Secure Internet banking authentication

Author

Hiltgen, Alain ; Kramp, Thorsten ; Weigold, Thomas

Author_Institution

UBS Wealth Manage. & Bus. Banking, Zurich

Volume

4

Issue

2

fYear

2006

Firstpage

21

Lastpage

29

Abstract

This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations

Keywords

Internet; bank data processing; certification; message authentication; public key cryptography; attack taxonomy; channel breaking attacks; content manipulation attacks; credential stealing; nonrepudiation; public-key certificates; secure Internet banking authentication; short-lived passwords; short-time passwords; transaction signing; Authentication; Banking; Computer security; Internet; Privacy; Web server; Internet banking; authentication; public-key certificates; short-lived passwords; short-time passwords; taxonomy of attacks;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2006.50

Filename

1621056