Authors: A. Saisudheer
Nowadays, Online banking security mechanisms focus on safe authentication mechanisms, but all these mechanisms are rendered useless if we are unable to ensure the integrity of the transactions made. Of late a new threat has emerged known as Man in the Browser attack, it’s capable of modifying a transaction in real time without the user’s notice, after the user has successfully logged in using safe authentication mechanisms. In this paper we analyze the Man in the Browser attack and propose a solution based upon digitally signing a transaction and using the mobile phones as a software token for Digital Signature code generation. Two factor authentication solutions like smartcards, hardware tokens, One Time Password’s or PKI have long been considered sufficient protection against identity theft techniques. However, since the MITB attack piggybacks on authenticated sessions rather than trying to steal or impersonate an identity, most authentication technologies are incapable of preventing its success. In this paper we take a brief look into how the MITB attack takes place how it is capable of modifying an online transaction. We propose a solution based on using mobile phones as software token for Digital signature code generation. Digital signature is known to ensure the authenticity and integrity of a transaction. Mobile phones have become a daily part of our life, thus we can use the mobile phone as software token to generate Digital Signature code.
Comments: 4 Pages.
[v1] 2014-05-07 01:55:43
Unique-IP document downloads: 74 times
Add your own feedback and questions here:
You are equally welcome to be positive or negative about any paper but please be polite. If you are being critical you must mention at least one specific error, otherwise your comment will be deleted as unhelpful.