Please use this identifier to cite or link to this item:
http://hdl.handle.net/10553/51895
Title: | Improving online banking security with hardware devices | Authors: | De La Puente Arrate, Fernando Sandoval, J. D. Hernández, P. Molina, C. J. |
UNESCO Clasification: | 33 Ciencias tecnológicas | Issue Date: | 2005 | Publisher: | Institute of Electrical and Electronics Engineers (IEEE) | Journal: | Proceedings - International Carnahan Conference on Security Technology | Conference: | 39th Annual 2005 International Carnahan Conference on Security Technology, CCST'05 | Abstract: | Even though it probably has never happened to us, it is possible to introduce our credit card on an ATM and have it steal the money from our account or access our bank account from a computer and have someone else getting access to it. In the first case we believe that the ATM is a trusted device and will never try to cheat us. In the second case, we believe that our computer provides a safe environment for electronic banking. Although there are a few records in history of ATM fraud, we generally believe that it won't happen to us. However, we all know that computers are not safe and still take the risk. Viruses and trojans (malicious software) can do all this and much more, not only in movies but in the real world. This is possible just because we are giving away all the information needed to access our money instead of keeping them. In the first case we are giving away Our credit card and the PIN (Personal Identification Number) and in the second case we are giving away our login and password/s. Anyone who can intercept this information can successfully pretend to be us and withdraw our money. Digital signature can solve these problems providing the means for validating a user or a given operation without. exposing the data required to do it.. However, the point is not if digital signature is the best way to protect our money, but how to implement the system in a way that is easy to use and safe enough.Here we will propose some possible implementations based on die idea that not only digital Signature is needed but also human interaction is required in order to avoid a classic man-in-the-middle-attack. It is not safe to introduce a smart card on a standard smart card reader, introduce the PIN on the application used to access it, and then expect the application to do exactly what we tell it to do. That would be perfectly fine in a world where we can trust. each Other and we can consider computers to be completely safe from intrusions. But the truth is unfortunately far from being like that and so we need to look for new ways to protect us from this kind of attacks.Several hardware devices will be Proposed based on a basic structure where we have a display, some Way to input data (such as a keyboard or a few buttons) and some way to communicate with any computer. | URI: | http://hdl.handle.net/10553/51895 | ISBN: | 0-7803-9245-0 | ISSN: | 1071-6572 | DOI: | 10.1109/CCST.2005.1594874 | Source: | 39Th Annual 2005 International Carnahan Conference On Security Technology, Proceedings [ISSN 0737-1160], p. 174-177, 2005 |
Appears in Collections: | Actas de congresos |
Items in accedaCRIS are protected by copyright, with all rights reserved, unless otherwise indicated.