Secure Web Financial Transaction Methods and Smart Authentication with a Focus on Mobile Devices

In the preceding few years, new form of security threats has appeared to alter the confidential data between the user and the navigation program’s security mechanism. Man-In-The-Browser (“MITB”) and Man-In-The-Middle (“MITM”) are new form of Internet intimidations, typically a Trojan horse program; interpolate itself between the user and the navigation program like Internet Explorer or Firefox. They take over user access to the bank’s web site despite of the sound and emphatic authentication method. In the current scenario of security threats extra up-to-the-minute protections are required to avoid security breach of financial data transaction on web. These attacks emphasize the need for financial organizations to securely authenticate users and ensure the integrity of web transactions in the face of a growing threat environment. In this paper we analyze the "Man In the Browser" and "Man In the Middle" attacks and propose a solution based upon Digitally signing a transaction and using the mobile phones as a software token for Digital Signature code generation which pioneers an avenue of carrying out secure authentication from a mobile device to verify an authentic user to carry out financial transactions in a secure way on the WWW.


Introduction
The first social engineering technique has been used as Phishing in which potential victims are convinced to provide their confidential informat ion, such as usernames, passwords, and bank account details. In the current scenario there are some different spying techniques used to track the user's banking informat ion claimed by Ståhlberg [8], such as screenshot and video capture, code injection of fraudulent pages or form fields, redirecting website, and keystroke logging.
Consequently, a newer and more perilous facet to phishing technology such as a Trojan horse has been confined. Man in the browser is also called a pro xy Trojan or a password pinching Trojan [9] throws in itself between the user and the navigation program's safety mechanism. Both Firefo x and Internet Exp lorer has been the target of successfully MITB attacks [1].Consequent ly , an M ITB attacks can int ru de verificat ion, mod ify web assemb ly , and beg in fake web transact ions. In the s imilar fash ion M an-In -Th e-M idd le ("MITM") intrude can alter web transaction of the customer or create n ew web t ransact ions; ph ish ing d ev iat es t he cu s to mer to co u n terfe it s erv er th at in teg rates th e connection [2]. Strong authentication to protect against all types of identity theft and fraud, additional safeguards and transaction verificat ion, are required. Transaction verification provides a means to confirm as legit imate those transactions that transaction anomaly detection has identified as risky.
Transaction authentication using a digital signature derived fro m public-key infrastructure (PKI) [3] credentials (with or without smart tokens) is vulnerable to Trojan attacks on Windows-PCs, unless implemented with stand-alone tokens or handheld device(Mobile Phone) using universal Two-Factor authentication [5].
In this paper we take a brief look into how the MITB and MITM attack take place? Ho w it is capable of modifying an online transaction? We propose a solution based on using mobile phones as software token for Dig ital Signature code generation. Digital Signature is known to ensure the authenticity and integrity of a transaction.
Mobile-co mmerce, also known as the next generation e-commerce, can be defined as any electronic transaction or interaction conducted using a mobile device such as a mob ile phone or personal digital assistant (PDA) [4]. The fact that our mobile devices are always with us and rarely turned off ma kes m-co mmerce an attractive field for businesses.
Thus we can use the mobile phone as software token to generate Digital Signature code.

Man in the Browser Attack Scenario
A new threat is emerging that attacks browsers by means of Tro jan horses. The new breed of new Trojan horses can modify the transactions on-the-fly, as they are formed in browsers, and still display the user's intended transaction to her. Structurally they are a man-in -the-middle attack between the user and the security mechanis ms of the browser.
Distinct fro m Ph ishing attacks which rely upon similar but fraudulent websites, these new attacks cannot be detected by the user at all, as they are using real services, the user is correctly logged-in as normal, and there is no difference to be seen.
It co mbines the use of phishing approaches with a Tro jan horse technology, inserted into a customer's bro wser, to modify, capture, and/or insert an additional in formation on web pages without the customer's and the host's knowledge [10] [11]. Once connected to the legitimate site and 'piggybacks' on a legit imate authenticated session between the user and the financial institution, the MITB attack alters the appearance of transactions in the user's browser. As the alteration occurs in real-time, the MITB prevents the user from detecting the fraudulent activity. For example, the user thinks he is transferring funds between accounts to pay bills, and the browser displays the transfer, when in fact the MITB attacker is actually transferring the user's funds into the account of a third party. The user views and confirms what he thinks are his intended transactions, only to become an unknowing accomplice to raid ing his own account.
An example of how an MITB attack would succeed(see Figure:1)

Man-in-the-Middle
MITM attacks rely on customers divulging their credentials on a fraudulent Web site. The attacker then forwards the legit imate credentials to sign onto the legit imate site (such as a bank portal), and then acts as a relay between the legitimate user and the legit imate site.
What is unusual about the MITM attacks is that they succeed in spite of customers using "one-time password" (OTP) tokens that generate a unique password every minute. The attacker immed iately forwards the customer's credentials to the bank portal, signing in befo re the token-generated onetime password can expire.
An examp le of how an MITM attack would succeed (see Figure: 2) 2. MITM site connects with Bank site and impersonates legitimate user using phished credentials 3. Bank site grants MITM account access 4. M ITM displays phony page stating system is unavailable, or waits until user wants to log o ff, then displays phony page confirming log-off By intercepting the traffic between the customer and the portal, an MITM attacker has the freedom to : • Capture the user's credentials and use them to gain repeated access to the portal posing as the genuine user (when the credential is a fixed password) • Log into the system wh ile presenting a "System temporarily down" or "I am unable to log you in" message to make the user think the portal is not availab le (when the credential is dynamic, such as with an OTP token) • Log into the system and simply relay all activity between user and the portal until the user tries to end his session.
Then provide a "You are now logged off" message while remain ing logged into the user's account (when the credential is dynamic, such as with an OTP token)

Fake Sense of Security
The ach ievement of the MITB and M ITM attacks highlight the fake sense of security that many types of authentication solut ions can give IT/Security teams within organizations. In the case of MITB, deploying advanced authentication solutions like smartcards or PKI have long Focus on M obile Devices been considered sufficient protection against identity theft techniques. However, since the MITB attack piggybacks on authenticated sessions rather than trying to steal or impersonate an identity, most authentication technologies are incapable of p reventing its success. In the case of MITM attacks, the real-time relaying of legit imate credentials by the MITM to the legitimate bank site defeats the security of OTP generated by hardware or software tokens. The validity of such a password token is between 30 to 60 seconds, sufficient time for the fraudulent user to capture the temporary password and forward it on to the portal, wh ile the password is still alive. The root problem in an MITM attack is that a user has no way of verifying who is asking for his authentication informat ion. Consequently, most two-factor credentials, including OTP tokens, risk analysis engines, personal assurance messages and so forth are vulnerable to this type of attack.

The Solution against Both MITB and MITM
This paper offers a unique approach to protecting online customers fro m sophisticated attacks like "Man-In-The-Bro wser" and "Man-In-The-Middle" intrudes.

Defeating Man-in-t he-Browser
There are two fundamental problems explo ited by MITB attacks 1) Ho w to make sure the integrity of the data in t ransacti on between a legitimate user and financial institution 2) How to offer additional authentication of the transaction itself to allo w the user and financial institution to have a high degree of assurance in the transaction ensuring data integrity is fundamental to preventing a MITB attack fro m succeeding, as there will be no indicator to the user that the MITB attack is underway and altering the transaction. Any successful approach to combating MITB will need to abolish the browser as means with wh ich to conduct transactions, as well as detect any variance between the transaction originally submitted by the user and the transaction as reported to the financial institution.
Dig ital signing of forms to both bypass any browser-based Trojan or helper application as well as detect when there has been tampering with the transaction data. Digital signing of forms works as follows: when a user initiates a transaction, he is presented with a PDF-based form. It is this PDF form, rather than an HTM L fo rm, into which he enters all transaction details. Upon comp leting the form, the user then clicks on the 'submit' button which causes the user to digitally sign the PDF, enabling the co mpletion of the transaction. The form data is never exposed to an MITB attack as it takes place outside of a browser environ ment.
Another techni que used to defeat MITB is the creation of a Virtual Private Session (VPS). VPS creates a virtual session with the end-user, exposing any changes in the transaction made by malware in the browser, or any browser helper objects. The secure in-band authentication provided by the VPS allows the server to send a confirmat ion to the user that includes an OTP that the user must enter to approve the transaction. The OTP is time -sensitive, and its short life (e.g., 30 seconds) prevents the attacker fro m intercepting, altering, and resending the confirmat ion to the user before the embedded OTP expires.

Defeating Man-in-t he-Middle
Public Key Infrastructure (PKI) technology is used to defeat MITM attacks [7] .PKI uses a challenge/response protocol to ensure a secure, authenticated communication session between the client and the application or portal.
The PKI is able to automatically verify that the site requesting the authentication credentials is in fact the site that issued them. If the site requesting the credentials did not issue them, it will not respond to requests for username or password, automatically preventing identity theft and fraud.

Digital Signature Solution
A digital signature ensures integrity and authenticity of a transaction [6].
Dig ital Signatures enables an extension of PKI based authentication technology to the Mobile Phone environment (WPKI) and positions the SIM (UICC) card and thus the mobile phone as the central device in the service chain (shown in figure 3).

Process Flow
The following gives a simp lified examp le of the steps in the process flow of a user accessing a virtual resource, for examp le an on-line banking Internet site, fro m the perspective of the end user.
User invokes access to the service via a co mputers Internet browser.
Internet service requests the user to input account name or similar account identifier.
Internet service identifies that the user has a digital Signature and init iates an authorizat ion request to the relevant Managed Security Service Provi der(MSSP).
MSSP messages the SIM client on the user's mobile phone, via SMS, wh ich requests adigital Signature (typically a 4 d igit code) fro m the user.
User enters signature code. MSSP sends a request to the Certification Authority, which validates the electronic signature.
MSSP return a positive confirmation to the Application. User is allo wed to enter the banking Internet site.6.1.

Additional Counter Measures
• A virtual scrambled keypad to foil key loggers and mouse-click loggers • Dynamic content such as a "Personal Assurance Message," customized by each user, to confirm that they in fact are on the correct site before entering their credentials   • Install the anti-bro wser toolbars that have ability to analyse the URLs, imagery on a site, text and various heuristics to ensure a safety of a website [12].
• Customers must check their bank account balances regularly and be aware of bank privacy policies and practices [13].
• The TriCipher Armored Credential System (TACS) enhances the device for client authentication to protect the initial login web applications and transaction authentication used to verify the authenticity of online transactions [14].
• Apply virtual signing technology that uses the camera in the customer's mobile phone or a dedicated optical token. It removes the need for the awkward authenticators and time consuming re-keying of the challenge codes or the transaction details. The large capacity allows mo re transaction details to be authenticated, and these can be changed rapidly, in response to adaptation in criminal behaviour [15].

Client Interface
A J2M E program is developed and can be installed onto the user's hand held device like a mobile phone as a .jar file. The .jar file is run and the application gets installed onto the mobile phone. It is plat form independent and can be applied on any J2M E-enabled mobile phone. In order for the user to apply the Dig ital Signature Code generation application, the user has to enter his username and PIN on the mobile phone interface and authenticate himself and select the Digital Signature generation option. The user then enters the transaction details fro m the banks website onto the mobile phone and the application generates a Digital signature code corresponding to the particular t ransaction (see Figure 4). The username, PIN, and generated Dig ital Signature Code is never stored on the mobile phone even if the mobile device is stolen; a third party cannot run the application as proper authentication is required to run the application

Conclusions
Man-In-The-Browser ("MITB") and Man-In-The-Middle ("MITM") are sophisticated threats that can succeed in spite of organizat ions deploying multi-factor authentication soluti ons. These two attacks are representative of an emerging class of threats that accomplish identity theft and financial fraud by exp loit ing technology previously thought to be secure. For financial institutions to have confidence in the identity of their users and the transactions their users conduct, they must deploy security tools that can stay abreast of evolving threats. The transaction details are hashed; that is, a hash value is calculated using a cryptographic hash function, and the hash value is encrypted with the customer's private key to create the signature. The signature is validated by the bank's system-the bank generates its own hash of the transaction details, and it co mpares this against the customer's hash that it obtains by decrypting the signature with the user's public key.
Consumer and business facing financial organizations can benefit fro m this study to deploy mult i-factor authentication and digital signing solutions that protect against MITB and MITM attacks while retain ing ease of use, ease of management, and ease of deployment.