Skip to main content

Boosting usability for Protecting Online Banking Applications Against APTs

Alhanahnah, Mohannad and Chadwick, David (2016) Boosting usability for Protecting Online Banking Applications Against APTs. In: Amman, Jordan, ed. 2016 Cybersecurity and Cyberforensics Conference (CCC). IEEE, pp. 70-76. ISBN 978-1-5090-2658-6. (doi:10.1109/CCC.2016.13)

PDF - Author's Accepted Manuscript
Download (280kB) Preview
[img]
Preview
Official URL
http://dx.doi.org/10.1109/CCC.2016.13

Abstract

With the advent of Advanced Persistent Threats (APTs) and exploits such as Eurograbber, we can no longer trust the user's PC or mobile phone to be honest in their transactions with banks. This paper reviews the current state of the art in protecting PCs from malware and APTs that can modify banking transactions, and identifies their strengths and weaknesses. It then proposes an enhanced USB device based on speech and vision. User trials with a software prototype show that such a device is both user friendly and that users are less susceptible to accepting subtly modified transaction with this device than with other vision only USB devices. Since human factors are usually the weakest point in the security chain, and are often the way that APT actors perform their attacks, the focus of the proposed solution is on improving the usability of existing USB devices. However the device is still not failsafe, and therefore may not be as preferable as Sm@rt TAN-plus that is currently used by many German banks.

Item Type: Book section
DOI/Identification number: 10.1109/CCC.2016.13
Uncontrolled keywords: Advanced Persistent Threats, Banking Transactions; Transaction Authentication Number; usability;
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: David Chadwick
Date Deposited: 17 Jan 2017 20:46 UTC
Last Modified: 26 Sep 2019 10:14 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/59903 (The current URI for this page, for reference purposes)
Chadwick, David: https://orcid.org/0000-0003-3145-055X
  • Depositors only (login required):

Downloads

Downloads per month over past year