Analysis of Two Token-Based Authentication Schemes for Mobile Banking
作者: Prasad Naldurg , Raghav Bhaskar , Saurabh Panjwani
DOI:
关键词: Network Access Control 、 Mobile computing 、 Business 、 Service provider 、 Security token 、 Mobile banking 、 Authentication 、 SMS banking 、 Security analysis 、 Computer security 、 Computer network
摘要: We analyze two token-based authentication schemes, designed for authenticating users in banking systems implemented over mobile networks. The first scheme is currently deployed India by a service provider named Eko with reach of 50,000 customers. second was proposed recently [SOUPS2010] (in joint effort Eko) to fix weaknesses the system, and being considered deployment. Both rely on PINs printed codebooks (which are unique per user) authentication. In this paper, we present detailed security analysis schemes. show that EKO’s current susceptible PIN recovery attacks class impersonation wherein attacker compromises users’ codebooks. new scheme, other hand, secure against both these attack possibilities. also schemes where not compromised. Variants improved proposed.
参考文章(6)
Ignacio Mas, Gautam Ivatury, The early experience with branchless banking Social Science Research Network. pp. 1- 16 ,(2008)
Saurabh Panjwani, Edward Cutrell, Usably secure, low-cost authentication for mobile banking symposium on usable privacy and security. pp. 4- ,(2010) , 10.1145/1837110.1837116
Michael Paik, Stragglers of the herd get eaten: security concerns for GSM mobile banking applications workshop on mobile computing systems and applications. pp. 54- 59 ,(2010) , 10.1145/1734583.1734597
Dan Boneh, Ben Lynn, Hovav Shacham, Short Signatures from the Weil Pairing Journal of Cryptology. ,vol. 17, pp. 297- 319 ,(2004) , 10.1007/S00145-004-0314-9
Nathan Keller, Orr Dunkelman, Adi Shamir, A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony. IACR Cryptology ePrint Archive. ,vol. 2010, pp. 13- ,(2010)
Elizabeth Belding, Veljko Pejovic, Mahesh Marina, Proceedings ACM SOSP 2009 Workshop on Networked Systems for Developing Regions (NSDR '09) ,(2009)