Exploring Half-Duplex Communication of NFC Read/Write Mode for Secure Multi-Factor Authentication

Chishti, Mohd Sameen; King, Chung-Ta; Banerjee, Amit

doi:10.1109/access.2020.3048711

Cited by 8 publications

(3 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Core IoT technology can be further decomposed according to the type of computation to: (1) IoT platform, (2) Raspberry Pi, (3) Arduino Uno, (4) Wireless Sensor Network (WSN), (5) sensors, and (6) actuators. Respectively, passive monitoring technology can be categorized to: (1) Radio Frequency IDentifier (RFID) equipment, (2) Global Positioning System (GPS) device, (3) Ethernet protocol, (4) Wi-Fi, (5) Bluetooth, (6) ZigBee, (7) Near Field Communication (NFC), (8) 4G, (9) 5G, and (10) Low Power Wide Area Networks (LPWAN), which contain technologies such as SigFox, LoRa, LTE-M or NB-IoT, [16], [17], [18], [19], [20], [21], [22], [23]. Active monitoring devices are divided to: (1) cameras, (2) microphones, (3) smartphones, (4) smart watches, and (5) Autonomous Teller Machines (ATM).…”

Section: Proposed Taxonomymentioning

confidence: 99%

Challenges and Solutions of Surveillance Systems in IoT-Enabled Smart Campus: A Survey

Anagnostopoulos¹,

Kostakos

Zaslavsky

et al. 2021

IEEE Access

View full text Add to dashboard Cite

A Smart Campus is a miniature of a Smart City with a more demanding framework that enables learning, social interaction and creativity. To ensure a Smart Campus uninterruptible secure operation, a key requirement is that daily routines and activities are performed protected in an environment monitored unobtrusively by a robust surveillance system. The various components that compose such an environment, buildings, labs, public spaces, smart lighting, smart parking, or even smart traffic lights, require us to focus on surveillance systems, and recognize which detection activities to establish. In this paper, we perform a comparative assessment in the area of surveillance systems for Smart Campuses. A proposed taxonomy for IoT-enabled Smart Campus unfold five research dimensions: (1) physical infrastructure; (2) enabling technologies; (3) software analytics; (4) system security; and (5) research methodology. By applying this taxonomy and by adopting a weighted scoring model on the surveyed systems, we first present the state-ofthe-art, and then we make a comparative assessment and classify the systems. We extract valuable conclusions and inferences from this classification, providing insights and directions towards required services offered by surveillance systems for Smart Campus.

show abstract

Section: Proposed Taxonomymentioning

confidence: 99%

Challenges and Solutions of Surveillance Systems in IoT-Enabled Smart Campus: A Survey

Anagnostopoulos¹,

Kostakos

Zaslavsky

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…For MFA to be successfully implemented, one of the verification factors must be kept away from the device for accessing the system or resources (Australian Cyber Security Centre [ACSC], 2019). The MFA provides a higher security level through multiple user login credentials to protect the devices, systems, and resources from intruders (Taher et al, 2019;Ibrokhimov et al, 2019;Vorakulpipat et al, 2021;Chishti et al, 2021;Kebande et al, 2021). It also helps achieve consistency in organisations (Lone & Mir, 2021).…”

Section: Single-factor Authentication (Sfa)mentioning

confidence: 99%

Development of a secure multi-factor authentication algorithm for mobile money applications

Guma¹

View full text Add to dashboard Cite

With the evolution of industry 4.0, financial technologies have become paramount and mobile money as one of the financial technologies has immensely contributed to improving financial inclusion among the unbanked population. Several mobile money schemes were developed but, they suffered severe authentication security challenges since they implemented two-factor authentication. This study focused on developing a secure multi-factor authentication (MFA) algorithm for mobile money applications. It uses personal identification numbers, one-time passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet encryption were used to secure the authentication factors, confidential financial information and data before transmission to the remote databases. A literature review, survey, evolutionary prototyping model, and heuristic evaluation and usability testing methods were used to identify authentication issues, develop prototypes of native genuine mobile money (G-MoMo) applications, and identify usability issues with the interface designs and ascertain their usability, respectively. The results of the review grouped the threat models into attacks against privacy, authentication, confidentiality, integrity, and availability. The survey identified authentication attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’ security issues. The researcher designed a secure MFA algorithm for mobile money applications and developed three native G-MoMo applications to implement the designed algorithm to prove the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy, and user anonymity, was highly effective against several attacks but had high communication overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the applications’ menu titles, search fields, actions needed for recovery, and help and documentation. Similarly, the usability testing revealed that they were easy to learn, effective, efficient, memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and understandable. Implementing a secure mobile money authentication and authorisation by combining multiple factors which are securely stored helps mobile money subscribers and other stakeholders to have trust in the developed native G-MoMo applications.

show abstract

“…For MFA to be successfully implemented, one of the verification factors should be kept away from the device for accessing the system or resources (Australian Cyber Security Centre (ACSC), 2019). The MFA provides a higher security level through multiple user login credentials to protect the devices, systems, and resources from intruders (Taher et al, 2019;Ibrokhimov et al, 2019;Vorakulpipat et al, 2021;Chishti et al, 2021;Kebande et al, 2021). It also helps achieve consistency in organisations (Lone & Mir, 2021).…”

Section: Single-factor Authentication (Sfa)mentioning

confidence: 99%

Development of a secure multi-factor authentication algorithm for mobile money applications

Ali

View full text Add to dashboard Cite

With the expansion of industry 4.0, financial technology (FinTech) has become paramount in this era. Mobile money as one of the FinTech has immensely contributed to improving financial inclusions among the unbanked population in many developing countries. Several mobile money schemes were developed to ensure easy access to mobile money services. However, they have suffered severe authentication security challenges since implementing two-factor authentication (2FA). Therefore, this research developed a secure multi-factor authentication (MFA) algorithm for mobile money applications that combines personal identification number (PIN), one-time password (OTP), and biometric fingerprints to authenticate the mobile money subscribers. It also used the customer’s biometric fingerprints and the agent’s quick response (QR) code to authorise money withdrawal. The PINs and OTP are secured by secure hashing algorithm-256 (SHA-256) and biometric fingerprints by Fast IDentity Online (FIDO), where the Rivest-Shamir-Adleman (RSA) encryption protects the public/private key pair and the fingerprint templates. The QR codes, confidential financial information in the databases, and all the data before transmission to the remote databases are secured using Fernet encryption. A design science research approach was employed in the research using a mixed-method. The review results identified and grouped the threat models into attacks against privacy, authentication, confidentiality, integrity, and availability. The cryptographic functions and personal identification were the countermeasures. The survey identified authentication attacks, identity theft, phishing attacks, and PIN sharing as the crucial security issues Uganda’s mobile money systems encountered. The security analysis of the designed algorithm and developed native genuine mobile money (G-MoMo) applications proved that it provided robust security during authentication and ensured data confidentiality, integrity, privacy and user anonymity. It is highly effective against several security attacks and resilient to non-repudiation. The performance analysis results showed that the algorithm enhanced security but had high communication overhead and computational cost. Lack of a forward navigation button, lack of uniformity in the applications menu title, lack of search field options, lack of actions needed for recovery, and lack of help & documentation, were identified as the results of the usability issues with the native G-MoMo applications’ user interfaces. While the results of the usability testing showed that the native G-MoMo applications were learnable, effective, efficient, memorable, had few errors, satisfaction, ease of use, aesthetic, helpful, easy to integrate, and understandable. In conclusion, implementing a secure mobile money authentication using the ii novel approach combining multiple factors helps mobile money subscribers and other stakeholders trust the mobile money industry since the security goals are highly maintained.

show abstract

Exploring Half-Duplex Communication of NFC Read/Write Mode for Secure Multi-Factor Authentication

Cited by 8 publications

References 51 publications

Challenges and Solutions of Surveillance Systems in IoT-Enabled Smart Campus: A Survey

Challenges and Solutions of Surveillance Systems in IoT-Enabled Smart Campus: A Survey

Development of a secure multi-factor authentication algorithm for mobile money applications

Development of a secure multi-factor authentication algorithm for mobile money applications

Contact Info

Product

Resources

About