Security Research Of Online Banking Identity Authentication System

With the development of Internet technology, online banking business based on network become more and more popular. However, great online banking crime happens very often in recent years, which make people start to focus their attentions on internet bank security. Although Internet bank has already experienced a long time development, there also exist some security drawbacks of both technology and protocols, which cause the security limit of Internet bank systems. The security of online banking is a bottleneck of Internet bank development. How to provide the customers with a secure and reliable Internet bank environment and protect their online actions from attacking are the key problems to be urgently solved.First, through analyzing security of main parts of the whole online banking system, this thesis concludes that identity authentication system connects both the two weak points"Clients"and"Data Transfer", who is the key point and determines the security of the whole online banking system. Then, the paper introduces several security technologies related to identity authentication of online banking, which is the basis of online banking security.After that, this thesis analyses four most popular technologies which are used to enhance the security of identity authentication system. They are classical static password, one-time password, USBKey based on digital certificate and plug-in method based on ActiveX, and proposes a new Identity Authentication plan for Internet Banking System considering merits of both. Research results and most online banking theft cases suggest that all these technologies have their own security weak points. For the above reason, this thesis proposes a new identity authentication plan for internet banking system considering merits of both OTP and USBKey, from the perspective of optimizing the process of identity authentication. Containing E-token's dynamic and unique characteristic, USBKey's message integrity and Non-repudiation, The improved plan realize the mutual authentication between client and server, greatly decreased the danger of encountering network fishing and MITM attack and enhance the security of online banking system obviously. At the same time, this thesis brings up another new mind that combining the shell technology often used in online game business to improve the security of software and plug-ins'themselves to enhance the security of online banking identity authentication from the perspective of software encryption.Another important point of this thesis is the analysis of data security during the transferring process. This paper summarizes the threats may happen when transferring data in the identity authentication course, specially analyzes two typical"Man in the middle"attack methods based on SSL protocol and puts forward corresponding measures to guard against it. On one side, by modifying SSL protocol's procedure to enhance the identity authentication security of online banking and decrease the danger suffering from"MITM"attack. On the other side, from the point of online banking server's authentication, the thesis suggests that we can apply the XML digital signature technology into online banking business. Through encryption of the key HTTP contents, we can provide customers with full-way HTTPS secret service to improve the ability avoiding risks when transferring data of online banking. After analyzing and proving, both these two strategies can protect confidential information transferred from being attacked, and strength the security of data transfer process related to online banking effectively in some degree.