Development of a secure multi-factor authentication algorithm for mobile money applications

A Thesis Submitted in Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyWith the evolution of industry 4.0, financial technologies have become paramount and mobile money as one of the financial technologies has immensely contributed to improving financial inclusion among the unbanked population. Several mobile money schemes were developed but, they suffered severe authentication security challenges since they implemented two-factor authentication. This study focused on developing a secure multi-factor authentication (MFA) algorithm for mobile money applications. It uses personal identification numbers, one-time passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet encryption were used to secure the authentication factors, confidential financial information and data before transmission to the remote databases. A literature review, survey, evolutionary prototyping model, and heuristic evaluation and usability testing methods were used to identify authentication issues, develop prototypes of native genuine mobile money (G-MoMo) applications, and identify usability issues with the interface designs and ascertain their usability, respectively. The results of the review grouped the threat models into attacks against privacy, authentication, confidentiality, integrity, and availability. The survey identified authentication attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’ security issues. The researcher designed a secure MFA algorithm for mobile money applications and developed three native G-MoMo applications to implement the designed algorithm to prove the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy, and user anonymity, was highly effective against several attacks but had high communication overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the applications’ menu titles, search fields, actions needed for recovery, and help and documentation. Similarly, the usability testing revealed that they were easy to learn, effective, efficient, memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and understandable. Implementing a secure mobile money authentication and authorisation by combining multiple factors which are securely stored helps mobile money subscribers and other stakeholders to have trust in the developed native G-MoMo applications

Heuristic Evaluation and Usability Testing of G-MoMo Applications

Financial technology (FinTech) has swiftly revolutionized mobile money as one of the ways of accessing financial services in developing countries. Numerous mobile money applications were developed to access mobile money services but are hindered by severe authentication security challenges, thus, forcing the researchers to design a secure multi-factor authentication (MFA) algorithm for mobile money applications. Three prototypes of native mobile money applications (G-MoMo applications) were developed to confirm that the algorithm provides high security and is feasible. This study, therefore, aimed to evaluate the usability of the G-MoMo applications using heuristic evaluation and usability testing to identify potential usability issues and provide recommendations for improvement. Heuristic evaluation and usability testing methods were used to evaluate the G-MoMo applications. The heuristic evaluation was carried out by five experts that used the 10 principles proposed by Jakob Nielsen with a five-point severity rating scale to identify the usability problems. While the usability testing was conducted with forty participants selected using a purposive sampling method to validate the usability of the G-MoMo applications by performing tasks and filling out the post-test questionnaire. Data collected were analyzed in RStudio software. Sixty-three usability issues were identified during heuristic evaluation, where 33 were minor and 30 were major. The most violated heuristic items were “help and documentation”, and “user control and freedom”, while the least violated heuristic items were “aesthetic and minimalist design” and “visibility of system status”. The usability testing findings revealed that the G-MoMo applications’ performance proved good in learnability, effectiveness, efficiency, memorability, and errors. It also provided user satisfaction, ease of use, aesthetics, usefulness, integration, and understandability. Therefore, it was highly recommended that the developers of G-MoMo applications fix the identified usability problems to make the applications more reliable and increase overall user satisfaction.info:eu-repo/semantics/publishedVersio

Evaluation of Key Security Issues Associated with Mobile Money Systems in Uganda

This research article published by MDPI, 2020Smartphone technology has improved access to mobile money services (MMS) and successful mobile money deployment has brought massive benefits to the unbanked population in both rural and urban areas of Uganda. Despite its enormous benefits, embracing the usage and acceptance of mobile money has mostly been low due to security issues and challenges associated with the system. As a result, there is a need to carry out a survey to evaluate the key security issues associated with mobile money systems in Uganda. The study employed a descriptive research design, and stratified random sampling technique to group the population. Krejcie and Morgan’s formula was used to determine the sample size for the study. The collection of data was through the administration of structured questionnaires, where 741 were filled by registered mobile money (MM) users, 447 registered MM agents, and 52 mobile network operators’ (MNOs) IT officers of the mobile money service providers (MMSPs) in Uganda. The collected data were analyzed using RStudio software. Statistical techniques like descriptive analysis and Pearson Chi-Square test was used in data analysis and mean (M) > 3.0 and p-value < 0.05 were considered statistically significant. The findings revealed that the key security issues are identity theft, authentication attack, phishing attack, vishing attack, SMiShing attack, personal identification number (PIN) sharing, and agent-driven fraud. Based on these findings, the use of better access controls, customer awareness campaigns, agent training on acceptable practices, strict measures against fraudsters, high-value transaction monitoring by the service providers, developing a comprehensive legal document to run mobile money service, were some of the proposed mitigation measures. This study, therefore, provides a baseline survey to help MNO and the government that would wish to implement secure mobile money systems

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

This research article published by MDPI, 2020The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money

"Midwives are heroes of the country": Qualitative evaluation of a midwifery education program in South Sudan

Background: Countries affected by armed conflict have higher maternal mortality than stable settings. South Sudan has one of the highest maternal mortality ratios in the world, with an estimated 789 maternal deaths per 100,000 live births. Long-term socio-political instability has contributed to significant challenges in its health system. To reduce maternal and newborn morbidity and mortality, South Sudan must increase the number of skilled midwives. Methods: A cross-sectional mixed methods study was conducted in 2022 to assess the midwifery education program at three schools receiving support from International Medical Corps in South Sudan, including in-depth interviews with 15 midwifery school graduates currently working as midwives, their supervisors, 16 school faculty (in dyads), and two Ministry of Health officials; and nine focus group discussions with women clients of graduate midwives. Results: Participants identified strengths of the schools, including being well equipped with trained and competent teaching staff, competency-based curriculum, including practical training which prepared graduate midwives to apply their skills in practice. Weaknesses of the program included its dependence on donor funding, inadequate mentorship and number of tutors, and insufficient practice for some services due to low client load at clinical sites. Additionally, participants identified challenges affecting midwives' ability to provide good quality care, including lack of equipment and supplies, low client load, low salaries, and insecurity due to conflict. Nevertheless, women in the community appreciated the immense work that midwives do. Midwives were respected by the community at large, and graduates expressed pride and satisfaction in their job, as well as the positive impact they have had in providing critical services to communities. Discussion: Overall, the quality of the midwifery education program appears to be strong, however gaps in the program and the provision of quality care remain. The findings highlight the need to ensure sustained funding for midwifery education, as well as health system strengthening to ensure midwives can practice their skills. Continued investment in midwifery education and training is critical to reduce high maternal mortality and morbidity in South Sudan

Towards person-centered quality care for children with life-limiting and life-threatening illness: self-reported symptoms, concerns and priority outcomes from a multi-country qualitative study

Abstract Background: Paediatric life-limiting and life-threatening conditionslife-limiting conditions place significant strain on children, families and health systems. Given high service use among this population, it is essential that care addresses their main symptoms and concerns. Aim: This study aimed to identify the symptoms, concerns, and other outcomes that matter to children with life-limiting conditions and their families in sub-Saharan Africa.Setting and participants: Cross-sectional qualitative study in Kenya, Namibia, South Africa and Uganda. Children/caregivers of children aged 0-17 years with life-limiting conditions were purposively sampled by age, sex, and diagnosis. Children aged 7 and above self-reported; caregiver proxies reported for children below 7 and those aged 7 and above unable to self-report.Results: 120 interviews were conducted with children with life-limiting conditions (n=61 age range 7-17 years), and where self-report was not possible caregivers (n=59) of children (age range 0-17). Conditions included advanced HIV (22%), cancer (19%), heart disease (16%) endocrine, blood and immune disorders (13%), neurological conditions (12%), sickle cell anaemia (10%) and renal disease (8%). Outcomes identified included: physical concerns – pain and symptom distress; psycho-social concerns – family and social relationships, ability to engage with age-appropriate activities (e.g., play, school attendance); existential concerns – worry about death, and loss of ambitions,health care quality– child- and adolescent-friendly services. Priority psycho-social concerns and health service factors varied by age.Conclusion: This study bridges an important knowledge gap regarding symptoms, concerns and outcomes that matter to children living with life-limiting conditions and their families and informs service development and evaluation

Proteolytic Processing of Interleukin-1 Family Cytokines: Variations on a Common Theme

Members of the extended interleukin-1 (IL-1) cytokine family, such as IL-1, IL-18, IL-33, and IL-36, play a pivotal role in the initiation and amplification of immune responses. However, deregulated production and/or activation of these cytokines can lead to the development of multiple inflammatory disorders. IL-1 family members share a broadly similar domain organization and receptor signaling pathways. Another striking similarity between IL-1 family members is the requirement for proteolytic processing in order to unlock their full biological potential. Although much emphasis has been put on the role of caspase-1, another emerging theme is the involvement of neutrophil- and mast cell-derived proteases in IL-1 family cytokine processing. Elucidating the regulation of IL-1 family members by proteolytic processing is of great interest for understanding inflammation and immunity. Here, we review the identity of the proteases involved in the proteolytic processing of IL-1 family cytokines and the therapeutic implications in inflammatory disease

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money

A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

This research article published by MDPI, 2021With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems