Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usably Secure, Low-Cost Authentication for Mobile Banking Saurabh Gupta Sandeep Kumar Gupta.

Similar presentations


Presentation on theme: "Usably Secure, Low-Cost Authentication for Mobile Banking Saurabh Gupta Sandeep Kumar Gupta."— Presentation transcript:

1 Usably Secure, Low-Cost Authentication for Mobile Banking Saurabh Gupta Sandeep Kumar Gupta

2 Need For Mobile Banking  People need money on the run.  Banks provide security, interest.

3 Use Cases – Buying Something

4 Use Case - Depositing Money

5 Use Case – Withdrawing Money

6 What Security ?

7 How is it secured on Mars ? Application level encryption  Typically have an application implementing the favorite encryption scheme.  Provides end to end encryption. Possible because  Can ask people to install and use them.  Phones are powerful enough to run them.

8 Challenges on Earth  Fundamentally, GSM channel is weakly encrypted.  Can not rely on network layer encryption.  Need for end to end encryption  Can not install applications on user ends.

9 Mobile Banking In General o Cell Phone o 2 factor authentication o 4 digit pin o A codebook with synchronized security tokens.

10 Old Scheme New Scheme Overview of 2 schemes  Both use 2 factor authentication schemes.

11 Question: Impersonator? 1. 2. 3. Security Analysis 4 different types of attacks considered. Pin Recovery Type 0: Impersonator gets phone Type 1: Impersonator gets phone and codebook Type 2: Impersonator gets phone and PIN

12 Security Analysis Pin Recovery Type 0: Impersonator gets phone Type 1: Impersonator gets phone and codebook Type 2: Impersonator gets phone and PIN

13 User Study  Ethnography  15 people from Delhi  19 people from Bihar  Composition  8 agents  13 existing users  13 potential users  Tasks  Plain PIN entry  EKO signature formulation  New signature formulation

14 Parameters Recorded

15 Results

16 Results

17 Results

18 Discussion  Effect of increased cognitive effort.  Effect of entering only 4 digits instead of 10.  Statistical significance of results

19 User Case Studies What is required to validate your claim? from the perspective of paper publishing? o Novelty of the idea. o Quick papers for promotion. for proving soundly? o Acceptability of the idea.

20 Parameters studied in this paper: 1. 2. Parameters that should have been studied: 1. 2.

21 Solutions: Submit an idea, verify later? Get in touch with right kind of people to do social case studies; sociologists? Questions: End product derived from user interaction?


Download ppt "Usably Secure, Low-Cost Authentication for Mobile Banking Saurabh Gupta Sandeep Kumar Gupta."

Similar presentations


Ads by Google