Secured and Effective Internet Banking Transactions Using Fingerprint, Otp System, Rfid

Topics: Authentication, Computer security, Two-factor authentication Pages: 22 (6790 words) Published: June 20, 2013
1390

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 22,

NO. 8,

AUGUST 2011

A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems Xinyi Huang, Yang Xiang, Member, IEEE, Ashley Chonka, Jianying Zhou, and Robert H. Deng, Senior Member, IEEE Abstract—As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest. Index Terms—Authentication, distributed systems, security, privacy, password, smart card, biometrics.

Ç
1 INTRODUCTION
N

I

a distributed system, various resources are distributed in the form of network services provided and managed by servers. Remote authentication is the most commonly used method to determine the identity of a remote client. In general, there are three authentication factors: Something the client knows: password. Something the client has: smart card. Something the client is: biometric characteristics (e.g., fingerprint, voiceprint, and iris scan). Most early authentication mechanisms are solely based on password. While such protocols are relatively easy to implement, passwords (and human generated passwords in particular) have many vulnerabilities. As an example, human generated and memorable passwords are usually short strings of characters and (sometimes) poorly selected. By exploiting these vulnerabilities, simple dictionary attacks can crack passwords in a short time [1]. Due to these concerns, hardware authentication tokens are introduced to strengthen the security in user authentication, and 1. 2. 3.

. X. Huang and R.H. Deng are with the School of Information Systems, Singapore Management University, 80 Stamford Road, Singapore 178902. E-mail: {xyhuang, robertdeng}@smu.edu.sg. . Y. Xiang is with the School of Information Technology, Deakin University, Melbourne Campus at Burwood, 221 Burwood Highway, Burwood, Victoria 3125, Australia. E-mail: yang@deakin.edu.au. . A. Chonka is with the Faculty of Science and Technology, School of Information Technology, Pigdons Road, Waurn Ponds Campus, Deakin University, Geelong, Victoria 3216, Australia. E-mail: ashley.chonka@deakin.edu.au. . J. Zhou is with the Institute for Infocomm Research (I 2 R), A*STAR, 1 Fusionopolis Way, #21-01 Connexis, South Tower, Singapore 138632. E-mail: jyzhou@i2r.a-star.edu.sg. Manuscript received 15 Mar. 2010; revised 18 July 2010; accepted 16 Sept. 2010; published online 9 Nov. 2010. Recommended for acceptance by D. Turgut. For information on obtaining reprints of this article, please send e-mail to: tpds@computer.org, and reference IEEECS Log Number TPDS-2010-03-0160. Digital Object Identifier no. 10.1109/TPDS.2010.206. 1045-9219/11/$26.00 ß 2011 IEEE

smart-card-based password authentication has become one of the most common authentication mechanisms. Smart-card-based password authentication provides twofactor authentication, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than password authentication, it could also fail if both authentication factors are compromised (e.g., an attacker has successfully obtained the password and the data in the smart card). In this case, a third authentication factor can alleviate the problem and further...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Essay on Internet Banking on Banking Transactions
  • Internet Banking Research Paper
  • Internet Banking Essay
  • Internet Banking Essay
  • Internet Banking Essay
  • A Secure Mobile Voting System Using Fingerprint Essay
  • Internet Banking Essay
  • Using of Internet Essay

Become a StudyMode Member

Sign Up - It's Free