1 / 21

Usably Secure, Low-Cost Authentication for Mobile Banking

Usably Secure, Low-Cost Authentication for Mobile Banking. Saurabh Gupta Sandeep Kumar Gupta. Need For Mobile Banking. People need money on the run. Banks provide security, interest. Use Cases – Buying Something. Use Case - Depositing Money. Use Case – Withdrawing Money.

pramirez
Download Presentation

Usably Secure, Low-Cost Authentication for Mobile Banking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Usably Secure, Low-Cost Authentication for Mobile Banking Saurabh Gupta Sandeep Kumar Gupta

  2. Need For Mobile Banking • People need money on the run. • Banks provide security, interest.

  3. Use Cases – Buying Something

  4. Use Case - Depositing Money

  5. Use Case – Withdrawing Money

  6. What Security ?

  7. How is it secured on Mars ? Application level encryption • Typically have an application implementing the favorite encryption scheme. • Provides end to end encryption. Possible because • Can ask people to install and use them. • Phones are powerful enough to run them.

  8. Challenges on Earth • Fundamentally, GSM channel is weakly encrypted. • Can not rely on network layer encryption. • Need for end to end encryption • Can not install applications on user ends.

  9. Mobile Banking In General • Cell Phone • 2 factor authentication • 4 digit pin • A codebook with synchronized security tokens.

  10. Overview of 2 schemes • Both use 2 factor authentication schemes. New Scheme Old Scheme

  11. Security Analysis • 4 different types of attacks considered. • Pin Recovery • Type 0: Impersonator gets phone • Type 1: Impersonator gets phone and codebook • Type 2: Impersonator gets phone and PIN Question: Impersonator? 1.                         2.                            3.

  12. Security Analysis • Pin Recovery • Type 0: Impersonator gets phone • Type 1: Impersonator gets phone and codebook • Type 2: Impersonator gets phone and PIN

  13. User Study • Ethnography • 15 people from Delhi • 19 people from Bihar • Composition • 8 agents • 13 existing users • 13 potential users • Tasks • Plain PIN entry • EKO signature formulation • New signature formulation

  14. Parameters Recorded

  15. Results

  16. Results

  17. Results

  18. Discussion • Effect of increased cognitive effort. • Effect of entering only 4 digits instead of 10. • Statistical significance of results

  19. User Case Studies •  What is required to validate your claim? • from the perspective of paper publishing? • Novelty of the idea.  • Quick papers for promotion. •  for proving soundly? • Acceptability of the idea.

  20. Parameters studied in this paper: 1.                                       2. Parameters that should have been studied: 1.                                       2. 

  21. Solutions: • Submit an idea, verify later? • Get in touch with right kind of people to do social case studies; sociologists? • Questions: • End product derived from user interaction?

More Related