Secured Authentication for Online banking using Mobile Phones
Active In SP
Joined: Sep 2010
01-01-2011, 02:18 PM
Paper - Template.doc (Size: 307 KB / Downloads: 173)
M.S (SOFTWARE ENGINEERING)
R. Hema Latha
M.S (SOFTWARE ENGINEERING)
Online Banking allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society. The proposed method guarantees that authenticating to services, online banking features is secured.
Ref No: Title Conclusion
1 One Time Password System One-time password systems provide additional protection but their use has been limited by cost and inconvenience.
2 Two Factor Authentication Application The user is simply requested to possess a Bluetooth enabled handheld device to enforce authentication based on weak credentials.
3 Security Token For Unified Authentication Authentication scheme based on One-Time Password (OTP) MIDlet running on a mobile phone for unified authentication towards any type of service on the Internet.
4 Online Authentication Protocol Online authentication is to verify identities through cyber networks.
The client accesses the ATM using a Private Key Security Token, which is sent to client’s mobile through a SMS by the Bank’s authentication servers. The key is generated by implementing SHA256 and Base64 Algorithm using the registers IMSI and IMEI number of client’s mobile. SMS based mechanism makes sure that the key reaches only the registered client.
The client is given a PIN and a Master Key when registered to the Online Banking Services. If in case a client’s mobile is lost, authentication is done using Unique Master Key, else the Private Key Token is used there by making transactions secured and simple without the need of carrying any USB Tokens.
The additional functionality provides the client more security on their transactions. Phishing attack by the hackers is avoided.
Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications. Transactions in online banking differ from general internet shopping transactions. Attacks on online banking deceive the user to steal login data. A weak password is easy to remember, open to potential attacks. It is not secured in many cases and risks are high.
While digital certificates are used against phishing and pharming, attacks lead to an increasing number of phishing websites which duplicates victim’s passwords. The less is the password security relies on human mediation, the more it is secure.
A secured authentication for online banking can be done using two factor authentication techniques. Dynamic Key Token is used for performing the banking operation.
smart paper boy|
Active In SP
Joined: Jun 2011
18-07-2011, 04:03 PM
final report123.doc (Size: 896.5 KB / Downloads: 91)
Today security concerns are on the rise in all areas such as banks, governmental
applications, healthcare industry, military organization, educational institutions, etc.
Member institutions of Online Banking Association rated Security as the most important issue of online banking. New survey finds 31 percent of bank customers avoid online transactions because of security reason. The proposed methodology guarantees authentication to online banking service in a secured manner.
Clients perform transactions on a secure website operated by their bank.Transactions in online banking differ from general internet shopping transactions. Attacks on online banking deceive the user to steal the login data. A weak password is easy to remember, but open to potential attacks. It is not secured in many cases and therefore
risks are high.
While digital certificates are used against phishing and pharming, attacks lead to an increasing number of phishing websites which duplicates victim’s passwords. The less the password security relies on human mediation, the more it is secure. Dynamic Key Token is used for performing the banking operation.
Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.
Online banking solutions have many features and capabilities in common, but traditionally also have some that are application specific.
The common features fall broadly into several categories
• Transactional (e.g., performing a financial transaction such as an account to account transfer, paying a bill, wire transfer, apply for a loan, new account, etc.)
o Payments to third parties, including bill payments and telegraphic/wire transfers
o Funds transfers between a customer's own transactional account and savings accounts
o Investment purchase or sale
o Loan applications and transactions, such as repayments of enrollments
• Non-transactional (e.g., online statements, cheque links, cobrowsing, chat)
o Viewing recent transactions
o Downloading bank statements, for example in PDF format
o Viewing images of paid cheques
• Financial Institution Administration
• Management of multiple users having varying levels of authority
• Transaction approval process
Features commonly unique to Internet banking include
• Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.
Fig 2.2 Security token devices
Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.
• The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token.
• These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
• Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger/Trojan horses can also be used to steal login information.
A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horses permits a remote attacker to modify the destination account number and also the amount.
Active In SP
Joined: Aug 2011
08-08-2011, 02:05 PM
i want more docs on this topic
Joined: Jul 2011
09-08-2011, 09:48 AM
To get more information about the topic "Secured Authentication for Online banking using Mobile Phones " please refer the link below
Active In SP
Joined: Jul 2012
03-07-2012, 01:29 AM
secured authentication for online banking using mobile phones