Cryptology ePrint Archive: Report 2018/868

S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard

Dea Saka Kurnia Putra and Mohamad Ali Sadikin and Susila Windarta

Abstract: Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take a little bit more interest in mobile banking. The use of the one-time password which is sent to the user mobile phone by short message service (SMS) is a vulnerability which we want to solve with proposing a new scheme called S-Mbank. We replace the authentication using the one-time password with the contactless smart card to prevent attackers to use the unencrypted message which is sent to the user's mobile phone. Moreover, it deals vulnerability of spoofer to send an SMS pretending as a bank's server. The contactless smart card is proposed because of its flexibility and security which easier to bring in our wallet than the common passcode generators. The replacement of SMS-based authentication with contactless smart card removes the vulnerability of unauthorized users to act as a legitimate user to exploit the mobile banking user's account. Besides that, we use public-private key pair and PIN to provide two factors authentication and mutual authentication. We use signcryption scheme to provide the efficiency of the computation. Pair based text authentication is also proposed for the login process as a solution to shoulder-surfing attack. We use Scyther tool to analyze the security of authentication protocol in S-Mbank scheme. From the proposed scheme, we are able to provide more security protection for mobile banking service.

Category / Keywords: applications / Secure mobile banking; Two factor authentication; Mutual authentication; Contactless smartcard; Signcryption scheme; Pair based text authentication; Mobile phone; Scyther Tools;

Original Publication (in the same form): 2017 15th International Conference on Quality in Research (QiR) : International Symposium on Electrical and Computer Engineering
DOI:
0.1109/QIR.2017.8168487

Date: received 16 Sep 2018

Contact author: dea saka at student stsn-nci ac id

Available format(s): PDF | BibTeX Citation

Version: 20180922:180510 (All versions of this report)

Short URL: ia.cr/2018/868


[ Cryptology ePrint archive ]