A Novel Authentication Scheme for Online Transactions
September 2014
Pages 483 - 486
Abstract
In this paper, we describe a novel method of approving and finalising financial transactions that would raise the bar for any potential attackers. The proposed scheme is based on the hypothesis that it would be significantly harder for an attacker to compromise two hardware devices or monitor and interfere with two communication channels at the same time. This will allow the users of this method to initiate a transaction on the Internet and then use their mobile phone in order to sanction the transfer of funds to a different account. In contrast to Two-Factor Authentication systems, this scheme does not require the online submission of any information that is received by the user's device but directly interacts through the mobile phone network. For this purpose the user's mobile phone has an additional encryption layer that allows it to communicate securely with the server side and convey the user's consent for a certain transaction. This ensures that the two channels and the authentication factors are kept independent. Therefore, even if the user's computer is compromised an attacker would not be able to set a fraudulent transaction without actually having the user's mobile phone and the unique data that are generated by the device.
References
[1]
Al Fairuz, Mohamed and Renaud, Karen. Multi-channel, Multi-level Authentication for More Secure eBanking. (2010), ISSA.
[2]
Anderson, Ross J. Why Cryptosystems Fail. Communications of the ACM, 37, 11 (1994), 32--40.
[3]
Binsalleeh, Hamad, Ormerod, Thomas, Boukhtouta, Amine, Sinha, Prosenjit, Youssef, Amr, Debbabi, Mourad, and Wang, Lingyu. On the analysis of the zeus botnet crimeware toolkit. In Eighth Annual International Conference on Privacy Security and Trust (PST) (31-38 2010), IEEE.
[4]
CAPGEMINI & ROYAL BANK OF SCOTLAND. World Payments Report. 2013.
[5]
Dhamija, Rachna, Tygar, J. Doug, and Hearst, Marti. Why Phishing Works. In Proceedings of the SIGCHI conference on Human Factors in Computing (2006), ACM, 581--590.
[6]
Dougan, Timothy and Curran, Kevin. Man in the Browser Attacks. International Journal of Ambient Computing and Intelligence (IJACI), 4, 1 (2012), 29--39.
[7]
Florencio, Dinei and Herley, Cormac. A large-scale study of web password habits. In Proceedings of the 16th international conference on World Wide Web (WWW '07) (New York, NY, USA 2007), ACM, 657--666.
[8]
Ives, Blake, Walsh, Kenneth R, and Schneider, Helmut. The domino effect of password reuse. Communications of the ACM, 47, 4 (2004), 75--78.
[9]
M'Raihi, D, Bellare, M, Hoornaert, F, Naccache, D, and Ranen, O. Hotp: An hmac-based one-time password algorithm. The Internet Society, Network Working Group. RFC4226 (2005).
[10]
Meyer, Ulrike and Wetzel, Susanne. A man-in-the-middle attack on UMTS. In Proceedings of the 3rd ACM workshop on Wireless security (2004), ACM, 90--97.
[11]
Nohl, Karsten and Paget, Chris. Gsm: Srsly. (Berlin 2009), 26th Chaos Communication Congress.
[12]
Schneier, Bruce. Two-factor authentication: too little, too late. Communications of the ACM (2005).
Index Terms
- A Novel Authentication Scheme for Online Transactions
Recommendations
A formal construction of certificateless proxy multi-signature scheme
Proxy multi-signature is a scheme that allows a proxy signer to sign messages on behalf of a group of original signers. To our best knowledge, most of the existing proxy multi-signature schemes are proposed in public key infrastructure or identity-based ...
A Two-factor based Remote User Authentication Scheme using ElGamal Cryptosystem
IoTSec'17: Proceedings of the ACM Workshop on Internet of Things (IoT) Security: Issues and InnovationsRemote user authentication is an essential process to provide services securely during accessing on-line applications where its aim is to find out the legitimacy of an user. The traditional password based remote user authentication is quite popular and ...
Cryptanalysis of Zuhua Shao key Authentication Scheme
In public key cryptosystem, the protecting of public keys against intruders is very important. Usually, key authentication schemes are required to preserve public keys. Most of the key authentication schemes require one or more authorities to ...
Comments
Information & Contributors
Information
Published In
September 2014
518 pages
Copyright © 2014 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
In-Cooperation
- SIGSAC: ACM Special Interest Group on Security, Audit, and Control
- MNIT: Malaviya National Institute of Technology
- Aksaray Univ.: Aksaray University
- SICSA: The Scottish Informatics and Computer Science Alliance
- University of Glasgow: University of Glasgow
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 September 2014
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
SIN '14
SIN '14: The 7th International Conference on Security of Information and Networks
September 9 - 11, 2014
Scotland, Glasgow, UK
Acceptance Rates
SIN '14 Paper Acceptance Rate 32 of 109 submissions, 29%;
Overall Acceptance Rate 102 of 289 submissions, 35%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 124Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in