| Popis: |
In recent years, mobile banking has been enjoying a tremendous increase in popularity. Sophisticated mobile apps allow a convenient and secure conduct of banking instructions for users worldwide. However, the use of SMS for mobile banking does not require a fast Internet connection, nor an expensive smart-phone and is an alternative approach, popular in many countries in the world. Due to the existence of vulnerabilities in GSM, this approach is lacking security. In this paper, we improve a recently published SMS banking protocol, which is based on steganography and the use of several communications channels. After analysing the security of this prototype protocol, we address the threat of a multi-channel replay attacks by introducing server-side nonces and making the protocol interactive. We postulate that the resulting, strengthened protocol is secure and robust for use in real-world scenarios. |
