Issue No.02 - March/April (2006 vol.4)
Alain Hiltgen , UBS AG
Thorsten Kramp , IBM Zurich Research Laboratory
Thomas Weigold , IBM Zurich Research Laboratory
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.50
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations.
Internet banking, authentication, short-time passwords, short-lived passwords, public-key certificates, taxonomy of attacks
Alain Hiltgen, Thorsten Kramp, Thomas Weigold, "Secure Internet Banking Authentication", IEEE Security & Privacy, vol.4, no. 2, pp. 21-29, March/April 2006, doi:10.1109/MSP.2006.50