Abstract
In recent years, illegal money transfer using man-in-the-browser (MITB) attacks with malware in internet banking has become a social problem. This study focuses on transaction-tampering MITB attacks and considers countermeasures to combat them. The existing countermeasures require that another device, such as a token device, other than the device used to carry out the actual money-transfer operation is utilized to ensure a secure route different from that carrying out the actual money-transfer operation. However, because MITB attackers have become more sophisticated, malware will be able to infect all the devices in the end and the multiple routes approach will have become ineffective against this type of attack. Therefore, we constructed a human-to-machine communication protocol that requires only one device for each user and is secure against transaction-tampering MITB attacks, even if the device is taken over by malware.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This study has been originally published in Japanese at IPSJ (Information Processing Society of Japan) Journal, Vol. 60, No. 12, pp. 2147–2156, December 2019.
References
Suzuki, M., Nakagawa, Y., Kobara, K.: Assessing the safety of “Transaction Authentication” against Man-in-the-Browser attacks in Internet banking. Financ. Res. 32(3), 51–76 (2013)
Weigold, T., Kramp, T., Hermann, R., Höring, F., Buhler, P., Baentsch, M.: The Zurich Trusted Information Channel - an efficient defence against man-in-the-middle and malicious software attacks. In: Trusted Computing-Challenges and Applications, pp. 75–91 (2008)
Negi, T., Mori, T., Hirano, T., Koseki, Y., Matsuda, N., Kawaguchi, K., Yoneda, T.: Approach for the method of transaction signing utilizing smartphone with Secure SIM, vol. 2015-CSEC-71, no. 11, pp. 1–8 (2015)
The Official CAPTCHA Site. http://www.captcha.net. Accessed 07 Sept 2019
Kumarasubramanian, A., Ostrovsky, R., Pandey, O., Wadia, A.: Cryptography using captcha puzzles. In: Public-Key Cryptography, pp. 89–106. Springer (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Mukaihira, K. et al. (2020). Communication Protocol Between Humans and Bank Server Secure Against Man-in-the-Browser Attacks. In: Ahram, T., Karwowski, W., Vergnano, A., Leali, F., Taiar, R. (eds) Intelligent Human Systems Integration 2020. IHSI 2020. Advances in Intelligent Systems and Computing, vol 1131. Springer, Cham. https://doi.org/10.1007/978-3-030-39512-4_79
Download citation
DOI: https://doi.org/10.1007/978-3-030-39512-4_79
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39511-7
Online ISBN: 978-3-030-39512-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)