Saxena - ACSAC WiP.pptx [PDF]

Dec 12, 2013 - Neetesh Saxena. 5. Mutual. Authentication. Confidentiality. Integrity. Non-. Repudiation. Prevents. Redirection,. Impersonation. Attack. Prevents MITM and Replay. Attack. Prevents SMS tampering & message disclosure. Prevents. Repudiation. Attack. Strong Authentication. Protocol. Encryption. DES, Triple ...

3 downloads 34 Views 1MB Size

Recommend Stories


op saxena
Before you speak, let your words pass through three gates: Is it true? Is it necessary? Is it kind?

By: Dr. SK Saxena , Director
In the end only three things matter: how much you loved, how gently you lived, and how gracefully you

[ By (author) Richa Saxena ] [April, 2014] PDF Télécharger
Learning never exhausts the mind. Leonardo da Vinci

Proving Primality After Agrawal-Kayal-Saxena
You can never cross the ocean unless you have the courage to lose sight of the shore. Andrè Gide

MODELS AND CONSEQUENCES by Prabal Saxena A Dissertation Su
Ego says, "Once everything falls into place, I'll feel peace." Spirit says "Find your peace, and then

A Case Study on Uttar Pradesh Police Force Women Power Line 1090 By Nishant Saxena and
You can never cross the ocean unless you have the courage to lose sight of the shore. Andrè Gide

A fixed point theorem for Meir-Keeler type contraction via Gupta-Saxena expression
If you want to become full, let yourself be empty. Lao Tzu

95-99 Hypertension Beril Tom, René de Vries, Pramod R. Saxena and AH Jan Danser With ACE C
Do not seek to follow in the footsteps of the wise. Seek what they sought. Matsuo Basho

download pdf Creează PDF
You have survived, EVERY SINGLE bad day so far. Anonymous

Abstracts PDF Posters [PDF]
Nov 11, 2017 - abstract or part of any abstract in any form must be obtained in writing by SfN office prior to publication. ..... progenitor marker Math1 (also known as Atoh1) and the neuronal marker Math3 (also known as. Atoh3 and .... Furthermore R

Idea Transcript


An Integrated Approach for SMS-Based Secure Mobile Banking in India *Neetesh Saxena, Narendra S. Chaudhari IIT Indore, India

Introduction — 

Various M-banking channels SMS, USSD, GPRS, WAP and phone based applications

— 

Nowadays, SMS is very popular and frequently used worldwide

— 

Traditional SMS service does not provide any security to transmitted message

— 

SMS-based m-banking can be extended as a secure channel

12/12/13

Neetesh Saxena

2

Problem Statement — 

The objective à secure mobile banking using SMS ◦  for the people who are living in the rural part of India ◦ 

don’t have java support cellular phones and Internet facility (limited)

— 

Presently, SMS is in clear text without any ciphering mode while transmitting

— 

SMS and its banking environment must be secure from various attacks

— 

Some banks provide change password option through SMS which is a threat

— 

Secure m-banking à authentication, confidentiality, integrity, non-repudiation.

— 

In India ◦  Only banks can provide the facility of m-banking while ◦  Other countries like Kenya and Philippines non-bank organizations can also do 12/12/13

Neetesh Saxena

3

Solving Approach — 

The SIM à issued by à Govt. authorized body of Telecomm. Department of India

— 

Store a secret key for each bank onto the SIM at the time of manufacturing and in the database of respective banking server

— 

To manage SIM storage, limit a user à 3 to 5 m-banking services of different banks

— 

As per Reserve Bank of India (RBI) guidelines only banks can provide such facility ◦ 

The current guidelines must be reviewed.

— 

An integration of service providers and different banks must be encouraged

— 

Proposed a separate SIM for the secure channel of communication

12/12/13

Neetesh Saxena

4

Continued… Session Keys à by key stored onto SIM + Bank Database

Strong Authentication Protocol

Mutual Authentication

Prevents Redirection, Impersonation Attack

Confidentiality

Prevents MITM and Replay Attack

SMS Content +User Identity + Timestamp

Encryption DES, Triple DES, AES, Twofish, RC6, Blowfish, CAST6, RC2, MAES

Authentication functions MD5, SHA1

Integrity

Digital Signature RSA, DSA, ECDSA

NonRepudiation

12/12/13

SIM + handset à Registered à Bank Database

Prevents SMS tampering & message disclosure

Prevents Repudiation Attack DoS, SMS Spoof Attack

Neetesh Saxena

5

Results — 

The platform used is J2ME Wireless Toolkit for user interface, MySQL database and Tomcat as server. The results have been generated with JDK1.7 and J2ME wireless messaging API.

12/12/13

Neetesh Saxena

6

Results

— Future Work — 

(1) Confidence interval for the MAES algorithm for ciphering;

— 

(2) Storage space for each key and algorithm: used physical, virtual and swap memory size;

— 

(3) Energy & Time Efficiency: CPU time, Encryption/Decryption time, Key generation time;

— 

(4) Implement a variant of ECDSA algorithm which is more secure than ECDSA (previous published work in ICMSAO-2013). 12/12/13

Neetesh Saxena

7

12/12/13

Neetesh Saxena

8

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.