University of Surrey

Test tubes in the lab Research in the ATI Dance Research

hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers

Li, SJ, Sadeghi, A-R, Heisrath, S, Schmitz, R and Ahmad, JJ (2012) hPIN/hTAN: A lightweight and low-cost e-banking solution against untrusted computers In: 15th International Conference on Financial Cryptography and Data Security (FC 2011), 2011-02-28 - 2011-03-04, Gros Islet, St. Lucia.

[img]
Preview
PDF
FC2011.pdf
Available under License : See the attached licence file.

Download (1MB)
[img]
Preview
PDF (licence)
SRI_deposit_agreement.pdf

Download (33kB)

Abstract

In this paper, we propose hPIN/hTAN, a low-cost hardware token based PIN/TAN system for protecting e-banking systems against the strong threat model where the adversary has full control over the user’s computer. This threat model covers various kinds of attacks related to untrusted terminal computers, such as keyloggers, screen scrapers, session hijackers, Trojan horses and transaction generators. The core of hPIN/hTAN is a secure and easy user-computer-token interface. The security is guaranteed by the user-computer-token interface and two underlying security protocols for user/server/transaction authentication. The hPIN/hTAN system is designed as an open framework so that the underlying authentication protocols can be easily reconfigured. To minimize the costs and maximize usability, we chose two security protocols dependent on simple cryptography (a cryptographic hash function). In contrast to other hardware-based solutions, hPIN/hTAN depends on neither a second trusted channel nor a secure keypad nor external trusted center. Our prototype implementation does not involve cryptography beyond a cryptographic hash function. The minimalistic design can also help increase security because more complicated systems tend to have more security holes. As an important feature, hPIN/hTAN exploits human users’ active involvement in the whole process to compensate security weaknesses caused by careless human behavior.

Item Type: Conference or Workshop Item (Paper)
Additional Information: The original publication is available at http://www.springerlink.com
Related URLs:
Divisions: Faculty of Engineering and Physical Sciences > Computing Science
Depositing User: Symplectic Elements
Date Deposited: 26 Jun 2012 11:18
Last Modified: 18 Sep 2014 01:56
URI: http://epubs.surrey.ac.uk/id/eprint/532397

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800