The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2006 vol.4)
pp: 21-29
Alain Hiltgen , UBS AG
Thorsten Kramp , IBM Zurich Research Laboratory
Thomas Weigold , IBM Zurich Research Laboratory
ABSTRACT
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations.
INDEX TERMS
Internet banking, authentication, short-time passwords, short-lived passwords, public-key certificates, taxonomy of attacks
CITATION
Alain Hiltgen, Thorsten Kramp, Thomas Weigold, "Secure Internet Banking Authentication", IEEE Security & Privacy, vol.4, no. 2, pp. 21-29, March/April 2006, doi:10.1109/MSP.2006.50
22 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool