University of Surrey

Test tubes in the lab Research in the ATI Dance Research

hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers

Li, SJ, Sadeghi, A-R, Heisrath, S, Schmitz, R and Ahmad, JJ (2012) hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers In: 15th International Conference on Financial Cryptography and Data Security (FC 2011), 2011-02-28 - 2011-03-04, Gros Islet, St. Lucia.

Available under License : See the attached licence file.

Download (1MB)
Text (licence)

Download (33kB)


In this paper, we propose hPIN/hTAN, a low-cost hardware token based PIN/TAN system for protecting e-banking systems against the strong threat model where the adversary has full control over the user’s computer. This threat model covers various kinds of attacks related to untrusted terminal computers, such as keyloggers, screen scrapers, session hijackers, Trojan horses and transaction generators. The core of hPIN/hTAN is a secure and easy user-computer-token interface. The security is guaranteed by the user-computer-token interface and two underlying security protocols for user/server/transaction authentication. The hPIN/hTAN system is designed as an open framework so that the underlying authentication protocols can be easily reconfigured. To minimize the costs and maximize usability, we chose two security protocols dependent on simple cryptography (a cryptographic hash function). In contrast to other hardware-based solutions, hPIN/hTAN depends on neither a second trusted channel nor a secure keypad nor external trusted center. Our prototype implementation does not involve cryptography beyond a cryptographic hash function. The minimalistic design can also help increase security because more complicated systems tend to have more security holes. As an important feature, hPIN/hTAN exploits human users’ active involvement in the whole process to compensate security weaknesses caused by careless human behavior.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
Li, SJ
Sadeghi, A-R
Heisrath, S
Schmitz, R
Ahmad, JJ
Date : 2012
DOI : 10.1007/978-3-642-27576-0_19
Contributors :
Related URLs :
Additional Information : The original publication is available at
Depositing User : Symplectic Elements
Date Deposited : 26 Jun 2012 11:18
Last Modified : 31 Oct 2017 14:34

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800