QR-TAN: Secure Mobile Transaction Authentication

A
ARES
2009
2009 International Conference on Availability, Reliability and Security
Abstract - QR-TAN: Secure Mobile Transaction Authentication

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Guenther Starnberger Articles by Lorenz Froihofer Articles by Karl M. Goeschka

2009 International Conference on Availability, Reliability and Security

Fukuoka Institute of Technology, Fukuoka, Japan

March 16-March 19

ISBN: 978-0-7695-3564-7

	ASCII Text	x
	Guenther Starnberger, Lorenz Froihofer, Karl M. Goeschka, "QR-TAN: Secure Mobile Transaction Authentication," Availability, Reliability and Security, International Conference on, pp. 578-583, 2009 International Conference on Availability, Reliability and Security, 2009.

	BibTex	x
	@article{ 10.1109/ARES.2009.96, author = {Guenther Starnberger and Lorenz Froihofer and Karl M. Goeschka}, title = {QR-TAN: Secure Mobile Transaction Authentication}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2009}, isbn = {978-0-7695-3564-7}, pages = {578-583}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2009.96}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - QR-TAN: Secure Mobile Transaction Authentication SN - 978-0-7695-3564-7 SP578 EP583 A1 - Guenther Starnberger, A1 - Lorenz Froihofer, A1 - Karl M. Goeschka, PY - 2009 KW - secure transactions KW - transaction authentication KW - QR codes KW - TAN codes KW - trusted device VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Guenther Starnberger

Lorenz Froihofer

Karl M. Goeschka

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2009.96

The security of electronic transactions depends on the security of the user's terminal. An insecure terminal may allow an attacker to create or manipulate transactions. Several techniques have been developed that help to protect transactions performed over insecure terminals. TAN codes, security tokens, and smart cards prevent an attacker who obtained the user's password from signing transactions under the user's identity. However, usually these techniques do not allow a user to assert that the content of a transaction has not been manipulated. This paper contributes with the QR-TAN authentication technique. QR-TANs are a transaction authentication technique based on two-dimensional barcodes. Compared to other established techniques, QR-TANs show three advantages: First, QR-TANs allow the user to directly validate the content of a transaction within a trusted device. Second, validation is secure even if an attacker manages to gain full control over a user’s computer. Finally, QR-TANs in combination with smart cards can also be utilized for offline transactions that do not require any server.

Index Terms:

secure transactions, transaction authentication, QR codes, TAN codes, trusted device

Citation:

Guenther Starnberger, Lorenz Froihofer, Karl M. Goeschka, "QR-TAN: Secure Mobile Transaction Authentication," ares, pp.578-583, 2009 International Conference on Availability, Reliability and Security, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.