Outflanking and securely using the PIN/TAN-System

Proceedings of the 2005 International Conference on Security and Management (SAM'05); June 2005 The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds o...

Full description

Saved in:
Bibliographic Details
Main Authors Wiesmaier, A, Fischer, M, Lippert, M, Buchmann, J
Format Journal Article
LanguageEnglish
Published 12.10.2004
Subjects
Computer Science - Cryptography and Security
Online AccessGet full text

Cover

More Information
Summary:Proceedings of the 2005 International Conference on Security and Management (SAM'05); June 2005 The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' behavior. We give a few simple behavior rules to improve this situation. But their impact is limited. Also the providers support the attacks by having implementation flaws in their installations. Finally we show that the PIN/TAN-system is not suitable for usage in highly secure applications.
DOI:10.48550/arxiv.cs/0410025