• Login
    View Item 
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSIT Theses and Dissertations
    • MSIT Theses and Dissertations (2020)
    • View Item
    •   SU+ Home
    • Research and Publications
    • Faculty of Information Technology (FIT)
    • FIT Projects, Theses and Dissertations
    • MSIT Theses and Dissertations
    • MSIT Theses and Dissertations (2020)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Dynamic knowledge based authentication model for enhancing security of USSD banking transactions

    Thumbnail
    View/Open
    Fulltext Thesis (2.813Mb)
    Date
    2020
    Author
    Njuguna, Michael Wanuma
    Metadata
    Show full item record
    Abstract
    A large part of mobile banking transactions in Africa are facilitated by USSD technology. In authenticating customers, banks rely on a single security vector: a shared secret such as a six-digit PIN. This mechanism presents vulnerabilities that are commonly exploited to perpetuate fraud. In particular, this study focuses on insider threats, privacy leakage and social engineering attacks. To address these challenges, the study proposes a dynamic authentication model that poses diverse challenge questions based on available customer and transactional data. These challenge questions are unique to a given customer and variable over time making it difficult for anyone other than the legitimate user to deduce the correct response. A test-driven approach was used to guide development with the test scenario increasing in complexity after each iteration. Validation tests show the proposed scheme demonstrably provided enhanced security. The true acceptance score for legitimate users stood at 92.8 percent. As for guessing attacks by adversarial users, the probability of a correct guess was reduced to less than 0.08 percent. Performance-wise, the computational overhead increased by only 22 percent as compared to the classical method. This was sufficiently small as not to be noticeable by a user in real-world deployment. The study points to the feasibility of the model but recommends further research on challenge question generation for even greater security.
    URI
    http://hdl.handle.net/11071/12089
    Collections
    • MSIT Theses and Dissertations (2020) [23]

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of SU+Communities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Login

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV