收藏
下载资源 加入VIP,省得不是一点点

Online Banking Security【外文翻译】.doc

上传人:文初 文档编号:13934 上传时间:2018-04-14 格式:DOC 页数:16 大小:100.50KB
下载 相关 举报
Online Banking Security【外文翻译】.doc_第1页
第1页 / 共16页
Online Banking Security【外文翻译】.doc_第2页
第2页 / 共16页
Online Banking Security【外文翻译】.doc_第3页
第3页 / 共16页
Online Banking Security【外文翻译】.doc_第4页
第4页 / 共16页
Online Banking Security【外文翻译】.doc_第5页
第5页 / 共16页
点击查看更多>>
资源描述

1、1本科毕业论文外文翻译外文文献原文ONLINEBANKINGSECURITYMATERIALSOURCEPROJECTREPORTFORINFORMATIONSECURITYCOURSE,LINKOPINGSUNIVERSITETET,SWEDENAUTHORFAHEEMRAMZANTEHMANPERVAIZABSTRACTINTHISPAPERWEHAVESTUDIEDAVARIETYOFAUTHENTICATIONSOLUTIONSTHATONLINEBANKSOFFERTHEIRCUSTOMERSWEHAVEANALYZEDANDCOMPAREDTHEDIFFERENTSOLUTIONS

2、FROMBOTHSECURITYANDUSABILITYPERSPECTIVEWEHAVEALSOPERFORMEDARISKANALYSISBASEDONTHEPRESENTEDAUTHENTICATIONSOLUTIONS1INTRODUCTIONONLINEBANKINGISBEINGACCEPTEDANDGAININGTRUSTOFMANYCUSTOMERSWITHTHEPASSAGEOFTIMEPAYBILLSWHILETRAVELING,TRANSFERFUNDSINOTHERACCOUNTS,VIEWINGMORTGAGEBALANCEETCARESOMEOFTHEADVANTA

3、GESOFTHEONLINEBANKINGONEOFTHEREASONSOFTHEINCREASINGUSEOFTHEONLINEBANKINGSYSTEMISITSAVAILABILITYTHEREEXISTSMANYTECHNIQUESFORAUTHENTICATIONINONLINEBANKINGBUTTHEREISASTRONGNEEDTOINCREASETHESECURITYANDUSABILITYOFTHESETECHNIQUESSECURITYISIMPORTANTINTHESENSETHATCUSTOMERSWILLBECOMEFREEFROMTHREATSLIKEFRAUDU

4、LENTLYLOSSOFMONEYSECURITYISIMPORTANTNOTONLYFORBANKINGORGANIZATIONSBUTALSOFORTHEIRCLIENTSMORESECURETHEONLINEBANKINGAUTHENTICATION,MORESATISFIEDWILLBETHEIRCUSTOMERS,ANDTHEIRREVENUEWILLALSOINCREASEUSABILITYISALSOANIMPORTANTPERSPECTIVEINONLINEBANKINGAUTHENTICATIONWITHUSABILITYWEMEANHOWMUCHUSABLEISTHEONL

5、INEBANKINGAUTHENTICATIONSYSTEMFORTHEIRCUSTOMERSINTHISREPORTWEWILLSTUDYVARIETYOFAUTHENTICATIONSOLUTIONS,BOTHFROMSECURITYANDUSABILITYPERSPECTIVE11METHODOLOGYINTHISSECTIONWEHAVEDISCUSSEDHOWWEHAVEARRANGEDTHEDATAFORTHEREPORTFROM2DIFFERENTSOURCES,OURWORKINGSTRATEGYINAGROUP,ANDALSOTHEQUESTIONS/PROBLEMSADDR

6、ESSEDINTHEREPORTRELATEDTOOURTOPIC111DATACOLLECTIONTOACCOMPLISHOUROBJECTIVEWEHAVESTUDIEDDIFFERENTONLINEBANKINGAUTHENTICATIONSOLUTIONSBYTAKINGREFERENCESFROMTHECOURSELITERATUREANDRESEARCHPAPERSWEHAVEANALYZEDANDCOMPAREDTHESECURITYOFONLINEBANKINGSOLUTIONSFROMBOTHSECURITYANDUSABILITYPERSPECTIVE112GROUPWOR

7、KINGWEHAVEADOPTEDVERYSYSTEMATICANDPROFESSIONALAPPROACHFORATTAININGOURGOALFORTHISPROJECTROLESANDRESPONSIBILITIESHAVEBEENASSIGNEDTOBOTHGROUPMEMBERSFROMTHEBEGINNINGOFTHEPROJECTINTERNALGROUPMEETINGSHAVEHELDTWICEAWEEKTOGETTHEOVERVIEWOFTHEWORKANDTOEVALUATETHATEACHGROUPMEMBERISGOINGINTHERIGHTDIRECTION113QU

8、ESTIONS/PROBLEMSOURREPORTWILLANSWERTHEFOLLOWINGQUESTIONSWHATAREDIFFERENTONLINEBANKINGAUTHENTICATIONTECHNIQUESWHATKINDOFSECURITYISSUESARETHEREWITHONLINEBANKINGAUTHENTICATIONWHATISTHEUSABILITYOFDIFFERENTONLINEAUTHENTICATIONTECHNIQUESWHATARETHERISKSASSOCIATEDWITHDIFFERENTAUTHENTICATIONSOLUTIONSANDTHEIR

9、ASSESSMENT2BACKGROUNDONLINEBANKINGSECURITYISBECOMINGSERIOUSLYIMPORTANTINRECENTYEARSDUETOINCREASINGAMOUNTOFINTERNETUSERSNOWADAYSALMOSTEVERYBANKISOFFERINGONLINEBANKINGSOLUTIONSTOTHEIRCUSTOMERSHIGHERSECURITYSTANDARDSAREREQUIREDASBANKINGACTIVITIESAREBYNATUREMORESENSITIVETHANMOSTOTHERINTERNETACTIVITIESMO

10、STBANKSEMPLOYTWOFACTORAUTHENTICATIONTOINCREASESECURITY,WHICHINVOLVESTWOBASICFACTORSSOMETHINGUSERKNOWS,LIKEPASSWORD,PIN,PASSPHRASEETCSOMETHINGUSERHAS,LIKESMARTCARD,HARDWARETOKENETC21ONLINEBANKINGSECURITYWEBHASBECOMETHEONLYMEDIUMFORANINCREASINGAMOUNTOFBUSINESSANDOTHER3SENSITIVETRANSACTIONSFORONLINEBAN

11、KINGALMOSTALLBROWSERSANDSERVERSDEPLOYSSL/TLSPROTOCOLSTOADDRESSCONCERNSABOUTSECURITYBUT,EVENTHEUSAGEOFSSL/TLSBYBROWSERSSTILLALLOWSWEBSPOOFING,THATIS,MISLEADINGUSERSBYIMPERSONATIONORMISREPRESENTATIONOFIDENTITYOROFCREDENTIALSTHEREAREDIFFERENTTYPESOFRISKSASSOCIATEDWITHONLINEBANKINGSECURITYFORUSERCREDENT

12、IALSHASBECOMEMUCHMOREIMPORTANTTHANANYTHINGINDEED,THEREISANALARMINGINCREASEINTHEAMOUNTOFREALLIFEWEBSPOOFINGATTACKS,USUALLYUSINGSIMPLETECHNIQUESOFTEN,THEATTACKERSFRAUDULENTLYREDIRECTSTHEUSERTOSPOOFEDWEBSITEBYSENDINGHERSPOOFEDEMAILMESSAGESTHATLINKTOTHESPOOFEDWEBSITESTHISISOFTENCALLEDPHISHINGATTACKTHEGO

13、ALOFTHEATTACKERISOFTENTOOBTAINUSERIDS,PASSWORDS/PINS,ANDOTHERPERSONALANDFINANCIALINFORMATIONSOMEOFTHERISKSASSOCIATEDWITHONLINEBANKINGAREASFOLLOWINGWEBSPOOFINGANDPHISHINGATTACKSDNSCACHEPOISONINGPHARMINGMALWARETROJANHORSES,BACKDOORS,ROOTKITS,KEYLOGGERSCREDENTIALSTEALINGATTACKSCHANNELBREAKINGATTACKSNIG

14、ERIAN419ANDOTHERSCAMS22AUTHENTICATIONMETHODSTHEREAREDIFFERENTAUTHENTICATIONMETHODSUSEDFORONLINEBANKINGSECURITYWITHINVOLVEDIFFERENTAUTHENTICATIONFACTORSLIKEPASSWORD,PIN,PASSPHRASEMOSTBANKSCONDUCTTWOFACTORAUTHENTICATIONONEOFWHICHBEINGBASEDONTHEKNOWLEDGEOFSOMEDATAIESOMETHINGTHEUSERKNOWSTHEACTUALIMPLEME

15、NTATIONSMAYVARY,STILLUSERNAMEPASSWORDCOMBINATION,PASSPHRASESORPINNUMBERSARETHEMOSTCOMMONLYAPPLIEDINORDERTOINCREASESECURITY,MOSTBANKSEMPLOYASECONDAUTHENTICATIONFACTORATOKENTHATUSERPOSSESSESTHEIMPLEMENTATIONSOFTHEAUTHENTICATIONFACTORCANBECLASSIFIEDASFOLLOWSONETIMEPASSWORDAPPROACHTOKENSINFORMOFONETIMEP

16、ASSWORDSAREVERYPOPULARINSCANDINAVIANCOUNTRIESMAINADVANTAGEOFONETIMEPASSWORDSISTHEFACT,THATTHEYCANBEUSEDONLYONCEANDBECOMEINVALIDAFTERWARDS4CERTIFICATEBASEDAPPROACHCERTIFICATESARESOFTWARETOKENSTHATREQUIREPKIPUBLICKEYINFRASTRUCTUREINTHECASEOFCERTIFICATEBASEDAPPROACHACERTIFICATEISUSEDASTHESECONDAUTHENTI

17、CATIONFACTORTHEYCANBESTOREDEITHERONTHEHARDDRIVEORANOTHERSTORAGEDEVICEEGUSBSTICK,SMARTCARDUSUALLYBANKSEMPLOYTHECOMBINATIONOFACERTIFICATETOGETHERWITHUSERNAMEPASSWORD,PASSPHRASEORPINNUMBERTIMERBASEDSHORTPASSWORDAPPROACHTIMERBASEDONETIMEPASSWORDISGENERATEDUSINGHARDWAREGENERATORSEGSECUREIDADDITIONALLY,AP

18、INORPASSWORDISUSEDTOGETHERWITHONETIMEPASSWORDONCETHEPASSWORDISGENERATED,ITISVALIDONLYFORSOMESPECIFICTIMEINTERVALTHISAPPROACHISNOTONLYUSEDBYBANKS,BUTALSOEMPLOYEDBYPROVIDERSOFOTHERSERVICESLIKEPAYPALOREBAYCERTIFICATESMARTCARDBASEDAPPROACHINONLINEBANKINGSMARTCARDSCANBEUSEDTOSTORECERTIFICATESORASDEVICESF

19、ORGENERATINGONETIMEPASSWORDSWHENUSINGSMARTCARDS,CARDREADERISESSENTIAL3DIFFERENTAUTHENTICATIONSOLUTIONSFROMSECURITYANDUSABILITYPERSPECTIVEINTHISSECTIONWEHAVEANALYZEDANDCOMPAREDTHEDIFFERENTSOLUTIONSFROMBOTHSECURITYANDUSABILITYPERSPECTIVEAPPLICATIONSWHICHCONCERNSWITHMAJORSECURITYANDUSABILITYPROBLEMS,ES

20、PECIALLYINONLINEBANKINGSOLUTIONSAREBEINGUSEDBYCUSTOMERSWHOARELESSFAMILIARWITHTHETHREATSANDISSUESRELATEDTOTHESEAPPLICATIONSTHESESOLUTIONSAREBEINGUSEDBYALMOSTALLBANKSWHICHMAKEPOSSIBLEFORTHEMTOSERVEFARMORECUSTOMERSATTHEFRACTIONOFCOST31SECURITYFROMTHESECURITYPOINTOFVIEWTHEFIRSTSTEPISTOLOOKMORECLOSELYATT

21、HETHINGSTHATMAKEONLINEBANKINGAUTHENTICATIONMETHODSTOOMUCHSUSCEPTIBLETOATTACKSOFFLINECREDENTIALSTEALINGATTACKSAREONLYHARMFULFORTHOSEMETHODSINWHICHSECUREDDATAISVALIDFORLONGTIMEPERIOD,FOREXAMPLESTATICPASSWORDSFIXEDPASSWORDSANDDATAISENTEREDONUNTRUSTEDDEVICESSUCHASAUSERSCOMPUTERTHATHASNOANTIVIRUSORFIREWA

22、LLSTATICPASSWORDCANEASILYBEOBTAINEDBYMALWARELIKETROJANHORSESANDKEYLOGGERSWHICHRECORDTHEINPUTENTEREDBYTHEUSERVIATHEKEYBOARDASTATICPASSWORDONCEOBTAINEDBYTHEATTACKERCANBEUSEFULFORHIMUNTILUSERNOTICESTHATTHEPASSWORDHASBEENSTOLEN5ONEOFTHESOLUTIONSOFTHEPREVIOUSPROBLEMISONETIMEPASSWORDSOTPASPREVIOUSLYDISCUS

23、SEDTHEREARESEVERALTYPESOFONETIMEPASSWORDSONEOFTHEORMSOFOTPISSCRATCHLISTWHICHISISSUEDTOTHEUSERBYHEBANKEACHPASSWORDONTHESCRATCHLISTISVALIDFORONLYONETIMELOGINTHEREMAYBEAPROBLEMWITHSUCHMETHOD,THATSOMEUSERSSTORETHESEPASSWORDSONTHEIRCOMPUTERSFORCONVENIENCEINTHISWAYTHESEPASSWORDSMAYBEEXPOSEDTOOFFLINECREDEN

24、TIALSTEALINGATTACKSTHISSCHEMEMAYBESLIGHTLYMORESECUREBECAUSEBANKINGSERVERMAYSPECIFYWHICHPASSWORDWILLBEUSEDINTHESCRATCHLISTNEXTSOTHESECURITYOFTHISSCHEMEEQUIRESTHATTHEPASSWORDSARENOTSTOREDTOINSECUREDEVICESLIKECOMPUTERSETCTHISPROBLEMISOVERCOMEBYANOTHERTECHNIQUETHATEVERYTIMEGENERATESNEWPASSWORDEITHERBASE

25、DONTIMESYNCHRONIZEDOTP,NONIMESYNCHRONIZEDOTPORCHALLENGEBASEDPASSWORDSDEPENDINGONTHEMETHODUSEDINTHESEMETHODSUSERMUSTMANUALLYCOPYTHEPASSWORDFROMMICROPROCESSORBASEDHARDWARETOKENTOWEBFORMSOTHEAUTHENTICATIONINTHESEMETHODSIEHARDWARETOKENPUBLICKEYNFRASTRUCTURE,THEREISLESSCHANCEFOROFFLINECREDENTIALSTEALINGA

26、TTACKSINUNSECUREDCOMPUTERSBUTTHESEMETHODSARESUSCEPTIBLETOONLINECHANNELBREAKINGATTACKSINTHESESCHEMESTHEBANKASSIGNUSERSWITHAMATCHINGPRIVATEANDPUBLICKEYANDATRUSTEDAUTHORITYISSUESADIGITALCERTIFICATETHISCERTIFICATEVERIFIESTHEUSERNAMEISCORRESPONDINGTOTHEGIVENPUBLICKEYANDTHERESPECTIVEPRIVATEKEYISVALIDONTHE

27、BASISOFTHEPRIVATEKEYANDCERTIFICATEANAUTHENTICATEDSSL/TLSCONNECTIONISESTABLISHEDBETWEENBANKSERVERANDUSERSCOMPUTERINTHISCASETHEISSUEISWITHTHEPROTECTIONOFPRIVATEKEYOFUSERFROMDIFFERENTMALWARESONEOFTHEPOSSIBILITIESISTOSTORETHEKEYASSOFTTOKENWHICHISBASICALLYANENCRYPTEDFILESTOREDONUSERSCOMPUTER,BUTINTHISCAS

28、ETHEKEYISVULNERABLETOOFFLINECREDENTIALATTACKSINORDERTOAVOIDTHISAMBIGUITYTHETAMPERRESISTANTHARDWARELIKESMARTCARDSANDUSBSTICKSETCAREUSEDTHESEDEVICESEXPOSEPRIVATEKEYRELATEDFUNCTIONALITYONLYFIGURE1SHOWSTHETAXONOMYOFINTERNETBANKINGAUTHENTICATIONMETHODSTHESEMETHODSARECLASSIFIEDACCORDINGTOTHEIRRESISTANCEAG

29、AINSTOFFLINECREDENTIALSTEALINGANDONLINECHANNELBREAKINGATTACKS32USABILITYTHEUSABILITYOFTHESYSTEMISTHATHOWFEASIBLEISFORTHEUSERTOUSETHESYSTEMINAREDEFINEDSOMESECURITYUSABILITYPRINCIPLESTHESEPRINCIPLESEXPLAINDIFFERENTTYPESOF6USERINVOLVEMENTWITHSECURITYAPPLICATIONSLIKEONLINEBANKINGSECURITYACTIONSECURITYAC

30、TIONISWHENUSERENTERSCREDENTIALSTOELICITSOMESECUREDINFORMATIONONEOFTHEEXAMPLESOFSECURITYACTIONISENTERINGANDSUBMITTINGUSERPASSWORDSECURITYCONCLUSIONSECURITYCONCLUSIONISTOOBSERVETHESECURITYSTATEOFTHESYSTEMONEOFTHEEXAMPLESOFSECURITYCONCLUSIONISTOOBSERVEWHETHERCOMMUNICATIONISPROTECTEDBYSSLTHEREAREUSABILI

31、TYPRINCIPLESREGARDINGTOSECURITYACTIONANDSECURITYCONCLUSIONUSABILITYPRINCIPLESREGARDINGSECURITYACTIONAREUSERSHAVEUNDERSTANDINGOFTHESECURITYACTIONSREQUIREDUSERSCANIMPLEMENTTHEIGHTSECURITYACTIONSTHELOADOFSECURITYACTIONSMUSTBEACCEPTABLETHELOADOFREPEATINGTHESECURITYACTIONSFORPRACTICALTRANSACTIONSMUSTBEAC

32、CEPTABLEUSABILITYPRINCIPLESREGARDINGSECURITYCONCLUSIONAREUSERMUSTHAVEPROPERUNDERSTANDINGOFTHEPRECAUTIONSTOMAKESAFETRANSACTIONSSYSTEMMUSTPROVIDETHEDETAILEDINFORMATIONFORDERIVINGTHESECURITYCONCLUSIONTHELOADOFSECURITYCONCLUSIONMUSTBEACCEPTABLETHELOADOFREPEATINGTHESECURITYCONCLUSIONFORPRACTICALTRANSACTI

33、ONSMUSTBEACCEPTABLEINTHEUSABILITYISSUEWITHTHEFIXEDPASSWORDSSYSTEMWASTINTEDWHEREASTHISWASNOTANISSUEWITHTHESECURITYBOXUSERS“12DIGITSORSOMETHINGWHICHYOUCANNOTREMEMBERSOYOUNEEDABITOFPAPERWITHYOU”FIXEDPASSWORDUSERS“IHAVETHEBOXANDIHAVEMYOWNCODETOTHEBOX”SECURITYBOXUSERINTHEUSABILITYOFPUSHBUTTONTOKEN,CARDAC

34、TIVATEDTOKEN,PINSECUREDTOKENTECHNIQUESISEXPERIMENTALLYMEASUREDTHERESULTWASTHATTHEPUSHBUTTONTOKENWSAHAVINGTHEHIGHUSABILITYWHILECARDACTIVATEDTOKENWASHAVINGMEDIUMANDPINSECUREDTOKENWASHAVINGLOWUSABILITYIFWESEEINTHETERMSOFSECURITYTHEPINSECUREDTOKENWASHAVINGHIGHWHILECARDACTIVATEDTOKENWASHAVINGMEDIUMANDPUS

35、HBUTTON7TOKENWASHAVINGLOWSECURITYINHEREARESUGGESTEDAVARIETYOFSOLUTIONSTOIMPROVETHEUSABILITYOFSMSBASEDAUTHENTICATIONBYPROVIDINGBETTERUSERINTERFACEINCERTIFICATEBASEDAUTHENTICATIONAPPROACHESLIKEUSBANDSMARTCARD,USABILITYISSUEWITHSMARTCARDISTHATISORDERTOMAKEONLINETRANSACTIONUSERMUSTHAVECARDREADERTOMAKEON

36、LINETRANSACTIONWHILEUSBDEVICEISSIMPLEPLUGANDPLAYHAVINGNOSPECIALDEVICEREQUIREMENT4RISKASSESSMENTMEASURINGCREDITRISKFORBANKSISPARTICULARLYCHALLENGINGBECAUSEOFTHEIMPORTANCEOFFINANCIALLINKAGESINTHEBANKINGSYSTEMTHEIMPLEMENTATIONOFAPPROPRIATEAUTHENTICATIONMETHODOLOGIESSHOULDSTARTWITHANASSESSMENTOFTHERISKP

37、OSEDBYTHEINSTITUTIONSINTERNETBANKINGSYSTEMSTHERISKSHOULDBEEVALUATEDINFOLLOWINGPERSPECTIVETYPEOFCUSTOMEREGRETAILORCOMMERCIALCUSTOMERTRANSACTIONALCAPABILITIESEGBILLPAYMENT,WIRETRANSFER,LOANORIGINATIONTHESENSITIVITYOFCUSTOMERINFORMATIONBEINGCOMMUNICATEDTOBOTHINSTITUTIONANDTHECUSTOMERTHEEASEOFUSINGTHECO

38、MMUNICATIONMETHODTHEVOLUMEOFTRANSACTIONSRISKASSESSMENTISTHEPROCESSBYWHICHBUSINESSESANDORGANIZATIONSFOCUSONCRITICALAREASOFCONCERNANDPRIORITIZETHEIRUSEOFRESOURCESINORDERTOMAXIMIZERESPONSEANDRECOVERYEFFORTSRISKASSESSMENTISEXTREMELYIMPORTANTINONLINEBANKINGSECURITYTHEPROCESSSHOULDIDENTIFYALLTRANSACTIONSA

39、NDLEVELSOFACCESSASSOCIATEDWITHINTERNETBASEDCUSTOMERPRODUCTSANDSERVICESIDENTIFYANDASSESSTHERISKMITIGATIONTECHNIQUES,INCLUDINGAUTHENTICATIONMETHODOLOGIES,EMPLOYEDFOREACHTRANSACTIONTYPEANDLEVELOFACCESSINCLUDETHEABILITYTOGAUGETHEEFFECTIVENESSOFRISKMITIGATIONTECHNIQUESFORCURRENTANDCHANGINGRISKFACTORSFORE

40、ACHTRANSACTIONTYPEANDLEVELOFACCESS5DISCUSSIONSECURITYANDUSABILITYBOTHAREIMPORTANTASPECTSWHICHNEEDTOBECONSIDEREDIN8ONLINEBANKINGAUTHENTICATIONSOLUTIONSONLINESOLUTIONSARENOTJUSTTOBEDESIGNEDFROMSECURITYPERSPECTIVEBUTUSABILITYMUSTALSONEEDTOBECONSIDEREDINSIMPLEWORDSWEMAYSAYTHATWENEEDUSABLESECURITYSYSTEMM

41、USTNOTBEDESIGNEDJUSTTOFULFILLREQUIREMENTOFTHEBANKSBUTALSOTOSATISFYITSUSERSCUSTOMERSREQUIREMENTSONTHEOTHERHAND,INORDERTOSECURELYUSEONLINEBANKINGAUTHENTICATIONAVERAGEUSERMUSTHAVESOMETECHNICALEXPERTISETOMAINTAINTHESYSTEMUSERMUSTBEAWAREOFTHEISSUESLIKEFAILUREOFAUTOUPDATEETCBUTTHESETASKSARECHALLENGINGFORA

42、NAVERAGECOMPUTERUESER6FUTUREWORKMOSTOFTHEBANKSWHICHPROVIDEONLINESERVICESAREUSINGTWOFACTORAUTHENTICATIONMETHODSTWOFACTORAUTHENTICATIONMETHODSHAVEBEENINTRODUCEDBYBANKSINRESPONSETOTHETRADITIONALPHISHINGATTACKS,ANDTHESEMETHODSAREINDEEDEFFECTIVEINSTOPPINGSUCHATTACKSAPARTFROMBENEFITSTHEREARESOMEISSUESASSO

43、CIATEDWITHTHESEMETHODSONEOFTHEMAJORISSUESISTWOFACTORAUTHENTICATIONSOLUTIONSAREVERYCOSTLYCOSTISNOTONLYASSOCIATEDWITHTHEIMPLEMENTATIONOFTHESOLUTIONSBUTEXPENSEFORMAINTENANCEOFTHESYSTEM,ANDTRAININGTHEUSERTOADOPTTHENEWSYSTEMRESEARCHISCURRENTLYGOINGONTOMAKEPOSSIBLEPERSONALELECTRONICDEVICESSUCHASMOBILEPHON

44、ES,ANDPERSONALDIGITALASSISTANTSPDASTOBEHIGHLYSECUREFORONLINEBANKINGTRANSACTIONSONEMETHODISTOGENERATECIPHERTEXTREPRESENTATIONOFTHEIRPININCIPHERTEXTDATAHASBEENENCRYPTED,ANDISUNREADABLEUNTILITHASBEENDECRYPTEDINTOPLAINTEXTWITHAKEYTHEFUNCTIONALITYISUNLIKETHEELECTRONICTOKEN,ANDSEEKSTOUSEEXISTINGTECHNOLOGY

45、THATMAYALREADYBEINTHEPOSSESSIONOFPOTENTIALUSERS,TOREDUCECOSTSTHEREISALSORESEARCHGOINGONFORDEPLOYINGVOICEAUTHENTICATIONTECHNOLOGIESFORBANKSTOADDANEXTRALAYEROFSECURITYFORTHEIRONLINEANDTELEPHONEBANKINGCUSTOMERSVOICEAUTHENTICATIONISRELIABLE,BUTSHOULDBEUSEDWITHOTHERFORMSOFAUTHENTICATIONSOTHATIFONEMETHODC

46、REATESAQUESTION,OTHERMETHODHELPSRESOLVEUNCERTAINTYABANKMAYHAVEINAUTHENTICATINGUSERCONTINUOUSRESEARCHISREQUIREDTOMEETTHEGROWINGNEEDSFORSECURITYOFTHEONLINESERVICEPROVIDERSLIKEBANKSSERVICEPROVIDERSNEEDSUCHASYSTEMWHICHISHIGHLYUSERFRIENDLYBUTWITHNOCOMPROMISEONSECURITYOFTHESYSTEMFINALLY,INORDERTOEVALUATE9

47、THEPERFORMANCEOFTHENEWSCHEMEANINVESTIGATIONANDRESEARCHISNEEDED7CONCLUSIONINANENVIRONMENTWHEREUSERSARECONTINUALLYAFFECTEDBYTHERISKSASSOCIATEDWITHONLINEBANKING,ITISIMPORTANTTHATUSERMUSTBEAWAREOFTHEFACTORSWHICHINFLUENCETHEIRTRUSTTWOFACTORAUTHENTICATIONMETHODSHAVEBEENINTRODUCEDBYBANKSINRESPONSETOTHETRAD

48、ITIONALPHISHINGATTACKS,ANDTHESEMETHODSAREINDEEDEFFECTIVEINSTOPPINGSUCHATTACKSONEOFTHEBIGCHALLENGESFORONLINEBANKINGISTOMAINTAINTHEBALANCEBETWEENTHESECURITYANDUSABILITYOFTHESOLUTIONSPROVIDEDINTHISPAPERWEHAVEANALYZEDANDCOMPAREDTHEDIFFERENTSOLUTIONSFROMBOTHSECURITYANDUSABILITYPERSPECTIVEWEHAVEALSOPERFOR

49、MEDRISKANALYSESBASEDONTHEPRESENTEDAUTHENTICATIONSOLUTIONSIDENTITYMANAGEMENTANDAUTHENTICATIONSYSTEMSNEEDTOPROVIDEADEQUATEUSABILITYANDSECURITYWEAREQUITEHOPEFULTHATTHETWOFACTORAUTHENTICATIONMETHODSHAVEBEENPROVIDINGONLINEBANKSANDOTHERONLINESERVICEPROVIDERSTOBEBETTERPREPAREDFOREMERGINGRISKS,WHICHNEEDUTMOSTSECURITYANDUSABILITY10外文文献译文标题网上银行安全资料来源瑞典LINKOPINGS大学信息安全课程研究报告作者FAHEEMRAMZANTEHMANPERVAIZ摘要在本文中,我们从安全性和实用性的角度比较和分析了不同的解决方案,还在风险分析的基础上提出了身份认证的解决方案。1介绍随着时间的推移,网上银行正在被越来越多的客户接受并信任。旅行支付账单,在其他账户转账,查看贷款余额等,这些都是网上银行的优势。促进网上银行系统增长的其中一个原因就是它的可用性。网上银行认证方法有许多的技术支持,增加这些技术的安全性和可用性变得越来越迫切。安全性的重要意义在于客户将可

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 学术论文资料库 > 外文翻译

Copyright © 2018-2021 Wenke99.com All rights reserved

工信部备案号浙ICP备20026746号-2  

公安局备案号:浙公网安备33038302330469号

本站为C2C交文档易平台,即用户上传的文档直接卖给下载用户,本站只是网络服务中间平台,所有原创文档下载所得归上传人所有,若您发现上传作品侵犯了您的权利,请立刻联系网站客服并提供证据,平台将在3个工作日内予以改正。