Rehashing system security solutions in e-banking

  • Authors

    • Burhan Ul Islam Khan Department of ECE, Kulliyyah of Engineering, IIUM Malaysia
    • Rashidah F. Olanrewaju Department of ECE, Kulliyyah of Engineering, IIUM Malaysia
    • Farhat Anwar Department of ECE, Kulliyyah of Engineering, IIUM Malaysia
    2019-02-26
    https://doi.org/10.14419/ijet.v7i4.23148
  • Authentication, Access Control, OTP Generation, Out of Band Authentication.

  • Applications meant for exchanging cash, or individual data are becoming progressively common in mobile communications and on the Internet. The expansion of electronic banking services by utilizing various electronic channels provide added value to the users. As such, client authentication is required in these applications for affirming the legitimacy of the clients. The most widely recognized service of accreditations utilized today is the static passwords. Weak passwords prove to be an awful choice because it exposes online banking services to various security dangers. Different arrangements have been put forward to eradicate the clients' need for the creation and management of passwords. In this regard, a typical method developed is the one-time password (OTP), i.e., passwords which remain valid for a single exchange or session. Sadly, the vast majority of these password arrangements doesn't fulfil the requirement of usability and scalability and hence can be considered to be unreliable. In this paper, the usability and security facets of the present-day strategies for validation schemes centred on non-OTP and OTP structures are contemplated. At last, the loopholes, as well as the open challenges, are discussed, highlighting their prominence in the related field of study.

     

     

  • References

    1. [1] Twoâ€Factor Authentication for Banking Building the Business Case. Denmark: Cryptomathic. https://cdn2.hubspot.net/hubfs/531679/Documents/White_Papers/Cryptomathic_White_Paper_-_2fa_For_Banking.pdf. 2012. Accessed November 2, 2018.

      [2] Khan BUI, Olanrewaju RF, Anwar F & Yaacob M, Offline OTP Based Solution for Secure Internet Banking Access, In IEEE Conference on e-Learning, e-Management and e-Services (IC3e 2018), Langkawi, Malaysia, in press.

      [3] Vashishta P & Kapoor S (2012), E-Banking: perspective for survival in current market. International Journal of Emerging Trends & Technology in Computer Science (IJETTCS) 1(1), 42-46. http://ijettcs.org/Volume1Issue1/IJETTCS2012-05-22-022.pdf.

      [4] Jatana R & Uppal RK (2007). E-banking in India: Challenges and Opportunities. New Century Publications.

      [5] Pampori BR, Mehraj T, Khan BUI, Baba AM & Najar ZA (2018), Securely eradicating cellular dependency for e-banking applications. International Journal of Advanced Computer Science and Applications 9(2), 385-398. https://doi.org/10.14569/IJACSA.2018.090253.

      [6] Das B. UAE customers prefer digital-first approach to banking services. Gulf News. https://gulfnews.com/business/sectors/banking/uae-customers-prefer-digital-first-approach-to-banking-services-1.2067786. 2017. Accessed October 8, 2018.

      [7] Masihuddin M, Khan BUI, Mattoo MMUI & Olanrewaju RF (2017), A survey on e-payment systems: elements, adoption, architecture, challenges and security concepts. Indian Journal of Science and Technology 10(20), 1-19. https://doi.org/10.17485/ijst/2017/v10i20/113930.

      [8] Khan BUI, Olanrewaju RF, Baba AM, Langoo AA & Assad S (2017), A compendious study of online payment systems: Past developments, present impact, and future considerations. International Journal of Advanced Computer Science and Applications 8(5), 256-271. https://doi.org/10.14569/IJACSA.2017.080532.

      [9] Laukkanen T & Lauronen J (2005), Consumer value creation in mobile banking services. International Journal of Mobile Communications 3(4), 325-338. https://doi.org/10.1504/IJMC.2005.007021.

      [10] Khan BUI, Olanrewaju RF, Anwar F, Mir RN & Yaacob M, Scrutinizing Internet Banking Security Solutions. International Journal of Information and Computer Security, in press.

      [11] Dar H, Al-Khateeb WF & Hadi M (2013), Secure scheme for user authentication and authorization in Android environment. International Journal of Engineering Research and Applications 3(5), 1874-1882.

      [12] Mehraj T, Rasool B, Khan BUI, Baba A & Lone AG (2015), Contemplation of effective security measures in access management from adoptability perspective. International Journal of Advanced Computer Science and Applications 6(8), 188-200. https://doi.org/10.14569/IJACSA.2015.060826.

      [13] Stewart JM, Tittel E & Chapple M (2005), CISSP: Certified information systems security professional study guide, Sybex.

      [14] Kizza JM (2005), Computer network security. Springer Science & Business Media.

      [15] Behrouz AF (2010), Cryptography and network security. Tata McGraw-Hill.

      [16] Salomon D (2010), Elements of Computer Security. Springer Science & Business Media. https://doi.org/10.1007/978-0-85729-006-9.

      [17] Chen YP, Liu DL & Guo R (2010), Security and precaution on computer network. In Future Information Technology and Management Engineering (FITME), 2010 International Conference on, vol. 1, 5-7, IEEE. https://doi.org/10.1109/FITME.2010.5656536.

      [18] Smith RE & Vázquez EG (1997). Internet cryptography. Reading, MA: Addison-Wesley.

      [19] Olanrewaju RF, Khan BUI, Mattoo MM, Anwar F, Nordin AN & Mir RN (2017), Securing electronic transactions via payment gateways–a systematic review. International Journal of Internet Technology and Secured Transactions 7(3), 245-269. https://doi.org/10.1504/IJITST.2017.089781.

      [20] Ma H, Yan S, Bai X & Zhu Y (2013), The research and design of identity authentication based on speech feature. In Sensor Network Security Technology and Privacy Communication System (SNS & PCS), 2013 International Conference on, 166-169, IEEE. https://doi.org/10.1109/SNS-PCS.2013.6553858.

      [21] Limitations of two factor authentication (2FA) technology. ComputerWeekly.com. http://www.computerweekly.com/tip/Limitations-of-two-factor-authentication-2FA-technology. Accessed October 8, 2018.

      [22] Gohil B. How Secure Is the SMS Channel for OTP? Panamax. https://www.panamaxil.com/blog/how-secure-is-the-sms-channel-for-otp. 2016. Accessed October 8, 2018.

      [23] Eldefrawy MH, Alghathbar K & Khan MK (2011), OTP-based two-factor authentication using mobile phones. In Information Technology: New Generations (ITNG), 2011 Eighth International Conference on, 327-331, IEEE. https://doi.org/10.1109/ITNG.2011.64.

      [24] Stallings W (2011). Cryptography and Network Security, 5/E. Pearson Education India.

      [25] Hussain S, Khan BUI, Anwar F & Olanrewaju RF (2018), Secure annihilation of out-of-band authorization for online transactions. Indian Journal of Science and Technology 11(5), 1-9. https://doi.org/10.17485/ijst/2018/v11i5/121107.

      [26] Mobile operating system. En.wikipedia.org. http://en.wikipedia.org/wiki/Mobile_operating_system. Accessed October 8, 2018.

      [27] Duan X & Niu B (2016), A change password attack resistant scheme for remote user authentication using smart card. In Online Analysis and Computing Science (ICOACS), IEEE International Conference of, 269-272, IEEE. https://doi.org/10.1109/ICOACS.2016.7563094.

      [28] Deore UD & Waghmare V (2016), Cyber security automation for controlling distributed data. In Information Communication and Embedded Systems (ICICES), 2016 International Conference on, 1-4, IEEE. https://doi.org/10.1109/ICICES.2016.7518881.

      [29] Davaanaym B, Lee YS, Lee H, Lee S & Lim H (2009), A ping pong based one-time-passwords authentication system. In 2009 Fifth International Joint Conference on INC, IMS and IDC, 574-579, IEEE. https://doi.org/10.1109/NCM.2009.247.

      [30] Moon KY, Moon D, Yoo JH & Cho HS (2012), Biometrics information protection using fuzzy vault scheme. In Signal Image Technology and Internet Based Systems (SITIS), 2012 Eighth International Conference on, 124-128, IEEE. https://doi.org/10.1109/SITIS.2012.28.

      [31] Avhad PR & Satyanarayana R (2014), A three-factor authentication scheme in ATM. International Journal of Science and Research (IJSR) 3(4), 656-659.

      [32] Oruh JN (2014), Three-factor authentication for automated teller machine system. IRACST-International Journal of Computer Science and Information Technology and Security (IJCSITS) 4(6), 160-166.

      [33] Shivraj VL, Rajan MA, Singh M & Balamuralidhar P (2015), One-time password authentication scheme based on elliptic curves for Internet of Things (IoT). In Information Technology: Towards New Smart World (NSITNSW), 2015 5th National Symposium on, 1-6, IEEE. https://doi.org/10.1109/NSITNSW.2015.7176384.

      [34] Alzomai M & Jøsang A (2010), The mobile phone as a multi OTP device using Trusted Computing. In 2010 Fourth International Conference on Network and System Security, 75-82, IEEE.

      [35] Srivastava V, Keshri AK, Roy AD, Chaurasiya VK & Gupta R (2011), Advanced port knocking authentication scheme with QRC using AES. In Emerging Trends in Networks and Computer Communications (ETNCC), 2011 International Conference on, 159-163, IEEE. https://doi.org/10.1109/ETNCC.2011.5958506.

      [36] Hsieh WB & Leu JS (2011), Design of a time and location based One-Time Password authentication scheme. In Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International, 201-206, IEEE. https://doi.org/10.1109/IWCMC.2011.5982418.

      [37] Ren X & Wu XW (2012), A novel dynamic user authentication scheme. In Communications and Information Technologies (ISCIT), 2012 International Symposium on, 713-717, IEEE. https://doi.org/10.1109/ISCIT.2012.6380995.

      [38] Borowski M & Leśniewicz M (2012), Modern usage of "old" one-time pad. In Communications and Information Systems Conference (MCC), 2012 Military, 1-5, IEEE.

      [39] Castiglione A, De Santis A, Castiglione A & Palmieri F (2014), An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update. In Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on, 351-358, IEEE. https://doi.org/10.1109/AINA.2014.45.

      [40] Aboud SJ (2014), Secure password authentication system using smart card. International Journal of Emerging Trends & Technology in Computer Science (IJETTCS) 3(1), 75-79.

      [41] Boonkrong S (2017), Internet banking login with multi-factor authentication. KSII Transactions on Internet & Information Systems 11(1), 511-535.

      [42] Akinyede RO & Esese OA (2017), Development of a secure mobile e-banking system. International Journal of Computer (IJC) 26(1), 23-42.

  • Downloads

  • How to Cite

    Ul Islam Khan, B., F. Olanrewaju, R., & Anwar, F. (2019). Rehashing system security solutions in e-banking. International Journal of Engineering & Technology, 7(4), 4905-4910. https://doi.org/10.14419/ijet.v7i4.23148