On the guessability of resident registration numbers in South Korea

Youngbae Song; Hyoungshick Kim; Jun Ho Huh

doi:10.1007/978-3-319-40253-6_8

On the guessability of resident registration numbers in South Korea

Youngbae Song, Hyoungshick Kim, Jun Ho Huh

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

This paper studies a potential risk of using real name verification systems that are prevalently used in Korean websites. Upon joining a website, users are required to enter their Resident Registration Number (RRN) to identify themselves. We adapt guessing theory techniques to measure RRN security against a trawling attacker attempting to guess victim’s RRN using some personal information (such as name, sex, and location) that are publicly available (e.g., on Facebook). We evaluate the feasibility of performing statistical-guessing attacks using a real-world dataset consisting of 2,326 valid name and RRN pairs collected from several Chinese websites such as Baidu. Our results show that about 4,892.5 trials are needed on average to correctly guess a RRN. Compared to the brute-force attack, our statistical-guessing attack, on average, runs about 6.74 times faster.

Original language	English
Title of host publication	Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings
Editors	Joseph K. Liu, Ron Steinfeld
Publisher	Springer Verlag
Pages	128-138
Number of pages	11
ISBN (Print)	9783319402529
DOIs	https://doi.org/10.1007/978-3-319-40253-6_8
State	Published - 2016
Event	21st Australasian Conference on Information Security and Privacy, ACISP 2016 - Melbourne, Australia Duration: 4 Jul 2016 → 6 Jul 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9722
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st Australasian Conference on Information Security and Privacy, ACISP 2016
Country/Territory	Australia
City	Melbourne
Period	4/07/16 → 6/07/16

Keywords

Brute-force attack
Korean identification system
Resident registration number
Statistical-guessing attack

Access to Document

10.1007/978-3-319-40253-6_8

Cite this

Song, Y., Kim, H., & Huh, J. H. (2016). On the guessability of resident registration numbers in South Korea. In J. K. Liu, & R. Steinfeld (Eds.), Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings (pp. 128-138). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9722). Springer Verlag. https://doi.org/10.1007/978-3-319-40253-6_8

Song, Youngbae ; Kim, Hyoungshick ; Huh, Jun Ho. / On the guessability of resident registration numbers in South Korea. Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings. editor / Joseph K. Liu ; Ron Steinfeld. Springer Verlag, 2016. pp. 128-138 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{688fee97379841b9840c8efc9ab7c1fa,

title = "On the guessability of resident registration numbers in South Korea",

abstract = "This paper studies a potential risk of using real name verification systems that are prevalently used in Korean websites. Upon joining a website, users are required to enter their Resident Registration Number (RRN) to identify themselves. We adapt guessing theory techniques to measure RRN security against a trawling attacker attempting to guess victim{\textquoteright}s RRN using some personal information (such as name, sex, and location) that are publicly available (e.g., on Facebook). We evaluate the feasibility of performing statistical-guessing attacks using a real-world dataset consisting of 2,326 valid name and RRN pairs collected from several Chinese websites such as Baidu. Our results show that about 4,892.5 trials are needed on average to correctly guess a RRN. Compared to the brute-force attack, our statistical-guessing attack, on average, runs about 6.74 times faster.",

keywords = "Brute-force attack, Korean identification system, Resident registration number, Statistical-guessing attack",

author = "Youngbae Song and Hyoungshick Kim and Huh, \{Jun Ho\}",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 21st Australasian Conference on Information Security and Privacy, ACISP 2016 ; Conference date: 04-07-2016 Through 06-07-2016",

year = "2016",

doi = "10.1007/978-3-319-40253-6\_8",

language = "English",

isbn = "9783319402529",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "128--138",

editor = "Liu, \{Joseph K.\} and Ron Steinfeld",

booktitle = "Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings",

}

Song, Y, Kim, H & Huh, JH 2016, On the guessability of resident registration numbers in South Korea. in JK Liu & R Steinfeld (eds), Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9722, Springer Verlag, pp. 128-138, 21st Australasian Conference on Information Security and Privacy, ACISP 2016, Melbourne, Australia, 4/07/16. https://doi.org/10.1007/978-3-319-40253-6_8

On the guessability of resident registration numbers in South Korea. / Song, Youngbae; Kim, Hyoungshick; Huh, Jun Ho.
Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings. ed. / Joseph K. Liu; Ron Steinfeld. Springer Verlag, 2016. p. 128-138 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9722).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the guessability of resident registration numbers in South Korea

AU - Song, Youngbae

AU - Kim, Hyoungshick

AU - Huh, Jun Ho

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2016.

PY - 2016

Y1 - 2016

N2 - This paper studies a potential risk of using real name verification systems that are prevalently used in Korean websites. Upon joining a website, users are required to enter their Resident Registration Number (RRN) to identify themselves. We adapt guessing theory techniques to measure RRN security against a trawling attacker attempting to guess victim’s RRN using some personal information (such as name, sex, and location) that are publicly available (e.g., on Facebook). We evaluate the feasibility of performing statistical-guessing attacks using a real-world dataset consisting of 2,326 valid name and RRN pairs collected from several Chinese websites such as Baidu. Our results show that about 4,892.5 trials are needed on average to correctly guess a RRN. Compared to the brute-force attack, our statistical-guessing attack, on average, runs about 6.74 times faster.

AB - This paper studies a potential risk of using real name verification systems that are prevalently used in Korean websites. Upon joining a website, users are required to enter their Resident Registration Number (RRN) to identify themselves. We adapt guessing theory techniques to measure RRN security against a trawling attacker attempting to guess victim’s RRN using some personal information (such as name, sex, and location) that are publicly available (e.g., on Facebook). We evaluate the feasibility of performing statistical-guessing attacks using a real-world dataset consisting of 2,326 valid name and RRN pairs collected from several Chinese websites such as Baidu. Our results show that about 4,892.5 trials are needed on average to correctly guess a RRN. Compared to the brute-force attack, our statistical-guessing attack, on average, runs about 6.74 times faster.

KW - Brute-force attack

KW - Korean identification system

KW - Resident registration number

KW - Statistical-guessing attack

UR - https://www.scopus.com/pages/publications/84978230492

U2 - 10.1007/978-3-319-40253-6_8

DO - 10.1007/978-3-319-40253-6_8

M3 - Conference contribution

AN - SCOPUS:84978230492

SN - 9783319402529

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 128

EP - 138

BT - Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings

A2 - Liu, Joseph K.

A2 - Steinfeld, Ron

PB - Springer Verlag

T2 - 21st Australasian Conference on Information Security and Privacy, ACISP 2016

Y2 - 4 July 2016 through 6 July 2016

ER -

Song Y, Kim H, Huh JH. On the guessability of resident registration numbers in South Korea. In Liu JK, Steinfeld R, editors, Information Security and Privacy - 21st Australasian Conference, ACISP 2016, Proceedings. Springer Verlag. 2016. p. 128-138. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-40253-6_8

On the guessability of resident registration numbers in South Korea

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this