Mutual authentication in securing mobile payment system using encrypted QR code based on Public Key Infrastructure

Purnomo, Ariana Tulus; Gondokaryono, Yudi Satria; Kim, Chang-Soo

doi:10.1109/icsengt.2016.7849649

Cited by 20 publications

(27 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Impersonation attacks: An attacker can assume the identity of a legitimate mobile money user or agent, access the financial details of a registered user, and perform fraudulent transactions. There are 14 authentication protocols [56,[66][67][68][69][70]72,77,81,87,88,102,103,105] to prevent impersonation attacks. The schemes in [81,105] employed fingerprint biometrics.…”

Section: Resultsmentioning

confidence: 99%

“…Singh and Jasmine [87], Kisore and Sagi [67], Rodrigues, Chaudhari, and More [56], Alhothailya et al [77], and Salim, Sagheer, and Yaseen [70] adopted hashing functions. Purnomo, Gondokaryono, and Kim [72] proposed an asymmetric encryption function. The idea of mutual authentication was proposed in [72,88].…”

Section: Resultsmentioning

confidence: 99%

“…Purnomo, Gondokaryono, and Kim [72] proposed an asymmetric encryption function. The idea of mutual authentication was proposed in [72,88]. On the other hand, [102,103] used random values like OTP.…”

Section: Resultsmentioning

confidence: 99%

“…To resist masquerade attacks, [66,68,69] proposed deploying the elliptic curve cryptosystem. Purnomo, Gondokaryono, and Kim [72] and Fan et al [88] adopted mutual authentication techniques. Kisore and Sagi [67], Rodrigues, Chaudhari, and More [56], Sharma and Bohra [71], Alhothailya et al [77], and Salim, Sagheer, and Yaseen [70] used the idea of hash functions.…”

Section: Resultsmentioning

confidence: 99%

“…The scheme proposed by Sharma and Bohra [71] employed a hybrid cryptographic authentication method using the quick response (QR) code and OTP to improve user authentication and confidentiality in online banking. Additionally, using the encrypted QR code with RSA in the scheme in [72] ensured the legitimacy of the user, information confidentiality, integrity, and accuracy in mobile payment.…”

mentioning

confidence: 99%

See 4 more Smart Citations

Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures

2020

View full text Add to dashboard Cite

The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.

show abstract