More Web Proxy on the site http://driver.im/

research-article

Practical receipt authentication for branchless banking

Author:

Saurabh PanjwaniAuthors Info & Claims

ACM DEV '13: Proceedings of the 3rd ACM Symposium on Computing for Development

Article No.: 3, Pages 1 - 10

https://doi.org/10.1145/2442882.2442886

Published: 11 January 2013 Publication History

Abstract

Although branchless banking systems have spread to different parts of the developing world, methods to ensure transactional security in these systems have seen slower adoption because of a variety of operational constraints. A basic requirement from such systems is the provision of secure and reliable receipts to users during transactions, and recent attacks have demonstrated that existing systems fall short of fulfilling this requirement in practice. In this paper, we propose a simple and practical protocol to enable users to authenticate transaction receipts in branchless banking systems. Our protocol makes novel use of missed calls (sent from users to the bank) to help distinguish real receipts from spoofed ones and can be implemented on any mobile phone, without software installation. Besides preventing spoofing attacks, the protocol enjoys significant advantages of usability, efficiency and cost, which make it a more practical choice than other schemes. We also discuss ways to use missed calls to mitigate man-in-the-middle attacks on branchless banking systems.

References

[1]

Eko India Financial Services Pvt. Ltd. http://www.eko.co.in.

[2]

M-Pesa. http://www.safaricom.co.ke/index.php?id=257.

[3]

Onering. http://www.onering.in.

[4]

Zipdial. http://www.zipdial.com.

[5]

Reserve Bank of India (RBI) Guidelines for engaging of Business Correspondents (BCs). http://rbidocs.rbi.org.in/rdocs/notification/PDFs/CPC28092010.pdf, Sept. 2010.

[6]

Global mobile statistics 2012. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats, 2012.

[7]

Y. Chen, W. Trappe, and R. P. Martin. Detecting and localizing wireless spoofing attacks. In Proc. of SECON. ACM, June 2007.

[8]

T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). http://www.ietf.org/rfc/rfc5246.txt, 2008.

[9]

GMeltdown. Tribulations of the M-Pesa agent. http://www.gmeltdown.com/2010/11/tribulations-of-m-pesa-agent.html, Nov. 2010.

[10]

O. Goldreich. The Foundations of Cryptography - Volume 2. Cambridge University Press, 2004.

Digital Library

[11]

S. Gollakota, H. Hassanieh, B. Ransford, D. Katabi, and K. Fu. They can hear your heartbeats: Non-invasive security for implantable medical devices. In Proc. of SIGCOMM. ACM, Aug. 2011.

Digital Library

[12]

A. Karnani. Microfinance Misses its Mark. Stanford Social Innovation Review, 2007.

[13]

S. Kent. IP Authentication Header. RFC 4302. http://www.ietf.org/rfc/rfc4302.txt, 2005.

[14]

S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582--592, 2000.

Digital Library

[15]

D. Kumar, D. Martin, and J. O'Neill. The times they are a-changin': Mobile payments in India. In Proc. of CHI. ACM, May 2011.

Digital Library

[16]

I. Martinovic, P. Pichota, and J. B. Schmitt. Jamming for good: A fresh approach to authentic communication in WSNs. In Proc. of WiSec. ACM, Mar. 2009.

Digital Library

[17]

C. McKay and M. Pickens. Branchless banking 2010: Who's Served? At What Price? What's Next? CGAP Focus Note, 66, Sept. 2010.

[18]

M. Naor and B. Pinkas. Visual authentication and idenitification. In Proc. of CRYPTO. Springer-Verlag, Aug. 1997.

Digital Library

[19]

M. Paik. Stragglers of the herd get eaten: Security concerns for GSM mobile banking applications. In Proc. of HotMobile '10. ACM, Feb. 2010.

Digital Library

[20]

S. Panjwani. Towards end-to-end security in branchless banking systems. In Proc. of HotMobile '11. ACM, Mar. 2011.

Digital Library

[21]

S. Panjwani and E. Cutrell. Usably secure, low-cost authentication for mobile banking. In Proc. of SOUPS. ACM, July 2010.

Digital Library

[22]

S. Panjwani, M. Ghosh, P. K., and S. Singh. Receipt usage practices and user perceptions in a branchless banking system in India. Bell Labs Technical Report ITD-12-53632W, 2012.

[23]

Y. Thorat and H. Jones. Remittance needs and opportunities in India. http://www2.gtz.de/wbf/4tDx9kw63gma/RemittanceNeedsandOpportunitiesinIndiareport2011. pdf, 2011.

[24]

Wired News. Hacker Spoofs Cell Phone Tower to Intercept Calls. http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/, July 2010.

[25]

T. Ylonen and C. Lonvick. The Secure Shell (SSH) Authentication Protocol. RFC 4252. http://www.ietf.org/rfc/rfc4252.txt, 2006.

Cited By

Vashistha AAnderson RMare SChen JMankoff JGomes C(2019)Examining the use and non-use of mobile payment systems for merchant payments in IndiaProceedings of the 2nd ACM SIGCAS Conference on Computing and Sustainable Societies10.1145/3314344.3332499(1-12)Online publication date: 3-Jul-2019
https://dl.acm.org/doi/10.1145/3314344.3332499
Vashistha AAnderson RMare SZegura E(2018)Examining Security and Privacy Research in Developing RegionsProceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies10.1145/3209811.3209818(1-14)Online publication date: 20-Jun-2018
https://dl.acm.org/doi/10.1145/3209811.3209818
Sharma AChandrasekaran VAmjad FShasha DSubramanian L(2016)AlphacodesProceedings of the 7th Annual Symposium on Computing for Development10.1145/3001913.3001924(1-10)Online publication date: 18-Nov-2016
https://dl.acm.org/doi/10.1145/3001913.3001924
Show More Cited By

Index Terms

Practical receipt authentication for branchless banking
1. Applied computing
  1. Electronic commerce
    1. Secure online transactions
2. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

The paper slip should be there!: perceptions of transaction receipts in branchless banking
MobileHCI '13: Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services

Mobile-based branchless banking has become a key mechanism for enabling financial inclusion in the developing world. A key component of all branchless banking systems is a mechanism to provide receipts to users after each transaction as evidence for ...
A Secure and Efficient Deniable Authentication Protocol
ICIE '09: Proceedings of the 2009 WASE International Conference on Information Engineering - Volume 02

A deniable authentication can be used to provide secure negotiation on the Internet. Although many deniable authentication protocols have been proposed, most of them are interactive or vulnerable to various cryptanalytic attacks. To find a secure and ...
Groups of services delivered by Brazilian branchless banking and respective network integration models

Over the last decade, Brazil has pioneered an innovative model of branchless banking, known as correspondent banking, involving distribution partnership between banks, several kinds of retailers and a variety of other participants, which have allowed an ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACM DEV '13: Proceedings of the 3rd ACM Symposium on Computing for Development

January 2013

233 pages

ISBN:9781450318563

DOI:10.1145/2442882

Conference Chairs:
Bill Thies
Microsoft Research India
,
Amit Nanavati
IBM India Research Labs

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM DEV '13

ACM DEV '13: Annual Symposium on Computing for Development

January 11 - 12, 2013

Bangalore, India

Acceptance Rates

Overall Acceptance Rate 52 of 164 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
177
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Vashistha AAnderson RMare SChen JMankoff JGomes C(2019)Examining the use and non-use of mobile payment systems for merchant payments in IndiaProceedings of the 2nd ACM SIGCAS Conference on Computing and Sustainable Societies10.1145/3314344.3332499(1-12)Online publication date: 3-Jul-2019
https://dl.acm.org/doi/10.1145/3314344.3332499
Vashistha AAnderson RMare SZegura E(2018)Examining Security and Privacy Research in Developing RegionsProceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies10.1145/3209811.3209818(1-14)Online publication date: 20-Jun-2018
https://dl.acm.org/doi/10.1145/3209811.3209818
Sharma AChandrasekaran VAmjad FShasha DSubramanian L(2016)AlphacodesProceedings of the 7th Annual Symposium on Computing for Development10.1145/3001913.3001924(1-10)Online publication date: 18-Nov-2016
https://dl.acm.org/doi/10.1145/3001913.3001924
Mitha YVenter H(2015)Digital forensic readiness for branchless banking2015 IST-Africa Conference10.1109/ISTAFRICA.2015.7190578(1-8)Online publication date: May-2015
https://doi.org/10.1109/ISTAFRICA.2015.7190578
Ghosh AJoyee De SMahanti AGossett KMcNely BJones D(2014)A Mobile Banking Model in the Cloud for Financial Inclusion in IndiaProceedings of the 32nd ACM International Conference on The Design of Communication CD-ROM10.1145/2666216.2666218(1-9)Online publication date: 27-Sep-2014
https://dl.acm.org/doi/10.1145/2666216.2666218
Panjwani SGhosh MKumaraguru PSingh SRohs MSchmidt AAshbrook DRukzio E(2013)The paper slip should be there!Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services10.1145/2493190.2493236(328-331)Online publication date: 27-Aug-2013
https://dl.acm.org/doi/10.1145/2493190.2493236

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents