A Secure Multi Factor User Authentication Framework for Electronic Payment System

Hassan, Arif; Shukur, Zarina

doi:10.1109/crc50527.2021.9392564

Cited by 15 publications

(20 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a recent study [25], another approach to protecting electronic payment systems was developed, combining password, fingerprint, and OTP verification. This combined approach was intended to provide more reliable user authentication, consisting of multifactor authentication in three main phases: (1) Registration: with various types of data being required (i.e., the user's biodata, password, and fingerprint), followed by verification of accuracy and storage in the database, (2) Authentication: with the user required to enter a password and biometric fingerprint so that the latter could be checked against the fingerprint stored in the database; if a match was verified, access would be granted, and (3) Transaction: with the user selecting the amount for transfer and being authenticated by scanning their biometric fingerprint.…”

Section: Related Work and Backgroundmentioning

confidence: 99%

Investigation of Using CAPTCHA Keystroke Dynamics to Enhance the Prevention of Phishing Attacks

2022

View full text Add to dashboard Cite

Phishing is a cybercrime that is increasing exponentially day by day. In phishing, a phisher employs social engineering and technology to misdirect victims towards revealing their personal information, which can then be exploited. Despite ongoing research to find effective anti-phishing solutions, phishing remains a serious security problem for Internet users. In this paper, an investigation of using CAPTCHA keystroke dynamics to enhance the prevention of phishing attacks was presented. A controlled laboratory experiment was conducted, with the results indicating the proposed approach as highly effective in protecting online services from phishing attacks. The results showed a 0% false-positive rate and 17.8% false-negative rate. Overall, the proposed solution provided a practical and effective way of preventing phishing attacks.

show abstract

Section: Related Work and Backgroundmentioning

confidence: 99%

Investigation of Using CAPTCHA Keystroke Dynamics to Enhance the Prevention of Phishing Attacks

2022

View full text Add to dashboard Cite

show abstract

“…To provide data parallelism, fault tolerance, and distributed data storage, our solution is built on the Apache Spark framework, which is enhanced with Apache Cassandra, Kafka, and a MySQL database. For the electronic payments, the study of Hassan et al (2021) proposes a multi-authentication method for electronic payments. The multi-factor authentication system suggested here combines password, biometric, and OTP verification for more reliable user authentication.…”

Section: Literature Reviewmentioning

confidence: 99%

A Secure Two-factor Authentication Framework Based on Deep Learning

2022

JRSE

View full text Add to dashboard Cite

Nowadays, many web sites make use of log in capabilities to permit users to get entry to protected information. From old days username and password has been the usual for accomplishing this. The hassle with this is that human beings generally tend to apply vulnerable password and frequently the equal password for more than one domain. Shared passwords between more than one domain, specifically vulnerable passwords, present high security risks, from this an attacker may take advantage of this to have unauthorized control for one or numerous of a user's accounts. This research intends to propose an efficient two-factor authentication for web page. The research presents drawbacks issues of two-factor web authentication based on multimodal biometric authentication.

show abstract

“…RSA 2048 key is the most secure [58][59]. To secure interactions with the webserver, a 2048-bit RSA key and a self-signed SSL certificate are generated to encrypt all the full form (HTTPS) communications [60][61][62]. Figure 18 shows the performance for Zamwallet, and Figure 19 shows the real-time database overview.…”

Section: Experiments On Firebase Databasementioning

confidence: 99%

Device Identity-Based User Authentication on Electronic Payment System for Secure E-Wallet Apps

Hassan

Shukur

2021

Electronics

Self Cite

View full text Add to dashboard Cite

E-wallets are a modern electronic payment system technology that easily recognize consumer interest, making our transactions very convenient and efficient. E-wallets are intended to substitute the existing physical wallet, which may tell others something about us as a person. That is why using a physical wallet is a unique, personal experience that cannot be duplicated. A solution would be to replace the physical wallet with an e-wallet on an existing mobile device. The personal nature of the e-wallet is that it should be installed on a unique device. One of the fundamental protections against any illegal access to e-wallet application is through authentication. In particular, the fundamental authentication category used in an existing e-wallet is based on knowledge (i.e., what you know), ownership (i.e., what you have), and biometric (i.e., what you are) authentication, which are sometimes prone to security threats such as account takeover, sim swapping, app cloning, or know your customer verification attacks. The design of an e-wallet authentication on mobile device solution must take into consideration the intensity of the security. To address this problem, this study proposes a design of e-wallet apps with an extension security element that focuses on the device identity in the existing user authentication mechanism. This study covers four fundamental categories of authentication: password, one time password, fingerprints, and international mobile equipment identifier. Using IMEI limits an e-wallet to be in one specific device in one time; this brings it into line with the nature of a physical wallet. In addition, it will be ready to handle the mentioned threats above, which will ultimately result in the far more reliable to use of e-wallet apps. The proposed authentication design has two phases, a registration phase and an authentication phase. The proposed method has been developed and implemented based on an Android Studio Firebase real-time database management and PayPal. In addition, the complete design has been evaluated using functional requirement testing to see how closely it meets functionality requirements. The results obtained from functional testing show that the functionalities of the proposed method meet the requirements, and one cannot use a same account on two devices; hence, it is secure from attacks. The result also shows that the proposed method has no errors. Moreover, it has been shown that our proposed method has better security parameters in terms of the existing method.

show abstract

A Secure Multi Factor User Authentication Framework for Electronic Payment System

Cited by 15 publications

References 16 publications

Investigation of Using CAPTCHA Keystroke Dynamics to Enhance the Prevention of Phishing Attacks

Investigation of Using CAPTCHA Keystroke Dynamics to Enhance the Prevention of Phishing Attacks

A Secure Two-factor Authentication Framework Based on Deep Learning

Device Identity-Based User Authentication on Electronic Payment System for Secure E-Wallet Apps

Contact Info

Product

Resources

About