One-Time Biometrics for Online Banking and Electronic Payment Authentication - Availability, Reliability, and Security in Information Systems
Conference Papers Year : 2014

One-Time Biometrics for Online Banking and Electronic Payment Authentication

Abstract

Online banking and electronic payment systems on the Internet are becoming increasingly advanced. On the machine level, transactions take place between client and server hosts through a secure channel protected with SSL/TLS. User authentication is typically based on two or more factors. Nevertheless, the development of various malwares and social engineering attacks transform the user's PC in an untrusted device and thereby making user authentication vulnerable. This paper investigates how user authentication with biometrics can be made more robust in the online banking context by using a specific device called OffPAD. This context requires that authentication is realized by the bank and not only by the user (or by the personal device) contrary to standard banking systems. More precisely, a new protocol for the generation of one-time passwords from biometric data is presented, ensuring the security and privacy of the entire transaction. Experimental results show an excellent performance considering with regard to false positives. The security analysis of our protocol also illustrates the benefits in terms of strengthened security.
Fichier principal
Vignette du fichier
Ares14_AP_PL_CR_AJ.pdf (607.32 Ko) Télécharger le fichier
Origin Publisher files allowed on an open archive
Loading...

Dates and versions

hal-01076676 , version 1 (23-10-2014)

Licence

Identifiers

Cite

Aude Plateaux, Patrick Lacharme, Christophe Rosenberger, Audun Jøsang. One-Time Biometrics for Online Banking and Electronic Payment Authentication. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. pp.179-193, ⟨10.1007/978-3-319-10975-6_14⟩. ⟨hal-01076676⟩
432 View
1329 Download

Altmetric

Share

More