Enhanced Security for Preventing Man-in-the Middle Attacks in Authentication, Data Entry and Transaction Verification

Jason Wells, Damien Huthinson, Justin Pierce

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

There is increasing coverage in the literature highlighting threats to online financial systems. Attacks range from the prevalent reverse social engineering technique known as phishing; where spam emails are sent to customers with links to fake websites, to Trojans that monitor a customer’s account log on process that captures authentication details that are later replayed for financial gain. This ultimately results in loss of monetary funds for affected victims. As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases. This paper has three main purposes. The first is to detail the current threats and vulnerabilities to online financial systems and in particular online banking, from the selected literature. The second is to present the known prevention techniques for protecting against these attacks. The third is to present a conceptual model for authentication, data entry and transaction verification. It is suggested that the design adds another layer of security to existing methods to either prevent a MitM attack or to make the procedure of capturing and reassembling customer log on and transaction details more computationally and time intensive than what it is worth to an attacker. The model is based on a graphical authentication application previously developed called Authentigraph.
Original languageEnglish
Title of host publicationProceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2006
PublisherSecurity Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia
Publication statusPublished - 2008

Fingerprint Dive into the research topics of 'Enhanced Security for Preventing Man-in-the Middle Attacks in Authentication, Data Entry and Transaction Verification'. Together they form a unique fingerprint.

  • Cite this

    Wells, J., Huthinson, D., & Pierce, J. (2008). Enhanced Security for Preventing Man-in-the Middle Attacks in Authentication, Data Entry and Transaction Verification. In Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2006 Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia.