Online Authentication Methods Used in Banks and Attacks Against These Methods

Bani-Hani, Anoud; Majdalweieh, Munir; AlShamsi, Aisha

doi:10.1016/j.procs.2019.04.149

Cited by 27 publications

(17 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As the authentication protocol will be used to secure financial transactions, a critical requirement is that the proposed scheme must be strong enough to support online financial transactions, with a security level at least equal to the existing authentication methods that are used by banks [ 76 , 77 ].…”

Section: Autonomous Device Challenge Response Authenticationmentioning

confidence: 99%

Non-Invasive Challenge Response Authentication for Voice Transactions with Smart Home Behavior

Hayashi

Ruggiero

2020

Sensors

View full text Add to dashboard Cite

Smart speakers, such as Alexa and Google Home, support daily activities in smart home environments. Even though voice commands enable friction-less interactions, existing financial transaction authorization mechanisms hinder usability. A non-invasive authorization by leveraging presence and light sensors’ data is proposed in order to replace invasive procedure through smartphone notification. The Coloured Petri Net model was created for synthetic data generation, and one month data were collected in test bed with real users. Random Forest machine learning models were used for smart home behavior information retrieval. The LSTM prediction model was evaluated while using test bed data, and an open dataset from CASAS. The proposed authorization mechanism is based on Physical Unclonable Function usage as a random number generator seed in a Challenge Response protocol. The simulations indicate that the proposed scheme with specialized autonomous device could halve the total response time for low value financial transactions triggered by voice, from 7.3 to 3.5 s in a non-invasive manner, maintaining authorization security.

show abstract

Section: Autonomous Device Challenge Response Authenticationmentioning

confidence: 99%

Non-Invasive Challenge Response Authentication for Voice Transactions with Smart Home Behavior

Hayashi

Ruggiero

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…If the authentication process is tight enough and less susceptible to attacks, then this can guarantee that only legitimate users can gain access to the sensitive information and only authorized users can alter or make changes to confidential data [10]. Undeniably, security is the primary concern in any authentication processes that generally presents an unquestionable fact.…”

Section: Related Literaturesmentioning

confidence: 99%

Energy Consumption Analysis on Different Authentication Protocols

2020

IJATCSE

View full text Add to dashboard Cite

Authentication is vital part of security protocol in any data communication and services, especially that now a day's applications and services uses the internet to provide a global and easy access to the users. In any data communication, choosing an authentication protocol must consider the energy consumption of each tool. The researcher focused on the important constraints, aspects of data communication, and examined the power consumption of different types of authentication protocols. This paper presents a comprehensive analysis of energy consumption with different types of cryptographic algorithms that was utilized in the authentication protocol. The researcher explored the effect of different parameters at the convention level (for example, figure suites, validation components, and exchange sizes, and so forth) and the cryptographic algorithms level (figure modes and quality) on general vitality utilization for secure information exchanges. The network administrator uses an authentication protocol that allows local devices to access from the central server. Several number of different authentication protocols was used at the same time for different things. Physical access to the central server requires an authentication key that was configured in the device. Authentication protocol type varies from physical to network controllers.

show abstract

“…However, emerging cybersecurity attacks make the reliance upon single-factor authentication (e.g., username/password) a growing concern for banks. By strengthening their authentication mechanisms, banks can effectively protect the confidentiality and integrity of sensitive customer data, thus avoiding financial loss and reputation damage resulting from events such as fraud and customer data disclosure [6].…”

Section: Introductionmentioning

confidence: 99%

Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning

Hayashi

Ruggiero

2022

Sensors

View full text Add to dashboard Cite

Virtual assistants, deployed on smartphone and smart speaker devices, enable hands-free financial transactions by voice commands. Even though these voice transactions are frictionless for end users, they are susceptible to typical attacks to authentication protocols (e.g., replay). Using traditional knowledge-based or possession-based authentication with additional invasive interactions raises users concerns regarding security and usefulness. State-of-the-art schemes for trusted devices with physical unclonable functions (PUF) have complex enrollment processes. We propose a scheme based on a challenge response protocol with a trusted Internet of Things (IoT) autonomous device for hands-free scenarios (i.e., with no additional user interaction), integrated with smart home behavior for continuous authentication. The protocol was validated with automatic formal security analysis. A proof of concept with websockets presented an average response time of 383 ms for mutual authentication using a 6-message protocol with a simple enrollment process. We performed hands-free activity recognition of a specific user, based on smart home testbed data from a 2-month period, obtaining an accuracy of 97% and a recall of 81%. Given the data minimization privacy principle, we could reduce the total number of smart home events time series from 7 to 5. When compared with existing invasive solutions, our non-invasive mechanism contributes to the efforts to enhance the usability of financial institutions’ virtual assistants, while maintaining security and privacy.

show abstract

Online Authentication Methods Used in Banks and Attacks Against These Methods

Cited by 27 publications

References 12 publications

Non-Invasive Challenge Response Authentication for Voice Transactions with Smart Home Behavior

Non-Invasive Challenge Response Authentication for Voice Transactions with Smart Home Behavior

Energy Consumption Analysis on Different Authentication Protocols

Hands-Free Authentication for Virtual Assistants with Trusted IoT Device and Machine Learning

Contact Info

Product

Resources

About