Title :
Secure Internet banking authentication
Author :
Hiltgen, Alain ; Kramp, Thorsten ; Weigold, Thomas
Author_Institution :
UBS Wealth Manage. & Bus. Banking, Zurich
Abstract :
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations
Keywords :
Internet; bank data processing; certification; message authentication; public key cryptography; attack taxonomy; channel breaking attacks; content manipulation attacks; credential stealing; nonrepudiation; public-key certificates; secure Internet banking authentication; short-lived passwords; short-time passwords; transaction signing; Authentication; Banking; Computer security; Internet; Privacy; Web server; Internet banking; authentication; public-key certificates; short-lived passwords; short-time passwords; taxonomy of attacks;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2006.50
