Mobile User Authentication System for E-commerce Applications.

E-commerce applications provide on-line clients and merchants with a quick and convenient way to exchange goods and services. However, the deployment of these applications is still facing many problems such as security threats; and on-line attacks. These often cause users to be concerned about their own privacy and encourage them to stop using on-line methods. Thus, a number of on-line authentication technologies and methods have been developed in order to authenticate users and merchants, verify their identities, and therefore overcome e-commerce security threats. Although stand-alone authentication solutions have been successful in authenticating legitimate clients and in defeating on-line attacks, they are often weak in overcoming the Man-In-The-Browser (MITB) attack, which is a type of Internet threat that infects a web-browser in a concealed fashion, and is invisible to both client and host applications. This paper presents a Mobile User Authentication System (MUAS) that uses QR code technology to authenticate on-line users, through a challenge/response protocol. Based on this mechanism, the system integrates different authentication technologies and methods to provide an improved and secure on-line user and merchant authentication system that overcomes MITB attack, without compromising usability and ubiquity.

[1]  Somdip Dey,et al.  SD-EQR: A New Technique To Use QR CodesTM in Cryptography , 2012, ArXiv.

[2]  J. T. Isaac,et al.  An Anonymous Account-Based Mobile Payment Protocol for a Restricted Connectivity Scenario , 2007 .

[3]  Navid Nazhand,et al.  A Lighweight and Secure Protocol for Mobile Payments Via Wireless Internet in M-commerce , 2010, 2010 International Conference on e-Education, e-Business, e-Management and e-Learning.

[4]  Young-Gon Kim,et al.  A design of user authentication system using QR code identifying method , 2011, 2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT).

[5]  Fan Yu Tao,et al.  Design of Two-Way One-Time-Password Authentication Scheme Based on True Random Numbers , 2009, 2009 Second International Workshop on Computer Science and Engineering.

[6]  Ali Al-Qayedi,et al.  Combined Web/mobile authentication for secure Web access control , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[7]  Do Van Thanh,et al.  Strong authentication using dual SIM , 2009, 2009 13th International Conference on Intelligence in Next Generation Networks.

[8]  Le-Pong Chin,et al.  SIM card based e-cash applications in the mobile communication system using OTA and STK technology , 2006 .

[9]  Jerry Zeyu Gao,et al.  Understanding 2D-BarCode Technology and Applications in M-Commerce - Design and Implementation of A 2D Barcode Processing Solution , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[10]  Nahid Shahmehri,et al.  2-clickAuth Optical Challenge-Response Authentication , 2010, 2010 International Conference on Availability, Reliability and Security.

[11]  Kenji Takahashi,et al.  Implementing identity provider on mobile phone , 2007, DIM '07.

[12]  Dongho Won,et al.  A mobile based anti-phishing authentication scheme using QR code , 2011, International Conference on Mobile IT Convergence.

[13]  S.M. Aziz,et al.  A Conceptual Framework for a SIM-based Electronic Transaction Authentication System , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[14]  Yi-xian Yang,et al.  Biometric-based personal identity-authentication system and security analysis , 2006 .

[15]  Ren-Junn Hwang,et al.  A new mobile payment scheme for roaming services , 2007, Electron. Commer. Res. Appl..

[16]  Li Huang Ng,et al.  A novel JavaCard-based authentication system for secured transactions on the Internet , 2000, Proceedings IEEE International Conference on Networks 2000 (ICON 2000). Networking Trends and Challenges in the New Millennium.

[17]  Mehmet Gokturk,et al.  Combining Biometric ID Cards and Online Credit Card Transactions , 2010, 2010 Fourth International Conference on Digital Society.

[18]  Do Van Thanh,et al.  Simple Strong Authentication for Internet Applications Using Mobile Phones , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[19]  Xiaoying Zhang,et al.  A mobile identity authentication scheme of e-commerce based on Java-SIM card , 2010, ICOIN 2010.

[20]  Junwei Zou,et al.  An Improved Dynamic Identity Authentication Scheme Based on PKI-SIM Card , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[21]  Ivar Jørstad,et al.  Using the mobile phone as a security token for unified authentication , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[22]  José María Sierra,et al.  An Anonymous Account-Based Mobile Payment Protocol for a Restricted Connectivity Scenario , 2007, 18th International Workshop on Database and Expert Systems Applications (DEXA 2007).

[23]  Do van Thuan,et al.  NETp1-09: Enhancing Internet Service Security Using GSM SIM Authentication , 2006, IEEE Globecom 2006.

[24]  Xiaoming Meng Study on the Model of E-Commerce Identity Authentication Based on Multi-biometric Features Identification , 2008, 2008 ISECS International Colloquium on Computing, Communication, Control, and Management.

[25]  D. Boneh,et al.  Snap 2 Pass : Consumer-Friendly Challenge-Response Authentication with a Phone , 2010 .

[26]  Gianluigi Me,et al.  A mobile based approach to strong authentication on Web , 2006, 2006 International Multi-Conference on Computing in the Global Information Technology - (ICCGI'06).

[27]  Kevin Curran,et al.  Man in the Browser Attacks , 2012, Int. J. Ambient Comput. Intell..

[28]  Do van Thuan,et al.  Pervasive service access with SIM-based VPN , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[29]  Gianluca Dini,et al.  Improving authentication of remote card transactions with mobile personal trusted devices , 2007, Comput. Commun..