Sarris, P., Mackenzie, L. and Chowdhury, S. (2014) A Novel Authentication Scheme for Online Transactions. In: SIN 2014: 7th International Conference on Security of Information and Networks, Glasgow, UK, 09-11 Sep 2014, pp. 483-486. ISBN 9781450330336 (doi: 10.1145/2659651.2659743)
Full text not currently available from Enlighten.
Abstract
In this paper, we describe a novel method of approving and finalising financial transactions that would raise the bar for any potential attackers. The proposed scheme is based on the hypothesis that it would be significantly harder for an attacker to compromise two hardware devices or monitor and interfere with two communication channels at the same time. This will allow the users of this method to initiate a transaction on the Internet and then use their mobile phone in order to sanction the transfer of funds to a different account. In contrast to Two-Factor Authentication systems, this scheme does not require the online submission of any information that is received by the user's device but directly interacts through the mobile phone network. For this purpose the user's mobile phone has an additional encryption layer that allows it to communicate securely with the server side and convey the user's consent for a certain transaction. This ensures that the two channels and the authentication factors are kept independent. Therefore, even if the user's computer is compromised an attacker would not be able to set a fraudulent transaction without actually having the user's mobile phone and the unique data that are generated by the device.
Item Type: | Conference Proceedings |
---|---|
Keywords: | AES, financial transaction, fraud mitigation, hash algorithm, out of band authentication, public key cryptography, RSA, SHA, symmetric cryptography, two channel authentication, two factor authentication. |
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Mackenzie, Dr Lewis and Chowdhury, Soumyadeb |
Authors: | Sarris, P., Mackenzie, L., and Chowdhury, S. |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
College/School: | College of Science and Engineering > School of Computing Science |
Publisher: | ACM |
ISBN: | 9781450330336 |
University Staff: Request a correction | Enlighten Editors: Update this record