International Journal of Technology Enhancements and Emerging Engineering Research (ISSN 2347-4289)

IJTEEE >> Volume 1 - Issue 4, November 2013 Edition

International Journal of Technology Enhancements and Emerging Engineering Research  
International Journal of Technology Enhancements and Emerging Engineering Research

Website: http://www.ijteee.org

ISSN 2347-4289

Enhanced Security Model For Mobile Banking Systems In Tanzania

[Full Text]



Baraka W. Nyamtiga, Anael Sam, Loserian S. Laizer



Keywords: Cryptography; Data Integrity; GSM; Message Confidentiality; Mobile Banking; Security; User Authentication



ABSTRACT: In mobile banking schemes; financial services are availed and banking services are provided using mobile devices. GSM services are greatly utilized for data transmission by the technologies used in conducting mobile transactions. In their operations; these technologies send data in plaintext. Financial service providers tend to rely on the security services provided by the GSM which has been proved to be susceptible to cryptanalytic attacks. The used algorithms for crypto mechanisms are flawed leaving data carried through the network vulnerable upon interception. Operators need to take precaution by enforcing some protective measures on the information to be transmitted. This paper describes an SMS based model designed with security features to enhance data protection across mobile networks. Features for data encryption, integrity, secure entry of security details on the phone, and improved security policies in the application server are incorporated. We address issues of data confidentiality, user authentication and message integrity in order to provide end-to-end security of data carried on GSM networks.



[1]. mobiThinking. Global Mobile Statistics 2013. 2013 [cited 2013 20 August]; Available from: http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats/a#subscribers.

[2]. TCRA. Telecommunications Statistics March 2013. 2013 [cited 2013 20 August]; Available from: http://www.tcra.go.tz/images/documents/telecommunication/telecomStatsMarch13.pdf.

[3]. IST-Africa. Introduction - Republic of Tanzania. 2010 [cited 2013 20 August]; Available from: http://www.ist-africa.org/home/default.asp?page=doc-by-id&docid=4324.

[4]. Wikipedia. Mobile Banking. 2013 [cited 2013 10 September]; Available from: http://en.wikipedia.org/wiki/Mobile_banking.

[5]. Emmanuel, A. and B. Jacobs, Mobile Banking in Developing Countries: Secure Framework for Delivery of SMS-banking Services. 2007, Radboud University Nijmegen.

[6]. Biryukov, A., A. Shamir, and D. Wagner. Real time cryptanalysis of A5/1 on a PC. in Fast Software Encryption. 2001: Springer.

[7]. Kaur, G., P. Kaur, and K.K. Saluja, A Review of Security issues and mitigation Measures in GSM. International Journal of Research in Engineering & Applied Sciences, 2012. Volume 2(Issue 2 (February 2012)): p. 16.

[8]. Toorani, M. and A. Beheshti. Solutions to the GSM security weaknesses. in The Second International Conference on Next Generation Mobile Applications, Services and Technologies, 2008. NGMAST'08. 2008: IEEE.

[9]. Chikomo, K., et al., Security of mobile banking. University of Cape Town, South Africa, Tech. Rep., Nov, 2006. 1.

[10]. Wamyil, M.T. and M.B. Mu'azu, Gsm Networks: A Review Of Security Threats And Mitigation Measures. Information Manager (The), 2006. 6(1): p. 16-24.

[11]. UNCTAD. Mobile Money For Business Development in the EAC, A Comparative Study of Existing Platforms and Regulations. in UNCTAD/DTL/STICT/2012/2. 2012: United Nations.

[12]. O'Brien, K.J. Cellphone Encryption Code Is Divulged. 2009 [cited 2013 15 August]; Available from: http://www.nytimes.com/2009/12/29/technology/29hack.html?pagewanted=all&_r=1&.

[13]. Van der Merwe, P.B., Mobile Commerce Over GSM: A Banking Perspective on Security. 2003, University of Pretoria.

[14]. Chong, M.K., Security of mobile banking: Secure SMS banking. Data Network Architectures Group. University of Cape Town, South Africa, 2006.

[15]. Chikomo, K., Mobile Banking Security using GPRS, in Computer Science: Data Networks Architecture Group. 2006, University of Capetown: Cape Town.

[16]. Chong, M.K., Usable authentication for mobile banking, in Computer Science. 2009, University of Cape Town.

[17]. Bilal, M. and G. Sankar, Trust & Security Issues in mobile banking and its effect on customer, in School of Computing. 2011, Blekinge Institute of Technology: Karlskrona. p. 63.

[18]. Panjwani, S. and E. Cutrell. Usably secure, low-cost authentication for mobile banking. in Proceedings of the Sixth Symposium on Usable Privacy and Security. 2010: ACM.

[19]. Narendiran, C., A new approach on secure mobile banking using public key infrastructure. International Journal of Computing Technology and Information Security, 2011. Vol.1(No.1): p. pp.40-46.

[20]. Zhang, F., Secure Mobile Service-Oriented Architecture, in Information and Communication Technology. 2012, Kungliga Tekniska Hogskolan Royal Institute of Technology.

[21]. Stamp, M., Information security: principles and practice. 2nd Ed. ed. 2011, New Jersey: John Wiley & Sons Inc.
[22]. Paik, M. Stragglers of the herd get eaten: Security concerns for GSM mobile banking applications. in Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications. 2010: ACM.

[23]. Briceno, M., I. Goldberg, and D. Wagner, A pedagogical implementation of the GSM A5/1 and A5/2 “voice privacy” encryption algorithms. 1999.

[24]. Barkan, E., E. Biham, and N. Keller, Instant ciphertext-only cryptanalysis of GSM encrypted communication, in Advances in Cryptology-CRYPTO 2003. 2003, Springer. p. 600-616.

[25]. Biryukov, A. and A. Shamir, Real time cryptanalysis of the alleged A5/1 on a PC. 1999.

[26]. Ekdahl, P. and T. Johansson, Another attack on A5/1. Information Theory, IEEE Transactions on, 2003. 49(1): p. 284-289.

[27]. Kröger, C., GSM security, in 14th Twente Student Conference on IT. 2011: Enschede, Netherlands.

[28]. Krugel, G.T., Mobile Banking Technology Options. FinMark Trust, 2007.

[29]. Lockefeer, L., E. Hubbers, and R. Verdult, Encrypted SMS, an analysis of the theoretical necessities and implementation possibilities. 2010.

[30]. Nyamtiga, B.W., Security Perspectives for USSD versus SMS in conducting mobile transactions: A case study of Tanzania. International Journal of Technology Enhancements and Emerging Engineering Research, 2013. submitted for publication. (Pending publication).

[31]. Wikipedia. Java Servlet. 2013 [cited 2013 29 August]; Available from: http://en.wikipedia.org/wiki/Java_Servlet.

[32]. Stallings, W., Network security essentials: Applications and Standards. Third Edition ed. 2007: Pearson Education India.