Bringing strong authentication and transaction security to the realm of mobile devices
作者: D. A. Ortiz-Yepes , R. J. Hermann , H. Steinauer , P. Buhler
关键词: Computer security 、 Strong authentication 、 Mobile computing 、 Usability 、 Malware 、 Interface (computing) 、 Technical feasibility 、 Computer science 、 Personal computer 、 Mobile device
摘要: Widespread usage of mobile devices in conjunction with malicious software attacks calls for the development mobile-device-oriented mechanisms aiming to provide strong authentication and transaction security. This paper considers eBanking application scenario argues that concept using a trusted companion device can be ported realm. Trusted involve established proven techniques PC (personal computer) environment secure transactions. Various options communication between are discussed evaluated terms technical feasibility, usability, cost. Accordingly, audio across 3.5-mm jack--also known as tip-ring-ring-sleeve, or TRRS connector,--is determined quite appropriate. We present proof-of-concept implementing binary frequency shift keying this interface. Results from field study performed further confirm feasibility proposed solution.
ru.nl
sci-hub.se 参考文章(10)
Diego A. Ortiz-Yepes, Enhancing Authentication in eBanking with NFC-Enabled Mobile Phones. Ercim News. ,vol. 2009, ,(2009)
Robert C. Miller, David D. Clark, Simson L. Garfinkel, Design principles and patterns for computer systems that are simultaneously secure and usable Massachusetts Institute of Technology. ,(2005)
Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Höring, Peter Buhler, Michael Baentsch, The Zurich Trusted Information Channel --- An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks trust and trustworthy computing. pp. 75- 91 ,(2008) , 10.1007/978-3-540-68979-9_6
Lorrie Faith Cranor, Simson Garfinkel, None, Security and Usability: Designing Secure Systems that People Can Use ,(2005)
Shujun Li, Ahmad-Reza Sadeghi, Sören Heisrath, Roland Schmitz, Junaid Jameel Ahmad, hPIN/hTAN: a lightweight and low-cost e-banking solution against untrusted computers financial cryptography. pp. 235- 249 ,(2011) , 10.1007/978-3-642-27576-0_19
Nattakant Utakrit, Review of Browser Extensions, a Man-in-the-Browser Phishing Techniques Targeting Bank Customers ,(2009) , 10.4225/75/57B4164330DF2
Bruce Schneier, Two-factor authentication: too little, too late Communications of The ACM. ,vol. 48, pp. 136- ,(2005) , 10.1145/1053291.1053327
N. Leavitt, Mobile phones: the next frontier for hackers? IEEE Computer. ,vol. 38, pp. 20- 23 ,(2005) , 10.1109/MC.2005.134
Guenther Starnberger, Lorenz Froihofer, Karl M. Goeschka, QR-TAN: Secure Mobile Transaction Authentication availability, reliability and security. pp. 578- 583 ,(2009) , 10.1109/ARES.2009.96
Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, David Wagner, A survey of mobile malware in the wild Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 3- 14 ,(2011) , 10.1145/2046614.2046618