Visual Authentication and Identification
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Jamming for good: a fresh approach to authentic communication in WSNs
Proceedings of the second ACM conference on Wireless network security
Stragglers of the herd get eaten: security concerns for GSM mobile banking applications
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications
Usably secure, low-cost authentication for mobile banking
Proceedings of the Sixth Symposium on Usable Privacy and Security
The times they are a-changin': mobile payments in india
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
They can hear your heartbeats: non-invasive security for implantable medical devices
Proceedings of the ACM SIGCOMM 2011 conference
Towards end-to-end security in branchless banking
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
The paper slip should be there!: perceptions of transaction receipts in branchless banking
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Hi-index | 0.00 |
Although branchless banking systems have spread to different parts of the developing world, methods to ensure transactional security in these systems have seen slower adoption because of a variety of operational constraints. A basic requirement from such systems is the provision of secure and reliable receipts to users during transactions, and recent attacks have demonstrated that existing systems fall short of fulfilling this requirement in practice. In this paper, we propose a simple and practical protocol to enable users to authenticate transaction receipts in branchless banking systems. Our protocol makes novel use of missed calls (sent from users to the bank) to help distinguish real receipts from spoofed ones and can be implemented on any mobile phone, without software installation. Besides preventing spoofing attacks, the protocol enjoys significant advantages of usability, efficiency and cost, which make it a more practical choice than other schemes. We also discuss ways to use missed calls to mitigate man-in-the-middle attacks on branchless banking systems.