Secure End-To-End Authentication for Mobile Banking

Singh, Basudeo; Jasmine, K. S.

doi:10.1007/978-3-319-18473-9_22

Cited by 5 publications

(14 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Impersonation attacks: An attacker can assume the identity of a legitimate mobile money user or agent, access the financial details of a registered user, and perform fraudulent transactions. There are 14 authentication protocols [56,[66][67][68][69][70]72,77,81,87,88,102,103,105] to prevent impersonation attacks. The schemes in [81,105] employed fingerprint biometrics.…”

Section: Resultsmentioning

confidence: 99%

“…PINs are widely used for user authentication such as withdrawing cash from mobile money or withdrawing money from an automated teller machine (ATM) [84]. Mtaho [52], Islam [85], Ombiro [86], Singh and Jasmine [87], Fan et al [88], Islam et al [89], and Zadeh and Barati [90] employed authentication schemes using PINs to verify user identity. Using PINs, the schemes in [86,87,90] provided convenience, efficiency, reliability, and security in mobile transactions.…”

mentioning

confidence: 99%

“…Mtaho [52], Islam [85], Ombiro [86], Singh and Jasmine [87], Fan et al [88], Islam et al [89], and Zadeh and Barati [90] employed authentication schemes using PINs to verify user identity. Using PINs, the schemes in [86,87,90] provided convenience, efficiency, reliability, and security in mobile transactions. Moreover, the schemes in [52,85,89] used PINs to achieve better dependability and customer satisfaction.…”

mentioning

confidence: 99%

“…If an adversary succeeds in accessing the OTP, they may not be able to predict the next because of its random generation. The authentication schemes in [71,79,86,87,90,97,98] employed OTP, which is fast, efficient, reliable, and convenient. Furthermore, it is resistant to phishing attacks, identity theft, guessing attacks, brute force attacks, and unauthorised access by attackers.…”

mentioning

confidence: 99%

See 3 more Smart Citations

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

2020

View full text Add to dashboard Cite

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.

show abstract

Section: Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

2020

View full text Add to dashboard Cite

show abstract

“…Selain itu, metode lain yang diajukan untuk meningkatkan keamanan m-banking adalah dengan menerapkan One Time Password (OTP) yang digunakan dalam proses enkripsi dan dekripsi pesan pada proses transaksi pesan antara client dan server. Penerapan metode OTP ini digunakan untuk mencapai pengamanan berbasis end-to-end authentication (Singh & Jasmine, 2015). Pengembangan metode pengamanan komunikasi m-banking juga sudah dilakukan menggunakan kombinasi OTP dan personal biometric.…”

Section: Btsunclassified

Model Pengamanan End-to-End pada M-Banking Berbasis Algoritma Kurva Hyper Elliptic

Wanda¹

2016

JBI

View full text Add to dashboard Cite

Abstract. Currently, banking transactions using mobile banking has grown rapidly. The increasing the number of mobile application users becomes one of the main factors. Several approaches have been developed to improve the transaction security. Problems of message security still requires a solution to achieve computing speed and leverage security level. In this paper, we propose a security algorithms used to improve the mobile banking security with hyperelliptic curve algorithm. It will create a safe and an efficient transactions while message will be sent via public internet. Hyperelliptic curve algorithm will run a processes for authentication and encryption. it will produce fast computation and has good security level. This research produced little computing time on m-banking application while it run on Android. Hyperelliptic curve algorithm use a smaller key to achieve a good security level at m-banking application.Keywords: hyperelliptic curve algorithm, security, mobile banking.Abstrak. Saat ini, transaksi perbankan baik di dalam dan di luar menggunakan Mobile Banking semakin pesat, meningkatnya jumlah pengguna aplikasi mobile menjadi salah satu faktor utamanya. Beberapa pendekatan telah dikembangkan untuk meningkatkan keamanan transaksi pesan selama komunikasi. Masalah yang masih memerlukan solusi adalah kecepatan komputasi dan tingkat keamanan pada algoritma pengamanan yang digunakan. Penelitian ini dilakukan untuk meningkatkan keamanan pesan mobile banking dengan memanfaatkan algoritma kurva hyper elliptic. Hal ini dilakukan untuk mewujudkan transaksi yang aman dan efisien dengan penerapan metode kriptografi pada pesan. Dengan menggunakan algoritma kurva hyper elliptic maka proses autentikasi dan enkripsi pesan bisa dilakukan dengan cepat dan memiliki level keamanan yang tinggi. Penelitian ini menghasilkan waktu komputasi yang cukup cepat pada aplikasi m-banking berbasis Android. Hal ini karena, algoritma kurva hyper elliptic menggunakan panjang kunci yang lebih kecil untuk mencapai level keamanan yang baik pada aplikasi m-banking. Kata Kunci: algoritma kurva hyper elliptic, keamanan, mobile banking.

show abstract