An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems

نویسندگان

  • Mohammed Al Zomai
  • Bander AlFayyadh
  • Audun Jøsang
  • Adrian McCullagh
چکیده

Security for online banking has changed considerably during the relatively short period that online banking has been in use. In particular, authentication and identity management in the early implementations were, and sometimes still are, vulnerable to various attacks such as phishing. Current state-of-the art solutions include methods for re-authenticating users via out-of-band channels for each transaction. This paper describes a security investigation of this type of solution. The investigation concludes that it protects against certain attacks while still being vulnerable to other obvious attacks. In the near future, it is expected that the remaining vulnerabilities will be exploited as the attackers get more sophisticated. Possible ways of protecting against these future attacks are outlined.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Exprimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems

Security for online banking has changed considerably during the relatively short period that online banking has been in use. In particular, authentication and identity management in the early implementations were, and sometimes still are, vulnerable to various attacks such as phishing. Current state-of-the art solutions include methods for re-authenticating users via out-of-band channels for ea...

متن کامل

Access control in ultra-large-scale systems using a data-centric middleware

  The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...

متن کامل

A hybrid approach for database intrusion detection at transaction and inter-transaction levels

Nowadays, information plays an important role in organizations. Sensitive information is often stored in databases. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. Therefore, the existence of Intrusion Detection Systems in databases is necessary. In this paper, we propose an intrusion detection system for detecting attacks...

متن کامل

Online Banking with NFC-Enabled Bank Card and NFC-Enabled Smartphone

Banks want to use their genuine strong credential for online banking transaction authorization the debit card. Customers nowadays are usually equipped with a Smartphone and prefer to not carry a card reader in addition. Methods where developed that use the Smartphone to authorize online banking transactions. These methods are vulnerable to Smartphone malware. We present NFC-TAN as a Smartphone ...

متن کامل

Computing Science Group CS-RR-10-01

South Korean Internet banking systems have a unique way of enforcing security controls. Users are obliged to install proprietary security software – typically an ActiveX plugin that implements a bundle of protection mechanisms in the user’s browser. The banks and their software suppliers claim that this provides trustworthy user platforms. One side-effect is that almost everyone in Korea uses I...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008