A Provably Secure Android-Based Mobile Banking Protocol

International Journal of Security and Its Applications Pub Date : 2017-08-31 DOI:10.14257/IJSIA.2017.11.8.06

Hisham S. Elganzoury, A. A. Hafez, A. A. Hegazy

引用次数: 2

Abstract

The rising vogue of smart phones and tablets has led users to complete their daily works (such as M-Banking) with these devices. Therefore, mobile banking needs to become more proper, reliable, effective; and secure. Security is the most crucial requirement in mobile banking, since all the communications are via unsecure networks such as the Internet. Providing main security services; Confidentiality, Integrity, and Authentication (CIA) between any two communicating parties must be ensured and guaranteed. Many vulnerabilities may make Users’ confidential information vulnerable to risks. These vulnerabilities can take different shapes, such as fixed values-based security techniques, one factor authentication, separate hard token-based authentication, hardware thievery, and Android OS based attacks. This paper proposes a new secure scheme for mobile banking applications to overcome these risks. Then, the proposed scheme is analyzed, and compared to the most powered approaches. Finally, performance key identifiers are assessed and validated.

查看原文本刊更多论文

一个可证明安全的基于android的移动银行协议

智能手机和平板电脑的日益流行使得用户通过这些设备完成日常工作(如移动银行)。因此，手机银行需要变得更加恰当、可靠、有效;和安全。安全是手机银行最重要的要求，因为所有的通信都是通过互联网等不安全的网络进行的。提供主要保安服务;必须确保通信双方之间的机密性、完整性和身份验证(CIA)。许多漏洞可能会使用户的机密信息面临风险。这些漏洞可以采取不同的形式，例如基于固定值的安全技术、单因素身份验证、单独的基于硬令牌的身份验证、硬件盗窃和基于Android OS的攻击。本文提出了一种新的移动银行应用安全方案来克服这些风险。然后，对该方案进行了分析，并与最强大的方法进行了比较。最后，评估和验证性能关键标识符。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-

自引率

0.00%

发文量

期刊介绍： IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security