Issue No. 02 - March/April (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.50
Alain Hiltgen , UBS AG
Thorsten Kramp , IBM Zurich Research Laboratory
Thomas Weigold , IBM Zurich Research Laboratory
This article classifies common Internet banking authentication methods regarding potential threats and their level of security against common credential stealing and channel breaking attacks, respectively. The authors present two challenge/response Internet banking authentication solutions, one based on short-time passwords and one certificate-based, and relate them to the taxonomy above. There further outline how these solutions can be easily extended for nonrepudiation (that is, transaction signing), should more sophisticated content manipulation attacks become a real problem. Finally, they summarize their view on future requirements for secure Internet banking authentication and conclude by referencing real-live implementations.
Internet banking, authentication, short-time passwords, short-lived passwords, public-key certificates, taxonomy of attacks
T. Weigold, A. Hiltgen and T. Kramp, "Secure Internet Banking Authentication," in IEEE Security & Privacy, vol. 4, no. , pp. 21-29, 2006.