S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard

09/14/2018
by   Dea Saka Kurnia Putra, et al.
0

Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take a little bit more interest in mobile banking. The use of the one-time password which is sent to the user mobile phone by short message service (SMS) is a vulnerability which we want to solve with proposing a new scheme called S-Mbank. We replace the authentication using the one-time password with the contactless smart card to prevent attackers to use the unencrypted message which is sent to the user's mobile phone. Moreover, it deals vulnerability of spoofer to send an SMS pretending as a bank's server. The contactless smart card is proposed because of its flexibility and security which easier to bring in our wallet than the common passcode generators. The replacement of SMS-based authentication with contactless smart card removes the vulnerability of unauthorized users to act as a legitimate user to exploit the mobile banking user's account. Besides that, we use public-private key pair and PIN to provide two factors authentication and mutual authentication. We use signcryption scheme to provide the efficiency of the computation. Pair based text authentication is also proposed for the login process as a solution to shoulder-surfing attack. We use Scyther tool to analyze the security of authentication protocol in S-Mbank scheme. From the proposed scheme, we are able to provide more security protection for mobile banking service.

READ FULL TEXT
research
11/03/2017

Design and Analysis of a Secure Three Factor User Authentication Scheme Using Biometric and Smart Card

Password security can no longer provide enough security in the area of r...
research
12/16/2020

A novel Two-Factor HoneyToken Authentication Mechanism

The majority of systems rely on user authentication on passwords, but pa...
research
11/05/2013

Motion and audio analysis in mobile devices for remote monitoring of physical activities and user authentication

In this article we propose the use of accelerometer embedded by default ...
research
09/04/2015

Ontology Based SMS Controller for Smart Phones

Text analysis includes lexical analysis of the text and has been widely ...
research
05/17/2022

How Not to Handle Keys: Timing Attacks on FIDO Authenticator Privacy

This paper presents a timing attack on the FIDO2 (Fast IDentity Online) ...
research
05/25/2021

Security in Next Generation Mobile Payment Systems: A Comprehensive Survey

Cash payment is still king in several markets, accounting for more than ...
research
09/12/2023

Preliminary Results from a U.S. Demographic Analysis of SMiSh Susceptibility

As adoption of mobile phones has skyrocketed, so have scams involving th...

Please sign up or login with your details

Forgot password? Click here to reset