Scribd
Upload
306 views

Dissertation: How To Secure Web Authentication

Compatibility with Microsoft Office 2007. First Download the file and then open it with MS Powerpoint 2007

Uploaded by

Arpit Garg
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
306 views

Dissertation: How To Secure Web Authentication

Compatibility with Microsoft Office 2007. First Download the file and then open it with MS Powerpoint 2007

Uploaded by

Arpit Garg
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Secure Web Authentication

Using Cell Phones

Presented By:

Arpit Garg
MBA IB(IT)
A1802007095 (E11)
Batch: 2007-2009
Introduction

Objectives of Thesis:

• To provide secure wireless environment to the users.


• To increase faith of the users in online financial web transactions using
mobile devices.

What is Authentication?

Authentication is the process of verifying that a person is who they claim to be.

This can be done by using any of the following factors:

• something you know – password or PIN


Need of Secure web
Authentication
As computing becomes persistent, people increasingly rely their
business over the Internet by using e-commerce. Now, the Internet is
a preferred source to avail online e-services such as e-commerce, e-
voting, e-banking, e-governance, etc.

Online applications require a strong security element to protect user


confidential data which is a major concern in internet based online
payment system. There are various internet threats which affect the
security system of internet and increase the risk for electronic
transaction.

Most of the authentication system relies on passwords, personal


identification numbers & keys to access their personal account
information. This type of authentication system actually can not verify
or authenticate the identity of the users who he or she claims to be.
Solution
The above observation calls for the need of Multifactor
Authentication techniques for securing financial web
transactions.

To do so, we recommend an authentication system based on:


• TICs (Transaction Identification code) and
• SMS (Short Message Service)

Features of TICs:
1. TICS are issued by bank authorities or financial
institutions to the user and not by the web server.
2. TIC is similar to OTP (One time password) and one code
is used only on one occasion.
3. It eliminates the risk of attack against traditional
passwords.
Existing Payment
1.
systems
Account-based payment systems
• in which each customer has a valid account maintained by a
Trusted Third Party. The user can initiate pre-paid or post-paid
financial transaction using Smart Cards or Credit cards

3. E-wallet or E-cash
• In this method customers stores digital cash in their E-wallet
from a debit card, credit card or virtual check. Digital cash is
like electronic cash in virtual savings account where the user
can make payment for their purchases. E-wallets are
frequently used in payments or small payments.

5. Personal Wallet
• A personal wallet is a software or hardware installed on user’s
machine. There is no need of server, because payment
transaction does not require any wallet server. The user’s
Flow of messages in the
SET protocol
7. Payment
Ack.

4. Request for Authorization, payment


with order information and both
certificates
5. Request
for
2. Merchant’s
payment
Payment Info. approval

1. User 6.
8.
make Authorizati
Respons
purchase on
request 3. Client response
Order and
payment
Informatio
n with

Custom
er’s
Bank
Disadvantages of SET
1. SET is designed for wired networks and does not meet
all the challenges of wireless network.

3. It is vulnerable to various attacks like merchant can


modify transactions data by changing the balance.

5. Transaction flow is from Customer to Merchant so all


the details of user’s credit cards/debit cards must flow
via merchant’s side.

7. There is no notification to the Customer from the


customer’s Bank after the successful transfer. The user
has to check his/her balance after logging on to bank
website again.

9. SET is only for card based (credit or debit) transactions.


System
Implementation
and
Simulation
References
1. GSM calls even more secure - A5/3 Algorithm” ETSI, 2002,
http://www.gsmworld.com/news/press_2002/press_15.shtml
3. http://www.cellular.co.za
4. Website on bouncy castle package:
http://www.bouncycastle.org
6. Article on internet attacks:
www.educause.edu/ir/library/pdf/CSD4433.pdf
7. Article on attacks on mobile phones:
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,00.ht
9. Article on security threats of mobile phones:
http://news.zdnet.com/2100-1009_22-5602919.html
11. Website on Wireless development tool kit 2.3:
http://java.sun.com/products/sjwtoolkit
13. Website on Web Server:
http://tomcat.apache.org/

You might also like