Secure Internet Banking Authentication

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Alain Hiltgen Articles by Thorsten Kramp Articles by Thomas Weigold

March/April 2006 (vol. 4 no. 2)

pp. 21-29

	ASCII Text	x
	Alain Hiltgen, Thorsten Kramp, Thomas Weigold, "Secure Internet Banking Authentication," IEEE Security and Privacy, vol. 4, no. 2, pp. 21-29, March/April, 2006.

	BibTex	x
	@article{ 10.1109/MSP.2006.50, author = {Alain Hiltgen and Thorsten Kramp and Thomas Weigold}, title = {Secure Internet Banking Authentication}, journal ={IEEE Security and Privacy}, volume = {4}, number = {2}, issn = {1540-7993}, year = {2006}, pages = {21-29}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2006.50}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Secure Internet Banking Authentication IS - 2 SN - 1540-7993 SP21 EP29 EPD - 21-29 A1 - Alain Hiltgen, A1 - Thorsten Kramp, A1 - Thomas Weigold, PY - 2006 KW - Internet banking KW - authentication KW - short-time passwords KW - short-lived passwords KW - public-key certificates KW - taxonomy of attacks VL - 4 JA - IEEE Security and Privacy ER -

Alain Hiltgen, UBS AG

Thorsten Kramp, IBM Zurich Research Laboratory

Thomas Weigold, IBM Zurich Research Laboratory

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.50

This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations.

Index Terms:

Internet banking, authentication, short-time passwords, short-lived passwords, public-key certificates, taxonomy of attacks

Citation:

Alain Hiltgen, Thorsten Kramp, Thomas Weigold, "Secure Internet Banking Authentication," IEEE Security and Privacy, vol. 4, no. 2, pp. 21-29, Mar./Apr. 2006, doi:10.1109/MSP.2006.50

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.