Formal verification of a secure mobile banking protocol

Abstract

Current mobile banking protocols simply are not as well guarded as their Internet counterparts during the transactions between a mobile device and a financial institution. Recently, many mobile banking protocols using public-key cryptography have been proposed. However, they are designed to provide a basic protection for traditional flow of payment data as they only rely on basic identification and verification mechanisms, which is vulnerable to attack and increase the user's risk. In this paper we propose a new secure mobile banking protocol that provides strong authentication mechanisms. These mechanisms rely on highly usable advanced multifactor authentication technologies i.e. (biometrics and smart cards). The proposed mobile banking protocol not only achieves a completely secure protection for the involved parties and their financial transactions but also minimizes the computational operations and the communication passes between them. An analysis and a proof of the proposed protocol security properties will be provided within this paper. © Springer-Verlag Berlin Heidelberg 2011.