Please use this identifier to cite or link to this item:
Title: Authentication and transaction verification using QR codes with a mobile device
Authors: Chow, YW
Susilo, W
Yang, G
Au, MH
Wang, C
Keywords: Authentication
Mobile device
One-Time-Password (OTP)
QR code
Transaction integrity
Transaction verification
Transaction-Authentication-Number (TAN)
Issue Date: 2016
Publisher: Springer
Source: Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics), 2016, v. 10066, p. 437-451 How to cite?
Journal: Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics) 
Abstract: User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.
Description: 9th International Conference on Security, Privacy, and Anonymity in Computation, Communication and Storage, SpaCCS 2016, Zhangjiajie, China, 16-18 November 2016
ISBN: 9783319491479
ISSN: 0302-9743
EISSN: 1611-3349
DOI: 10.1007/978-3-319-49148-6_36
Appears in Collections:Conference Paper

View full-text via PolyU eLinks SFX Query
Show full item record


Citations as of Aug 18, 2017

Page view(s)

Last Week
Last month
Checked on Aug 13, 2017

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.