Issue No. 02 - March/April (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.50
Thomas Weigold , IBM Zurich Research Laboratory
Alain Hiltgen , UBS AG
Thorsten Kramp , IBM Zurich Research Laboratory
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations.
Internet banking, authentication, short-time passwords, short-lived passwords, public-key certificates, taxonomy of attacks
Thomas Weigold, Alain Hiltgen, Thorsten Kramp, "Secure Internet Banking Authentication", IEEE Security & Privacy, vol. 4, no. , pp. 21-29, March/April 2006, doi:10.1109/MSP.2006.50