부채널 공격에 의한개인금융정보 침해 가능성과법적⋅기술적 대응방안

Due to the frequent leakage of personal financial information, 'side-channel attacks' -invasion of information through analysis of sound, electricity, electromagnetic waves and time difference- is gaining attention. In Korea, there have been discussions regarding this issue since the 1990s and such attacks are prepared for, but problems remain as evolved attack methods continue to arise. This research defines side-channel attacks as cracking of the encryption key of security modules by acquiring, processing and analyzing leaked information. Attacks are categorized as processing-leaked-information-type and acquiring-leaked-information-type, based on how the leaked information is utilized. The latter is subdivided into direct-acquirement-type and medium-acquirement-type, based on whether the information can be acquired directly through the five senses etc. This research focuses on the U.S., Europe and Japan regarding technical and legal countermeasures. Especially about legal measures, the penal remedy under the Criminal Code and special criminal laws are analyzed via the categorization of side-channel attacks used above. Civil wise, the 'Personal Information Protection Act' and the 'Use and Protection of Credit Information Act' are also considered, and the newly-established 'statutory damages' is reviewed. The need for business suspension and punitive damages for personal financial data leakage is also mentioned. Side-channel attacks are hazardous as they can be used in not only finance, but also other fields such as home-network systems, smart-cars and internet of things. As analyzing the concept of side-channel attacks and categorizing them, this research hopes to contribute in reinforcing current countermeasures and establishing a recurrence prevention system to prevent and restrict leakage of personal financial information.