Conceptual Design and Implementation of FIDO2 compatible Smart Card for Decentralized Financial Transaction System

arXiv - CS - Emerging Technologies Pub Date : 2024-08-09 DOI:arxiv-2408.04977

Anisha Ghosh, Aditya Mitra, Sibi Chakkaravarthy Sethuraman, Aswani Kumar Cherukuri

{"title":"Conceptual Design and Implementation of FIDO2 compatible Smart Card for Decentralized Financial Transaction System","authors":"Anisha Ghosh, Aditya Mitra, Sibi Chakkaravarthy Sethuraman, Aswani Kumar Cherukuri","doi":"arxiv-2408.04977","DOIUrl":null,"url":null,"abstract":"With challenges and limitations associated with security in the fintech\nindustry, the rise to the need for data protection increases. However, the\ncurrent existing passwordless and password-based peer to peer transactions in\nonline banking systems are vulnerable to advanced forms of digital attacks. The\ninflux of modern data protection methods keeps better records of the\ntransactions, but it still does not address the issue of authentication and\naccount takeovers during transactions. To the address the mentioned issue, this\npaper proposes a novel and robust peer to peer transaction system which employs\nbest cloud security practices, proper use of cryptography and trusted computing\nto mitigate common vulnerabilities. We will be implementing FIDO2 compatible\nSmart Card to securely authenticate the user using physical smart cards and\nstore the records in the cloud which enables access control by allowing access\nonly when an access is requested. The standard incorporates multiple layers of\nsecurity on cloud computing models to ensure secrecy of the said data. Services\nof the standard adhere to regulations provides by the government and assures\nprivacy to the information of the payee or the end-user. The whole system has\nbeen implemented in the Internet of Things scenario.","PeriodicalId":501168,"journal":{"name":"arXiv - CS - Emerging Technologies","volume":"24 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Emerging Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.04977","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With challenges and limitations associated with security in the fintech industry, the rise to the need for data protection increases. However, the current existing passwordless and password-based peer to peer transactions in online banking systems are vulnerable to advanced forms of digital attacks. The influx of modern data protection methods keeps better records of the transactions, but it still does not address the issue of authentication and account takeovers during transactions. To the address the mentioned issue, this paper proposes a novel and robust peer to peer transaction system which employs best cloud security practices, proper use of cryptography and trusted computing to mitigate common vulnerabilities. We will be implementing FIDO2 compatible Smart Card to securely authenticate the user using physical smart cards and store the records in the cloud which enables access control by allowing access only when an access is requested. The standard incorporates multiple layers of security on cloud computing models to ensure secrecy of the said data. Services of the standard adhere to regulations provides by the government and assures privacy to the information of the payee or the end-user. The whole system has been implemented in the Internet of Things scenario.

查看原文本刊更多论文

用于分散式金融交易系统的 FIDO2 兼容智能卡的概念设计与实施

随着金融科技行业在安全方面面临的挑战和限制，对数据保护的需求与日俱增。然而，网上银行系统中现有的无密码和基于密码的点对点交易很容易受到高级形式的数字攻击。现代数据保护方法的涌现更好地保存了交易记录，但仍无法解决交易过程中的身份验证和账户接管问题。为了解决上述问题，本文提出了一种新颖、稳健的点对点交易系统，该系统采用了最佳云安全实践、密码学的正确使用和可信计算，以减少常见的漏洞。我们将采用与 FIDO2 兼容的智能卡，使用物理智能卡对用户进行安全验证，并将记录存储在云中，只有在请求访问时才允许访问，从而实现访问控制。该标准在云计算模型中加入了多层安全性，以确保上述数据的保密性。该标准的服务遵守政府规定，确保收款人或最终用户信息的私密性。整个系统已在物联网场景中实施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Emerging Technologies

自引率

0.00%

发文量