A Mobile Payment Scheme Using Biometric Identification with Mutual Authentication

• URL: http://arxiv.org/abs/2409.17181v1
• Date: Tue, 24 Sep 2024 07:37:55 GMT
• Title: A Mobile Payment Scheme Using Biometric Identification with Mutual Authentication
• Authors: Jack Sturgess, Ivan Martinovic,
• Abstract summary: Cashless payment systems offer many benefits over cash, but also have some drawbacks. Fake terminals, skimming, wireless connectivity, and relay attacks are persistent problems. We propose a novel mobile payment scheme based on biometric identification.
• Score: 9.904746542801837
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cashless payment systems offer many benefits over cash, but also have some drawbacks. Fake terminals, skimming, wireless connectivity, and relay attacks are persistent problems. Attempts to overcome one problem often lead to another - for example, some systems use QR codes to avoid skimming and connexion issues, but QR codes can be stolen at distance and relayed. In this paper, we propose a novel mobile payment scheme based on biometric identification that provides mutual authentication to protect the user from rogue terminals. Our scheme imposes only minimal requirements on terminal hardware, does not depend on wireless connectivity between the user and the verifier during the authentication phase, and does not require the user to trust the terminal until it has authenticated itself to the user. We show that our scheme is resistant against phishing, replay, relay, and presentation attacks.

Related papers

• A Passwordless MFA Utlizing Biometrics, Proximity and Contactless Communication [0.3749861135832073]
  This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks.
  arXiv  Detail & Related papers  (2024-06-13T10:58:25Z)
• Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
  Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
  arXiv  Detail & Related papers  (2024-05-21T13:34:23Z)
• Reducing Usefulness of Stolen Credentials in SSO Contexts [0.0]
  Multi-factor authentication (MFA) helps to thwart attacks that use valid credentials, but attackers still commonly breach systems by tricking users into accepting MFA step up requests. This paper proposes a token-based enrollment architecture that is less invasive to user devices than mobile device management.
  arXiv  Detail & Related papers  (2024-01-21T21:05:32Z)
• Leveraging Machine Learning for Wi-Fi-based Environmental Continuous Two-Factor Authentication [0.44998333629984877]
  We present a novel 2FA approach replacing the user's input with decisions made by Machine Learning (ML) Our system exploits unique environmental features associated with the user, such as beacon frame characteristics and Received Signal Strength Indicator ( RSSI) values from Wi-Fi Access Points (APs) For enhanced security, our system mandates that the user's two devices (i.e., a login device and a mobile device) be situated within a predetermined proximity before granting access.
  arXiv  Detail & Related papers  (2024-01-12T14:58:15Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• Improving the Security of Smartwatch Payment with Deep Learning [0.0]
  This dissertation investigates whether applications of deep learning can reduce the number of gestures a user must provide to enrol into an authentication system for smartwatch payment. We firstly construct a deep-learned authentication system that outperforms the current state-of-the-art. We then develop a regularised autoencoder model for generating synthetic user-specific gestures.
  arXiv  Detail & Related papers  (2023-07-11T17:02:21Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)
• Biometrics: Trust, but Verify [49.9641823975828]
  Biometric recognition has exploded into a plethora of different applications around the globe. There are a number of outstanding problems and concerns pertaining to the various sub-modules of biometric recognition systems.
  arXiv  Detail & Related papers  (2021-05-14T03:07:25Z)
• Continuous Authentication of Wearable Device Users from Heart Rate, Gait, and Breathing Data [1.827510863075184]
  Security of private information is becoming the bedrock of an increasingly digitized society. Recent biometric-based authentication methods, such as facial or finger recognition, are getting popular due to their higher accuracy. We present a context-dependent soft-biometric-based authentication system for wearables devices using heart rate, gait, and breathing audio signals.
  arXiv  Detail & Related papers  (2020-08-25T01:55:07Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)
• Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
  DP3T provides a technological foundation to help slow the spread of SARS-CoV-2. System aims to minimise privacy and security risks for individuals and communities.
  arXiv  Detail & Related papers  (2020-05-25T12:32:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.