{"title":"Practical receipt authentication for branchless banking","authors":"S. Panjwani","doi":"10.1145/2442882.2442886","DOIUrl":null,"url":null,"abstract":"Although branchless banking systems have spread to different parts of the developing world, methods to ensure transactional security in these systems have seen slower adoption because of a variety of operational constraints. A basic requirement from such systems is the provision of secure and reliable receipts to users during transactions, and recent attacks have demonstrated that existing systems fall short of fulfilling this requirement in practice. In this paper, we propose a simple and practical protocol to enable users to authenticate transaction receipts in branchless banking systems. Our protocol makes novel use of missed calls (sent from users to the bank) to help distinguish real receipts from spoofed ones and can be implemented on any mobile phone, without software installation. Besides preventing spoofing attacks, the protocol enjoys significant advantages of usability, efficiency and cost, which make it a more practical choice than other schemes. We also discuss ways to use missed calls to mitigate man-in-the-middle attacks on branchless banking systems.","PeriodicalId":240004,"journal":{"name":"ACM DEV '13","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM DEV '13","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2442882.2442886","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
Although branchless banking systems have spread to different parts of the developing world, methods to ensure transactional security in these systems have seen slower adoption because of a variety of operational constraints. A basic requirement from such systems is the provision of secure and reliable receipts to users during transactions, and recent attacks have demonstrated that existing systems fall short of fulfilling this requirement in practice. In this paper, we propose a simple and practical protocol to enable users to authenticate transaction receipts in branchless banking systems. Our protocol makes novel use of missed calls (sent from users to the bank) to help distinguish real receipts from spoofed ones and can be implemented on any mobile phone, without software installation. Besides preventing spoofing attacks, the protocol enjoys significant advantages of usability, efficiency and cost, which make it a more practical choice than other schemes. We also discuss ways to use missed calls to mitigate man-in-the-middle attacks on branchless banking systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
