Survey on 2-Step Security for Authentication in M-Banking

Technologies drive the need in every sector and enterprise needs to understand changing need of customer. Financial sector has also no exception. In order to satisfy financial need for customer banks are taking help of new technology such as internet. It is called as e-banking. But problem remain over e-banking is security. Over the e-banking, the potential use of mobile devices in financial applications such as banking and stock trading has seen a rapid increase. The aim of this work is to provide a secure environment in terms of security for transaction by various ways. In this paper we focus on 2-step security for authentication. For this system we use m-banking. Propose the use of steganography as means to improve the communication channel. Task of enhancing security include construction of formula for both data encryption and for hiding pattern and also provide system based on biometric information. i.e., face recognition. Keywords: decryption, encryption, face recognition, security, steganograph

A novel authentication scheme to increase security for non-repudiation of users

Protection of sensitive information is a growing concern worldwide. Failure to protect sensitive information can lead to loss of clients in the banking sector or threaten national security. Access to sensitive information starts with e-authentication. Most authentication systems are designed for authenticated users only. However, the user is not the only party that needs to be authenticated to ensure the security of transactions on the Internet. Existing one-time password (OTP) mechanism cannot guarantee non-repudiation and fail to guarantee reuse of a stolen device, which is used in authentication.A novel authentication scheme based on OTP is presented in this paper. This paper proposes a secure multi-factor electronic authentication mechanism. This mechanism is intended to authenticate both the user and the mobile device of the user to ensure non-repudiation and protect the integrity of the OTP against adversarial attacks. The proposed mechanism can detect whether the mobile device is in the hands of the rightful owner before the OTP is sent to the user. The system requires each user to have a unique phone number and a unique mobile device (unique International Mobile Equipment Identity (IMEI)), in addition to an ID card number. The proposed system can ensure that the user who misuses the system becomes liable for the act committed. Therefore, the proposed system can be used in e-banking, e-government,and e-commerce systems, among other areas requiring high-security guarantees

S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard

Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take a little bit more interest in mobile banking. The use of the one-time password which is sent to the user mobile phone by short message service (SMS) is a vulnerability which we want to solve with proposing a new scheme called S-Mbank. We replace the authentication using the one-time password with the contactless smart card to prevent attackers to use the unencrypted message which is sent to the user's mobile phone. Moreover, it deals vulnerability of spoofer to send an SMS pretending as a bank's server. The contactless smart card is proposed because of its flexibility and security which easier to bring in our wallet than the common passcode generators. The replacement of SMS-based authentication with contactless smart card removes the vulnerability of unauthorized users to act as a legitimate user to exploit the mobile banking user's account. Besides that, we use public-private key pair and PIN to provide two factors authentication and mutual authentication. We use signcryption scheme to provide the efficiency of the computation. Pair based text authentication is also proposed for the login process as a solution to shoulder-surfing attack. We use Scyther tool to analyze the security of authentication protocol in S-Mbank scheme. From the proposed scheme, we are able to provide more security protection for mobile banking service.Comment: 6 page

A Secure Mobile-based Authentication System

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable.We propose a challengeresponse based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.La informació financera és extremadament sensible. Per tant, la banca electrònica ha de proporcionar un sistema robust per autenticar als seus clients i fer-los accedir a les dades de forma remota. D'altra banda, aquest sistema ha de ser usable, accessible, i portàtil. Es proposa una resposta al desafiament basat en una contrasenya única (OTP), esquema que utilitza la criptografia simètrica en combinació amb un mòdul de maquinari de seguretat. Amés, aquesta solució ofereix mobilitat convenient per als usuaris que volen bancària en línia en qualsevol moment i en qualsevol lloc, no només des dels seus propis equips de confiança.La información financiera es extremadamente sensible. Por lo tanto, la banca electrónica debe proporcionar un sistema robusto para autenticar a sus clientes y hacerles acceder a sus datos de forma remota. Por otra parte, dicho sistema debe ser usable, accesible, y portátil. Se propone una respuesta al desafío basado en una contraseña única (OTP), esquema que utiliza la criptografía simétrica en combinación con un módulo hardware de seguridad hardware. Además, esta solución ofrece una movilidad conveniente para los usuarios que quieren la entidad bancaria en línea en cualquier momento y en cualquier lugar, no sólo des de sus propios equipos de confianza

Design of a secure unified e-payment system in Nigeria: A case study

The automatic teller machine (ATM) is the most widely used e-Payment instrument in Nigeria. It is responsible for about 89% (in volume) of all e-Payment instruments since 2006 to 2008. Some customers have at least two ATM cards depending on the number of accounts operated by them and they represent the active users of the ATM cards. Furthermore, identity theft has been identified as one of the most prominent problems hindering the wider adoption of e-Business, particularly e-Banking, hence the need for a more secure platform of operation. Therefore, in this paper we propose a unified (single) smart card-based ATM card with biometric-based cash dispenser for all banking transactions. This is to reduce the number of ATM cards carried by an individual and the biometric facility is to introduce another level of security in addition to the PIN which is currently being used. A set of questionnaire was designed to evaluate the acceptability of this concept among users and the architecture of the proposed system is presented

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Strengthening e-banking security using keystroke dynamics

This paper investigates keystroke dynamics and its possible use as a tool to prevent or detect fraud in the banking industry. Given that banks are constantly on the lookout for improved methods to address the menace of fraud, the paper sets out to review keystroke dynamics, its advantages, disadvantages and potential for improving the security of e-banking systems. This paper evaluates keystroke dynamics suitability of use for enhancing security in the banking sector. Results from the literature review found that keystroke dynamics can offer impressive accuracy rates for user identification. Low costs of deployment and minimal change to users modus operandi make this technology an attractive investment for banks. The paper goes on to argue that although this behavioural biometric may not be suitable as a primary method of authentication, it can be used as a secondary or tertiary method to complement existing authentication systems