Computing Science Group CS-RR-10-01

Abstract

South Korean Internet banking systems have their own unique way of enforcing security controls. Users are obliged to install security software to access the Internet banking services. Typically, this takes the form of an ActiveX plugin that implements a proprietary security mechanism on the users’ platform. The banks and the software companies claim that this approach provides trusted user platforms and will eventually lead to secure Internet banking. In this paper, we identify inadequacies of these proprietary mechanisms and show why trusted platforms can not be achieved using them. Based on the results of a usability survey, we argue that these mechanisms are being distributed at the cost of usability penalties without offering much improvement to overall security. We also recommend several enhancement strategies based on social engineering and trustworthy computing techniques.