Skip to main content
SpringerLink
Log in

Hardened Client Platforms for Secure Internet Banking

  • Chapter
ISSE 2008 Securing Electronic Business Processes

  • 465 Accesses

Abstract

We review the security of e-banking platforms with particular attention to the exploitable attack vectors of three main attack categories: Man-in-the-Middle, Man-in-the-PC and Man-in-the-Browser. It will be shown that the most serious threats come from combination attacks capable of hacking any transaction without the need to control the authentication process. Using this approach, the security of any authentication system can be bypassed, including those using SecureID Tokens, OTP Tokens, Biometric Sensors and Smart Cards. We will describe and compare two recently proposed e-banking platforms, the ZTIC and the USPD, both of which are based on the use of dedicated client devices, but with diverging approaches with respect to the need of hardening the Web client application. It will be shown that the use of a Hardened Browser (or H-Browser) component is critical to force attackers to employ complex and expensive techniques and to reduce the strength and variety of social engineering attacks down to physiological fraud levels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OECD: Malicious Software (Malware): A Security Threat to the Internet Economy. (http://www.oecd.org/dataoecd/53/34/40724457.pdf).

    Google Scholar 

  2. Weigold, Thomas et al: The Zurich Trusted Information Channel: An Efficient Defence against MITM and MS Attacks. IBM Zurich Research Lab — (http://www.zurich.ibm.com/pdf/csc/ZTIC-Trust-2008-final.pdf).

    Google Scholar 

  3. Ronchi, Corrado and Zakhidov, Shukhrat: A Road Map Towards a Practically Secure and Portable e-Banking Platform. EISST Development Lab — Technical Report ECS2008-02.

    Google Scholar 

  4. Gühring, Philipp: Concepts against Man-in-the-Browser Attacks. http://www2.futureware.at/svn/sourcerer/CAcert/SecureClient.pdf

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. EISST Development Laboratories, UK

    C. Ronchi & S. Zakhidov

Authors
  1. C. Ronchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Zakhidov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Norbert Pohlmann Helmut Reimer Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden

About this chapter

Cite this chapter

Ronchi, C., Zakhidov, S. (2009). Hardened Client Platforms for Secure Internet Banking. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9283-6_39

  • Publisher Name: Vieweg+Teubner

  • Print ISBN: 978-3-8348-0660-4

  • Online ISBN: 978-3-8348-9283-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation