Implementation QR Code Biometric Authentication for Online Payment

Ximenes, Agostinho Marques; Sukaridhoto, Sritrusta; Sudarsono, Amang; Albaab, Mochammad Rifki Ulil; Basri, Hasan; Yani, Muhammad Aksa Hidayat; Choon, Chew Chang; Islam, Ezharul

doi:10.1109/elecsym.2019.8901575

Cited by 8 publications

(34 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Impersonation attacks: An attacker can assume the identity of a legitimate mobile money user or agent, access the financial details of a registered user, and perform fraudulent transactions. There are 14 authentication protocols [56,[66][67][68][69][70]72,77,81,87,88,102,103,105] to prevent impersonation attacks. The schemes in [81,105] employed fingerprint biometrics.…”

Section: Resultsmentioning

confidence: 99%

“…The idea of mutual authentication was proposed in [72,88]. On the other hand, [102,103] used random values like OTP. Replay attack: An attacker eavesdrops on network communication between the mobile money user and MMS, and intercepts the data packets that include the PIN, and then delays and resends it to the recipient.…”

Section: Resultsmentioning

confidence: 99%

“…Replay attack: An attacker eavesdrops on network communication between the mobile money user and MMS, and intercepts the data packets that include the PIN, and then delays and resends it to the recipient. To thwart this attack, [66,68,69,102,103] employed pairing-based cryptography and timestamps in encrypted data. Rodrigues, Chaudhari, and More [56] and Salim, Sagheer, and Yaseen [70] adopted techniques with hashing functions.…”

Section: Resultsmentioning

confidence: 99%

“…MITM attack: In this attack, the adversary sits between the mobile money user and MMSP and makes them believe that they are communicating directly with each other, when in fact the attacker controls the entire conversation. There are different authentication protocols [56,[66][67][68][69][70][71]73,74,76,79,85,86,90,102,103] that are resilient against MITM attacks. To deal with this attack, [66,69] proposed the use of ECC.…”

Section: Resultsmentioning

confidence: 99%

“…The swift expansion of QR code in mobile wallets is because of ease of use, security, cost-effectiveness, and trackability [100,101]. The schemes proposed by [56,71,100,102,103] employed QR codes to ensure convenience, accuracy, confidentiality, nonrepudiation, integrity, speed, and safety in payment transactions. Additionally, it offers resistance against impersonation attack, shoulder-surfing attack, identity theft, and brute force attack.…”

mentioning

confidence: 99%

See 4 more Smart Citations

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

2020

View full text Add to dashboard Cite

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

2020

View full text Add to dashboard Cite

show abstract

Real-Time Communication System for Specially Abled with DL-CNN Based Approach Using Image Processing

Priya¹,

Ravikumar²,

Safa³

et al. 2022

2022 International Conference on Power, Energy, Control and Transmission Systems (ICPECTS)

View full text Add to dashboard Cite

A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

2021

View full text Add to dashboard Cite

With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.

show abstract

Implementation QR Code Biometric Authentication for Online Payment

Cited by 8 publications

References 4 publications

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

Real-Time Communication System for Specially Abled with DL-CNN Based Approach Using Image Processing

A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

Contact Info

Product

Resources

About