Outflanking and securely using the PIN/TAN-System

The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing s...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Wiesmaier, A, Fischer, M, Lippert, M, Buchmann, J
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 26.05.2005
Subjects
Electronic commerce
Malware
Online AccessGet full text

Cover

More Information
Summary:The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' behavior. We give a few simple behavior rules to improve this situation. But their impact is limited. Also the providers support the attacks by having implementation flaws in their installations. Finally we show that the PIN/TAN-system is not suitable for usage in highly secure applications.
ISSN:2331-8422