论文信息 - A Secured Two-Factor Authentication Protocol for One-Time Money Account

A Secured Two-Factor Authentication Protocol for One-Time Money Account

Credentials information stealing and online banking fraud are common problem in today’s world. Two-factor authentications are used to overcome online banking frauds. But it can be easily broken by fraudster using different phishing techniques and synchronization vulnerabilities. These vulnerabilities weaken the security guarantees of smartphone based on two-factor authentication. Once authentication is broken fraudster has a direct online access of bank account with all access privileges. In this paper, we have attempted to minimize banking fraud by proposing OTM protocol for virtualization of bank account. Virtualization gives indirect and partial online access to bank account at the time of online financial transaction. OTM protocol derives virtual sub-accounts (VSA) from user bank account at the ATM machine using respective credit/debit card. Each virtual sub-account has assigned limit of maximum amount and used only one time for online banking.

Narendra Shekokar | Devidas Sarang

[1] Xiaoping Chen,et al. YAGP: Yet Another Graphical Password Strategy , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[2] Nicolas Christin,et al. Use Your Illusion: secure authentication usable anywhere , 2008, SOUPS '08.

[3] R. Divya,et al. An impervious QR-based visual authentication protocols to prevent black-bag cryptanalysis , 2015, 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO).

[4] Yehuda Lindell,et al. Introduction to Modern Cryptography , 2004 .

[5] Silvio Micali,et al. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[6] Craig Perkins. Bureau of Justice Statistics Special Report: National Crime Victimization Survey, 1993-2001, Weapon Use and Violent Crime , 2003 .

[7] Jonathan Katz,et al. Introduction to Modern Cryptography: Principles and Protocols , 2007 .

[8] Herbert Bos,et al. How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication , 2016, Financial Cryptography.