A Survey of Authentication and Communications Security in Online Banking

Kiljan, Sven; Simoens, Koen; Cock, Danny De; Eekelen, M.C.J.D. van; Vranken, Harald

doi:10.1145/3002170

Cited by 27 publications

(19 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition to traditional password-based mechanisms, Two Factor Authentication (TFA) techniques adds a registered token in possession of the user to further enforce authentication and verify that the user credentials have not been leaked. Nowadays, TFA is successfully adopted in the context of online banking [46], enterprise access [47], and mobile social networks [48], resorting to dedicated private solutions or commercial services, such as Encap Security [49], Duo [50] and Google 2-step verification [51], to name a few.…”

Section: A Backgroundmentioning

confidence: 99%

Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Caprolu

Sciancalepore

Pietro

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Short-range audio channels have appealing distinguishing characteristics: ease of use, low deployment costs, and easy to tune frequencies, to cite a few. Moreover, thanks to their seamless adaptability to the security context, many techniques and tools based on audio signals have been recently proposed. However, while the most promising solutions are turning into valuable commercial products, acoustic channels are also increasingly used to launch attacks against systems and devices, leading to security concerns that could thwart their adoption. To provide a rigorous, scientific, security-oriented review of the field, in this paper we survey and classify methods, applications, and use-cases rooted on short-range audio channels for the provisioning of security services-including Two-Factor Authentication techniques, pairing solutions, device authorization strategies, defense methodologies, and attack schemes. Moreover, we also point out the strengths and weaknesses deriving from the use of short-range audio channels. Finally, we provide open research issues in the context of short-range audio channels security, calling for contributions from both academia and industry.

show abstract

Section: A Backgroundmentioning

confidence: 99%

Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Caprolu

Sciancalepore

Pietro

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…They also like their customers to use the bank's own mobile applications. A detailed survey conducted in [24] indicate that most banks across the globe use SSL/TLS protocol for providing online banking services. Our Sec-ALG and RGW solution can be used by the bank's Internet Service Provider (ISP) for example, when a user connects to the bank's server for accessing internet banking using HTTPS.…”

Section: Application In Secure Bankingmentioning

confidence: 99%

Sec-ALG: An Open-source Application Layer Gateway for Secure Access to Private Networks

Riaz

Tilli

Kantola

2020

2020 29th International Conference on Computer Communications and Networks (ICCCN)

View full text Add to dashboard Cite

The middleboxes offer proprietary solutions and encrypted traffic poses a challenge when middleboxes employ packet payload inspection techniques for connection establishment. Session key sharing and decryption followed by re-encryption of the traffic, for correctly routing to the private host, increases the connection latency and also poses a higher threat in case of traffic interception by a malicious third-party. In this paper, we present a novel open-source ALG, called Sec-ALG, for providing secure end-to-end communication to the web servers situated in the private address space. Sec-ALG relies on the technique of light Deep Packet Inspection (DPI) for protocol detection and session establishment using a novel parser-lexer generator called YaLe. The proposed approach offers increased security by maintaining end-to-end encryption for an HTTPS connection. Our experimental analysis demonstrates that Sec-ALG reduces the HTTPS connection latency in comparison to the NGINX reverse proxy using a 24-core host machine. Moreover, Sec-ALG handles requests at a threefold increased rate than NGINX proxy when tested with 100 concurrent connections. The ALG can be used either as a standalone solution or a component of the Realm Gateway, that is a generic interworking solution between public and private networks. The presented work is part of an extensive ongoing research at Aalto University focusing on embedding policy based trust into the network.

show abstract

“…Another application is supporting online user identification. Recently, online financial services have begun applying non-face-to-face user identification and the user can access services online without visiting the bank [1][2][3][4]. ISO/IEC 29115 [5] and 29003 [6] recommend verification of multiple personal information for non-face-to-face identification.…”

Section: Introductionmentioning

confidence: 99%

Address Authentication Method for Sustainable Social Qualification

2020

View full text Add to dashboard Cite

This paper proposes an address authentication method based on a user’s location history. Address authentication refers to actual residence verification, which can be used in various fields such as personnel qualification, online identification, and public inquiry. In other words, accurate address authentication methods can reduce social cost for actual residence verification. For address authentication, existing studies discover the user’s regular locations, called location of interest (LOI), from the location history by using clustering algorithms. They authenticate an address if the address is contained in one of the LOIs. However, unnecessary LOIs, which are unrelated to the address may lead to false authentications of illegitimate addresses, that is, other users’ addresses or feigned addresses. The proposed method tries to reduce the authentication error rate by eliminating unnecessary LOIs with the distinguishing properties of the addresses. In other words, only few LOIs that satisfy the properties (long duration, high density, and consistency) are kept and utilized for address authentication. Experimental results show that the proposed method decreases the authentication error rate compared with previous approaches using time-based clustering and density-based clustering.

show abstract

A Survey of Authentication and Communications Security in Online Banking

Cited by 27 publications

References 47 publications

Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Short-Range Audio Channels Security: Survey of Mechanisms, Applications, and Research Challenges

Sec-ALG: An Open-source Application Layer Gateway for Secure Access to Private Networks

Address Authentication Method for Sustainable Social Qualification

Contact Info

Product

Resources

About