A proposal to improve the security of mobile banking applications

2006

Mobile banking is attractive because it is a convenient approach to perform remote banking, but there are security shortfalls in the present mobile banking implementations. This paper discusses some of these security shortfalls, such as security problems with GSM network, SMS/GPRS protocols and security problems with current banks mobile banking solutions. This paper discusses the SMS and GPRS proposed solutions for these problems. The results from these proposed solutions have proven to provide secure and economic communications between the mobile application and the bank servers.The proposed solutions allow the users to bank using secure SMS and GPRS.

International Journal of Interactive Mobile Technologies (iJIM), 2011

Due to the widespread use of computer technologies in almost all aspects of life, organisations that are connected to the Internet started extending their services to their customers to include new applications and services that satisfy their customersâ?? desires to make better businesses. One of these emerging applications is mobile banking. The term mobile banking (or m-banking) describes the banking services that the user can perform via a mobile device ubiquitously at anytime and from anywhere. In order for users to access their accounts, they need a mobile device and network connectivity. Therefore, sitting in front of a computer is not a requirement anymore; accessing accounts can occur while users are waiting their turn at the dentist clinic or relaxing at the beach! This paper explores the opportunities of using mobile technology in the electronic banking (e-banking) sector to enhance existing banking services by moving toward m-banking using mobile devices and wireless medi...

International Journal of Recent Technology and Engineering, 2019

Trust plays a key role in the acceptance of a new payment system and is at the heart of any method of payment. Companies have been using mobile payments for over a decade. Because of the high uncertainty and security issues accompanying mobile payment, developing trust of users is critical to enable their adoption and use. Customers will use mobile payments as long as they have trust in this relatively new mode of payment together with dependence on its services and applications. In this context, recent studies indicate that trust in mobile payment systems (MPS) is not uniform among users despite the fast development of mobile technology and the new modes of payment. The aim of this paper is to provide a number of suggestions to assist developing greater trust in the mobile networks and provide customers with a secure and befitting experience that will influence mobile payment adoption in turn

Journal of Management & Technology [Management …, 2010

As we are now entering in the mobile or wireless era, the key message of this era can be said anytime-anywhere communication and transferring of any information. While this sounds very simple, many technological considerations need to be examined in order to actualize such a message. Integral to enabling anytime-anywhere communication and transmission of data and information is a sound secure system. In this paper I have tried to discuss the issue of such a trust model and outline the key components of security in mobile transactions.

Mobile phone banking and payments continues to not only be a popular way of transacting business but it also seems to evolve rapidly. Despite its popularity however there seem to be some very genuine concerns on the security issues revolving around it, particularly in regard to man in the middle attacks. This paper seeks to propose a secure framework for communication between a mobile device and the back end server for protecting mobile banking applications from man-in-the-middle attacks without introducing further threats to the communication channel. Keywords: Defense-in-depth, Security, man in the middle attack, secure framework, bank server

IFIP International Federation for Information Processing, 2008

User-centric services might enforce requirements difficult to be endorsed by visited networks unless tight coupled trust relations are previously established among providers. Maintaining those fixed trust relations is costly and unmanageable if the number of providers increases. Moreover, it requires providers to use a common security model, credentials, policies,. . . Trust Negotiation can be the solution to this problem since allows to negotiate gradually a security state enabling multiple factor authentication and authorization even for "strangers" by exchanging various credentials. However, there are still two problems to solve, the first one is the delay introduced by the trust negotiation messages if used as bootstrapping in every interaction; the second one is the lack of protocol support. In this article we address those problems by presenting an extension to TLS that enables trust negotiation and credential issuing (to speed-up following interactions) over a secure channel.

International Journal of Computer Applications, 2013

Providing the security services (authenticity, integrity, confidentiality and non-repudiation) all together in mobile banking has remained a problematic issue for both banks and their customers. Both the public key infrastructure (PKI) and the identity-based public key cryptography (IB-PKC) which have been thought to provide solutions to these security services, have their own limitations. While the PKI suffers the scalability and certificate management problems, the identity-based cryptography suffers the key escrow problem. This paper proposes a secure web-based mobile banking scheme using certificateless public key cryptography. Within this scheme, the key generating center(KGC) has an offline connection with a public directory server. Both of the client and the bank's web-server use the identities of each other to obtain the public key of each from the KGC's public directory server. Then, each party computes an authenticated per-session shared secret symmetric key. By using this shared secret key the client can encrypt his username and password to access his banking account and carry out signed banking transactions. As a result, the proposed scheme is secure in the standard model and provides authentication, confidentiality, integrity and nonrepudiation. Moreover, the scheme is secure against known key attack, resilient against unknown key share and key-compromise impersonation, and secure against weak perfect forward secrecy.

2008

The paper describes an architecture for mobile services where the SIM card is integrated for providing basic services related to security, privacy, and trust. The presented work is part of a cooperative research initiative aiming at an open architecture for mobile services. Nowadays, the security of mobile networks is mainly established through the SIM card. It provides an identity and can be used for authentication. Moreover, the SIM includes secure tamper-proof storage capabilities as well as cryptographic modules required for basic functions like signing, and ciphering. Consequently, in our architecture for mobile services, the SIM has also the role of a security token providing basic security related services. The SIM is integrated in the architecture using standard internet protocols. A web server on the card enables the exchange of data with the mobile device through HTTP. Moreover, a servlet architecture on the card allows for the provisioning of SIM services with an interface similar to that of WEB services. An important issue within the open and heterogeneous infrastructures for future mobile services is support for identification, evaluation, and rating of service offers. As an example for a SIM based service, we therefore propose a trust management service. The service is designed following the ideas of a web of trust infrastructure with an on-card key ring and trust value management. It uses digital signing for identification of services as well as for signatures by the user.

ACM Computing Surveys, 2017

A survey was conducted to provide a state of the art of online banking authentication and communications security implementations. Between global regions the applied (single or multifactor) authentication schemes differ greatly, as well as the security of SSL/TLS implementations. Three phases for online banking development are identified. It is predicted that mobile banking will enter a third phase, characterized by the use of standard web technologies to develop mobile banking applications for different platforms. This has the potential to make mobile banking a target for attacks in a similar manner that home banking currently is.

International Journal of Advanced Computer Science and Applications, 2018

Numerous applications are available on the Internet for the exchange of personal information and money. All these applications need to authenticate the users to confirm their legitimacy. Currently, the most commonly employed credentials include static passwords. But people tend to behave carelessly in choosing their passwords to avoid the burden of memorizing complex passwords. Such frail password habits are a severe threat to the various services available online especially electronic banking or e-banking. For eradicating the necessity of creating and managing passwords, a variety of solutions are prevalent, the traditional ones being the usage of One-Time-Password (OTP) that refers to a single session/transaction password. However, the majority of the OTP-based security solutions fail to satisfy the usability or scalability requirements and are quite vulnerable owing to their reliance on multiple communication channels. In this paper, the most reliable and adoptable solution which provides better security in online banking transactions is proposed. This is an initiative to eradicate the dependency on Global System for Mobile communication (GSM) that is the most popular means of sending the One-Time-Passwords to the users availing e-banking facilities.