A Provably Secure Android-Based Mobile Banking Protocol
Hisham Ganzoury2017, International Journal of Security and Its Applications
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
The rising vogue of smart phones and tablets has led users to complete their daily works (such as M-Banking) with these devices. Therefore, mobile banking needs to become more proper, reliable, effective; and secure. Security is the most crucial requirement in mobile banking, since all the communications are via unsecure networks such as the Internet. Providing main security services; Confidentiality, Integrity, and Authentication (CIA) between any two communicating parties must be ensured and guaranteed. Many vulnerabilities may make Users' confidential information vulnerable to risks. These vulnerabilities can take different shapes, such as fixed values-based security techniques, one factor authentication, separate hard token-based authentication, hardware thievery, and Android OS based attacks. This paper proposes a new secure scheme for mobile banking applications to overcome these risks. Then, the proposed scheme is analyzed, and compared to the most powered approaches. Finally, performance key identifiers are assessed and validated.
Related papers
A SECURED MOBILE PAYMENT TRANSACTION PROTOCOL FOR ANDROID SYSTEMS
The smart-phone industry has witnessed tremendous growth in recent history simply because of the emergence of the android operating system. It is now easier to make payments on our mobile phones but one major hindrance lies in transaction security. The objective of this paper is to develop a secure transaction protocol for an android based mobile payment system using quick response code technology and a hybrid cryptographic scheme. To achieve a better security in the system, we implemented symmetric, asymmetric cryptography alongside hashing and message authentication codes simultaneously in the system protocol. The results obtained depict a secure mobile payment system which makes use of dual authentication mechanism by two distinct entities
A Secure and Robust Cloud-based Prototype for Online Transaction using Android Mobile Devices
The current scenario of mobile application based payment processes requires web or mobile channel which can be applicable for authenticating the identity of a remote user. Most of the current activities such as online banking, online shopping, etc. are configured with mobile devices. Since the applicability of m-commerce included various financial transactions along with personal details sharing, therefore, the vulnerability of performing attacks and threats by users have increased. The current research trend highlights that multi-factorial authentication techniques can be reinstalled on other devices, for overcoming this situation. This study introduces an android application based multi-level security model which is very lightweight, user-friendly, and distributed application to overcome the security issues in m-commerce platforms. Each module is made up of several supportive modules performing various operations and contributing to the performance enhancement of the proposed system. The performance evaluation of the proposed system ensures cost effectiveness regarding resource allocation and highly secure environment for online transactions using a trusted third party.
Secure Scheme For User Authentication And Authorization In Android Environment
Providing ultimate security in sensitive transaction and communication of online premium application is still a question mark of standardization in the area of networking and security. It has been seen that currently majority of the authentication and authorization techniques are usually designed on the top of One Time Password on user trusted hand held device. However, due to various lethal threats on mobile security systems, it can be said that existing security is not sufficient. Keeping in viewpoint of security on effective authentication and authorization, this paper proposes a technique that exponentially minimizes the operational cost by using secure hash algorithms that has the potential to generate mobile-based One Time Passwords (OTPs) scheme on Android environment ensuring enhanced protection with respect to password security. Experimented on java platform, the implementation techniques discussed in the paper are found to be very robust
Digital Authentication Methodologies for Mobile Devices
international journal of engineering trends and technology, 2021
In the android mobile ecosphere, data loss and financial loss are the two potential threats facing the current epoch. Both threats have multiple subdivisions and impacts many of the mobile users and organizations. Many users are passionate and thrilled to use various new features introduced by various mobile companies and applications. Without properly evaluating the security capabilities and vulnerabilities, many of them use the various extensive features available in the system. By default, all the devices and applications have different levels of built-in security features, but many of them do not utilize this appropriately or are not aware of these in the right sense. This study has attempted to list the various secured authentication features available in different layers and the type of protection that enables these features. Here, the analyses chart security features in hierarchical order starting from device-level security and then moves on to the application level security and finally fragments itself into an activity or transaction level of security features.
OSAP: Online Smartphone’s User Authentication Protocol
2017
Internet services have become an essential part of our daily activities. Due to rapid technical progress mobile web browsing has become a reality now. User authentication is a vital component in most systems that need to assure security of services and data. A weak authentication mechanism enables hackers to steal user information or bypass authentication. In some services, such as online banking, strong authentication is needed to protect the service provider as well as the users of the services. In this research paper, a user authentication scheme for mobile devices has been proposed for Smartphone applications. The results clearly indicate that the proposed authentication scheme provide protection from attacks such as man-in-the-middle attack, shoulder surfing attack, dictionary attack, spoofing and manipulation. It also overcomes the drawbacks of internet banking authentication system and WhatsApp such as PIN eavesdropping and time synchronization. Also it authenticates the user...
TOWARDS IMPROVING SECURITY FOR MOBILE BANKING IN SRI LANKA
In mobile banking schemes, financial services are available. Bankingservices are provided using mobile devices. Mobile phones are used for data used in carrying out mobile transactions via mobile applications. This paper describes the security check processfor improving the authentication of mobile applications for mobile banking in a bank in Srilanka. The mobile banking in a bank in Sri Lankawill be used as case study. The application includes security features to enhance data protection across mobile networks. Features for data encryption, integrity, secure entry of security details on the phone and improved security policies in the application server are incorporated. Issuesof data confidentiality, user authentication, and message integrity in order to provide end-to-end security of data carried on mobile networks is ensured. In particular, this project specifies theinclusion of a biometric component in the security authentication process in mobile banking in Srilanka. This is in a bit to improve the security platform. The paper only presents the general architecture of the proposedmobile app model, which includes the biometric security component, towards subsequent implementation.
Mobix:A Software Proposal Based Authentication Service for Mobile Devices
—In this paper, MobiX technology provides security for online services using mobile devices with a wide range of customers including governments, military, business enterprises, and scientific organization, and individuals have been proposed. MobiX is a software security solution technology to enhance the networked mobile device trustworthiness, application integrity, preventing users from malware attacks. MobiX provides two authentication layers and two additional security layers in addition to the conventional username-password for mobile devices in a unique system design. MobiX is fully implemented by software; therefore, it can be quickly deployed into different legacy mobile devices. More importantly, the novel device authenticity is based on the one-way a keyless cryptographic hash function and on the Generalized Concatenated Code Physically Unclonable Function (GCCPUF) to effectively protect the users from different attack vectors such as insiders, spoofing attack, or identity theft attacks. On the other hand, the app authenticity prevents malware and app-tempering cybersecurity attacks via an efficient and secure remote attestation protocol. The comprehensive protection architecture of MobiX would enable M-commerce with superior security capabilities compared with the existing solutions.
A Survey of Android Mobile Phone Authentication Schemes
Mobile Networks and Applications, 2018
The Android operating system is the most popular mobile operating system resulting in a great number of applications being developed for the platform. This makes them vulnerable to security threats such as social engineering, shoulder surfing and Malware. Therefore, Android devices require a secure authentication scheme in order to control access to the device. This paper briefly discusses the mobile security threats, the authentication protocols and Android Security. Then the paper presents an analysis of some of the authentication schemes that are used in mobile devices and some of the threats and technical issues faced. Authentication schemes discussed include password/pin, pattern based authentication, fingerprint recognition, facial recognition, vocal recognition and iris based authentication. In discussing the various authentication methods, it was observed that while biometric based authentication schemes offered the greatest level of security, there was always a trade-off between computational complexity and ease of use/implementation/cost that ensured that more traditional authentication schemes, while not as secure as biometric schemes, are still widely used in mobile devices.
Effective Authentication Mechanisms for Mobile Devices :Smartcard(SMCA,BSCA)
2011
This is an era of mobile communications and computing where mobiles are being used in place of traditional computers. Mobile devices are small, handy devices that can be carried around by the user very easily. A user holding the mobile device will have access to the information even at the places where no internet terminal is available. Due to this reason, they are heavily being used in the business environment in managing application, e-mail correspondence, accessing the remote corporate data, handling voice calls, etc. But the mobile devices are still lack-in most important security features such as user authentication, content encryption, virus protection, confidentiality, integrity, etc. The sensitive information stored in the mobile devices is not secure (can be accessed by an unauthorized user). Mobile device poses limited storage and processing power, and the low battery-power. It is also tedious to implement the cryptographic algorithms on mobile devices because they need he...
Better Authentication Methods for Mobile Computing
Today's many applications rely on small devices that can interact with each other through communication network. In this project we are proposing two new methods for authenticating encrypted message that are directed to assemble the requirements of mobile application. In this applications, the integrity and confidentiality of communicated messages are required. To getting benefit of that fact that the messages to be authenticated must also be encrypted, we propose provably methods for safe authentication codes that are more efficient than any message authentication code. The key idea behind the proposed techniques is to exert the security that the encryption algorithm can provide to design more efficient authentication mechanisms, as opposed to using single authentication primitives.
Related topics
Related papers
A proposal to improve the security of mobile banking applications
2012 Tenth International Conference on ICT and Knowledge Engineering, 2012
Mobile banking (m-banking) is considered to be one of the most important mobile commerce applications currently available. The ubiquitous access to data with no place restrictions helps to promote this technology. The security and privacy of sensitive financial data is one of the main concerns in acceptance of these systems in Australia. It is specifically important to secure the transmission of the financial data between the financial institutions' server and the mobile device used by consumers, as their communications are via unsecured networks such as the Internet. In this paper, a trust negotiation approach is proposed to address these security concerns. Trust negotiation is combined with the Transport Layer Security (TLS) as the underlying protocol. This combination of technology aims to maximize the existing security of m-banking applications. It results in significant improvements in security compared to the traditional identity-based only access control techniques. The proposed approach is implemented as a mobile application. It demonstrates that the developed application is easy to use and deploy in typical mobile environments.
Security model on mobile banking application: attack simulation and countermeasures
International Journal of Intelligent Enterprise, 2017
Nowadays, we use mobile devices in all activities such as communication, play, surf on the internet, shop online and banking transactions. But the applications used do not always comply with the security requirements on mobile environment and this can cause vulnerabilities allowing attackers to take control of the phone and to steal some users' private data. That is why, it is important to take a look at the security of mobile applications especially of financial institutions. In this paper, we will present some security issues of android applications. We will also make a reverse engineering of an Android banking application, then a static analysis of its code to detect its weaknesses. After that, we will insert a malicious code that will help us not only to take control of the smartphone but also to make a DDOS attack on a simulated bank server. Finally, we will propose some countermeasures.
Issues and security measures of mobile banking apps
2016
Mobile apps is a used to designate the act or process by which application software is developed for handheld devices, such as personal digital assistants or mobile phones. These applications can be pre-installed on phones during manufacturing platforms, or delivered as web applications using server-side or client-side processing (e.g. JavaScript) to provide an "application-like" experience within a Web browser. However there are some cases where the mobile internet banking apps occurred some problems that might cause loss of money. Therefore, in this paper we will examine issues on the architecture, and some security issues of mobile internet banking apps. And then we will explore some security measuras to deal with the associated security challenges.
Security of mobile banking
2006
Mobile banking is attractive because it is a convenient approach to perform remote banking, but there are security shortfalls in the present mobile banking implementations. This paper discusses some of these security shortfalls, such as security problems with GSM network, SMS/GPRS protocols and security problems with current banks mobile banking solutions. This paper discusses the SMS and GPRS proposed solutions for these problems. The results from these proposed solutions have proven to provide secure and economic communications between the mobile application and the bank servers.The proposed solutions allow the users to bank using secure SMS and GPRS.
The Concept of Secure Mobile Wallet
This paper describes our concept, design and current implementation of the Secure Mobile Wallet. Mobile Wallet is an application stored in mobile phones providing to subscribers the possibility to perform various mobile financial transactions. In our approach Secure Mobile Wallet is stored and running in the Javacard SIM chip, called UICC. It comprises several Javacard applets supporting several types of financial transactions -mobile banking, mobile payments, mobile commerce, mobile micro-loans, mobile ticketing, mobile promotions, and so on. Secure Mobile Wallet supports over-theair (OTA) transactions based on SMS, GPRS, or mobile Internet protocols and also over-the-counter (OTC) transactions based on NFC or Bluetooth protocols. For users, messages and data stored in the Secure Mobile Wallet are managed and maintained using both, OTA and OTC, protocols. Security is guaranteed by a combination of symmetric and asymmetric cryptography. As a client's application, the Secure Mobile Wallet is integrated into our larger, secure mobile transactions system -SAFE™.
Strengthening User Authentication for Better Protection of Mobile Application Systems
2016
For most of us now, life is incomplete if living without mobile phones. This is because mobile phones are like a necessity to many people nowadays. Statistics have shown that more than seven billion people in the world are having these devices in 2015. This also means 97% of the human world populations are actually mobile phone users. Besides, more than 50% of the mobile phone users are using smarts phones which are capable of downloading a lot of mobile application systems (apps). It is estimated that more than 200 million apps are being downloaded in 2007 and this number is believed to be growing. Unfortunately, many of these apps involve the transfer of important and confidential personal data or business information. How to ensure this sensitive information is well protected from being stolen or misused by unauthorized parties? One of the ways to secure this communication is to properly control the access to the system by strengthening the user authentication. Thus, this paper f...
Integrating Authentication method on Java Based Mobile Devices
2006
Strong authentication is the first pillar of trusted networks where identities can be securely shared and trusted across independent partners. This allows the identities to access the network and applications and share the resources. Now-a-days different strong authentication methods are in use some of them can be embedded in security devices such as tokens, smart cards etc. The intent of this paper is twofold: First we study the different authentication methods by keeping in view the Java ME security architecture, then on the basis of study we integrate the HOTP based two factor authentication method in more flexible mobile devices (such as cell phones, PDA) in a cost effective manner. For the illustration purpose, we use a case study of online banking system where users authenticate to the bank server through OTP generated from mobile device to access bank services.
A Security Framework for Mobile Application Systems: Case of Android Applications
Zambia ICT journal, 2020
Currently, mobile applications are playing a major role in many areas such as banking, social networking, financial apps, entertainment and many more. The increase in number of applications succumbs to several security vulnerabilities and thus focus should be given to security. As the number of vulnerabilities and, hence, of attacks increase, mobile applications need to be assessed and ensure that secure coding practices have been followed during development. Mobile application security breach can lead to fraudulent transactions through mobile applications, confidentiality and revenue loss through communications services misuse. Data that is shared on an unsecured channel is vulnerable to attacks and to stop unauthorized access to this data, there is need to encrypt the data before it is sent to the server. In this research work, different cryptographic algorithms for encrypting data and secure data sharing in mobile applications across communications channels were examined. Simulation methodology was used to investigate a suitable cryptographic algorithm and to design a security framework for mobile applications to solve mobile application security problems. The proposed framework employs the use of Advanced Encryption Standard (AES) algorithm for encrypting meter readings data being exchanged between a smart phone and a server. The meter reading datasets used in this research were obtained from the Water Utility Mobile Application for Meter Reading. The results obtained from the simulation of the security framework, showed that four fields namely: Account number, image path, meter number and phone number on which AES encryption was applied were in an unreadable format (ciphertext), implying that the fields have been successfully encrypted. This solution allows application users (meter readers) to transfer (upload readings) data between a smart phone and database server in a secure manner without facing the problem of data attack. Data being uploaded to the server is encrypted before it is transferred and decrypted once it reaches the server side. This solution addresses android application security in the application and network communications layers and data transmission. The research paper ensures information security is guaranteed between an organisation and its customers.
Practical Authentication Protocols for Protecting and Sharing Sensitive Information on Mobile Devices
Communications in Computer and Information Science, 2014
Mobility of users and information is an important feature of IT systems that must be considered during design of sensitive information protection mechanisms. This paper describes an architecture of MobInfoSec system for sharing documents with sensitive information using fine-grained access rules described by general access structures. However, the proper usage of general access structures requires trusted components and strong authentication protocols. They allow to establish secure communication channels between different system components. In the paper we propose a conference protocol based on Boyd's ideas with key transport and key establishment mechanisms. We show that the protocol achieves three goals: (a) the key and participants' mutual authentication, (b) the common secure communication channel, and (c) the personal secure communication channels between the protocol initializer and other protocol participants.
A potpourri of authentication mechanisms the mobile device way
Nowadays the use of mobile devices, such as smartphones and tablets, are rapidly increasing in network services, proliferating to almost every environment. This massive appearance of mobile devices creates significant opportunities to leverage these mobile devices to establish novel types of services. However there are also significant concerns about the privacy and security of sensitive data exchanged and stored on these devices. Since these devices are usually embodied with numerous characteristics like camera devices, 3G and NFC connection that can be used to create new alternative authentication schemes in order to guarantee users identity.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.