Securing SMS Based One Time Password Technique from Man in the Middle Attack

  IJETT-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
  
© 2014 by IJETT Journal
Volume-11 Number-3                          
Year of Publication : 2014
Authors : Safa Hamdare , Varsha Nagpurkar , Jayashri Mittal
  10.14445/22315381/IJETT-V11P230

Citation 

Safa Hamdare , Varsha Nagpurkar , Jayashri Mittal. "Securing SMS Based One Time Password Technique from Man in the Middle Attack", International Journal of Engineering Trends and Technology (IJETT), V11(3),154-158 May 2014. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group

Abstract

Security of financial transactions in E-Commerce is difficult to implement and there is a risk that user’s confidential data over the internet may be accessed by hackers. Unfortunately, interacting with an online service such as a banking web application often requires certain degree of technical sophistication that not all Internet users possess. For the last couple of year such naive users have been increasingly targeted by phishing attacks that are launched by miscreants who are aiming to make an easy profit by means of illegal financial transactions. In this paper, we have proposed an idea for securing e-commerce transaction from phishing attack. An approach already exists where phishing attack is prevented using one time password which is sent on user’s registered mobile via SMS for authentication. But this method can be counter attacked by “Man in the Middle”. In our paper, a new idea is proposed which is more secure compared to the existing online payment system using OTP. In this mechanism OTP is combined with the secure key and is then passed through RSA algorithm to generate the Transaction password. A Copy of this password is maintained at the server side and is being generated at the user side using a mobile application; so that it is not transferred over the insecure network leading to a fraudulent transaction.

References

[1] Ahmad Alamgir Khan, “Preventing Phishing Attacks using One Time Password and User Machine Identification”, International Journal of Computer Applications (0975 – 8887) Volume 68– No.3, April 2013.
[2] Nilanjan Das, Ramkrishna Das “An Approach of Secured Ecommerce Transaction Model without Using Credit or Debit Card”, International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-2, Issue-6, May 2013.
[3] Irina Sakharova and Latifur Khan , “Payment Card Fraud: Challengevs and Solutions”, Technical Report UTDCS3411 The University of Texas at Dallas, November 2011.
[4] Vipin Saxena, N.M.P. Verma, Ajay Pratap, “A Data Mining Technique for a Secure Electronic Payment Transaction”, International Journal of Economics and Finance Vol. 2, No. 4; November 2010.
[5] Payments 101: Credit and Debit Card Payments,A First data white paper,October 2010.
[6] Rachna Dhamija, J. D. Tygar, Marti Hearst, “Why Phishing Works”, Conference on Human Factors in Computing Systems, April 2006.
[7] Christian Ludl, Sean McAllister, Engin Kirda, Christopher Kruegel, “On the Effectiveness of Techniques to Detect Phishing Sites”.
[8] ZeuS Mitmo Blog: Man in the Mobile. http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html.

Keywords
Phishing, Replay attack, MITM attack, RSA, Random Generator.