usably secure, low-cost authentication for mobile banking saurabh gupta sandeep kumar gupta
Post on 18-Jan-2016
230 Views
Preview:
TRANSCRIPT
Usably Secure, Low-Cost Usably Secure, Low-Cost Authentication for Mobile Authentication for Mobile BankingBanking
Saurabh GuptaSandeep Kumar Gupta
Need For Mobile BankingNeed For Mobile Banking
People need money on the run. Banks provide security, interest.
Use Cases – Buying Use Cases – Buying SomethingSomething
Use Case - Depositing Use Case - Depositing MoneyMoney
Use Case – Withdrawing Use Case – Withdrawing MoneyMoney
What Security ?What Security ?
How is it secured on How is it secured on Mars ?Mars ?
Application level encryption Typically have an application implementing the favorite encryption scheme. Provides end to end encryption.
Possible because Can ask people to install and use them. Phones are powerful enough to run them.
Challenges on EarthChallenges on Earth Fundamentally, GSM channel is weakly encrypted. Can not rely on network layer encryption. Need for end to end encryption Can not install applications on user ends.
Mobile Banking In GeneralMobile Banking In Generalo Cell Phoneo 2 factor authenticationo 4 digit pino A codebook with synchronized security tokens.
Old Scheme New Scheme
Overview of 2 schemesOverview of 2 schemes
Both use 2 factor authentication schemes.
Question: Impersonator?
1. 2. 3.
Security AnalysisSecurity Analysis4 different types of attacks considered.
• Pin Recovery• Type 0: Impersonator gets phone• Type 1: Impersonator gets phone and codebook• Type 2: Impersonator gets phone and PIN
Security AnalysisSecurity Analysis• Pin Recovery• Type 0: Impersonator gets phone• Type 1: Impersonator gets phone and codebook• Type 2: Impersonator gets phone and PIN
User StudyUser Study Ethnography
15 people from Delhi
19 people from Bihar
Composition 8 agents 13 existing users 13 potential users
Tasks Plain PIN entry EKO signature formulation
New signature formulation
Parameters RecordedParameters Recorded
ResultsResults
ResultsResults
ResultsResults
DiscussionDiscussion Effect of increased cognitive effort. Effect of entering only 4 digits instead of 10. Statistical significance of results
User Case StudiesUser Case Studies What is required to validate your claim?
• from the perspective of paper publishing?o Novelty of the idea. o Quick papers for promotion.
• for proving soundly?o Acceptability of the idea.
Parameters studied in this paper: 1. 2.
Parameters that should have been studied:
1. 2.
Solutions:
• Submit an idea, verify later?• Get in touch with right kind of people to do social case
studies; sociologists? Questions:• End product derived from user interaction?
top related