Bringing strong authentication and transaction security to the realm of mobile devices

Abstract

Widespread usage of mobile devices in conjunction with malicious software attacks calls for the development of mobile-device-oriented mechanisms aiming to provide strong authentication and transaction security. This paper considers the eBanking application scenario and argues that the concept of using a trusted companion device can be ported to the mobile realm. Trusted companion devices involve established and proven techniques in the PC (personal computer) environment to secure transactions. Various options for the communication between mobile and companion devices are discussed and evaluated in terms of technical feasibility, usability, and cost. Accordingly, audio communication across the 3.5-mm audio jack - also known as tip-ring-ring-sleeve, or TRRS connector, - is determined to be quite appropriate. We present a proof-of-concept companion device implementing binary frequency shift keying across this interface. Results from a field study performed with the proof-of-concept device further confirm the feasibility of the proposed solution.