Digital Library

cab1

 
Title:      PROTECTING ONLINE BANKING ON A SMARTPHONE WITH SIGNED TRANSACTION SUMMARIES
Author(s):      Peter Trommler
ISBN:      978-989-8533-39-5
Editors:      Ajith P. Abraham, Antonio Palma dos Reis and Jörg Roth
Year:      2015
Edition:      Single
Keywords:      Digital signature, secure digital signing unit, Internet banking, transaction summaries, chip cards.
Type:      Full Paper
First Page:      125
Last Page:      132
Language:      English
Cover:      cover          
Full Contents:      click to dowload Download
Paper Abstract:      Attacks on Internet banking using a malware called “High Roller” triggered the EU cyber security agency to issue a warning and call for action. With the proliferation of smartphones, customers want to do online banking on their phone, too. But a smartphone could also be compromised and so the customer cannot trust what is shown in the display and PINs could be sent to the attacker. We assume an attacker motivated by financial gain through diverting manipulated bank transactions to an account under his control. Based on that assumption, we propose signed transaction summaries where the signature is created in a separate security device after the summary has been shown to the user and the user has approved it. Keeping the requirements to the absolute minimum, we derive a hardware implementation for the Jolla smartphone and, based on that hardware, a secure software implementation. We use commercial off-the-shelf components and, by keeping the protocols simple, reduce the trusted computing base as much as possible. We then demonstrate how the program in the micro controller avoids common software flaws.
   

Social Media Links

Search

Login