Skip to main content
SpringerLink
Log in

Towards a Two Factor Authentication Method Using Zero-Knowledge Protocol in Online Banking Services

  • Conference paper
  • First Online:
Parallel and Distributed Computing, Applications and Technologies (PDCAT 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 931))

  • 863 Accesses

Abstract

The main objective of our work is to explore the applicability of cryptographic authentication techniques in two factor/step authentication techniques for online banking systems. In particular, we are investigating zero-knowledge protocol as the second step authentication in the aforementioned systems. Many of the existing two-factor authentication schemes involves the third party in their authentication scheme and/or send user information such as passwords over the network. We have proposed a model which utilizes zero-knowledge proof for second step authentication. The proposed system does not involve the third party or require user passwords to be sent over the network. We also have analyzed and discussed some of the security aspects such as key logging, shoulder surfing and eavesdropping which existing one-factor username password-based systems are not immune to.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sottek, T.C., Kopfstein, J.: Everything you need to know about PRISM. https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet. Accessed 17 July 2013

  2. Tamimi, A.A., Al-Allaf, O.N.A., Alia, M.A.: Cryptography based authentication methods. In: Proceedings of the World Congress on Engineering and Computer Science, pp. 199–204 (2014)

    Google Scholar 

  3. Shah, N.: Google official blog. https://googleblog.blogspot.co.nz/2011/02/advanced-sign-in-security-for-your.html. Accessed 7 Dec 2011

  4. Fiat, A., Shamir, A., Feige, U.: Zero-knowledge proofs of identity. J. Cryptol. 1, 77–94 (1988)

    Article  MathSciNet  Google Scholar 

  5. Christie, S.: FRIDAY AFTERNOON FRAUD How hackers can pose as your email contacts to take your cash… and the banks will NOT refund you. The Sun. https://www.thesun.co.uk/living/2699976/how-criminals-can-hack-into-emails-and-trick-you-into-transferring-cash-and-banks-have-no-way-to-stop-it/. Accessed 25 Jan 2017

  6. Touryalai, H.: World’s 100 Biggest Banks: China’s ICBC #1, No U.S. Banks in Top 5. https://www.forbes.com/sites/halahtouryalai/2014/02/12/worlds-100-biggest-banks-chinas-icbc-1-no-u-s-banks-in-top-5/#1c75f0ce22ab. Accessed 12 Feb 2014

  7. Chase (2017). https://www.chase.com/online/digital/online-banking.html

  8. Tierney, S.: Wire Transfers: What Banks Charge. https://www.nerdwallet.com/blog/banking/wire-transfers-what-banks-charge/. Accessed 8 Sept 2017

  9. real banks: Banks around the World (2017). https://www.relbanks.com/oceania/new-zealand/anz-new-zealand

  10. ANZ: OnlineCode (2017). https://www.anz.co.nz/banking-with-anz/banking-safely/online-code/

  11. Relbanks: Banks around the world (2017). https://www.relbanks.com/oceania/new-zealand/bank-of-new-zealand

  12. BNZ: Help & Support (2017). https://www.bnz.co.nz/support/banking/privacy-and-security/netguard

  13. Westpac: Westpac Online Guardian (2017). https://www.westpac.co.nz/branch-mobile-online/safety-and-security-online/westpac-online-guardian/

  14. KIWIBANK (2017). https://www.kiwibank.co.nz/about-us/security/how-we-protect-you/KeepSafe/

  15. Micali, S., Rackof, C., Goldwasser, S.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 186–208 (1989)

    Article  MathSciNet  Google Scholar 

  16. Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_24

    Chapter  Google Scholar 

  17. Nyguyen, Q., Rudoy, M., Srinivasan, A.: Two factor zero knowledge proof authentication system. (n.d.) (2014)

    Google Scholar 

  18. Datta, N.: Zero knowledge password authentication protocol. In: Patnaik, S., Tripathy, P., Naik, S. (eds.) New Paradigms in Internet Computing. Advances in Intelligent Systems and Computing, vol. 203, pp. 71–79. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35461-8_7

    Google Scholar 

  19. Chaum, D., Evertse, J.-H., van de Graaf, J., Peralta, R.: Demonstrating possession of a discrete logarithm without revealing it. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 200–212. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_14

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Wellington Institute of Technology, Lower Hutt, New Zealand

    Manish Singh & Yichen Han

Authors
  1. Manish Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yichen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Manish Singh or Yichen Han .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul, Korea (Republic of)

    Jong Hyuk Park

  2. School of Computer Science, University of Adelaide, Adelaide, SA, Australia

    Hong Shen

  3. Department of Multimedia Engineering, Dongguk University, Seoul, Korea (Republic of)

    Yunsick Sung

  4. School of ICT, Griffith University, Gold Coast, Australia

    Hui Tian

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singh, M., Han, Y. (2019). Towards a Two Factor Authentication Method Using Zero-Knowledge Protocol in Online Banking Services. In: Park, J., Shen, H., Sung, Y., Tian, H. (eds) Parallel and Distributed Computing, Applications and Technologies. PDCAT 2018. Communications in Computer and Information Science, vol 931. Springer, Singapore. https://doi.org/10.1007/978-981-13-5907-1_48

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-5907-1_48

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-5906-4

  • Online ISBN: 978-981-13-5907-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation