One-Time Biometrics for Online Banking and Electronic Payment Authentication

Aude Plateaux 1 Patrick Lacharme 1 Christophe Rosenberger 1 Audun Jøsang 2
1 Equipe Monétique & Biométrie - Laboratoire GREYC - UMR6072
GREYC - Groupe de Recherche en Informatique, Image, Automatique et Instrumentation de Caen
Abstract : Online banking and electronic payment systems on the Internet are becoming increasingly advanced. On the machine level, transactions take place between client and server hosts through a secure channel protected with SSL/TLS. User authentication is typically based on two or more factors. Nevertheless, the development of various malwares and social engineering attacks transform the user's PC in an untrusted device and thereby making user authentication vulnerable. This paper investigates how user authentication with biometrics can be made more robust in the online banking context by using a specific device called OffPAD. This context requires that authentication is realized by the bank and not only by the user (or by the personal device) contrary to standard banking systems. More precisely, a new protocol for the generation of one-time passwords from biometric data is presented, ensuring the security and privacy of the entire transaction. Experimental results show an excellent performance considering with regard to false positives. The security analysis of our protocol also illustrates the benefits in terms of strengthened security.
Document type :
Conference papers
Complete list of metadatas

Cited literature [24 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01076676
Contributor : Morgan Barbier <>
Submitted on : Thursday, October 23, 2014 - 10:08:20 AM
Last modification on : Thursday, February 7, 2019 - 5:35:50 PM
Long-term archiving on: Saturday, January 24, 2015 - 10:06:27 AM

File

Ares14_AP_PL_CR_AJ.pdf
Publisher files allowed on an open archive

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Aude Plateaux, Patrick Lacharme, Christophe Rosenberger, Audun Jøsang. One-Time Biometrics for Online Banking and Electronic Payment Authentication. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. pp.179-193, ⟨10.1007/978-3-319-10975-6_14⟩. ⟨hal-01076676⟩

Share

Metrics

Record views

652

Files downloads

1607