• Corpus ID: 33730517

Enhancing Authentication in eBanking with NFC-Enabled Mobile Phones

@article{OrtizYepes2009EnhancingAI,
  title={Enhancing Authentication in eBanking with NFC-Enabled Mobile Phones},
  author={Diego A. Ortiz-Yepes},
  journal={ERCIM News},
  year={2009},
  volume={2009}
}
Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. 
Strong authentication with mobile phones
TLDR
Four promising methods for strong authentication with mobile devices are described, SMS-OTP, Mobile certificate, NFC and On-board Credentials, which differ greatly from each other, nevertheless all of those can be used for achieving the goal of usable strong mobile authenticaion.
Practical hardware and software add-ons to enhance the security of mobile device operations
TLDR
This chapter describes and compares four fundamental approaches to storing payment keys and executing payment applications on mobile phones during Near Field Communication (NFC) payments at the Point Of Sale (POS) and addresses the fundamentals of how any of them—even new ones—work from a technical standpoint.
Online Banking with NFC-Enabled Bank Card and NFC-Enabled Smartphone
TLDR
NFC-TAN is presented as a Smartphone method that combines the two requirements: Strong credential debit card and no additional device and to what extend this solution decreases vulnerability.
Bringing strong authentication and transaction security to the realm of mobile devices
TLDR
This paper considers the eBanking application scenario and argues that the concept of using a trusted companion device can be ported to the mobile realm and presents a proof-of-concept companion device implementing binary frequency shift keying across this interface.
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
TLDR
A usable and deployable two-factor authentication mechanism that can be easily deployed as it works with current phones and major browsers without plugins, and empirical evidence that ambient noise is a robust discriminant to determine the proximity of two devices both indoors and outdoors, and even if the phone is in a pocket or purse is provided.
Near field communication based-model for authentication in online banking
Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Computer-Based Information Systems (MSIS) at Strathmore University
Strengthening Authentication with Privacy-Preserving Location Verification of Mobile Phones
TLDR
A mechanism to verify whether a mobile device currently resides within a geographical area at a given time, thus enabling the use of the location as an additional authentication factor, and follows a privacy-by-design approach.
User-Centric Identity Using ePassports
TLDR
The possibilities for leveraging the ePassport for user-centric identity are studied and an experiment in which ePassports are combined with the user-Centric identity management framework Information Card is reported on.
Information Security Theory and Practice. Security of Mobile and Cyber-Physical Systems
TLDR
A Defensive Virtual Machine Layer to Counteract Fault Attacks on Java Cards and a Forward Privacy Model for RFID Authentication Protocols are presented.
Online banking and man in the browser attacks , survey of the belgian situation
TLDR
A non-exhaustive list of online banking systems used in Belgium in regard of man in the browser attacks is reviewed and simple solutions that would prevent and/or detect attacks attempts are suggested.
...
...

References

SHOWING 1-10 OF 68 REFERENCES
Secure Web Authentication with Mobile Phones
TLDR
A mobile phone is used as a hand-held authentication token and a security proxy which allows the system to be used with unmodified third-party web services and to create an authentication system that is both secure and highly usable.
NRC-TR-2008-001 OnBoard Credentials Platform Design and Implementation
TLDR
OnBoard Credentials combine the flexibility of virtual credentials with the higher levels of protection due to the use of secure hardware, which is widely applicable and widely applicable.
Hand-Held Computers Can Be Better Smart Cards
TLDR
It is argued that applications that are split between a PC and a hand-held device can be more secure, while such an application remains fast and convenient to use, and gains additional security assurances from the fact that part of it runs on a trusted device.
Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing
TLDR
The approach is based on the ideas of compartmentalization for isolating applications of different trust level, and a trusted wallet for storing credentials and authenticating sensitive services, and requires no special care from users for identifying the right Web sites while the disclosure of credentials is strictly controlled.
Security and Usability: Designing Secure Systems that People Can Use
Covered in: ICS 243G, Ch. 11-16 in Stallings, & Ch. 7, 34 from Cranor-Garfinkel. • Authentication Applications and PKI • Certification and Revocaiton • Authentication and Key Distribution Protocols –
Phoolproof Phishing Prevention
TLDR
This work proposes using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.
Secure Internet banking authentication
TLDR
The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above, and outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing) should more sophisticated content manipulation attacks become a real problem.
Bump in the Ether: A Framework for Securing Sensitive User Input
We present Bump in the Ether (BitE), an approach for preventing user-space malware from accessing sensitive user input and providing the user with additional confidence that her input is being
Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer
TLDR
The proposed protocol (MP-Auth) is intended to safeguard passwords from keyloggers, other malware (including rootkits), phishing attacks and pharming, as well as to provide transaction security to foil session hijacking.
Computer security in the real world
Most computers today are insecure because security is costly in terms of user inconvenience and foregone features, and people are unwilling to pay the price. Real-world security depends more on
...
...