8/14/2019 Dissertation: How to Secure web Authentication

1/20

Secure Web Authentication

Using Cell Phones

Presented By:

Arpit Garg

MBA IB(IT)

A1802007095 (E11)

Batch: 2007-2009

8/14/2019 Dissertation: How to Secure web Authentication

2/20

IntroductionIntroduction

Objectives of Thesis:

To provide secure wireless environment to the users.

To increase faith of the users in online financial web transactions using

mobile devices.

What is Authentication?

Authentication is the process of verifying that a person is who they claim to be.

This can be done by using any of the following factors:

something you know password or PIN

8/14/2019 Dissertation: How to Secure web Authentication

3/20

Need of Secure webNeed of Secure web

As computing becomes persistent, people increasingly rely theirbusiness over the Internet by using e-commerce. Now, the Internet isa preferred source to avail online e-services such as e-commerce, e-voting, e-banking, e-governance, etc.

Online applications require a strong security element to protect userconfidential data which is a major concern in internet based onlinepayment system. There are various internet threats which affect thesecurity system of internet and increase the risk for electronictransaction.

Most of the authentication system relies on passwords, personalidentification numbers & keys to access their personal accountinformation. This type of authentication system actually can not verifyor authenticate the identity of the users who he or she claims to be.

8/14/2019 Dissertation: How to Secure web Authentication

4/20

SolutionSolution

The above observation calls for the need of MultifactorAuthentication techniques for securing financial webtransactions.

To do so, we recommend an authentication system based on:

TICs (Transaction Identification code) and

SMS (Short Message Service)

Features of TICs:

1. TICS are issued by bank authorities or financialinstitutions to the user and not by the web server.

2. TIC is similar to OTP (One time password) and one codeis used only on one occasion.

3. It eliminates the risk of attack against traditional

8/14/2019 Dissertation: How to Secure web Authentication

5/20

Existing PaymentExisting Payment

1. Account-based payment systems in which each customer has a valid account maintained by a

Trusted Third Party. The user can initiate pre-paid or post-paidfinancial transaction using Smart Cards or Credit cards

3. E-wallet or E-cash In this method customers stores digital cash in their E-wallet

from a debit card, credit card or virtual check. Digital cash islike electronic cash in virtual savings account where the usercan make payment for their purchases. E-wallets arefrequently used in payments or small payments.

5. Personal Wallet

A personal wallet is a software or hardware installed on usersmachine. There is no need of server, because payment

transaction does not re uire an wallet server. The users

8/14/2019 Dissertation: How to Secure web Authentication

6/20

Flow of messages in theFlow of messages in the

1. Usermakepurchase

2. MerchantsPayment Info.

3. ClientOrder and

paymentInformatio

8.

4. Request for Authorization, paymentwith order information and both

Customers

7. Payment

5. Request

forpayment

6.Authorization

8/14/2019 Dissertation: How to Secure web Authentication

7/20

Disadvantages of SET

1. SET is designed for wired networks and does not meet

all the challenges of wireless network.

3. It is vulnerable to various attacks like merchant canmodify transactions data by changing the balance.

5. Transaction flow is from Customer to Merchant so allthe details of users credit cards/debit cards must flowvia merchants side.

7. There is no notification to the Customer from thecustomers Bank after the successful transfer. The userhas to check his/her balance after logging on to bankwebsite again.

8/14/2019 Dissertation: How to Secure web Authentication

8/20

SystemSystem

ImplementationImplementation

andand

SimulationSimulation

8/14/2019 Dissertation: How to Secure web Authentication

9/20

8/14/2019 Dissertation: How to Secure web Authentication

10/20

8/14/2019 Dissertation: How to Secure web Authentication

11/20

8/14/2019 Dissertation: How to Secure web Authentication

12/20

8/14/2019 Dissertation: How to Secure web Authentication

13/20

8/14/2019 Dissertation: How to Secure web Authentication

14/20

8/14/2019 Dissertation: How to Secure web Authentication

15/20

8/14/2019 Dissertation: How to Secure web Authentication

16/20

8/14/2019 Dissertation: How to Secure web Authentication

17/20

8/14/2019 Dissertation: How to Secure web Authentication

18/20

8/14/2019 Dissertation: How to Secure web Authentication

19/20

8/14/2019 Dissertation: How to Secure web Authentication

20/20

ReferencesReferences

1. GSM calls even more secure - A5/3 Algorithm ETSI, 2002,

http://www.gsmworld.com/news/press_2002/press_15.shtml

3. http://www.cellular.co.za

4. Website on bouncy castle package:

http://www.bouncycastle.org

6. Article on internet attacks:www.educause.edu/ir/library/pdf/CSD4433.pdf

7. Article on attacks on mobile phones:

http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,

9. Article on security threats of mobile phones:

http://news.zdnet.com/2100-1009_22-5602919.html

11. Website on Wireless development tool kit 2.3:

http://java.sun.com/products/sjwtoolkit

13. Website on Web Server:

http://www.gsmworld.com/news/press_2002/press_15.shtmlhttp://www.cellular.co.za/http://www.bouncycastle.org/http://www.educause.edu/ir/library/pdf/CSD4433.pdfhttp://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,00.htmhttp://news.zdnet.com/2100-1009_22-5602919.htmlhttp://java.sun.com/products/sjwtoolkithttp://tomcat.apache.org/http://java.sun.com/products/sjwtoolkithttp://news.zdnet.com/2100-1009_22-5602919.htmlhttp://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1232051,00.htmhttp://www.educause.edu/ir/library/pdf/CSD4433.pdfhttp://www.bouncycastle.org/http://www.cellular.co.za/http://www.gsmworld.com/news/press_2002/press_15.shtml