中文

Outflanking and securely using the PIN/TAN-System

密码学与安全 2007-05-23 v3

摘要

The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' behavior. We give a few simple behavior rules to improve this situation. But their impact is limited. Also the providers support the attacks by having implementation flaws in their installations. Finally we show that the PIN/TAN-system is not suitable for usage in highly secure applications.

关键词

引用

@article{arxiv.cs/0410025,
  title  = {Outflanking and securely using the PIN/TAN-System},
  author = {A. Wiesmaier and M. Fischer and M. Lippert and J. Buchmann},
  journal= {arXiv preprint arXiv:cs/0410025},
  year   = {2007}
}

备注

7 pages; 2 figures; IEEE style; final version