchart illustrating a process of transmitting input from a keyboard received in the screen shown in FIG. 1 to a server.
9 is a flowchart illustrating another example of the MITM attack prevention method according to the embodiment of the present invention.
FIG. 10 is a diagram adopted in the description of FIG.
While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail.
It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the relevant art and are to be interpreted in an ideal or overly formal sense unless explicitly defined in the present application Do not.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In order to facilitate the understanding of the present invention, the same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.
The present invention proposes a server / screen model instead of a server / client model in order to securely authenticate a user on-line even in the case where a malicious code can be installed on a client.
1 is a diagram illustrating a server / screen model to which the present invention is applied.
In order to overcome the vulnerability to a man in the middle attack at the level of the client 20 (e.g., PC), the
The security of the network and the
1, the
Extending the encryption interval to the level of the
Accordingly, when the encryption technology is implemented at the level of the monitor and the keyboard / mouse as the input device, as shown in FIG. 1, it is possible to cope with the MITM attack occurring at the
FIG. 2 is a block diagram of an MITM attack prevention apparatus according to an embodiment of the present invention, which is understood to be an internal configuration diagram of the
The
The receiving
The receiving
On the other hand, the receiving
The encryption
The encryption
The
Here, when decrypting screen data requiring security from the
The
The screen
Even if the malicious attacker creates data similar to the screen data requiring security in the
Meanwhile, the screen
The encrypting
The transmitting
The screen security
The
FIG. 3 is a flowchart illustrating an example of an MITM attack prevention method according to an embodiment of the present invention, and FIGS. 4 to 7 are views employed in the description of FIG.
The
That is, the secret information issued by the
When the secret information is received in this manner, the secret information is sent to the encryption
Of course, if the encryption key already exists in the encryption
Then, the
The
However, even if the
If the decryption is not normally performed ("No" in S16), the
On the contrary, when the decoding is normally performed ("Yes" in S16), the
Then, the
If the
FIG. 8 is a flowchart illustrating a process of transmitting input from a keyboard received in the screen shown in FIG. 1 to a server.
Assume that the
When the user inputs input data requiring security through the keyboard, the receiving
Then, the
Accordingly, the
The encrypted input data is transmitted to the
The above-described S30 to S34 may be regarded as being performed after S22 in Fig. 3 described above. That is, when the screen data requiring security is decrypted and displayed on the
Here, it can be said that the input data is encrypted and transmitted to the
FIG. 9 is a flow chart for explaining another example of the MITM attack prevention method according to the embodiment of the present invention, and FIG. 10 is a diagram adopted in the description of FIG.
First, the
Then, the
If the screen security pattern is included ("Yes" in S42), the
When the malicious code is detected in this manner, the malicious code detection is displayed on the screen 46 (S46). For example, as shown in FIG. 10A, when the screen security is changed from the OFF state to the normal ON state, as shown in FIG. 10B, A screen security pattern in which a green band is formed is output. In this state, when a malicious code is detected, the
That is, the screen security pattern can be generated and displayed only on the
As described above, an optimal embodiment has been disclosed in the drawings and specification. Although specific terms have been employed herein, they are used for purposes of illustration only and are not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.
10: Server 20: Client
30: Screen 41: Receiver
42: encryption key generation unit 43: encryption key storage unit
44: decryption unit 45: screen
46: Screen security display unit 47: Encryption unit
48: Transmission unit 49: Screen security pattern storage unit
50:
Claims (20)
A key storage unit for storing a key shared with the server;
A decryption unit for decrypting data input through the client based on the key and outputting the decrypted data on a screen;
A screen security display unit for performing screen security on or warning of the screen based on whether or not the decryption is normal in the decryption unit;
An encryption unit for encrypting and outputting input data requiring security from a user based on the key;
And the control unit controls the screen security display unit according to the decryption in the decryption unit according to the abnormal state, and outputs the result of encryption to the decryption unit, A control unit for performing a corresponding display; And
And a screen security pattern storage unit for storing a screen security pattern displayed on the screen when the screen security is on,
The key may be provided directly from the server, or may be generated based on secret information,
Wherein the secret information includes any one of a password, a security card, an authentication certificate, an OTP, and a TAN corresponding to information on a key shared with the server,
Wherein the screen combines the screen security pattern with data from the client and outputs the result,
Wherein the controller alerts the user through the screen security indicator if the data from the client includes the screen security pattern.
Wherein the secret information is input by touching a virtual screen on the screen.
Wherein the secret information is input through a keyboard and a mouse connected to input terminals provided on the screen.
Wherein the secret information is input through a camera installed on the screen.
Wherein the screen security indicator comprises a light emitting element,
Wherein the screen security display unit outputs green light indicating that the screen security is on when the decryption in the decryption unit is normal.
Wherein the screen security indicator comprises a light emitting element,
Wherein the screen security display unit outputs a red light when the decoding in the decoding unit is abnormal and warns the MITM attack.
Receiving data input through the client;
Decrypting the data based on a key shared with the server;
Performing screen security on or warning of a screen of the screen based on whether or not the decoding is normal in the decrypting step;
Synthesizing a screen security pattern previously stored in the data from the client when the screen security is on, and displaying the synthesized screen security pattern on the screen; And
And warning if the data from the client already includes the screen security pattern,
The key may be provided directly from the server, or may be generated based on secret information,
Wherein the secret information includes at least one of a password, a secure card, a public certificate, an OTP, and a TAN corresponding to information about a key shared with the server.
Wherein the secret information is input by touching a virtual screen on the screen.
Wherein the secret information is input through a keyboard and a mouse connected to input terminals provided on the screen.
Wherein the secret information is input through a camera installed on the screen.
Wherein the step of turning on screen security or warning of the screen of the screen drives the light emitting element if the decryption is normal, and outputs green light indicating the screen security ON.
Wherein the step of turning on the screen security or warning of the screen of the screen drives the light emitting element when the decoding is abnormal and outputs a red light to warn the user.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140055316A KR101634785B1 (en) | 2014-05-09 | 2014-05-09 | Apparatus and method for preventing MITM attack |
PCT/KR2014/007619 WO2015170801A1 (en) | 2014-05-09 | 2014-08-18 | Apparatus and method for preventing mitm attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140055316A KR101634785B1 (en) | 2014-05-09 | 2014-05-09 | Apparatus and method for preventing MITM attack |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20150128252A KR20150128252A (en) | 2015-11-18 |
KR101634785B1 true KR101634785B1 (en) | 2016-06-29 |
Family
ID=54392640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020140055316A KR101634785B1 (en) | 2014-05-09 | 2014-05-09 | Apparatus and method for preventing MITM attack |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101634785B1 (en) |
WO (1) | WO2015170801A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100284482B1 (en) * | 1998-10-10 | 2001-03-15 | 구자홍 | Data encryption method |
JP2009124311A (en) * | 2007-11-13 | 2009-06-04 | Kddi Corp | Mutual authentication system, mutual authentication method, and program |
JP2009223375A (en) * | 2008-03-13 | 2009-10-01 | Ntt Communications Kk | Malicious web site decision device, malicious web site decision system, method thereof, and program |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101210411B1 (en) * | 2011-02-15 | 2012-12-10 | 동서대학교산학협력단 | Transaction Protection System and Method using Connection of Certificate and OTP Generated by Keystream |
-
2014
- 2014-05-09 KR KR1020140055316A patent/KR101634785B1/en active IP Right Grant
- 2014-08-18 WO PCT/KR2014/007619 patent/WO2015170801A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100284482B1 (en) * | 1998-10-10 | 2001-03-15 | 구자홍 | Data encryption method |
JP2009124311A (en) * | 2007-11-13 | 2009-06-04 | Kddi Corp | Mutual authentication system, mutual authentication method, and program |
JP2009223375A (en) * | 2008-03-13 | 2009-10-01 | Ntt Communications Kk | Malicious web site decision device, malicious web site decision system, method thereof, and program |
Non-Patent Citations (1)
Title |
---|
정보보호학회논문지(제 84면 내지 99면)(2011.12) |
Also Published As
Publication number | Publication date |
---|---|
KR20150128252A (en) | 2015-11-18 |
WO2015170801A1 (en) | 2015-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11856104B2 (en) | Methods for secure credential provisioning | |
JP7257561B2 (en) | computer-implemented method, host computer, computer-readable medium | |
US9838205B2 (en) | Network authentication method for secure electronic transactions | |
CN111756533B (en) | System, method and storage medium for secure password generation | |
KR101878149B1 (en) | Device, system, and method of secure entry and handling of passwords | |
Nyang et al. | Keylogging-resistant visual authentication protocols | |
RU158940U1 (en) | STRICT AUTHENTICATION TOKEN WITH VISUAL OUTPUT OF OPEN KEY INFRASTRUCTURE SIGNATURES (PKI) | |
JP6399382B2 (en) | Authentication system | |
US20130205380A1 (en) | Identity verification | |
US20110202772A1 (en) | Networked computer identity encryption and verification | |
US9674166B2 (en) | Method for securing a request for executing a first application, by a second application | |
KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
US10445510B2 (en) | Data checking apparatus and method using same | |
KR101754519B1 (en) | Keyboard secure system and method for protecting data input via keyboard using one time key | |
KR102308248B1 (en) | Encryption Gateway equipped with quantum encryption chip based a quantum random number and method of providing encryption communication service between IoT device using the same | |
KR101634785B1 (en) | Apparatus and method for preventing MITM attack | |
KR101271464B1 (en) | Method for coding private key in dual certificate system | |
KR102547682B1 (en) | Server for supporting user identification using physically unclonable function based onetime password and operating method thereof | |
US20240005820A1 (en) | Content encryption and in-place decryption using visually encoded ciphertext | |
WO2011060738A1 (en) | Method for confirming data in cpu card | |
Nyang et al. | Decryptable to Your Eyes: Visualization of Security Protocols at the User Interface | |
KR20160099767A (en) | Secure payment method, digital system, and payment system thereof | |
KR20160099766A (en) | Secure payment method, digital system, and payment system thereof | |
KR20140142440A (en) | The security and authentication software by the designated PC and 2 channel system | |
KR20100120835A (en) | Security device and method using security input device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E90F | Notification of reason for final refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |