NDLI: A Novel Authentication Scheme for Online Transactions

Please wait, while we are loading the content...

Isn't the Time Ripe for a Standard Ontology on Security of Information and Networks?

Trustworthiness of Identity Attributes

Design and Analysis of a New Hash Function Gear

Identification and Detection of Phishing Emails Using Natural Language Processing Techniques

An ID and Address Protection Unit for NoC based Communication Architectures

A Novel Authentication Scheme for Online Transactions

Mathematical Modelling of Identity, Identity Management and Other Related Topics

Differential Fault Analysis for Block Ciphers: an Automated Conservative Analysis

On the Possibility of Insider Threat Detection Using Physiological Signal Monitoring

GLoP: Enabling Massively Parallel Incident Response Through GPU Log Processing

CBR Clone Based Software Flaw Detection Issues

Towards Practical Methods to Protect the Privacy of Location Information with Mobile Devices

Improbable Differential Attacks on Serpent using Undisturbed Bits

Continuous Authentication using Fuzzy Logic

A Highly-Efficient Memory-Compression Scheme for GPU-Accelerated Intrusion Detection Systems

Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids (Poster)

A Small Data Approach to Identification of Individuals on the Transport Layer using Statistical Behaviour Templates

HISEC: A New Lightweight Block Cipher Algorithm

An Empirical Study of Smartphone Based Iris Recognition in Visible Spectrum

Physical Dangers in the Cyber Security and Precautions to be Taken

Traversing symmetric NAT with predictable port allocation

Deploying Suitable Countermeasures to Solve the Security Problems within an E-learning Environment

Known Plaintexts Attack on Polynomial based Homomorphic Encryption

Detecting Malicious Users in Twitter using Classifiers

Employing Neural Networks for the Detection of SQL Injection Attack

An Approach of Privacy Preserving based Publishing in Twitter

Group Key Exchange Protocol Based on Diffie-Hellman Technique in Ad-Hoc Network

The Uncertainty of Identity Toolset: Analysing Digital Traces for User Profiling

Framework for distributed virtual honeynets

An effectiveness of application of <> competitions concept within higher education (Student contribution)

Human Visualisation of Cryptographic Code Using Progressive Multi-Scale Resolution

Implementation of Safety Techniques in a Cyber Domain

HosTaGe: a Mobile Honeypot for Collaborative Defense

Autonomic management for convergent networks to support robustness of appliance technologies

Memory access time as entropy source for RNG

Exploring the Guessability of Image Passwords

Challenges in developing Capture-HPC exclusion lists

Information Security Theory Development

Mathematical model of the polyalphabetic information security system based on the normal generalized knapsack

Educated Guessing Attacks on Culturally Familiar Graphical Passwords Using Personal Information on Social Networks

Instrumental System for Analysis of Information Systems Using Smart Cards Protection

A New Perspective to Information Security: Total Quality Information Security Management

Symmetric Fully Homomorphic Encryption Using Decidable Matrix Equations

Users' Perceptions of Recognition-Based Graphical Passwords: A Qualitative Study on Culturally Familiar Graphical Passwords

Reverse Engineering of ARM Binaries Using Formal Transformations

Towards an Innovative Systemic Approach of Risk Management

Bandwidth-Optimized Parallel Private Information Retrieval

Implementation Aspects of MeterGoat, a Smart Meter Security Training Platform

Automated Session Fixation Vulnerability Detection in Web Applications using the Set-Cookie HTTP response header in cookies

Managing Mobile Device Security in Critical Infrastructure Sectors

Cryptanalysis of Polynomial based Homomorphic Encryption

Analyzing the Effectiveness of DoS Attacks on Tor

A Protocol For Storage Limitations and Upgrades in Decentralised Networks

An Order Preserving Encryption Scheme for Cloud Computing

Content Provider Leakage Vulnerability Detection in Android Applications

Analysing Security requirements in Cloud-based Service Level Agreements

Non-cryptographic Detection Approach and Countermeasure for JFDV Attack

Compliance with standards, assurance and audit: does this equal security?

Towards the Detection of Undetectable Metamorphic Malware

Sector-Specific Tool for Information Security Risk Management in the Context of Telecommunications Regulation (Tool demo)

Exploring Worm Behaviors using DTW

Big Data Information Security Maintenance

Implementation of an Adaptive Traffic-aware Firewall

Location Identity Based Content Security Scheme for Content Centric Networking

MapReduce: MR Model Abstraction for Future Security Study

A Privacy-Preserving E-Ticketing System for Public Transportation Supporting Fine-Granular Billing and Local Validation

Intrusion Detection System for Cloud Environment

Towards a HL7 based Metamodeling Integration Approach for Embracing the Privacy of Healthcare Patient Records Administration

Virtual Machine Introspection

Privacy Implications of Wearable Health Devices

Current Trends and the Future of Metamorphic Malware Detection

Negotiation Based Framework for Attribute-Based Access Control Policy Evaluation

Integrated Framework for Classification of Malwares

Dynamic Analysis of Web Objects

Classification of PE Files using Static Analysis

Plugin in the Middle - Minimising Security Risks in Mobile Middleware Implementations

Analysis of Identity Forging Attack in MANETs

Development of a Threat Model for Vehicular Ad-hoc Network based Accident Warning Systems

The Botnet Revenue Model

Efficient Protection of Response Messages in DTLS-Based Secure Multicast Communication

In-Cloud Malware Analysis and Detection: State of the Art

Applying Large-scale Adaptive Graphs to Modeling Internet of Things Security

A Novel Authentication Scheme for Online Transactions

Content Provider	ACM Digital Library
Author	Mackenzie, Lewis Chowdhury, Soumyadeb Sarris, Paraskevas
Abstract	In this paper, we describe a novel method of approving and finalising financial transactions that would raise the bar for any potential attackers. The proposed scheme is based on the hypothesis that it would be significantly harder for an attacker to compromise two hardware devices or monitor and interfere with two communication channels at the same time. This will allow the users of this method to initiate a transaction on the Internet and then use their mobile phone in order to sanction the transfer of funds to a different account. In contrast to Two-Factor Authentication systems, this scheme does not require the online submission of any information that is received by the user's device but directly interacts through the mobile phone network. For this purpose the user's mobile phone has an additional encryption layer that allows it to communicate securely with the server side and convey the user's consent for a certain transaction. This ensures that the two channels and the authentication factors are kept independent. Therefore, even if the user's computer is compromised an attacker would not be able to set a fraudulent transaction without actually having the user's mobile phone and the unique data that are generated by the device.
Starting Page	483
Ending Page	486
Page Count	4
File Format	PDF
ISBN	9781450330336
DOI	10.1145/2659651.2659743
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2014-09-09
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Rsa Two channel authentication Symmetric cryptography Fraud mitigation Hash algorithm Public key cryptography Two factor authentication Financial transaction Out of band authentication Sha Aes
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in