Analysis and countermeasures of security vulnerability on portal sites

Kyoungju Kwak; Kwangwoo Lee; Dongho Won; Seungjoo Kim

doi:10.1145/1968613.1968728

Analysis and countermeasures of security vulnerability on portal sites

Kyoungju Kwak, Kwangwoo Lee, Dongho Won, Seungjoo Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Recently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. Moreover, portal sites are exploited by a cross-site scripting vulnerability in 2010. To solve these problems, each portal site made an effort to eliminate the security vulnerability of the website and to protect personal information such as ID and password. However, portal sites still have the security vulnerabilities against ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack. In this paper, we show the results of our penetration test and present the countermeasures on the ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack.

Original language	English
Title of host publication	Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
DOIs	https://doi.org/10.1145/1968613.1968728
Publication status	Published - 2011
Externally published	Yes
Event	5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011 - Seoul, Korea, Republic of Duration: 2011 Feb 21 → 2011 Feb 23

Publication series

Name	Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011

Other

Other	5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
Country/Territory	Korea, Republic of
City	Seoul
Period	11/2/21 → 11/2/23

Keywords

ARP poisoning attack
Certificate spoofing
Portal site

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems

Access to Document

10.1145/1968613.1968728

Cite this

Kwak, K., Lee, K., Won, D., & Kim, S. (2011). Analysis and countermeasures of security vulnerability on portal sites. In Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011 Article 98 (Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011). https://doi.org/10.1145/1968613.1968728

Analysis and countermeasures of security vulnerability on portal sites. / Kwak, Kyoungju; Lee, Kwangwoo; Won, Dongho et al.
Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011. 2011. 98 (Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kwak, K, Lee, K, Won, D & Kim, S 2011, Analysis and countermeasures of security vulnerability on portal sites. in Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011., 98, Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011, 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011, Seoul, Korea, Republic of, 11/2/21. https://doi.org/10.1145/1968613.1968728

Kwak K, Lee K, Won D, Kim S. Analysis and countermeasures of security vulnerability on portal sites. In Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011. 2011. 98. (Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011). doi: 10.1145/1968613.1968728

@inproceedings{b9a1628253fb4493a2a8cf83d4f14a7d,

title = "Analysis and countermeasures of security vulnerability on portal sites",

abstract = "Recently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. Moreover, portal sites are exploited by a cross-site scripting vulnerability in 2010. To solve these problems, each portal site made an effort to eliminate the security vulnerability of the website and to protect personal information such as ID and password. However, portal sites still have the security vulnerabilities against ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack. In this paper, we show the results of our penetration test and present the countermeasures on the ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack.",

keywords = "ARP poisoning attack, Certificate spoofing, Portal site",

author = "Kyoungju Kwak and Kwangwoo Lee and Dongho Won and Seungjoo Kim",

year = "2011",

doi = "10.1145/1968613.1968728",

language = "English",

isbn = "9781450305716",

series = "Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011",

booktitle = "Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011",

note = "5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011 ; Conference date: 21-02-2011 Through 23-02-2011",

}

TY - GEN

T1 - Analysis and countermeasures of security vulnerability on portal sites

AU - Kwak, Kyoungju

AU - Lee, Kwangwoo

AU - Won, Dongho

AU - Kim, Seungjoo

PY - 2011

Y1 - 2011

N2 - Recently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. Moreover, portal sites are exploited by a cross-site scripting vulnerability in 2010. To solve these problems, each portal site made an effort to eliminate the security vulnerability of the website and to protect personal information such as ID and password. However, portal sites still have the security vulnerabilities against ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack. In this paper, we show the results of our penetration test and present the countermeasures on the ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack.

AB - Recently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. Moreover, portal sites are exploited by a cross-site scripting vulnerability in 2010. To solve these problems, each portal site made an effort to eliminate the security vulnerability of the website and to protect personal information such as ID and password. However, portal sites still have the security vulnerabilities against ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack. In this paper, we show the results of our penetration test and present the countermeasures on the ARP (Address Resolution Protocol) poisoning attack and the certificate spoofing attack.

KW - ARP poisoning attack

KW - Certificate spoofing

KW - Portal site

UR - http://www.scopus.com/inward/record.url?scp=79956008671&partnerID=8YFLogxK

U2 - 10.1145/1968613.1968728

DO - 10.1145/1968613.1968728

M3 - Conference contribution

AN - SCOPUS:79956008671

SN - 9781450305716

T3 - Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011

BT - Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011

T2 - 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011

Y2 - 21 February 2011 through 23 February 2011

ER -

Analysis and countermeasures of security vulnerability on portal sites

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this