• DocumentCode
    2561475
  • Title

    Introducing TLS-PSK authentication for EMV devices

  • Author

    Urien, Pascal

  • Author_Institution
    Telecom ParisTech, Paris, France
  • fYear
    2010
  • fDate
    17-21 May 2010
  • Firstpage
    371
  • Lastpage
    377
  • Abstract
    Access control to online banking accounts is a very critical topic for the always-on emerging society. In order to avoid phising threats resulting from classical mechanisms dealing with login and password tuples, the deployment of two-factor authentication tokens generating One Time Password (OTP) is recommended by many governmental organizations. A procedure based on EMV credit cards (the Chip Authentication Program) is proposed by several financial companies. However, due to passwords lifetime, OTP values may be collected by hackers via phishing attacks. In this paper we present a protocol that merges the CAP approach to the TLS-PSK protocol. As a consequence there is no need to collect OTP values, and phishing attacks don´t work, because the mutual authentication between the card bearer and the WEB site is only performed via the SSL session.
  • Keywords
    authorisation; banking; smart cards; EMV devices; European Mastercard and Visa; TLS-PSK authentication; TLS-PSK protocol; access control; chip authentication program; one time password; online banking accounts; phising threats; two-factor authentication tokens; Access control; Authentication; Banking; Computer hacking; Cryptographic protocols; Cryptography; Financial management; Microcontrollers; Security; Smart cards; EMV; Security; Smart Card; TLS; WEB;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Collaborative Technologies and Systems (CTS), 2010 International Symposium on
  • Conference_Location
    Chicago, IL
  • Print_ISBN
    978-1-4244-6619-1
  • Type

    conf

  • DOI
    10.1109/CTS.2010.5478489
  • Filename
    5478489
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2561475