Abstract

Smartphones and other mobile computing devices are being widely adopted globally [1]. The increasing popularity of smart devices has led users to perform all their day to day activities using these devices [2]. Hence, M-banking has become more convenient, effective and reliable [3]. It is extremely necessary to provide the security services including; confidentiality, integrity, and authentication between the financial institutions' servers and the mobile device used by the customer, as their communications are through unsecured networks such as the Internet [4]. Users' confidential information may be at risk due to fixed values-based security schemes, one level authentication, separate hard token-based authentication, hardware stealing, and Android-Based attacks. This paper specifies a comprehensive sought of how M-banking schemes can be assessed. Also it introduces a solution to mitigate most of these risks.

References

• Adam Skillen and Mohammad Mannan "Mobiflage: Deniable Storage Encryption for Mobile Devices", IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 3, MAY-JUNE 2014.
• Yuksel, Zaim, and, Aydin, "A Comprehensive Analysis of Android Security and Proposed Solutions" I. J. Computer Network and Information Security, 2014, 12, 9-20.
• Chang and Deng, "Secure OTP and Biometric Verification Scheme for Mobile Banking", 2012 Third FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing.
• Majda, and Eihab, "Enhanced Model for PKI Certificate Validation in the Mobile Banking", 2013, international conference on Computing, Electrical and Electronic engineering (ICCEEE).
• Narendiran, Rajendran and Albert, "PUBLIC KEY INFRASTRUCTURE FOR MOBILE BANKING SECURITY".
• Cooper, Santesson, Farrell, Boeyen, Housley, Polk . 2008. "Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile" RFC 5280.
• Miriam, Ben-Av, and, Gerdov, "StoreDroid: Sensor-Based Data Protection Framework for Android", Wireless Communications and Mobile Computing Conference (IWCMC), pages 511 – 517, Aug-2014.
• https://source. android. com/devices/tech/security/index. html.
• https://developer. android. com/reference/android/Manifest.
• https://developer. android. com/reference/android/Manifest. Permission. html.
• A Shabtai, Fledel, and Elovici. ," Securing android-powered mobile devices using selinux", Ben-Gurion University. IEEE computer and reliability society, pages 36–44, May 2010.
• Mohammad Nauman, Sohail Khan, and Xinwen Zhang, "Apex: Extending android permission model and enforcement with user-defined runtime constraints", In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 328–332, New York, NY, USA, 2010.
• Analysis for Vetting Undesirable" IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 9, NO. 11, NOVEMBER 2014.
• Jinseong, Micinski, Jeffrey, Nikhilesh, Foster, Fogel, and Millstein, "Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications", SPSM'12, October 19, 2012, Raleigh, North Carolina, USA.
• Backes, Gerling Hammer, and Styp-Rekowsky, "AppGuard - Enforcing User Requirements on Android Apps A "Saarland University, Saarbrücken, Germany.
• Amol Bhatnagar, Shekhar Tanwar, and R. Manjula, "Secure Multiple Bank Transaction Log", Inter. Journal of Research in Eng. And Technology IJRET, Apr-2014.
• Sangram Ray and G. P. Biswas, "Design of Mobile Public Key Infrastructure (M-PKI) using Elliptic Curve Cryptography", Int. Journal on Crypt. And information security (IJCIS), Vol. 3, No. 1, March2013.
• Chang-Lung Tsai Chun-Jung Chen and Deng-Jie Zhuang, " Secure OTP and Biometric Verification Scheme for Mobile Banking", Third FTRA international conference on mobile, Ubiquitous and intelligent computing,2012.
• Hao Zhao and Sead Muftic, "Design and Implementation of a Mobile Transactions Client System : Secure UICC Mobile Wallet", IJISR, International Journal for information security research , Volume 1 , issue 3 , Sep. 2011.
• Adam Skillen and Mohamed Mannan, "Mobiflage: Deniable Storage Encryption for Mobile Devices", IEEE, Transaction on dependable and secure computing, Vol11, No. 3, May-June 2014.
• Morris Dworkin, "Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices", NIST Special Publication 800-38E, January- 2010.
• I. G. Torrego 2009 Study of the IEEE Standard 1619. 1: Authenticated Encryption with Length Expansion for Storage Devices. Master of Science in Communication Technology, Norwegian University of Science and Technology Department of Telematics.