On the Security of Today's Online Electronic Banking Systems

Current technology is evolving fast and is constantly bringing new dimensions to our daily life. Electronic banking systems provide us with easy access to banking services. The interaction between user and bank has been substantially improved by deploying ATMs, phone banking, Internet banking, and more recently, mobile banking. This paper discusses the security of today's electronic banking systems. We focus on Internet and mobile banking and present an overview and evaluation of the techniques that are used in the current systems. The best practice is indicated, together with improvements for the future. The issues discussed in this paper are generally applicable in other electronic services such as E-commerce and E-government.

[1]  Klaus Vedder GSM: Security, Services, and the SIM , 1997, State of the Art in Applied Cryptography.

[2]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[3]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[4]  Yougu Yuan,et al.  Web Spoofing 2001 , 2001 .

[5]  Dan S. Wallach,et al.  Web Spoofing: An Internet Con Game , 1997 .

[6]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[7]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[8]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[9]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.

[10]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[11]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[12]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  T. Scharping Hide-and-seek: China's elusive population data , 2001 .

[15]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[16]  Vincent Rijmen,et al.  State of the Art in Applied Cryptography: Course on Computer Security and Industrial Cryptography, Leuven, Belgium, June 3-6, 1997 Revised Lectures , 1998 .

[17]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[18]  Eric Rescorla,et al.  Diffie-Hellman Key Agreement Method , 1999, RFC.

[19]  Armin B. Cremers,et al.  Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs , 2001, SEC.

[20]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[21]  Vincent Rijmen,et al.  Rijndael, the advanced encryption standard , 2001 .

[22]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[23]  Mark Fischetti,et al.  Weaving the web - the original design and ultimate destiny of the World Wide Web by its inventor , 1999 .

[24]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.