Title :
Introducing TLS-PSK authentication for EMV devices
Author_Institution :
Telecom ParisTech, Paris, France
Abstract :
Access control to online banking accounts is a very critical topic for the always-on emerging society. In order to avoid phising threats resulting from classical mechanisms dealing with login and password tuples, the deployment of two-factor authentication tokens generating One Time Password (OTP) is recommended by many governmental organizations. A procedure based on EMV credit cards (the Chip Authentication Program) is proposed by several financial companies. However, due to passwords lifetime, OTP values may be collected by hackers via phishing attacks. In this paper we present a protocol that merges the CAP approach to the TLS-PSK protocol. As a consequence there is no need to collect OTP values, and phishing attacks don´t work, because the mutual authentication between the card bearer and the WEB site is only performed via the SSL session.
Keywords :
authorisation; banking; smart cards; EMV devices; European Mastercard and Visa; TLS-PSK authentication; TLS-PSK protocol; access control; chip authentication program; one time password; online banking accounts; phising threats; two-factor authentication tokens; Access control; Authentication; Banking; Computer hacking; Cryptographic protocols; Cryptography; Financial management; Microcontrollers; Security; Smart cards; EMV; Security; Smart Card; TLS; WEB;
Conference_Titel :
Collaborative Technologies and Systems (CTS), 2010 International Symposium on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4244-6619-1
DOI :
10.1109/CTS.2010.5478489
