Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Secure Annihilation of Out-of-Band Authorization for Online Transactions


Affiliations
1 Department of Electrical and Computer Engineering, Kulliyyah of Engineering, International Islamic University Malaysia, Gombak, Kuala Lumpur, Malaysia
 

Objectives: In this paper, an approach to online banking authorization using one-time passwords has been illustrated. Methods/Statistical Analysis: The algorithm presented in this paper provides an infinite as well as forward One-Time- Password (OTP) generation mechanism employing two Secure Hash Algorithms viz. SHA3 and SHA2, followed by dynamic truncation to produce human-readable OTP. An inimitable authentication scheme has been presented in which a unique initial seed is used for generating a series of OTPs on the user’s handheld gadget (i.e. a mobile phone). Findings: The proposed scheme demonstrated better results than the previous schemes of authorization after a security analysis was conducted on it. This is attributed to the eradication of cellular network within the authorization process. A high level of performance and efficiency in authentication and authorization was evident from the results that are vital for transacting online. Applications/Improvements: In the proposed system, the inherent features of the user’s device (mobile phone) are utilized to form the initial seed. The application of hash functions to that seed eliminates the necessity to send one time passwords to the users via Short Message Service and decreases the limitations posed by out-of-band systems, thus making it suitable to be employed in online banking and other financial organizations.

Keywords

Authentication, Authorization, Out-of-band Authorization, Hash Functions
User

Abstract Views: 181

PDF Views: 0




  • Secure Annihilation of Out-of-Band Authorization for Online Transactions

Abstract Views: 181  |  PDF Views: 0

Authors

Sabahat Hussain
Department of Electrical and Computer Engineering, Kulliyyah of Engineering, International Islamic University Malaysia, Gombak, Kuala Lumpur, Malaysia
Burhan Ul Islam Khan
Department of Electrical and Computer Engineering, Kulliyyah of Engineering, International Islamic University Malaysia, Gombak, Kuala Lumpur, Malaysia
Farhat Anwar
Department of Electrical and Computer Engineering, Kulliyyah of Engineering, International Islamic University Malaysia, Gombak, Kuala Lumpur, Malaysia
Rashidah Funke Olanrewaju
Department of Electrical and Computer Engineering, Kulliyyah of Engineering, International Islamic University Malaysia, Gombak, Kuala Lumpur, Malaysia

Abstract


Objectives: In this paper, an approach to online banking authorization using one-time passwords has been illustrated. Methods/Statistical Analysis: The algorithm presented in this paper provides an infinite as well as forward One-Time- Password (OTP) generation mechanism employing two Secure Hash Algorithms viz. SHA3 and SHA2, followed by dynamic truncation to produce human-readable OTP. An inimitable authentication scheme has been presented in which a unique initial seed is used for generating a series of OTPs on the user’s handheld gadget (i.e. a mobile phone). Findings: The proposed scheme demonstrated better results than the previous schemes of authorization after a security analysis was conducted on it. This is attributed to the eradication of cellular network within the authorization process. A high level of performance and efficiency in authentication and authorization was evident from the results that are vital for transacting online. Applications/Improvements: In the proposed system, the inherent features of the user’s device (mobile phone) are utilized to form the initial seed. The application of hash functions to that seed eliminates the necessity to send one time passwords to the users via Short Message Service and decreases the limitations posed by out-of-band systems, thus making it suitable to be employed in online banking and other financial organizations.

Keywords


Authentication, Authorization, Out-of-band Authorization, Hash Functions



DOI: https://doi.org/10.17485/ijst%2F2018%2Fv11i5%2F169947