A Secure Mobile Banking Using Kerberos Protocol

Abstract

Because the network is an open environment, a lot of care must be taken when transferring sensitive information especially when related with financial data. This depends on the principals to be trusted which is a problematic and since the first step in network security is the authentication, this paper presents a proposed modal for secure mobile banking (m-banking) applications using Kerberos (the network authentication protocol). The aim of this paper is to establish a secure communication between the clients and mobile-bank application server in which they can use their mobile phone to securely access their bank accounts, make and receive payments, and check their balances. The integration of smart card into classic Kerberos enhances the security for client authentication by storing the cryptographic keys and perform dual factor authentication. Other enhancement to Kerberos is the PKINIT in which the shared key is mapped with public-private key. To build a robust client authentication the client uses his/her mobile phone to author Kerberos's messages, process the replay and establish secure communication with the application server. ‫ﺑﺮوﺗﻮﻛﻮل‬ ‫ﻛﺮﺑﯿﺮوس‬ ‫ﺑﺄﺳﺘﺨﺪام‬ ‫آﻣﻦ‬ ‫ﻧﻘﺎل‬ ‫ﻣﺼﺮﻓﻲ‬ ‫ﻧﻈﺎم‬ ‫ﺍﻟﺨﻼﺼﺔ‬ ‫ﻴـﺘﻡ‬ ‫ﻋﻨـﺩﻤﺎ‬ ‫ﺍﻷﻋﺘﺒﺎﺭ‬ ‫ﺒﻨﻅﺭ‬ ‫ﹶ‬ ‫ﹶﺫ‬ ‫ْﺨ‬ ‫ﹸﺅ‬ ‫ﺘ‬  ‫ﺃﻥ‬ ‫ﻴﺠﺏ‬ ِ ‫ﺍﻟﻌﻨﺎﻴﺔ‬  ‫ِﻥ‬ ‫ﻤ‬ ‫ﺍﻟﻜﺜﻴﺭ‬ ،‫ﹸ‬ ‫ﻤﻔﺘﻭﺤﺔ‬ ‫ﹸ‬ ‫ﺒﻴﺌﺔ‬ ‫ﻟﻼﻨﺘﺭﻨﺕ‬ ‫ﺍﻟﺩﻭﻟﻴﺔ‬ ‫ﹶ‬ ‫ﺍﻟﺸﺒﻜﺔ‬ ‫ﻷﻥ‬ ِ ‫ﺍﻟﻤﺎﻟﻴﺔ‬ ِ ‫ﺒﺎﻟﺒﻴﺎﻨﺎﺕ‬ ‫ﹼﻕ‬ ‫ﹶﻌﻠ‬ ‫ﺘﺘ‬ ‫ﻋﻨﺩﻤﺎ‬ ‫ﹰ‬ ‫ﺨﺼﻭﺼﺎ‬ ِ ‫ﺎﺴﺔ‬ ‫ﺍﻟﺤﺴ‬ ‫ﹶ‬ ‫ﺍﻟﻤﻌﻠﻭﻤﺎﺕ‬ ِ ‫ﻨﻘل‬ ‫ﻭ‬ ‫ﺍﻷﻓﺭ‬ ‫ﻋﻠﻰ‬  ‫ﻌﺘﻤﺩ‬ ‫ﻴ‬ ‫ﻫﺫﺍ‬ ‫ﺍﻟـﺼﻌﺏ‬ ‫ﻤﻥ‬ ‫ﹼﺫﻴﻥ‬ ‫ﺍﻟ‬ ‫ﺍﺩ‬ ‫ﹸﻭﻨﻭ‬ ‫ﻜ‬ ‫ﻴ‬ ‫ﺍﻥ‬ ‫ﹶ‬ ‫ﺍ‬ ‫ﺠﺩﻴﺭ‬ ‫ﻴ‬ ‫ﺍﻟﻤﺴﺘﺨﺩﻡ‬ ‫ﻫﻭﻴﺔ‬ ‫ﻤﻥ‬ ‫ﹸ‬ ‫ﱡﻕ‬ ‫ﺍﻟﺘﺤﻘ‬ ‫ﻫﻭ‬ ‫ﺍﻟﺸﺒﻜﺔ‬ ِ ‫ﺃﻤﻥ‬ ‫ﻓﻲ‬ ‫ﺍﻷﻭﻟﻰ‬ ِ ‫ﺍﻟﺨﻁﻭﺓ‬ ‫ﺍﻥ‬ ‫ﺒﻤﺎ‬ ‫ﻭ‬ ‫ﹶ‬ ‫ﺒﺎﻟﺜﻘﺔ‬ ‫ﻥ‬ ‫ﻓـﺄﻥ‬ ‫ﻫـﺫ‬ ‫ﺍ‬ ‫ﺍﻟﺒﺤﺙ‬ ‫ﻴ‬  ‫ﻡ‬ ‫ﻘﺩ‬ ‫ﻤﻘﺘﺭﺡ‬ ‫ﻨﻤﻭﺫﺝ‬ ‫ﻜﺭﺒﻴﺭ‬ ُ ‫ﹶﺴﺘﻌﻤل‬ ‫ﺘ‬ ‫ﺍﻟﺘﻲ‬ ِ ‫ﺍﻵﻤﻨﺔ‬ ِ ‫ﱠﺎﻟﺔ‬ ‫ﺍﻟﻨﻘ‬ ِ ‫ﺍﻟﻤﺼﺭﻑ‬ ِ ‫ﻟﺘﻁﺒﻴﻘﺎﺕ‬ ‫ﻭ‬ ‫ﺱ‬) ‫ﹶ‬ ‫ﺍﻟﺸﺒﻜﺔ‬ ِ ‫ﱡﻕ‬ ‫ﺘﺤﻘ‬ ‫ﻨﻅﺎﻡ‬ .(‫ﹶ‬ ‫ﻫﺩﻑ‬  ‫ﺇﻥ‬ ‫ﺍﻟﺒﺤﺙ‬ ‫ﺍﻨﺸﺎ‬ ‫ﻫﻭ‬ ‫ﺀ‬ ‫ﺁﻤﻨ‬ ‫ﹰ‬ ‫ﺇﺘﺼﺎﻻ‬ ‫ﹰ‬ ‫ﺎ‬ ‫ﻭﺍﻟﻤﺼﺭﻑ‬ ِ ‫ﺍﻟﺯﺒﺎﺌﻥ‬ ‫ﺒﻴﻥ‬ ‫ﺍﻻﻟ‬ ‫ﻫﺎﺘﻔﻬﻡ‬ ‫ﺴﺘﻌﻤﻠﻭﺍ‬ ‫ﻴ‬  ‫َﻥ‬ ‫ﺃ‬  ‫ِﻥ‬ ‫ﻜ‬ ‫ﻤ‬ ‫ﻴ‬ ‫ﺒﻁﺭﻴﻘﺔ‬ ‫ﻜﺘﺭﻭﻨﻲ‬ َ ‫ﺍل‬ ‫ﺍﻟﺠﻭ‬ ‫ﻟ‬ ‫ﹸﻭل‬ ‫ﺨ‬ ‫ﻠﺩ‬ ‫ﺍﻟﻰ‬ ‫ﺁﻤﻥ‬ ‫ﺒﺸﻜل‬ ‫ﺍﻟﻤﺼﺭﻓﻴﺔ‬ ‫ﺤﺴﺎﺒﺎﺘﻬﻡ‬ ‫ﺍﻷﺭﺼﺩﺓ‬ ‫ﺒﺘﺤﻭﻴل‬ ‫ﻭﺍﻟﻘﻴﺎﻡ‬ ‫ﺃﻭ‬ ‫ﹶ‬ ‫ﹾﻌﺎﺕ‬ ‫ﻓ‬ ‫ﺍﻟـﺩ‬ ‫ﺍﺴـﺘﻼﻡ‬ ‫ﺍﻟﻤﺎﻟﻴـﺔ‬ ‫ﺃ‬ ‫ﻭ‬ ‫ﺍﻷﺭﺼﺩﺓ‬ ‫ﺘﺩﻗﻴﻕ‬. ‫ﻜﺭﺒﻴﺭ‬ ‫ﺇﻟﻰ‬ ِ ‫ﺍﻟﺫﻜﻴﺔ‬ ِ ‫ﺍﻟﺒﻁﺎﻗﺔ‬ ‫ﺍﻀﺎﻓﺔ‬  ‫ﺇﻥ‬ ‫ﻭ‬ ‫ﺍﻟﻜﻼﺴﻴﻜ‬ ‫ﺱ‬  ‫ﺍﻷﻤﻥ‬  ‫ﻥ‬ ‫ﺤﺴ‬ ‫ﻴ‬ ‫ﻲ‬ ‫ﻟ‬ ِ ‫ﹼﺭﺓ‬ ‫ﺍﻟﻤـﺸﻔ‬ ِ ‫ﺍﻟﻤﻔﺎﺘﻴﺢ‬ ‫ﻥ‬ ‫ﹶﺯ‬ ‫ﺒﺨ‬ ِ ‫ﺍﻟﺯﺒﻭﻥ‬ ‫ﻤﻥ‬ ِ ‫ﱡﻕ‬ ‫ﻠﺘﺤﻘ‬) ‫ﺍﻹﻟﻜﺘﺭﻭﻨﻲ‬ ‫ﺍﻟﻤﺼﺭﻑ‬ ‫ﻤﻔﺘﺎﺡ‬ ‫ﻭ‬ ‫ﺍﻟﺯﺒﻭﻥ‬ ‫ﻤﻔﺘﺎﺡ‬ ‫ﻤﻥ‬ ‫ﻜﻼ‬ (‫ﹾـﻊ‬ ‫ﻨ‬ ‫ﻴﻤ‬ ‫ﻭﻜـﺫﻟﻙ‬ ،ِ ‫ﺍﻟﻌﺎﻤل‬ ِ ‫ﺜﻨﺎﺌﻲ‬ ‫ﹶ‬ ‫ﱡﻕ‬ ‫ﺒﺎﻟﺘﺤﻘ‬ ‫ﻴﺴﻤﻰ‬ ‫ﻤﺎ‬ ‫ﻭﻫﺫﺍ‬ ِ ‫ﺍﻟﻌﻨﻴﻑ‬ ِ ‫ﺍﻟﻘﻭﺓ‬ ِ ‫ﻫﺠﻭﻡ‬ ‫ﻭ‬ ‫ﻟﻠﻤﻔﺎﺘﻴﺢ‬ ‫ﺍﻟﺨﺯﻥ‬ ‫ﻭﻤﺸﻜﻠﺔ‬ ‫ﺍﻟﺸﺒﻜﺔ‬ ‫ﹼ‬ ‫ﹶﺵ‬ ‫ﻏ‬. ‫ﻓﺄﻥ‬ ‫ﻭﻜﺫﻟﻙ‬ ‫ﻟﻠﻜﺭﺒﻴـﺭﺱ‬ ‫ﺍﻵﺨﺭ‬ ‫ﺍﻟﺘﺤﺴﻴﻥ‬ ‫ﺍل‬ ‫ﻫـﻭ‬ PKINIT ‫ﺍﻟﺫﻱ‬ ‫ﻴﺘﻡ‬ ‫ﺒـﺩﻻ‬ ِ ‫ﺍﻟﺭﺌﻴـﺴﻲ‬ ‫ﺍﻟﺘﺸﻔﻴﺭ‬ ‫ﻟﻔﻙ‬ ‫ﺍﻟﻌﺎﻡ‬ ‫ﻭﺍﻟﻤﻔﺘﺎﺡ‬ ‫ﺍﻟﺭﺴﺎﻟﺔ‬ ‫ﻟﺘﺸﻔﻴﺭ‬  ‫ﺍﻟﺨﺎﺹ‬ ِ ‫ﺍﻟﻤﻔﺘﺎﺡ‬ ‫ﺇﺴﺘﻌﻤﺎل‬ ‫ﻓﻴﻪ‬ ‫ﺍﻹﻟﻜﺘﺭﻭﻨﻲ‬ ‫ﻭﺍﻟﻤﺼﺭﻑ‬ ‫ﺍﻟﺯﺒﻭﻥ‬ ‫ﺒﻴﻥ‬ ‫ﺍﻟﻤﺸﺘﺭﻜﺔ‬ ‫ﺍﻟﻤﻔﺎﺘﻴﺢ‬ ‫ﺍﺴﺘﺨﺩﺍﻡ‬ ‫ﻤﻥ‬. ‫ﻴـﺘﻡ‬ ‫ﺴـﻭﻑ‬ ‫ﻤﺘـﻴﻥ‬ ‫ﺘﺤﻘـﻕ‬ ‫ﻨﻅﺎﻡ‬ ‫ﻟﺒﻨﺎﺀ‬ ‫ﻜﺭﺒﻴﺭﺱ‬ ‫ﺭﺴﺎﺌل‬ ‫ﻟﺘﺄﻟﻴﻑ‬ ‫ﺒﺎﻟﺯﺒﻭﻥ‬ ‫ﺍﻟﺨﺎﺹ‬ ‫ﺍﻟﻨﻘﺎل‬ ‫ﺍﻟﺠﻬﺎﺯ‬ ‫ﺍﺴﺘﺨﺩﺍﻡ‬ ‫ﺍﻻﻤـﻥ‬ ‫ﺍﻻﺘﺼﺎل‬ ‫ﺘﺤﻘﻴﻕ‬ ‫ﺜﻡ‬ ‫ﺍﻟﺭﺩ‬ ‫ﻤﻊ‬ ‫ﻭﺍﻟﺘﻌﺎﻤل‬ ‫ﺍﻟﻤﺼﺭﻓﻲ‬ ‫ﺍﻟﺘﻁﺒﻴﻕ‬ ‫ﻴﺴﺘﺼﻴﻑ‬ ‫ﺍﻟﺫﻱ‬ ‫ﺍﻟﺴﻴﺭﻓﺭ‬ ‫ﻤﻊ‬. PDF created with pdfFactory Pro trial version www.pdffactory.com