Advanced security of two-factor authentication system using stego QR code

被引：0

作者：

Kouraogo Y. ^{[1
]}

Orhanou G. ^{[1
]}

Elhajji S. ^{[1
]}

机构：

[1] Laboratory of Mathematics, Computing and Applications-Information Security, Faculty of Sciences, Mohammed v University in Rabat, Rabat

来源：

International Journal of Information and Computer Security | 2020年 / 12卷 / 04期

关键词：

2FA; Mobile security; Mobile transaction authentication number; mTAN; QR code; Steganography; Two-factor authentication;

D O I：

10.1504/IJICS.2020.107451

中图分类号：

学科分类号：

摘要：

Many financial institutions are trying to protect their customers by offering improved and more secure technologies for authentication. One of the most common is two-factor authentication (2FA), which presents many vulnerabilities that allow attackers to retrieve confidential information such as mobile transaction authentication (mTAN). Thus, according to NIST (National Institute of Standards and Technology), 2FA based on SMS is deprecated and aims to find a secure communication channel other than SMS. Therefore in this paper, we propose a 2FA communication channel based on steganography in the QR-code. So, the mTAN can only be read by a specific scanner that implements the technique of extracting the hidden information while having the shared key and the public information in the QR-code readable by the standard scanners. Finally, we implement our proposed method and then do the test by simulating a line banking service. © 2020 Inderscience Enterprises Ltd.

引用

页码：436 / 449

页数：13

共 17 条

[1] Adham M.A., Two-factor mobile authentication scheme for secure financial transactions, International Conference on Mobile Business 2005, ICMB 2005 IEEE, pp. 28-34, (2005)
[2] Aloul F.Z- H., Two factor authentication using mobile phones, International Conference on Computer Systems and Applications IEEE/ACS, pp. 641-644, (2009)
[3] Dmitrienko A.L., Security analysis of mobile two-factor authentication schemes, Intel Technology Journal, 18, 4, (2014)
[4] Drimer S.M., Optimised to fail: Card readers for online banking, LNCS, 5628, pp. 184-200, (2009)
[5] Drimer S.M., RiskAnalytics LLC: $70 Million Stolen from U.S. Banks with Zeus Trojan October, (2010)
[6] Eldefrawy M.H., Mobile one-time passwords: Two-factor authentication using mobile phones, International Journal of Security and Communication Networks, 5, 5, pp. 508-516, (2012)
[7] Fridrich J., Steganography in Digital Media: Principles, Algorithms, and Applications, Integration, (2002)
[8] Khamis M.H., GTmoPass: Two-factor authentication on public displays using gaze-touch passwords and personal mobile devices, Proceedings of the 6th ACM International Symposium on Pervasive Displays, (2017)
[9] QR Code Error Correction, (2011)
[10] Qu J., Tan X.-L., Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem, Journal of Electrical and Computer Engineering, (2014)

← 1 2 →