Security enhancement of online financial transaction system /
Online financial transaction has become one of the most successful elements in the field of online-based services. It eases the sending of money to anyone using online financial transaction system. A person could easily transfer an amount of money from his account to another account without much eff...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
Kuala Lumpur :
Kulliyyah of Engineering, Internationail Islamic University Malaysia,
2015
|
| Subjects: | |
| Online Access: | http://studentrepo.iium.edu.my/handle/123456789/5205 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Online financial transaction has become one of the most successful elements in the field of online-based services. It eases the sending of money to anyone using online financial transaction system. A person could easily transfer an amount of money from his account to another account without much effort when purchasing items from home. The low security of online financial transaction system that allows intercepting an OTP (One Time Password) to get access to user account, presents countless opportunities for fraud. The drawbacks of OTP generation are taken by hackers to get advantages of users account to execute illegal transactions. Therefore, there is a scope in strengthening OTP generation algorithm where the cost, time and friendly issues are also taken into consideration. The proposed security enhancement implements a prototype that links the amount of transaction to the specific transaction in the generation of OTP during the authentication stage. By doing that, if any hacker intercepts OTP and uses it will find that he/she is unable to get advantages. This because once the amount is modified the OTP generated will also be modified which will not be recognized by the server. So consequently, attackers cannot get illegal access. In addition, the MAC (medium access control) address of the user's machine is integrated in the generation of OTP in order to make it stronger or very difficult (not to say impossible), as the MAC address of any machine is unique. This technique ensures that the OTP generated with the combination of the amount transaction and the MAC address is very difficult to be cracked even if it is intercepted during the transaction. So if an attacker would like to gain illegal advantages he/she has to use the same device used by user at the same time of transaction. Combining both the amount of transaction and the MAC address of the user's device leads to a user friendly, stronger and more secure online financial transaction security system while the cost and the processing time remains within reasonable limits at about 21 millisecond. Beside of that, a dual authentication protocol has been proposed in this work which allows client and server to authenticate each other before sending sensitive data. Performance evaluation of the prototype against published technique shows very good potential that encourages the continuance of the investigation in this field. |
|---|---|
| Physical Description: | xv, 117 leaves : ill. ; 30cm. |
| Bibliography: | Includes bibliographical references (leaves 98-102) |