This document proposes a location-based authentication system for enhancing e-banking security on smartphones. It reviews how location can be used as an additional authentication factor beyond traditional methods like passwords. The system would authenticate users by checking their GPS location on a timely basis in addition to their credentials. Using location tracking and self-destructing encryption keys that expire makes the system more secure by preventing unauthorized access to banking data and funds from outside approved locations. The goal is to offer banks more secure ways to provide mobile banking services via smartphone applications.
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...CSCJournals
Smartphones are increasingly used to perform mCommerce applications whilst on the move. 50% of all Smartphone owners in the U.S. used their Smartphone for banking transactions in the first quarter of 2011. This is an increase of nearly 100% compared to the year before. Current techniques used to remotely authenticate the client to the service provider in an mCommerce application are based on “static” authentication factors like passwords or tokens. The fact that the client is on the move, whilst using these mCommerce applications is not considered or used to enhance the authentication security. This paper is concerned with including client’s geographical location as an important authentication factor to enhance security of mCommerce applications, especially those requiring robust client authentication. Techniques to integrate location as an authentication factor as well as techniques to generation location-based cryptographic keys are reviewed and discussed. This paper further outlines restrictions of location as an authentication factor and gives recommendations about correct usage of client’s location information for mCommerce application’s authentication on Smartphones.
One time password(OTP) is the
authentication method used in online banking system today.
Hackers are getting better each day at cracking sensitive
information. Once this happened, they can gain access to our
private network and steal our sensitive business information. A
common technology used for the delivery of OTPs is text
messaging.OTP over SMS might not be encrypted by any serviceprovider.
In addition, the cell phones which is used to receive the
SMS also play an important role, in which more than one phone
comes into account. The vulnerable parts of the cell phone
network can be mount to man-in-the-middle attack[13]. To
overcome the difficulties the virtual password concept is
introduced. The virtual password concept involves a small
amount of human computing to secure user’s passwords in online
environments. To provide high security, we enhance the
existing system with virtualization concept [1]. Hacker may guess
our password but he cannot access our account because he
cannot access virtual password. The major hacking threats like
phishing, key-logger, shoulder-surfing attacks, and multiple
attacks cannot affect our schema. In user-specified functions, we
adopted secret little functions in which security is enhanced.
Virtual password is a password that is valid for only one login
session or transaction and after that it becomes obsolete [12]. The
calculation of the virtual password is done at the client side which
reduces the delay of time in receiving OTP via SMS. To make the
client more convenient in calculating the virtual password an
application is used which reduces the work of the client. This
method is more instant than the traditional OTP system used
today.
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability.
A secure communication in smart phones using two factor authenticationseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Using Geographical Location as an Authentication Factor to Enhance mCommerce ...CSCJournals
Smartphones are increasingly used to perform mCommerce applications whilst on the move. 50% of all Smartphone owners in the U.S. used their Smartphone for banking transactions in the first quarter of 2011. This is an increase of nearly 100% compared to the year before. Current techniques used to remotely authenticate the client to the service provider in an mCommerce application are based on “static” authentication factors like passwords or tokens. The fact that the client is on the move, whilst using these mCommerce applications is not considered or used to enhance the authentication security. This paper is concerned with including client’s geographical location as an important authentication factor to enhance security of mCommerce applications, especially those requiring robust client authentication. Techniques to integrate location as an authentication factor as well as techniques to generation location-based cryptographic keys are reviewed and discussed. This paper further outlines restrictions of location as an authentication factor and gives recommendations about correct usage of client’s location information for mCommerce application’s authentication on Smartphones.
One time password(OTP) is the
authentication method used in online banking system today.
Hackers are getting better each day at cracking sensitive
information. Once this happened, they can gain access to our
private network and steal our sensitive business information. A
common technology used for the delivery of OTPs is text
messaging.OTP over SMS might not be encrypted by any serviceprovider.
In addition, the cell phones which is used to receive the
SMS also play an important role, in which more than one phone
comes into account. The vulnerable parts of the cell phone
network can be mount to man-in-the-middle attack[13]. To
overcome the difficulties the virtual password concept is
introduced. The virtual password concept involves a small
amount of human computing to secure user’s passwords in online
environments. To provide high security, we enhance the
existing system with virtualization concept [1]. Hacker may guess
our password but he cannot access our account because he
cannot access virtual password. The major hacking threats like
phishing, key-logger, shoulder-surfing attacks, and multiple
attacks cannot affect our schema. In user-specified functions, we
adopted secret little functions in which security is enhanced.
Virtual password is a password that is valid for only one login
session or transaction and after that it becomes obsolete [12]. The
calculation of the virtual password is done at the client side which
reduces the delay of time in receiving OTP via SMS. To make the
client more convenient in calculating the virtual password an
application is used which reduces the work of the client. This
method is more instant than the traditional OTP system used
today.
The Fact-Finding Security Examination in NFC-enabled Mobile Payment System IJECEIAES
Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability.
A secure communication in smart phones using two factor authenticationseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
It is understood by studies that wireless data services is crucial for users to access locationbased services. As in location-dependent services, the data value for a data item depends on geographical locations. In general, the Location Based Services includes the services to identify the location of a person or object like searching of the nearest Banking, Cash Machine Receiving Alerts, Location Based Advertising etc. With the rapid adoption of mobile devices as a primary interface to network of services, there is a considerable risk with respect to authentication and authorization. To guard against risk, trustworthy authentication and secure communication are essential especially in Location Based Services. The purpose of this study is to identify security risks in mobile transactions specially in location based services like mobile banking. Current mobile banking authentication is challenging and identified as a major security risk. Identify the factors why customer distrusts mobile banking. Furthermore, identifying security issues between mobile devices and mobile banking systems. Finding which approach is more suitable and secure for mobile banking transaction between customer and bank.
This paper analyzes the various authentication systems implemented for enhanced security and private reposition
of an individual’s login credentials. The first part of the paper describes the multi-factor authentication (MFA) systems, which, though not applicable to the field of Internet of Things, provides great security to a user’s credentials. MFA is followed by a brief description of the working mechanism of interaction of third party clients with private resources over the OAuth protocol framework and a study of the delegation based authentication system in IP-based IoT.
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
Secure Code Generation for Multi-level Mutual AuthenticationTELKOMNIKA JOURNAL
Any secured system requires one or more logging policies to make that system safe. Static
passwords alone cannot be furthermore enough for securing systems, even with strong passwords illegal
intrusions occur or it suffers the risk of forgotten. Authentication using many levels (factors) might
complicate the steps when intruders try to reach system resources. Any person to be authorized for
logging-in a secured system must provide some predefined data or present some entities that identify
his/her authority. Predefined information between the client and the system help to get more secure level
of logging-in. In this paper, the user that aims to log-in to a secured system must provide a recognized
RFID card with a mobile number, which is available in the secured systems database, then the secured
system with a simple algorithm generates a One-time Password that is sent via GSM Arduino compatible
shield to the user announcing him/her as an authorized person.
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONIJCNCJournal
This paper is demonstrating to create a system of multifactor authentication based on biometric verification. Our system use iris for the first factor and fingerprint for the second factor. nce an attacker attempts to attack the system, there must have two factors. If one of them is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Furthermore, this system will be implemented to enhance security for accessing control login government system.
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGijcsit
As ATM applications deploy for a banking system, th
e need to secure communications will become critica
l.
However, multicast protocols do not fit the point-t
o-point model of most network security protocols wh
ich
were designed with unicast communications in mind.
In recent years, we have seen the emergence and the
growing of ATMs (Automatic Teller Machines) in bank
ing systems. Many banks are extending their activit
y
and increasing transactions by using ATMs. ATM will
allow them to reach more customers in a cost
effective way and to make their transactions fast a
nd efficient. However, communicating in the network
must satisfy integrity, privacy, confidentiality, a
uthentication and non-repudiation. Many frameworks
have
been implemented to provide security in communicati
on and transactions. In this paper, we analyze ATM
communication protocol and propose a novel framewor
k for ATM systems that allows entities communicate
in a secure way without using a lot of storage. We
describe the architecture and operation of SFAMSS i
n
detail. Our framework is implemented with Java and
the software architecture, and its components are
studied in detailed.
Abstract. The internet revolution has brought significant benefits to humanity. Undeniably, most businesses in both the public and private sectors now provide their services online through the internet. One of the businesses that have embraced the use of the internet to provide services to their customers is the banking sector. Banks obtain competitive advantage and increased productivity through the adoption of online banking. Bank customers enjoy online banking as it provides them with anytime, anywhere banking experience. Away from the benefits is the issue of security of customer transaction data and customer privacy. Many authors have proposed various solutions to address the online banking security problem but while some focus solely on client authentication, others dwell only on security of the data transfer channels. In this paper, we propose a cancellable biometric based authentication protocol which guarantees secure mutual authentication, customer privacy and offer a secure end-to-end transmission of customer transaction data. The protocol in this paper is designed using Biohashing, a biometric template protection technique and dual cryptographic algorithm that combines Advanced Encryption Standard (AES) and Data Encryption Standard algorithms. With these, we realized strong authentication and secure transaction information exchange protocol for online banking.
Keywords: Biohashing, Biocode, online banking, cancelable biometric, strong authentication, transaction data, multifactor authentication.
https://sites.google.com/site/ijcsis/vol-18-no-6-jun-2020
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
It is understood by studies that wireless data services is crucial for users to access locationbased services. As in location-dependent services, the data value for a data item depends on geographical locations. In general, the Location Based Services includes the services to identify the location of a person or object like searching of the nearest Banking, Cash Machine Receiving Alerts, Location Based Advertising etc. With the rapid adoption of mobile devices as a primary interface to network of services, there is a considerable risk with respect to authentication and authorization. To guard against risk, trustworthy authentication and secure communication are essential especially in Location Based Services. The purpose of this study is to identify security risks in mobile transactions specially in location based services like mobile banking. Current mobile banking authentication is challenging and identified as a major security risk. Identify the factors why customer distrusts mobile banking. Furthermore, identifying security issues between mobile devices and mobile banking systems. Finding which approach is more suitable and secure for mobile banking transaction between customer and bank.
This paper analyzes the various authentication systems implemented for enhanced security and private reposition
of an individual’s login credentials. The first part of the paper describes the multi-factor authentication (MFA) systems, which, though not applicable to the field of Internet of Things, provides great security to a user’s credentials. MFA is followed by a brief description of the working mechanism of interaction of third party clients with private resources over the OAuth protocol framework and a study of the delegation based authentication system in IP-based IoT.
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
Secure Code Generation for Multi-level Mutual AuthenticationTELKOMNIKA JOURNAL
Any secured system requires one or more logging policies to make that system safe. Static
passwords alone cannot be furthermore enough for securing systems, even with strong passwords illegal
intrusions occur or it suffers the risk of forgotten. Authentication using many levels (factors) might
complicate the steps when intruders try to reach system resources. Any person to be authorized for
logging-in a secured system must provide some predefined data or present some entities that identify
his/her authority. Predefined information between the client and the system help to get more secure level
of logging-in. In this paper, the user that aims to log-in to a secured system must provide a recognized
RFID card with a mobile number, which is available in the secured systems database, then the secured
system with a simple algorithm generates a One-time Password that is sent via GSM Arduino compatible
shield to the user announcing him/her as an authorized person.
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
AN ENHANCED SECURITY FOR GOVERNMENT BASE ON MULTIFACTOR BIOMETRIC AUTHENTICATIONIJCNCJournal
This paper is demonstrating to create a system of multifactor authentication based on biometric verification. Our system use iris for the first factor and fingerprint for the second factor. nce an attacker attempts to attack the system, there must have two factors. If one of them is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Furthermore, this system will be implemented to enhance security for accessing control login government system.
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGijcsit
As ATM applications deploy for a banking system, th
e need to secure communications will become critica
l.
However, multicast protocols do not fit the point-t
o-point model of most network security protocols wh
ich
were designed with unicast communications in mind.
In recent years, we have seen the emergence and the
growing of ATMs (Automatic Teller Machines) in bank
ing systems. Many banks are extending their activit
y
and increasing transactions by using ATMs. ATM will
allow them to reach more customers in a cost
effective way and to make their transactions fast a
nd efficient. However, communicating in the network
must satisfy integrity, privacy, confidentiality, a
uthentication and non-repudiation. Many frameworks
have
been implemented to provide security in communicati
on and transactions. In this paper, we analyze ATM
communication protocol and propose a novel framewor
k for ATM systems that allows entities communicate
in a secure way without using a lot of storage. We
describe the architecture and operation of SFAMSS i
n
detail. Our framework is implemented with Java and
the software architecture, and its components are
studied in detailed.
Abstract. The internet revolution has brought significant benefits to humanity. Undeniably, most businesses in both the public and private sectors now provide their services online through the internet. One of the businesses that have embraced the use of the internet to provide services to their customers is the banking sector. Banks obtain competitive advantage and increased productivity through the adoption of online banking. Bank customers enjoy online banking as it provides them with anytime, anywhere banking experience. Away from the benefits is the issue of security of customer transaction data and customer privacy. Many authors have proposed various solutions to address the online banking security problem but while some focus solely on client authentication, others dwell only on security of the data transfer channels. In this paper, we propose a cancellable biometric based authentication protocol which guarantees secure mutual authentication, customer privacy and offer a secure end-to-end transmission of customer transaction data. The protocol in this paper is designed using Biohashing, a biometric template protection technique and dual cryptographic algorithm that combines Advanced Encryption Standard (AES) and Data Encryption Standard algorithms. With these, we realized strong authentication and secure transaction information exchange protocol for online banking.
Keywords: Biohashing, Biocode, online banking, cancelable biometric, strong authentication, transaction data, multifactor authentication.
https://sites.google.com/site/ijcsis/vol-18-no-6-jun-2020
En esta presentación se hace una síntesis del perfil biográfico de Jean Piaget en cuanto a su historia de vida de formación académica y desempeño profesional, principales obras y premios y distinciones otorgados.
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
As online transactions become an integral part of our daily lives, the importance of robust online payment security methods cannot be overstated, especially when you want to start your own payment gateway business. Visit us at: https://itio.in/
1. Original Post by Catherine JohnsonCryptographic MethodsCSantosConleyha
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
1. Original Post by Catherine JohnsonCryptographic MethodsCAbbyWhyte974
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
A secure communication in smart phones using two factor authenticationeSAT Journals
Abstract Most secure systems face security attacks mainly at the client side. Two Factor Authentication (TFA) provides improved protection to the system at the client side by prompting to provide something they know and something they have. This system uses a one time password(OTP) generation method which doesn’t require client-server communication, which frees the system from cost of sending a dynamic password each time the client wants to login. The OTP generation uses the factors that are unique to the user and is installed on a smart phone in Android platform owned by the user. An OTP is valid for a minutes time, after which, is useless. The system thus provides better client level security – a simple low cost method which protects system from hacking techniques like key logging, phishing, shoulder surfing, etc. Keywords—Authentication, OTP, key logging, phishing
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
LUIS: A L IGHT W EIGHT U SER I DENTIFICATION S CHEME FOR S MARTPHONES IJCI JOURNAL
Smartphone usage has reached its peak. There has be
en a tremendous growth in the number of people
migrating from PCs to smart phones. Numerous scenar
ios such as loss of a phone, phone theft etc., can
lead to unauthorized use of one’s own smartphone. T
his raises the concern for securing personal and
private data. This project proposes a light weight
two level user identification scheme to recognize a
nd
authenticate the mobile phone based on the device h
olding and usage patterns. To validate the proposed
scheme, an application is created which takes a ges
ture input characterized by time of swiping the scr
een,
finger pressure, phone movements and location of sw
ipe on the screen through X and Y co-ordinate. A
threshold based matching scheme performs classifica
tion to find the true owner. Results show that the
scheme was able to achieve 90% true positives and 1
0% false positives with a 0.5% of battery usage.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
Key Security Measures Behind Digital Payment SystemsITIO Innovex
Today, digital payment systems thanks to white-label payment gateway solutions have become the heartbeat of modern commerce. Visit us at: https://itio.in/services/white-label-payment-gateway
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
Three factor authentication includes all major features in password authentication such as one factor authentication. Using passwords and two factor authentication is not enough to provide the best protection in the digital age significantly. Advances in the field of information technology. Even when one or two feature authentication was used to protect the remote control system, hacking tools, it was a simple computer program to collect private keys, and private generators made it difficult to provide protection. Security threats based on malware, such as key trackers installed, continue to be available to improve security risks. This requires the use of safe and easy to use materials. As a result, Three Level Security is an easy to use software. Soumyashree RK | Goutham S "Three Step Multifactor Authentication Systems for Modern Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49785.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49785/three-step-multifactor-authentication-systems-for-modern-security/soumyashree-rk
An Insight into Essential Eight’s Multi-Factor AuthenticationOnsite Helper
Discover the Essential Eight by Onsite Helper – a comprehensive suite of cybersecurity measures to safeguard your digital assets. From access control to patch management, ensure robust protection against evolving threats.
Visit - https://onsitehelper.com/cost-analysis-for-achieving-essential-eight-compliance/
An Insight into Essential Eight’s Multi-Factor Authentication
13_2
1. Location Based Authentication For E-Banking
Rohit Joshi
Department of Information Technology
MET’s IOE Bhujbal Knowledge City, Nashik, Maharashtra,India
Prince Gupta
Department of Information Technology
MET’s IOE Bhujbal Knowledge City, Nashik, Maharashtra,India
Mahendra Hinde
Department of Information Technology
MET’s IOE Bhujbal Knowledge City, Nashik, Maharashtra,India
Abstract- This paper reviews techniques that use location as an authentication factor, and make recommendations how
location can be used for enhancing the security of banking using smartphone applications which require robust client
authentication, and lastly how a secret key using algorithms will ensure in securing fund transaction. Authentication is
one of the three main processes Authentication, Authorization , Accounting.
Keywords – Dataprivacy,authentication,mobile,authorization,location.
I. INTRODUCTION
The smart phones are becoming a major part in everybody’s daily life. And all kinds of activities, including banking
or financial mCommerce transactions (e.g. online shopping), nowadays are performing online via Smartphone
applications whilst at the move. Approximately 50% of all Smartphone owners in the U.S. are using their
Smartphone for banking transactions during the first quarter of 2011. There is an increase of nearly 100% compared
to the year before now . However, many of the techniques used to authenticate the authorized client towards the
remote authenticator (i.e. the bank is offering a financial services) in these mCommerce applications still based upon
classic (i.e. static) authentication factors like passwords, biometrics, or tokens,etc. The fact is that the client while
on the move, whilst using these mCommerce applications is not considered or used to enhance the authentication
security. Reliable client authentication and the data protection are still major concerns for mCommerce application
providers because a classical authentication factors are open for hackers. As a result, mCommerce application
providers restrict access, on average, to 30% of possible services to their clients via the Smartphone applications.
Any financial institutions engaging in any form of Internet banking using smart phones necessarily have effective
and reliable methods for authenticating customers. An effective authentication system is required for compliance
with requirements for safeguarding customer information, for preventing money laundering and terrorist financing,
and to reduce fraud, for inhibiting identity theft, and promote the legal enforceability of all electronic agreements
and transactions. The risks of doing businesses with unauthorized or incorrectly an identified persons in an Internet
banking environment have result in financial loss and also reputation damage through fraud, disclosure of customers
information, corruption of data, or an unenforceable agreements. There are variety of technologies and methodology
financial institution can use to authenticate customers. This project reviews techniques that use location as authenti-
cation factor, and makes recommendation that how location can be use to enhance the security of a banking using
smart phone application requiring robust client authentication and lastly how secret key using an AES algorithm
ensure securing fund transaction. This shall encourage financial or ecommerce application providers to offer more
services via Smartphone application to their clients.
II. TERMS AND DEFINITION
Authentication is the act conforming the truth of an attribute of a single piece of data or entity. In contrast with iden-
tification which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing’s
identity, authentication is the process of actually conforming that identity of a person by validating their identity
document and verifying the validity of website with a digital certificate, tracing the age of the artifact by carbon dat-
International Journal of Latest Trends in Engineering and Technology (IJLTET)
Vol. 5 Issue 2 March 2015 90 ISSN: 2278-621X
2. ing or ensuring that product is what is packaging and labeling claim to be. In other words, authentication often in-
volve verifying the validity of at last one form of identification
Authorization or authorisation is the function of specifying access rights to resources related to the information
security and computer security in general. More formally, "to authorize" is to define an access policy. For exam-
ple, human resources staff is normally authorize to access employee records and this policy is usually formalized as
an access control rules in the computer system. During the operation, a system uses the access control rules to decide
whether access requests from (authenticated) consumers shall be approved or disapproved . Resources include indi-
vidual files or item's data, computer programs, computer devices and functionality provided by computer applica-
tions. Examples of consumers are computer users, computer programs and other devices on the computer.
The International Mobile Station Equipments Identity or IMEI is a number, usually unique, to iden-
tify 3GPP (i.e., GSM, UMTS and LTE) and iDEN mobile phones, and also some satellite phones. It is an usually
found printed inside the battery compartment of the phones, but can also be displayed on-screen on most of the
phones by entering *#06#on the display, or alongside other system information in the settings menu
on Smartphone operating systems.The IMEI number is use by a GSM network to identify valid devices and there-
fore can be used for stopping a stolen phone from accessing that network. For example, if a mobile phone is stolen,
the owner can call his network provider and instruct them to "blacklist" the phone using its IMEI number. This ren-
ders the phone useless on that network and sometime other networks too, whether or not the phone's SIM is
changed. The IMEI is only used for identifying the device and has no permanent or semi-permanent relation to the
subscriber. Instead, the subscriber is identified by transmission of anIMSI number, which is stored on a SIM
card that can (in theory) be transferred to any handset. However, many network and security features are enabled by
knowing the current device being used by a subscriber.
The Global Positioning System (GPS) is a space-based satellite navigation system that provides location and time
information in an all weather conditions, anywhere on or near to the Earth where there is unobstructed line of sight
to four or more GPS satellites .The system provides critical capabilities to military, civil, and commercial users
which are around the world. The United States government has created the system, which maintains it, and makes it
freely accessible to anyone with the GPS receiver.
In the cryptography, encryption is a process of encoding the messages or information in such a way that only the
authorized parties can read it[1]. Encryption does not of itself prevent the interception, but denies the message con-
tent to interceptor[2]. In encryption scheme, the message or the information, referred to as plaintext, is encrypted
using encryption algorithm, generates cipher text that can only be read if decrypted[3].
For the technical reasons,
encryption scheme usually uses a pseudo-random encryption key generated by the algorithm. It is in principle possi-
ble to decrypt message without possessing the key, but for well-designed encryption scheme, large computational
resources and skill are required. An authorized recipient can easily decrypt the message with a key provided by the
originator to recipients, but not to unauthorized interceptors.
A. LITERATURE SURVEY
B. NEED
Today’s information systems requires an explicit identification between communicating entities (often the entities
are users). Process of entity identification is in general called the authentication. The authentication is defined as
affirmation of an identity of certain object in centralized system. Authentication techniques are commonly classified
into three groups as [4]
o User has something - techniques uses RFID (Radio Frequency Identification Device), hardware keys, etc.;
o User knows something - this group is based on knowledge of the confidential information, for example
password authentication;
o User is someone - biometric techniques that are limited to the human authentication
Nowadays, many projects which discuss using of user’s location as a new factor of authentication. The Location
based authentication can be useful in many cases. The advantages of location-based authentication are present. The
first place of a usage can be found in the hospital sector. A doctor shouldn’t handle with patients’ privacy
information out of the hospital’s border. Another example of location-based authentication we can find in the
financial branch. If the user (account owner) would like to operate on his account, it should prove his location at the
first. If a user is at home or in the bank office, he will get the access. If he is on another position, he won’t get the
access to his bank account. In general, the location-based authentication techniques can be used also for SSO
(Single Sign On) [5], but the techniques proposed in this system principally assumes simply authentication (one
identity per user).
Here in this system, we propose a new location-based authentication technique.Our system provides
high level security by adding GPS location along with the user credentials i.e. username and password whereas other
International Journal of Latest Trends in Engineering and Technology (IJLTET)
Vol. 5 Issue 2 March 2015 91 ISSN: 2278-621X
3. systems only provide user credentials i.e. username and password. Our system checks GPS location on timely basis
to secure data from unauthorized access and it uses self destructing keys, which expires after some time make this
system more secure. Personal data were stored in the private cloud may containing account numbers, passwords,
notes, and also other important information that could be used and misused by any competitor. These data are being
cached, or copied, and archived by the Cloud Service Providers (CSPs), more often without users’ authorization and
control.The Self-destructing data mainly aims to protect the user data’s privacy. All the data and their copies
become destructive or unreadable after any user-specified time, without any user intervention. Morever, the
decryption key is being destructed after the user-specified time. In our system, we present SeDas, a system that
meets our challenge through a novel integration of cryptographic techniques with a active storage techniques based
on T10 OSD standard (i.e. Object-based storage devices standard). According to the statistics, around 80 percent of
the population of India uses cell phones and now a days maximum of them use smart phones . It would be very
handy if people can carry on their thinking being able to perform banking on their cell phone is not sufficient. The
transaction need to be secure our project specifically dealing with securing the online mobile transactions by using
the self destructing key which implies in some time and then thereby providing stronger encryption and further using
location as a major factor for generating the key.
C. EXISTING SYSTEM
Existing system do not provide high level security.They are only providing user credentials i.e. username and
password.Existing systems do not have any GPS location priviledges.They do not secure the data from unauthorized
access, and easily cracked by any hackers.They do not have uses self destructing keys.On the other hand,Our
system provides high level security by adding GPS location along with user credentials, i.e. username and password.
Our system checks GPS location on timely basis to secure the data from unauthorized access, and it uses self
destructing keys, which expires after some time making this system more secure.
II. SYSTEM ARCHITECTURE
Smart phones are increasingly used, to perform the Mobile Banking applications whilst on the move. Current
techniques are used to remotely authenticate the client to the service provider in an Mobile Banking application
which is based on ”static” authentication factors like passwords or tokens. The fact that the client is on the move,
while using these M-Commerce applications is not considered or used for enhancing the authentication security.
This system is concerned with including client’s geographical location, is an important authentication factor to
enhance security of the M-Commerce applications, especially those requiring robust client authentication. Further
more the system secure the Banking Funds transaction online using the Self Destructive Data Crypto system. The
SeDas system mainly uses shamir’s algorithm to provide a strong security for transfer funds online with a self
destruct key mechanism that destroys that key after a specific time interval to avoid misuse of the private data over
the server. Location-based authentication is the new direction for the development of authentication techniques.
Authentication and authorization are two of the most important security features for mobile transaction systems. We
Uses space Time Authentication Technique that uses GPS system for a position determination of the person.
Most commonly, these schemes depend on basic three factors: what you know (secret), what you have (token), and
what you are (biometrics). Here, we use SeDas System with the basis of Shamir’s Algorithm for Secure Fund
Transaction. It describes the architecture of our proposed system protocol including three parts: location registration,
authentication and authorization and location verification etc.
International Journal of Latest Trends in Engineering and Technology (IJLTET)
Vol. 5 Issue 2 March 2015 92 ISSN: 2278-621X
4. Fig 1: Overall architecture of the system.
IV. INTERFACES
A. Hardwaer Interface
Mobile Device:- The external hardware interface will support the mobile devices, such as smart phones. Any devive
that support GPS
External Storages:- The product will support the transparent connections with an external hard drives in order to
support automatic archiving capability.
B. Software Interface
Operating System:- The product will work with mainly Android 2.1 and above.
V. CONCLUSION
The system described in this paper which uses location as an authentication factor will be next step in securing
banking transactions.The next secutiry level can be achieved by using IMEI no as a factor along with the location.
So the online banking is a rapid growing field and the no of internet users are increasing rapidly.Thew number of
attacks on current system is increasing day by day and this system will be helpful in reducing those threats in future.
REFERENCES
[1] Dax, J. "Publikationen." To appear in Distributed User Interfaces: Collaboration and Usability. Springer 2014 (2013).
[2] Kuseler, Torben, and Ihsan Alshahib Lami. "Using geographical location as an authentication factor to enhance mCommerce applications on
smartphones."International Journal of Computer Science and Security (IJCSS) 6.4 (2012): 277-287.
[3] Shamir, Adi. "How to share a secret." Communications of the ACM 22.11 (1979): 612-613.
[4] D. Qiu, “Security Analysis of Geoencryption: A Case Study using Loran”,Proceeding of ION GNSS 2007.
[5] Denning, D. and Macdoran, P., “ Location-based Authentication: Grounding Cyberspace for better Security”, Computer Fraud Security,
1996(2), pp.12-16.
[6] Jansen, W. Korolev, V, “ A Location-Based Mechanism for Mobile Device Security”, in WRI World Congress on Computer Science and
Information Engineering, Los Angeles, California USA, pp. 99-104, 2009. http://csrc.nist.gov/publications/articles/articles_2009.html
[7] D. Denning and P. MacDoran, “ Location-Based Authentication: Grounding Cyperspace for Better Security.” In Computer Fraud and
Security Bulletin, Feb. 1996.
[8] I.G.T. Ferreres, B.R. Alvarez, and A.R. Garnacho, “ Guaranteeing the authenticity of location information.” In IEEE Pervasive Computing,
pp. 72-80, 2008. https://scholar.google.co.in/citations?user=ZyAk4EoAAAAJ&hl=en
[9] G. Yan and S. Olariu, “ An efficient geographic location-based security mechanism for vehicular adhoc networks.” In IEEE 6th International
Conference on Mobile Adhoc and Sensor Systems, MASS’09, 2009, pp. 804-809.
[10] Hsieh, Wen-Bin, and Jenq-Shiou Leu. "Design of a time and location based One-Time Password authentication scheme.". Wireless
Communications and Mobile Computing Conference (IWCMC), 2011 7th International. IEEE, 2011.
International Journal of Latest Trends in Engineering and Technology (IJLTET)
Vol. 5 Issue 2 March 2015 93 ISSN: 2278-621X