Abstract
The environment of the proposed Scan2Pass is described in detail. Confidentiality is provided at the application level in the system to protect user credential in both entities (the user and the server) for preventing brute force and dictionary attacks. A security mechanism is also provided to maintain confidentiality at the transport level. The HTTP Strict Transport Security in the system ensures that all connections between entities will be upgraded to HTTPS only. This way guarantees that all data and sensitive information transmitting between both sides are protected. The implementation of Scan2Pass presents a possible deployment of the system and describes the components of the prototype. Implementation and testing confirm that the proposed Scan2Pass is fast and easy to use and learn. In particular, users without much experience with smartphones can easily use the proposed system after seeing it done only once. Therefore, the proposed system model is convenient for users because of the absence of the burden of carrying a separate hardware token or extra charges from the short message service. The design and implementation of a challenge–response protocol for enhanced e-commerce security are also elaborated.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bickford, J., O’Hare, R., Baliga, A., Ganapathy, V., Iftode, L.: Rootkits on smart phones: attacks, implications and opportunities. In: Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, pp. 49–54. ACM (2010)
Blaze, M., Diffie, W., Rivest, R.L., Schneier, B., Shimomura, T.: Minimal key lengths for symmetric ciphers to provide adequate commercial security (1996)
Common Criteria: Introduction and general model. Common Criteria for Information Technology Security Evaluation. National Security Agency (2012)
Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: preventing session hijacking attacks with stateless authentication tokens. ACM Trans. Internet Technol. (TOIT) 12(1), 1 (2012)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0 (1999). https://www.ietf.org/rfc2246. Accessed 23 June 2015
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication (1999). https://www.ietf.org/rfc2617. Accessed 23 June 2015
Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0 (2011). https://tools.ietf.org/html/rfc6101. Accessed 23 June 2015
Gaw, S., Felten, E.W.: Password management strategies for online accounts. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 44–55. ACM, July 2006
Gehringer, E.F.: Choosing passwords: security and human factors. In: International Symposium on Technology and Society (ISTAS 2002), pp. 369–373 (2002)
Hodges, J., Jackson, C., Barth, A.: HTTP Strict Transport Security (HSTS) (2012)
Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)
Jain, A.K., Ross, A., Pankanti, S.: Biometrics: a tool for information security. IEEE Trans. Inf. Forensics Secur. 1(2), 125–143 (2006)
Jennings, C., Fischl, J.: Certificate Management Service for the Session Initiation Protocol (SIP) (2011). http://tools.ietf.org/html/rfc6072. Accessed 23 June 2015
Kainda, R., Flechais, I., Roscoe, A.W.: Usability and security of out-of-band channels in secure device pairing protocols. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 11. ACM, July 2009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zmezm, H., Zmezm, H.F., Khalefa, M.S., Alasadi, H.A.A. (2019). Design and Implementation of Challenge Response Protocol for Enhanced e-Commerce Security. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-02683-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02682-0
Online ISBN: 978-3-030-02683-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)