Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:


New cyber security protocol for online banking, and more


A new security approach could improve safeguarding of credit card numbers, bank passwords and other sensitive information for those who surf the Internet using wireless connections, researchers told the annual meeting of the American Association for the Advancement of Science (AAAS)on Saturday.

The same protocol could be employed in many computer networks in which two computers, hand-held communication devices or network nodes need to simultaneously verify the identity of each other.

The protocol - called "delayed password disclosure" - was created by Markus Jakobsson and Steve Myers of Indiana University. It may have application in any environment where "mutual identity authentication" is required, the researchers say.

This new security protocol could help to prevent consumers from getting tricked into connecting to a fake wireless hub at an airport, for example. Or the protocol could notify you that the link included in a legitimate-looking e-mail points to a fake website set up to steal your sensitive information, such as passwords and PINs to bank accounts, credit cards numbers and account numbers for online fund-transfer services.

The safety measures also might help stop organized crime and terrorist-funding groups from collecting large numbers of fund-transfer account numbers that could be used for money laundering, the researchers say.

In one possible application, the security protocol could be used to verify that two wireless devices trying to connect to each other don’t mistakenly connect to another device. This is useful to safeguard communications between mobile units, such as between members of emergency crews who are connected through wireless networks built "on the fly."

These so-called "ad hoc" networks hold great potential for military and emergency response applications where network infrastructures have been destroyed or are nonexistent. The flexibility of ad hoc networks, however, opens the door to attack. The new protocol is meant to strengthen such networks, using a type of electronic "interrogation" to ensure they are not compromised.

The protocol also holds promise as on-line banking becomes more prevalent. In one scenario, criminals could "sift" or launder money through a large number of accounts once the system is compromised by an attacker. Each account would maintain the correct balance for the unsuspecting victim, even as the attacker funneled funds through it. If large numbers of accounts are used, and the payment patterns are intricate, then such misbehavior is difficult to trace to the attacker - who might be working for the payer, the final recipient of the funds, or both.

For network attackers to launder money through online fund-transfer accounts of unsuspecting individuals, the criminals must stop email notifications from the fund-transfer company to the account holder. "Denial of service attacks" and other kinds of network attacks could be employed to stop such notification emails, the researchers say. But spotting such maneuvers is not easy.

"It’s difficult to say exactly what tactics network attackers are using right now because many people do not know they are being attacked. Nonetheless, criminals who have no greater passion than money laundering are already intensely thinking about these kinds of projects," Jakobsson explained.

The use of delayed password disclosure or a comparable protocol could help to prevent such crimes. If the protocol were used by an online bank, a technical version of the following dialogue would occur between the bank and the online customer to authenticate the identity of both parties without divulging passwords.

CUSTOMER: Hello bank. I know my banking password. If you really are my bank, then you already know my password. I don’t trust you and you don’t trust me. I’m not going to tell you my password. We’re going to use this authentication protocol called "delayed password disclosure." It allows us to both be sure the other one is not lying about our identity, but without giving out any sensitive information in the process.

BANK: Proceed.

CUSTOMER: Bank, I will send you some information that is encrypted. You can only decrypt it if you know my password. If you don’t know the password, you could of course try all possible passwords (although that is a lot of work!), but you would never know from my message if you picked the right one. Once you have decrypted the message, I want you to send it to me. If it is correctly decrypted, I will know that you know my password already. Once I know that you know my password, I will send it to you so that you can verify that I also know it. Of course, if I am lying about my identity and don’t know the password in the first place, then I will not learn anything about the password from your message, so it is safe in both directions.

For more details on the delayed password disclosure protocol, (patent pending) see the technical document from Markus Jakobsson entitled "Stealth Attacks" which is available at

Jakobsson is hoping to have "beta code" for Windows and Mac in spring 2005, and code for common cell phone platforms later in 2005.

MEDIA NOTE: A news briefing on this research will take place at 8:30 a.m. Eastern Time, Saturday, 19 February, during the AAAS Annual Meeting in Washington, DC, in Wilson A of the Marriott Wardman Park Hotel. During the briefing, symposium moderator Susanne Wetzel will set up an ad hoc wireless network and then attack it using a denial of service method. She will show how an "evil node" in the network can quickly drain the battery of a personal digital assistant (PDA). Further, these and other speakers will take part in a symposium titled, "Attacks on and Security Measures for Ad Hoc Wireless Networks," set to take place Saturday at 9:45 a.m. in the Omni Shoreham Hotel, Level 2B, Empire.

Ginger Pinholster | EurekAlert!
Further information:

More articles from Information Technology:

nachricht Fraunhofer FIT joins Facebook's Telecom Infra Project
25.10.2016 | Fraunhofer-Institut für Angewandte Informationstechnik FIT

nachricht Stanford researchers create new special-purpose computer that may someday save us billions
21.10.2016 | Stanford University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Etching Microstructures with Lasers

Ultrafast lasers have introduced new possibilities in engraving ultrafine structures, and scientists are now also investigating how to use them to etch microstructures into thin glass. There are possible applications in analytics (lab on a chip) and especially in electronics and the consumer sector, where great interest has been shown.

This new method was born of a surprising phenomenon: irradiating glass in a particular way with an ultrafast laser has the effect of making the glass up to a...

Im Focus: Light-driven atomic rotations excite magnetic waves

Terahertz excitation of selected crystal vibrations leads to an effective magnetic field that drives coherent spin motion

Controlling functional properties by light is one of the grand goals in modern condensed matter physics and materials science. A new study now demonstrates how...

Im Focus: New 3-D wiring technique brings scalable quantum computers closer to reality

Researchers from the Institute for Quantum Computing (IQC) at the University of Waterloo led the development of a new extensible wiring technique capable of controlling superconducting quantum bits, representing a significant step towards to the realization of a scalable quantum computer.

"The quantum socket is a wiring method that uses three-dimensional wires based on spring-loaded pins to address individual qubits," said Jeremy Béjanin, a PhD...

Im Focus: Scientists develop a semiconductor nanocomposite material that moves in response to light

In a paper in Scientific Reports, a research team at Worcester Polytechnic Institute describes a novel light-activated phenomenon that could become the basis for applications as diverse as microscopic robotic grippers and more efficient solar cells.

A research team at Worcester Polytechnic Institute (WPI) has developed a revolutionary, light-activated semiconductor nanocomposite material that can be used...

Im Focus: Diamonds aren't forever: Sandia, Harvard team create first quantum computer bridge

By forcefully embedding two silicon atoms in a diamond matrix, Sandia researchers have demonstrated for the first time on a single chip all the components needed to create a quantum bridge to link quantum computers together.

"People have already built small quantum computers," says Sandia researcher Ryan Camacho. "Maybe the first useful one won't be a single giant quantum computer...

All Focus news of the innovation-report >>>



Event News

#IC2S2: When Social Science meets Computer Science - GESIS will host the IC2S2 conference 2017

14.10.2016 | Event News

Agricultural Trade Developments and Potentials in Central Asia and the South Caucasus

14.10.2016 | Event News

World Health Summit – Day Three: A Call to Action

12.10.2016 | Event News

Latest News

Ice shelf vibrations cause unusual waves in Antarctic atmosphere

25.10.2016 | Earth Sciences

Fluorescent holography: Upending the world of biological imaging

25.10.2016 | Power and Electrical Engineering

Etching Microstructures with Lasers

25.10.2016 | Process Engineering

More VideoLinks >>>