Paper 2018/868

S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard

Dea Saka Kurnia Putra, Mohamad Ali Sadikin, and Susila Windarta

Abstract

Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take a little bit more interest in mobile banking. The use of the one-time password which is sent to the user mobile phone by short message service (SMS) is a vulnerability which we want to solve with proposing a new scheme called S-Mbank. We replace the authentication using the one-time password with the contactless smart card to prevent attackers to use the unencrypted message which is sent to the user's mobile phone. Moreover, it deals vulnerability of spoofer to send an SMS pretending as a bank's server. The contactless smart card is proposed because of its flexibility and security which easier to bring in our wallet than the common passcode generators. The replacement of SMS-based authentication with contactless smart card removes the vulnerability of unauthorized users to act as a legitimate user to exploit the mobile banking user's account. Besides that, we use public-private key pair and PIN to provide two factors authentication and mutual authentication. We use signcryption scheme to provide the efficiency of the computation. Pair based text authentication is also proposed for the login process as a solution to shoulder-surfing attack. We use Scyther tool to analyze the security of authentication protocol in S-Mbank scheme. From the proposed scheme, we are able to provide more security protection for mobile banking service.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. 2017 15th International Conference on Quality in Research (QiR) : International Symposium on Electrical and Computer Engineering
DOI
0.1109/QIR.2017.8168487
Keywords
Secure mobile bankingTwo factor authenticationMutual authenticationContactless smartcardSigncryption schemePair based text authenticationMobile phoneScyther Tools
Contact author(s)
dea saka @ student stsn-nci ac id
History
2018-09-22: received
Short URL
https://ia.cr/2018/868
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/868,
      author = {Dea Saka Kurnia Putra and Mohamad Ali Sadikin and Susila Windarta},
      title = {S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text  Authentication, and Contactless Smartcard},
      howpublished = {Cryptology ePrint Archive, Paper 2018/868},
      year = {2018},
      doi = {0.1109/QIR.2017.8168487},
      note = {\url{https://eprint.iacr.org/2018/868}},
      url = {https://eprint.iacr.org/2018/868}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.