hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7035 LNCS, Issue , 2012, Pages 235-249

  Li, Shujun ^a   Sadeghi, Ahmad Reza ^b,c   Heisrath, Sören ^c   Schmitz, Roland ^d   Ahmad, Junaid Jameel ^a  

^a UNIVERSITY OF KONSTANZ   (Germany)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^c RUHR UNIVERSITY BOCHUM   (Germany)

^d STUTTGART MEDIA UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION PROTOCOLS; COMPLICATED SYSTEMS; CRYPTOGRAPHIC HASH FUNCTIONS; E-BANKING; FULL CONTROL; HARDWARE TOKENS; HUMAN BEHAVIORS; HUMAN USERS; KEYLOGGERS; OPEN FRAMEWORKS; PROTOTYPE IMPLEMENTATIONS; SECURITY HOLES; SECURITY PROTOCOLS; SECURITY WEAKNESS; TROJAN HORSE; TRUSTED CENTERS; WHOLE PROCESS;

AUTHENTICATION; COMPUTER CONTROL SYSTEMS; ELECTRONIC COMMERCE; HASH FUNCTIONS; NETWORK SECURITY;

COMPUTER HARDWARE;

EID: 84863169434     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-27576-0_19     Document Type: Conference Paper

References (32)

1. AlZomai, M., AlFayyadh, B., Jøsang, A., McCullagh, A.: An exprimental investigation of the usability of transaction authorization in online bank security systems. In: Proc. AISC 2008. pp. 65-73 (2008)
2. American Bankers Association: ABA survey shows more consumers prefer online banking (2010), http://www.aba.com/Press+Room/ 093010PreferredBankingMethod.htm
3. AXSionics AG: Personal AXS-token (2009), http://www.axsionics.ch/tce/ frame/main/414.htm
4. Bank Austria: mobileTAN information, http://www.bankaustria.at/de/19741. html
5. BBC News: PC stripper helps spam to spread (2007), http://news.bbc.co.uk/ 2/hi/technology/7067962.stm
6. Borchert, B.: Open sesame! - immediate access to online accounts via mobile camera phone, http://www2-fs.informatik.uni-tuebingen.de/~borchert/Troja/ Open-Sesame/indexEN.php
7. Borchert, B.: Knick-und-Klick-TAN, oder Permutations-TAN, pTAN (2009), http://www2-fs.informatik.uni-tuebingen.de/~borchert/Troja/pTAN
8. Borchert, B., Beschke, S.: Cardano-TAN, http://www2-fs.informatik.uni- tuebingen.de/studdipl/beschke
9. Bosselaers, A., Preneel, B.: SKID. In: Bosselaers, A., Preneel, B. (eds.) RIPE 1992. LNCS, vol. 1007, pp. 169-178. Springer, Heidelberg (1995)
10. CEN (European Committee for Standardization): Financial transactional IC card reader (FINREAD). In: CEN Workshop Agreements (CWA) 14174 (2004)
11. Cronto Limited: Commerzbank and Cronto launch secure online banking with photoTAN - World's first deployment of visual transaction signing mobile solution (2008), http://www.cronto.com/download/Cronto-Commerzbank-photoTAN.pdf
12. Drimer, S., Murdoch, S.J., Anderson, R.: Optimised to Fail: Card Readers for Online Banking. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 184-200. Springer, Heidelberg (2009)
13. Gühring, P.: Concepts against man-in-the-browser attacks (2007), http://www2.futureware.at/svn/sourcerer/CAcert/SecureClient.pdf
14. IT-Online: World-first SMS banking scam exposes weaknesses (2009), http://www.it-online.co.za/content/view/1092105/142/
15. Jackson, C., Boneh, D., Mitchell, J.: Transaction generators: Root kits for web. In: Proc. HotSec 2007. pp. 1-4. USENIX (2007)
16. Jakobsson, M., Myers, S. (eds.): Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. John Wiley & Sons, Inc. (2007)
17. Li, S., Shah, S.A.H., Khan, M.A.U., Khayam, S.A., Sadeghi, A.R., Schmitz, R.: Breaking e-banking CAPTCHAs. In: Proc. ACSAC 2010. pp. 171-180 (2010)
18. Mannan, M., van Oorschot, P.: Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 88-103. Springer, Heidelberg (2007) (Pubitemid 351153046)
19. Naor, M., Pinkas, B.: Visual Authentication and Identification. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 322-336. Springer, Heidelberg (1997)
20. Oppliger, R., Rytz, R., Holderegger, T.: Internet banking: Client-side attacks and protection mechanisms. Computer 42(6), 27-33 (2009)
21. PC World: Nokia: We don't know why criminals want our old phones (2009), http://www.pcworld.com/businesscenter/article/163515/nokia-we-dont-know-why- criminals-want-our-old-phones.html
22. Postbank: mTAN now free for all customers (2008), http://www.postbank. com/pbcom-ag-home/pbcom-pr-press/pbcom-pr-press-archives/pbcom-pr-press- archives-2008/pbcom-pr-pm1063-19-05-08.html
23. Saturday Star: Victim's SIM swop fraud nightmare (2008), http://www.iol.co.za/index.php?art-id=vn20080112083836189C511499
24. Schneier, B.: Two-factor authentication: Too little, too late. Comm. ACM 48(4), 136 (2005)
25. Starnberger, G., Froihofer, L., Goeschka, K.M.: QR-TAN: Secure mobile transaction authentication. In: Proc. ARES 2009, pp. 578-583. IEEE (2009)
26. Szydlowski, M., Kruegel, C., Kirda, E.: Secure input for web applications. In: Proc. ACSAC 2007. pp. 375-384. IEEE (2007)
27. The Financial Express: Russian phone virus that 'steals money' may spread global (2009), http://www.financialexpress.com/news/russian-phone-virus-that- steals-money-may-spread-global/420770
28. Toorani, M., Shirazi, A.A.B.: Solutions to the GSM security weaknesses. In: Proc. NGMAST 2008, pp. 576-581. IEEE (2008)
29. Volksbank Freiburg eG: iTANplus - mehr Sicherheit mit der indizierten TAN, http://www.volksbank-freiburg.de/itan.cfm?CFID=10869033&CFTOKEN= 34249989&rand=1246061956151
30. Volksbank Rhein-Ruhr eG: Bankgeschafte online abwickeln: Mit Sm@rtTAN optic bequem und sicher im Netz, http://www.voba-rhein-ruhr.de/privatkunden/ ebank/SMTop.html
31. Volksbank Solling eG: Sm@rt-TAN-plus, http://www.volksbank-solling.de/ flycms/de/html/913/-/Smart+TAN+plus.html
32. Weigold, T., Kramp, T., Hermann, R., Höring, F., Buhler, P., Baentsch, M.: The Zurich Trusted Information Channel - An Efficient Defence Against Man-in-the- Middle and Malicious Software Attacks. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 75-91. Springer, Heidelberg (2008)