40
Views
0
CrossRef citations to date
0
Altmetric
Shortlisted Papers

CAPTCHA in Security ECIS: Depress Phishing by CAPTCHA with OTP

Pages 18-31 | Received 31 Mar 2011, Accepted 29 Jun 2011, Published online: 09 Apr 2013
 

Abstract

In this project, a cost saving CAPTCHA authentication application is designed to address recent online banking threats, and is focused on enabling safe online banking authentication for a security unconscious user. The prime challenges of a secure online banking system are to enable safe online banking on a compromised host, and to solve the general ignorance of security warning. There are costly hardware solutions proposed, however most of them may not be practical for home users.

Extended CAPTCHA Input System (ECIS) (Leung, 2009a) which offers a low cost software solution is proposed in this paper. Building on previous works (Leung, 2009b,a), the ECIS firstly extended the CAPTCHA idea to defend against Real-Time Man-In-The-Middle (RT-MITM) attack (Schneier, 2005). The trick is to employ a moving CAPTCHA for the input of One Time Password (OTP) with a time restriction, which can depress MITM auto-relaying of information as well as human assisted MITM attack. As ECIS and its session secret are designed to be generated per login session, therefore network and software attack to ECIS are not feasible.

The ECIS solution reuses the large scale shipped OTP token device which can save a huge amount of money. ECIS can also be applied to Second Authentication system in SMS and Dual- Password scenarios as a fully software based solution.

The objectives of this project were to develop 1) Prototype of ECIS; 2) ECIS Derivatives on combinable authentication techniques; 3) Security Model to evaluate an authentication system. All the objectives were matched.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.