Bringing strong authentication and transaction security to the realm of mobile devices

IBM Journal of Research and Development

Volumn 58, Issue 1, 2014, Pages

  Ortiz Yepes, D A ^a   Hermann, R J ^a   Steinauer, H ^a   Buhler, P ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; FREQUENCY SHIFT KEYING; MOBILE DEVICES; PERSONAL COMPUTERS;

APPLICATION SCENARIO; AUDIO COMMUNICATIONS; BINARY FREQUENCY SHIFT KEYING; FIELD STUDIES; MALICIOUS SOFTWARE; PROOF OF CONCEPT; SECURE TRANSACTIONS; STRONG AUTHENTICATION;

MOBILE SECURITY;

EID: 84928556255     PISSN: 00188646     EISSN: 21518556     Source Type: Journal    
DOI: 10.1147/JRD.2013.2287810     Document Type: Article

References (27)

1. F-Secure. (2013, Mar.). Mobile Threat Report Q4 2012, F-Secure Labs, Helsinki, Finland, Tech. Rep. [Online]. Available: http://www.f-secure.com/static/doc/labs-global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf
2. E. Kalige and D. Burkey, "A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware," Versafe and Check Point, Tel Aviv, Israel, Tech. Rep., Dec. 2012.
3. A. Porter Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proc. 1st ACM Workshop, New York, NY, USA, 2011, pp. 3-14.
4. N. Leavitt, "Mobile phones: The next frontier for hackers?" Computer, vol. 38, no. 4, pp. 20-23, Apr. 2005.
5. Lookout Mobile Security. (2012). State of Mobile Security, San Francisco, CA, USA, Tech. Rep. [Online]. Available: https://www.lookout.com/resources/reports/state-of-mobile-security-2012
6. Sophos. (2012). Security Threat Report, Sophos, Abingdon, U.K., Tech. Rep. [Online]. Available: http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf
7. C. Foresman, Truly Malicious iPhone Malware Now Out in the Wild. [Online]. Available: http://arstechnica.com/apple/2009/11/truly-malicious-iphone-malware-now-out-in-the-wild
8. J. Kirk, New iPhone Malware Steals Data From Jailbroken Phones. [Online]. Available: http://www.pcworld.com/article/181906/article.html
9. P. Berlin, Präventionshinweis für Onlinebanking im mTAN-Verfahren. [Online]. Available: http://www.berlin.de/polizei/presse-fahndung/archiv/377949/index.html
10. T. Weigold, T. Kramp, R. Hermann, F. Höring, P. Buhler, and M. Baentsch, "The Zurich Trusted Information ChannelVAn efficient defence against man-in-the-middle and malicious software attacks," in Proc.1st Int. Conf. Trusted Comput. Trust Inf. Technol., Trusted Comput.-Challenges Appl., vol. 4968, P. Lipp, A.-R. Sadeghi, and K.-M. Koch, Eds., 2008, pp. 75-91, ser. Lecture Notes in Computer Science.
11. IBM Zone Trusted Information Channel (ZTIC)VA Banking Server's Display on Your Key Chain, IBM Corporation. [Online]. Available: http://www.zurich.ibm.com/ztic/
12. N. Utakrit, "Review of browser extensions, a man-in-the browser phishing techniques targeting bank customers," in Proc. 7th Australian Inf. Security Manag. Conf., Perth, WA, Australia, 2009, pp. 110-119.
13. P. Burkholder, "SSL man-in-the-middle Attacks," in SANS Inst. Reading Room, 2002. [Online]. Available: http://www.sans.org/reading-room/whitepapers/threats/ssl-man-in-the-middleattacks- 480
14. S. Li, A. Sadeghi, S. Heisrath, R. Schmitz, and J. Ahmad, "hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers," in Proc. 15th Int. Conf. Financial Cryptography Data Sec., Gros Islet, St. Lucia, 2011, pp. 235-249.
15. L. Faith-Cranor and S. Garfinkel, Eds., Security and Usability: Designing Secure Systems that People Can Use. Sebastopol, CA, USA: O'Reilly Media, Inc., 2005.
16. S. Garfinkel, "Design principles and patterns for computer systems that are simultaneously secure and usable," Ph.D. Thesis, Massachusetts Institute of Technology, May 2005.
17. MFi Program, Apple, Inc. [Online]. Available: https://developer. apple.com/programs/mfi/
18. D. Balaban, NFC Smartphone Chip Shipments in 2012 Surge Past Projections. [Online]. Available: http://nfctimes.com/news/nfc-smartphone-chip-shipments-2012-surge-past-projections
19. BEMC2," in RSA SecurID. [Online]. Available: http://www.emc. com/security/rsa-securid.htm
20. B. Schneier, "Two-factor authentication: Too little, too late," Commun. ACM, vol. 48, no. 4, p. 136, Apr. 2005.
21. D. A. Ortiz-Yepes, "Enhancing authentication in eBanking with NFC-enabled mobile phones," M.S. thesis, Dept. Math. Comput. Sci., Tech. Univ. Eindhoven, Eindhoven, The Netherlands, 2008.
22. CrontoSign Mobile App, Cronto. [Online]. Available: http://www. cronto.com/crontosign-transaction-authentication-mobile.htm
23. G. Starnberger, L. Froihofer, and K. Goeschka, "QR-TAN: Secure mobile transaction authentication," in Proc. Int. Conf. Avail. Rel. Security, 2009, pp. 578-583.
24. CrontoSign Device, Cronto. [Online]. Available: http://www. cronto.com/crontosign-transaction-authentication-device.htm
25. Square Register, Square Inc. [Online]. Available: https://squareup.com/
26. Device Compatibility With Square, Square Inc. [Online]. Available: https://squareup.com/help/en-us/article/3887-device-compatibilitywith-square
27. UniMate Flex Two-factor Authentication Token, SecuTech. [Online]. Available: http://www.esecutech.com/mobileauthentication/unimate-flex/unimate-flex-overview-%7Cmobile-authentication.html