TAILIEUCHUNG - A new approach to Internet banking by Matthew Johnson

This thesis investigates the protection landscape surrounding online banking. First, electronic banking is analysed for vulnerabilities and a survey of current attacks is carried out. This is represented graphically as an attack tree describing the different ways in which online transactions can be attacked. The discussion then moves on to various defences which have been developed, categorizing them and analyzing how successful they are at protecting against the attacks given in the first chapter. This covers everything from TLS encryption through phishing site detection to two-factor authentication. Having declared all current schemes for protecting online banking lacking in some way, the key aspects of the problem are identified. This. | Technical Report Number 731 UCAM-CL-TR-731 ISSN 1476-2986 UNIVERSITY OF w CAMBRIDGE Computer Laboratory A new approach to Internet banking Matthew Johnson September 2008 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone 44 1223 763500 http 2008 Matthew Johnson This technical report is based on a dissertation submitted July 2008 by the author for the degree of Doctor of Philosophy to the University of Cambridge Trinity Hall. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet http techreports ISSN 1476-2986 3 A new approach to Internet banking Matthew J. Johnson Summary This thesis investigates the protection landscape surrounding online banking. First electronic banking is analysed for vulnerabilities and a survey of current attacks is carried out. This is represented graphically as an attack tree describing the different ways in which online transactions can be attacked. The discussion then moves on to various defences which have been developed categorizing them and analyzing how successful they are at protecting against the attacks given in the first chapter. This covers everything from TLS encryption through phishing site detection to two-factor authentication. Having declared all current schemes for protecting online banking lacking in some way the key aspects of the problem are identified. This is followed by a proposal for a more robust defence system which uses a small security device to create a trusted path to the customer rather than depend upon trusting the customer s computer. The protocol for this system is described along with all the other restrictions required for actual use. This is followed by a description of a demonstration implementation of the system. Extensions to the system are then proposed designed to afford extra protection for the consumer and also to support other types of device. There is then a discussion of ways of managing .

• Quản trị mạng
• Guiding Force
• Energy Conversion
• Purple Bacteria
• Photosynthesis
• Carotenoids and Photosynthesis
• Carotenoid Biosyntesis