Authentication and transaction verification using QR codes with a mobile device

User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions

Securing Interactive Sessions Using Mobile Device through Visual Channel and Visual Inspection

Communication channel established from a display to a device's camera is known as visual channel, and it is helpful in securing key exchange protocol. In this paper, we study how visual channel can be exploited by a network terminal and mobile device to jointly verify information in an interactive session, and how such information can be jointly presented in a user-friendly manner, taking into account that the mobile device can only capture and display a small region, and the user may only want to authenticate selective regions-of-interests. Motivated by applications in Kiosk computing and multi-factor authentication, we consider three security models: (1) the mobile device is trusted, (2) at most one of the terminal or the mobile device is dishonest, and (3) both the terminal and device are dishonest but they do not collude or communicate. We give two protocols and investigate them under the abovementioned models. We point out a form of replay attack that renders some other straightforward implementations cumbersome to use. To enhance user-friendliness, we propose a solution using visual cues embedded into the 2D barcodes and incorporate the framework of "augmented reality" for easy verifications through visual inspection. We give a proof-of-concept implementation to show that our scheme is feasible in practice.Comment: 16 pages, 10 figure

Secure Mobile Payment Architecture Enabling Multi-factor Authentication

The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers

Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

E-CHEQUE: Re-Defined Era for Financial Transactions

Cheques are used to transfer money from one party to another, has the potential to capture a massive amount of financial value but on the other hand is a piece of paper which can be tarnished and torn into pieces and is fragile. The main objective is to create a E-Cheque application, where the mentioned issues will be eradicated by simply digitizing the cheque. Using an E-Cheque would raise a handful of security questions but utilizing the help of four security technologies these problems are minimized. The approach for dynamic password generation is to generate a password which would be resistant to a selected cyber security attack and would be a key-helping hand to remember the password. Secondly, with the use of OTP together with Voice Biometrics, where an OTP would be used as the first level of security and voice biometrics as the second level to increase security. To cover the compliance point of view, a comprehensive compliance policy is created hence applied to the application. Finally, QR Code generation which is generated with a E-cheque details received from user, then encrypted to generate the QR code and transferred through a chat socket where digital signature will be mandatory to transfer the QR based E-cheque, and therefore when all components are paired together creating a world security standard E-Cheque application. &nbsp

A Cryptography-Based System for Offline Collection and Verification of Tax Revenue by County Governments in Kenya

In the current setting of county governments in Kenya, efficient tax collection is highly dependent on validation of payment documents. This has led to challenges due to the fact that revenue collection has traditionally employed paper-based collection receipts. The research targets to address the challenges of validation of payment receipts in offline revenue collection systems. It supports automation attempts that have been made through the introduction of electronic mobile point of sale terminals. The solution is based on providing an offline model that supports the distributed nature of payment stations. This approach focuses on using cryptography-based techniques to enable offline validation of receipts even in cases of unreliable network connectivity. The objective is to provide a solution that affords ease of both revenue collections for the county governments and payments for the citizenry while stopping revenue leakages, ensuring reliable verification of payment receipts, thus maximising of revenue collection by providing reliable accounting reports. The research provides a reliable revenue collection system that enables offline receipting and verification of payment receipts in integrated mobile point of sale terminals. The solution presented has successfully been implemented and tested in one of the County Governments in Kenya

QR code based two-factor authentication to verify paper-based documents

Important paper-based documents Exposed to forgery such as: official certificates, birth, marriage, death certificates, selling and buying documents and other legal documents is more and more serious and sophisticated. With the purposes of fraud, appropriation of property, job application and assignment in order to swindle public authorities, this forgery has led to material loss, belief deterioration as well as social instability. There are many techniques has been proposed to overcome this issues such as: ink stamps, live signatures, documented the transaction in third party like the court or notary. In this paper, it’s proposed a feasible solution for forgery prevention for paper-based documents using cloud computing application. With the application of Quick Response bidirectional barcode and the usage of hash algorithm. The study aims at developing an electronic verification system for official and issued books (documents, endorsements, and other official books) to/from different sections of the Institute using QR technology