Abstract
To use mobile phone banking, we have to input personal identification number, account password and security card number. When it comes to the time of using wireless public key infrastructure practically, it will be equipped with the four-stage password input system by adding the certificate password. In this paper, we introduce DAS4M(Dynamic Authentication System for Mobile phone user) password system where the password could prevent from being exposed to other people during inputting. To discuss and simulate the validity of the proposed system, we develop a mobile application which is operable on the WIPI mobile platforms. The proposed system enhances the exposure rate of the password compared to the incumbent mobile phone banking password input system up to more than 84 times. Moreover, through the experiment with the usability which has the tradeoff relationship with the password security in terms of input time, error rate and user response, we can observe that it does not make a big difference as a result.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
DaeHo, K. (ed.): Digital Convergence, Communication Books, Seoul (2004)
JiBum, J., HanJu, K.: Survey and analysis of mobile commerce. Weekly Technique Review 1139, ETRI (2004)
MahnYong, L., et al.: Cryptography and Application. Saengrung Publisher, Seoul (2002)
SeungBae, P., MoonSeol, K., SangJun, L.: Authenticated key exchange protocol secure against offline dictionary attack and server compromise. In: Li, M., et al. (eds.) GCC 2003. LNCS, vol. 3032, pp. 924–931. Springer, Heidelberg (2004)
SeungBae, P., MoonSeol, K., SangJun, L.: User authentication protocol based on human memorable password and using ECC. In: Li, M., et al. (eds.) GCC 2003. LNCS, vol. 3032, pp. 1091–1094. Springer, Heidelberg (2004)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Security (CCS 1998), 122–131 (1998)
Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communication Review, ACM SIGCOMM 26(5), 5–20 (1996)
Bellovin, S.M., Merrit, M.: Augmented encrypted key exchange: Password-based protocol secure against dictionary attack and password file compromise. In: ACM Security (CCS 1993), pp. 244–250 (1993)
Boyko, V., MacKenzie, P.P.S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
http://www.realuser.com/cgi-bin/ru.exe/_/homepages/index.htm
SeungBae, P., MoonSeol, K., SangJun, L.: New authentication systems. In: Li, M., et al. (eds.) GCC 2003. LNCS, vol. 3032, pp. 1095–1098. Springer, Heidelberg (2004)
WIPI Specification, http://www.kwisforum.org
SangJun, L.: A mobile application of client-side personalization based on WIPI platform. In: Zhang, J., He, J.-H., Fu, Y. (eds.) CIS 2004. LNCS, vol. 3314, pp. 903–909. Springer, Heidelberg (2004)
Ktf WIPI Emulator, http://wipidev.magicn.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, S., Park, S. (2005). Mobile Password System for Enhancing Usability-Guaranteed Security in Mobile Phone Banking. In: Shimojo, S., Ichii, S., Ling, TW., Song, KH. (eds) Web and Communication Technologies and Internet-Related Social Issues - HSI 2005. HSI 2005. Lecture Notes in Computer Science, vol 3597. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11527725_8
Download citation
DOI: https://doi.org/10.1007/11527725_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-27830-6
Online ISBN: 978-3-540-31808-8
eBook Packages: Computer ScienceComputer Science (R0)