CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Understanding PKI: Concepts, Standards, and Deployment Considerations
Understanding PKI: Concepts, Standards, and Deployment Considerations
Reverse Engineering and Design Recovery: A Taxonomy
IEEE Software
Case Study: Online Banking Security
IEEE Security and Privacy
Lessons from the Norwegian ATM System
IEEE Security and Privacy
The unbearable lightness of PIN cracking
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Hi-index | 0.00 |
The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a practical man-in the- middle attack against online banking applications using BankID. The attack gives an adversary access to customer bank accounts in two different online banking systems. Proof of concept code has been developed and executed to demonstrate the seriousness of the problem.