3,306 research outputs found
S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard
Nowadays, mobile banking becomes a popular tool which consumers can conduct
financial transactions such as shopping, monitoring accounts balance,
transferring funds and other payments. Consumers dependency on mobile needs,
make people take a little bit more interest in mobile banking. The use of the
one-time password which is sent to the user mobile phone by short message
service (SMS) is a vulnerability which we want to solve with proposing a new
scheme called S-Mbank. We replace the authentication using the one-time
password with the contactless smart card to prevent attackers to use the
unencrypted message which is sent to the user's mobile phone. Moreover, it
deals vulnerability of spoofer to send an SMS pretending as a bank's server.
The contactless smart card is proposed because of its flexibility and security
which easier to bring in our wallet than the common passcode generators. The
replacement of SMS-based authentication with contactless smart card removes the
vulnerability of unauthorized users to act as a legitimate user to exploit the
mobile banking user's account. Besides that, we use public-private key pair and
PIN to provide two factors authentication and mutual authentication. We use
signcryption scheme to provide the efficiency of the computation. Pair based
text authentication is also proposed for the login process as a solution to
shoulder-surfing attack. We use Scyther tool to analyze the security of
authentication protocol in S-Mbank scheme. From the proposed scheme, we are
able to provide more security protection for mobile banking service.Comment: 6 page
Modelling and simulation of a biometric identity-based cryptography
Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data
We provide formal definitions and efficient secure techniques for
- turning noisy information into keys usable for any cryptographic
application, and, in particular,
- reliably and securely authenticating biometric data.
Our techniques apply not just to biometric information, but to any keying
material that, unlike traditional cryptographic keys, is (1) not reproducible
precisely and (2) not distributed uniformly. We propose two primitives: a
"fuzzy extractor" reliably extracts nearly uniform randomness R from its input;
the extraction is error-tolerant in the sense that R will be the same even if
the input changes, as long as it remains reasonably close to the original.
Thus, R can be used as a key in a cryptographic application. A "secure sketch"
produces public information about its input w that does not reveal w, and yet
allows exact recovery of w given another value that is close to w. Thus, it can
be used to reliably reproduce error-prone biometric inputs without incurring
the security risk inherent in storing them.
We define the primitives to be both formally secure and versatile,
generalizing much prior work. In addition, we provide nearly optimal
constructions of both primitives for various measures of ``closeness'' of input
data, such as Hamming distance, edit distance, and set difference.Comment: 47 pp., 3 figures. Prelim. version in Eurocrypt 2004, Springer LNCS
3027, pp. 523-540. Differences from version 3: minor edits for grammar,
clarity, and typo
- …