Empirical analysis of internet identity misuse: case study of south Korean real name system

Authors:
Yunsang Oh;Takashi Obi;Joong Sun Lee;Hiroyuki Suzuki;Nagaaki Ohyama
Affiliations:
Tokyo Institute of Technology, Yokohama, Japan;Tokyo Institute of Technology, Yokohama, Japan;Tokyo Institute of Technology, Yokohama, Japan;Tokyo Institute of Technology, Yokohama, Japan;Tokyo Institute of Technology, Yokohama, Japan
Venue:
Proceedings of the 6th ACM workshop on Digital identity management
Year:
2010

Citing 3
Cited 0

Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Social phishing

Communications of the ACM
Modeling and preventing phishing attacks

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Some governments like South Korea require the submission of a valid national identification number in order for users to register an account in Web services. Unfortunately, this validation system can cause a big privacy threat. Recently in South Korea, identifiers of about 2/5 Korean population were leaked by some hacking accidents. In order to lower the chances of forgery and privacy invasion using exposed information, Korean government introduced an alternative identifier system. However, we are concerned that neither old nor new identifer systems are safe against a phishing attack. In this paper, we empirically analyze the vulnerability of the alternative system. We conducted a real phishing attack experiment to complete our analysis.