A Secure Mobile-based Authentication System

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable.We propose a challengeresponse based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.La informació financera és extremadament sensible. Per tant, la banca electrònica ha de proporcionar un sistema robust per autenticar als seus clients i fer-los accedir a les dades de forma remota. D'altra banda, aquest sistema ha de ser usable, accessible, i portàtil. Es proposa una resposta al desafiament basat en una contrasenya única (OTP), esquema que utilitza la criptografia simètrica en combinació amb un mòdul de maquinari de seguretat. Amés, aquesta solució ofereix mobilitat convenient per als usuaris que volen bancària en línia en qualsevol moment i en qualsevol lloc, no només des dels seus propis equips de confiança.La información financiera es extremadamente sensible. Por lo tanto, la banca electrónica debe proporcionar un sistema robusto para autenticar a sus clientes y hacerles acceder a sus datos de forma remota. Por otra parte, dicho sistema debe ser usable, accesible, y portátil. Se propone una respuesta al desafío basado en una contraseña única (OTP), esquema que utiliza la criptografía simétrica en combinación con un módulo hardware de seguridad hardware. Además, esta solución ofrece una movilidad conveniente para los usuarios que quieren la entidad bancaria en línea en cualquier momento y en cualquier lugar, no sólo des de sus propios equipos de confianza

Learning the lessons from the developed world: e-banking security in Nigeria

In the past decade banks invested heavily in internet technology so as to engage in e-business and e-commerce activities. However, this development exposed banks to threats, such as online fraud. Consequently, there was a need to adopt security measures and controls to mitigate such threats. Banks in developed countries have developed a level of ‘best practice’ to reduce such online threats. The objective of this study was to explore the extent to which banks in the developing world were benefitting from the experiences of banks in the developed world in terms of how they address online security threats. Case studies of two Nigerian Banks were undertaken using interviews and short questionnaire. The findings show respondents perceived the level of threats to e-banking in Nigeria to be low. When adopting e-banking security controls, the case study banks placed more emphasis on the technical dimension than the human dimension. Senior management commitment is a significant barrier to adopting best practice, which is highlighted in limited financial resources being provided for new investment in training or customer education. The study concludes that senior managers need to change their perceptions and priorities towards IT security to reduce the vulnerability of their e-banking services

Online authentication methods used in banks and attacks against these methods

© 2019 The Authors. Published by Elsevier B.V. Growing threats and attacks to online banking security (e.g. phishing, identity theft) motivates most banks to look for and use stronger authentication methods instead of using a normal username and password authentication. The main objective of the research is to identify the most common online authentication methods used widely in international banks and compare it with the methods used in six banks operating in UAE. In addition, this research will cover the current authentication threats and attacks against these methods. Two well-defined comparison matrices [15], one based on characteristics and second one on attack vectors, will be used to examine and assess the authentication methods of those six banks. This paper is different than other studies and works since it will help to identify the common authentication methods used in banks operating in UAE. Moreover, the comparison matrices will help to examine those authentication methods, define their weaknesses, and evaluate them

Conceptualizing Security Measures on Mobile Learning for Malaysian Higher Education Institutions

AbstractThe paper examines the existing researchers view on security measures on mobile learning. In general, it discovers related measure on security which includes reliability, trust, privacy and security itself. Each measure is widely used as determinants in previous studies and its range in some environments and perspectives. Reliability and security determinants are widely adapted to measure in terms of the infrastructure of mobile learning environment, while trust and privacy mostly measure behaviours and perceptions from the user or human towards mobile learning. Furthermore, the study will also investigate the infrastructure and components of mobile learning itself in order to determine the security vulnerabilities that may involve in the mobile learning environment. Other security features that are discussed at glance include the key distribution and management, information confidentiality and privacy, secure routing, intrusion detection, data integrity, entity authentication and secure data aggregation. However, at the end of this study, mapping on the relevent security measures with each component of mobile learning will be formulated for further study

Optimizing Anti-Phishing Solutions Based on User Awareness, Education and the Use of the Latest Web Security Solutions

Phishing has grown significantly in volume over the time, becoming the most usual web threat today. The present economic crisis is an added argument for the great increase in number of attempts to cheat internet users, both businesses and private ones. The present research is aimed at helping the IT environment get a more precise view over the phishing attacks in Romania; in order to achieve this goal we have designed an application able to retrieve and interpret phishing related data from five other trusted web sources and compile them into a meaningful and more targeted report. As a conclusion, besides making available regular reports, we underline the need for a higher degree of awareness related to this issue.Security, Phishing, Ev-SSL, Security Solutions