Title :
QR-TAN: Secure Mobile Transaction Authentication
Author :
Starnberger, Guenther ; Froihofer, Lorenz ; Goeschka, Karl M.
Author_Institution :
Inst. of Inf. Syst., Vienna Univ. of Technol., Vienna
Abstract :
The security of electronic transactions depends on the security of the user´s terminal. An insecure terminal may allow an attacker to create or manipulate transactions. Several techniques have been developed that help to protect transactions performed over insecure terminals. TAN codes, security tokens, and smart cards prevent an attacker who obtained the user´s password from signing transactions under the user´s identity. However, usually these techniques do not allow a user to assert that the content of a transaction has not been manipulated. This paper contributes with the QR-TAN authentication technique. QR-TANs are a transaction authentication technique based on two-dimensional barcodes. Compared to other established techniques, QR-TANs show three advantages: First, QR-TANs allow the user to directly validate the content of a transaction within a trusted device. Second, validation is secure even if an attacker manages to gain full control over a userpsilas computer. Finally, QR-TANs in combination with smart cards can also be utilized for offline transactions that do not require any server.
Keywords :
message authentication; mobile computing; transaction processing; QR-TAN authentication technique; TAN code; electronic transaction security; secure mobile transaction authentication; security token; smart card; two-dimensional barcode; Application software; Authentication; Availability; Banking; Information security; Information systems; Mobile handsets; Protection; Robustness; Smart cards; QR codes; TAN codes; secure transactions; transaction authentication; trusted device;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.96
