8/14/2019 Dissertation: How to Secure web Authentication
1/20
Secure Web Authentication
Using Cell Phones
Presented By:
Arpit Garg
MBA IB(IT)
A1802007095 (E11)
Batch: 2007-2009
8/14/2019 Dissertation: How to Secure web Authentication
2/20
IntroductionIntroduction
Objectives of Thesis:
To provide secure wireless environment to the users.
To increase faith of the users in online financial web transactions using
mobile devices.
What is Authentication?
Authentication is the process of verifying that a person is who they claim to be.
This can be done by using any of the following factors:
something you know password or PIN
8/14/2019 Dissertation: How to Secure web Authentication
3/20
Need of Secure webNeed of Secure web
As computing becomes persistent, people increasingly rely theirbusiness over the Internet by using e-commerce. Now, the Internet isa preferred source to avail online e-services such as e-commerce, e-voting, e-banking, e-governance, etc.
Online applications require a strong security element to protect userconfidential data which is a major concern in internet based onlinepayment system. There are various internet threats which affect thesecurity system of internet and increase the risk for electronictransaction.
Most of the authentication system relies on passwords, personalidentification numbers & keys to access their personal accountinformation. This type of authentication system actually can not verifyor authenticate the identity of the users who he or she claims to be.
8/14/2019 Dissertation: How to Secure web Authentication
4/20
SolutionSolution
The above observation calls for the need of MultifactorAuthentication techniques for securing financial webtransactions.
To do so, we recommend an authentication system based on:
TICs (Transaction Identification code) and
SMS (Short Message Service)
Features of TICs:
1. TICS are issued by bank authorities or financialinstitutions to the user and not by the web server.
2. TIC is similar to OTP (One time password) and one codeis used only on one occasion.
3. It eliminates the risk of attack against traditional
8/14/2019 Dissertation: How to Secure web Authentication
5/20
Existing PaymentExisting Payment
1. Account-based payment systems in which each customer has a valid account maintained by a
Trusted Third Party. The user can initiate pre-paid or post-paidfinancial transaction using Smart Cards or Credit cards
3. E-wallet or E-cash In this method customers stores digital cash in their E-wallet
from a debit card, credit card or virtual check. Digital cash islike electronic cash in virtual savings account where the usercan make payment for their purchases. E-wallets arefrequently used in payments or small payments.
5. Personal Wallet
A personal wallet is a software or hardware installed on usersmachine. There is no need of server, because payment
transaction does not re uire an wallet server. The users
8/14/2019 Dissertation: How to Secure web Authentication
6/20
Flow of messages in theFlow of messages in the
1. Usermakepurchase
2. MerchantsPayment Info.
3. ClientOrder and
paymentInformatio
8.
4. Request for Authorization, paymentwith order information and both
Customers
7. Payment
5. Request
forpayment
6.Authorization
8/14/2019 Dissertation: How to Secure web Authentication
7/20
Disadvantages of SET
1. SET is designed for wired networks and does not meet
all the challenges of wireless network.
3. It is vulnerable to various attacks like merchant canmodify transactions data by changing the balance.
5. Transaction flow is from Customer to Merchant so allthe details of users credit cards/debit cards must flowvia merchants side.
7. There is no notification to the Customer from thecustomers Bank after the successful transfer. The userhas to check his/her balance after logging on to bankwebsite again.
8/14/2019 Dissertation: How to Secure web Authentication
8/20
SystemSystem
ImplementationImplementation
andand
SimulationSimulation
8/14/2019 Dissertation: How to Secure web Authentication
9/20
8/14/2019 Dissertation: How to Secure web Authentication
10/20
8/14/2019 Dissertation: How to Secure web Authentication
11/20
8/14/2019 Dissertation: How to Secure web Authentication
12/20
8/14/2019 Dissertation: How to Secure web Authentication
13/20
8/14/2019 Dissertation: How to Secure web Authentication
14/20
8/14/2019 Dissertation: How to Secure web Authentication
15/20
8/14/2019 Dissertation: How to Secure web Authentication
16/20
8/14/2019 Dissertation: How to Secure web Authentication
17/20
8/14/2019 Dissertation: How to Secure web Authentication
18/20
8/14/2019 Dissertation: How to Secure web Authentication
19/20
8/14/2019 Dissertation: How to Secure web Authentication
20/20
ReferencesReferences
1. GSM calls even more secure - A5/3 Algorithm ETSI, 2002,
http://www.gsmworld.com/news/press_2002/press_15.shtml
3. http://www.cellular.co.za
4. Website on bouncy castle package:
http://www.bouncycastle.org
6. Article on internet attacks:www.educause.edu/ir/library/pdf/CSD4433.pdf
7. Article on attacks on mobile phones:
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,
9. Article on security threats of mobile phones:
http://news.zdnet.com/2100-1009_22-5602919.html
11. Website on Wireless development tool kit 2.3:
http://java.sun.com/products/sjwtoolkit
13. Website on Web Server:
http://www.gsmworld.com/news/press_2002/press_15.shtmlhttp://www.cellular.co.za/http://www.bouncycastle.org/http://www.educause.edu/ir/library/pdf/CSD4433.pdfhttp://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,00.htmhttp://news.zdnet.com/2100-1009_22-5602919.htmlhttp://java.sun.com/products/sjwtoolkithttp://tomcat.apache.org/http://java.sun.com/products/sjwtoolkithttp://news.zdnet.com/2100-1009_22-5602919.htmlhttp://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,00.htmhttp://www.educause.edu/ir/library/pdf/CSD4433.pdfhttp://www.bouncycastle.org/http://www.cellular.co.za/http://www.gsmworld.com/news/press_2002/press_15.shtmlTop Related