Table Of Content

Al Fairuz, Mohamed Ali Suleiman (2011) An Investigation into the Usability and Acceptability of Multi-channel Authentication to Online Banking Users in Oman. PhD thesis. http://theses.gla.ac.uk/3078/ Copyright and moral rights for this thesis are retained by the author A copy can be downloaded for personal non-commercial research or study, without prior permission or charge This thesis cannot be reproduced or quoted extensively from without first obtaining permission in writing from the Author The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the Author When referring to this work, full bibliographic details including the author, title, awarding institution and date of the thesis must be given Glasgow Theses Service http://theses.gla.ac.uk/ [email protected] An Investigation into the Usability and Acceptability of Multi-channel Authentication to Online Banking Users in Oman Mohamed Ali Al-Fairuz Ph.D. 2011 School of Computing Science Collage of Information and Mathematical Sciences Abstract Authentication mechanisms provide the cornerstone for security for many distributed systems, especially for increasingly popular online applications. For decades, widely used, traditional authentication methods included passwords and PINs that are now inadequate to protect online users and organizations from ever more sophisticated attacks. This study proposes an improvement to traditional authentication mechanisms. The solution introduced here includes a one-time-password (OTP) and incorporates the concept of multiple levels and multiple channels – features that are much more successful than traditional authentication mechanisms in protecting users' online accounts from being compromised. This research study reviews and evaluates current authentication classes and mechanisms and proposes an authentication mechanism that uses a variety of techniques, including multiple channels, to resist attacks more effectively than most commonly used mechanisms. Three aspects of the mechanism were evaluated: 1. The security of multi-channel authentication (MCA) was evaluated in theoretical terms, using a widely accepted methodology. 2. The usability was evaluated by carrying out a user study. 3. Finally, the acceptability thereof was evaluated by asking the participants in study (2) specific questions which aligned with the technology acceptance model (TAM). The study’s analysis of the data, gathered from online questionnaires and application log tables, showed that most participants found the MCA mechanism superior to other available authentication mechanisms and clearly supported the proposed MCA mechanism and the benefits that it provides. The research presents guidelines on how to implement the proposed mechanism, provides a detailed analysis of its effectiveness in protecting users' online accounts against specific, commonly deployed attacks, and reports on its usability and acceptability. It represents a significant step forward in the evolution of authentication mechanisms meeting the security needs of online users while maintaining usability. i Acknowledgements In the name of Allah, the Beneficent, the Merciful. They said, "Exalted are You; we have no knowledge except what You have taught us. Indeed, it is You who is the Knowing, the Wise." Quran (Surat Al Baqarah) – verse 32 First and foremost, all praise is for Allah, Who enlightened us with faith and knowledge, and Who is sufficient for us and has sheltered us. To my mother, thanks and may Allah bless you and give you health and long life. To my father, thanks and may Allah bless your soul. My wife and daughters thanks for being with me throughout this journey. My supervisor, Karen Renaud, thanks for trust, time, and patience. My family, grandmom, brothers and sisters, you were special people, thanks for everything. My friends: Munther Al Busaidi, Shahid Al Balushi, Qais Al Yahyahi, and my colleagues: Thiam Kian (TK), Dora, Mariam, and Melissa, thanks to you all for the support and help. May Allah grant you a bright future and everlasting success. ii Table of Contents ABSTRACT  ....................................................................................................................................................  I   TABLE  OF  CONTENTS  .............................................................................................................................  III   LIST  OF  TABLES  ......................................................................................................................................  VII   LIST  OF  FIGURES  .....................................................................................................................................  IX   LIST  OF  PUBLICATIONS  ........................................................................................................................  XII   CHAPTER  1   INTRODUCTION  ..............................................................................................................  1   1.1   RESEARCH  OBJECTIVES  ....................................................................................................................................  2   1.2   HYPOTHESIS  AND  THESIS  STATEMENT  .........................................................................................................  3   1.3   THESIS  STRUCTURE  ..........................................................................................................................................  4   CHAPTER  2   BACKGROUND  AND  RELATED  WORK  .....................................................................  6   2.1   INTRODUCTION  ..................................................................................................................................................  6   2.2   THE  NEED  FOR  AUTHENTICATION  .................................................................................................................  8   2.2.1   Knowledge-­‐based  Authentication  (KBA)  .....................................................................................  11   2.2.2   Token-­‐based  Authentication  (TBA)  ...............................................................................................  14   2.2.3   Biometric-­‐based  Authentication  (BBA)  .......................................................................................  17   2.2.4   Others  ..........................................................................................................................................................  18   2.2.5   Summary  ...................................................................................................................................................  23   2.3   AUTHENTICATION  IMPLEMENTATION  ........................................................................................................  25   2.3.1   Single-­‐factor  Authentication  ............................................................................................................  25   2.3.2   Multi-­‐factor  Authentication  ..............................................................................................................  25   2.3.3   Multilevel  Authentication  ..................................................................................................................  26   2.3.4   Multilevel,  Multi-­‐channel  Authentication  ...................................................................................  27   2.4   AUTHENTICATION  ATTACK  METHODS  .......................................................................................................  30   2.4.1   Attacks  on  Online  Service  Provider  (OSP)  ...................................................................................  30   2.4.2   Attacks  on  Communication  Channels  (CC)  .................................................................................  35   2.4.3   Attacks  on  End  Users  (EU)  .................................................................................................................  37   2.5   CHAPTER  SUMMARY  ......................................................................................................................................  43   CHAPTER  3   USABILITY  AND  ACCEPTABILITY  ..........................................................................  44   3.1   INTRODUCTION  ...............................................................................................................................................  44   3.2   USABILITY  ........................................................................................................................................................  45   3.2.1   Usability  Attributes  ...............................................................................................................................  45   iii 3.2.2   Usability  of  Authentication  Mechanisms  .....................................................................................  47   3.3   USABILITY  EVALUATION  ...............................................................................................................................  49   3.3.1   Assessing  Usability  of  Online  Banking  Systems’  Authentication  .......................................  50   3.4   ACCEPTABILITY  ..............................................................................................................................................  52   3.4.1   Information  Technology  Acceptance  ............................................................................................  53   3.5   ASSESSING  ACCEPTABILITY  OF  ONLINE  BANKING  SYSTEMS  ..................................................................  57   3.5.1   Demographic  characteristics  ...........................................................................................................  57   3.5.2   Internal  and  external  variables  .......................................................................................................  58   3.5.3   Summary  ...................................................................................................................................................  60   3.6   USABILITY  AND  ACCEPTABILITY  MEASUREMENT  ....................................................................................  60   3.7   CHAPTER  SUMMARY  ......................................................................................................................................  61   CHAPTER  4   ONLINE  BANKING  AND  MOBILE  COMMUNICATION  ........................................  62   4.1   ONLINE  BANKING  ...........................................................................................................................................  62   4.1.1   Factors  Influencing  the  Adoption  of  Online  Banking  .............................................................  63   4.1.2   Current  Status  .........................................................................................................................................  68   4.1.3   Authentication  Mechanisms  in  Online  Banking  .......................................................................  71   4.2   MOBILE  COMMUNICATION  ...........................................................................................................................  80   4.2.1   Usability  of  mobile  devices  and  network  .....................................................................................  80   4.2.2   Security  of  mobile  devices  and  network  ......................................................................................  83   4.2.3   Mobile  Devices  as  Authentication  Tokens  ...................................................................................  84   4.3   SUMMARY  ........................................................................................................................................................  85   CHAPTER  5   PROPOSED  SOLUTION  ...............................................................................................  86   5.1   INTRODUCTION  ...............................................................................................................................................  86   5.2   PROPOSED  INFRASTRUCTURE  ......................................................................................................................  86   5.2.1   MCA  for  Online  Banking  ......................................................................................................................  88   5.2.2   Applicability  of  MCA  .............................................................................................................................  90   5.2.3   Cost  of  MCA  ...............................................................................................................................................  92   5.2.4   Feedback  ....................................................................................................................................................  93   5.2.5   Advantages  over  Single  Channel  Authentication  (SCA)  ........................................................  94   5.3   MOBILE  NETWORK  AS  SECONDARY  CHANNEL  .........................................................................................  95   5.4   THEORETICAL  EVALUATION  OF  MCA  ........................................................................................................  96   5.4.1   MCA  Application  Model  and  Attack  Target  Nodes  ..................................................................  98   5.4.2   Identify  and  Categorize  Application  Threats  Based  on  STRIDE  ....................................  100   5.4.3   Build  an  Attack  Tree  ..........................................................................................................................  104   5.4.4   Evaluation  of  Threats  .......................................................................................................................  104   5.4.5   Risk  Mitigation  and  Security  Controls  .......................................................................................  110   5.4.6   Rate  the  Threats  (based  on  DREAD)  ..........................................................................................  110   iv 5.5   CHAPTER  SUMMARY  ...................................................................................................................................  112   CHAPTER  6   DESIGN  AND  IMPLEMENTATION  .........................................................................  114   6.1   INTRODUCTION  ............................................................................................................................................  114   6.2   ASPECTS  OF  THE  MCA  ...............................................................................................................................  114   6.2.1   Levels  ........................................................................................................................................................  115   6.2.2   Factors  .....................................................................................................................................................  117   6.2.3   Channels  ..................................................................................................................................................  118   6.3   DESIGN  RECOMMENDATIONS  ....................................................................................................................  120   6.3.1   User  Defined  versus  System  Generated  Passwords  ..............................................................  120   6.3.2   Language  Support  ..............................................................................................................................  120   6.3.3   Encryption  /  Securing  Key  Delivery  ............................................................................................  121   6.4   MCA  -­‐  DESIGN  OPTIONS  ............................................................................................................................  121   6.4.1   Design  option  1  –  Transaction-­‐based  Authentication  ........................................................  121   6.4.2   Design  option  2  –  Beneficiary-­‐based  Authentication  ..........................................................  123   6.5   MCA  IMPLEMENTATION  –  XYZ  BANK  ....................................................................................................  124   6.5.1   Application  Overview  ........................................................................................................................  125   6.6   IMPLEMENTATION  GUIDELINES  ...............................................................................................................  128   6.6.1   Security  guidelines:  ............................................................................................................................  129   6.6.2   Usability  guidelines:  ..........................................................................................................................  130   6.7   SUMMARY  .....................................................................................................................................................  131   CHAPTER  7   EVALUATION  ..............................................................................................................  132   7.1   SURVEY  DESIGN  ...........................................................................................................................................  134   7.1.1   Online  Questionnaire  Design  .........................................................................................................  134   7.1.2   Indirect  Observation  ..........................................................................................................................  135   7.2   EXPERIMENT  TRIALS  ..................................................................................................................................  136   7.2.1   First  Experiment  Trial  ......................................................................................................................  136   7.2.2   Pilot  Test  of  the  Second  Experiment  Trial  ...............................................................................  140   7.2.3   Usability  Issues  Addressed  in  the  Second  Trial  ......................................................................  140   7.2.4   Application  Requirements/Tasks  (Second  Trial)  .................................................................  142   7.2.5   Participants  ...........................................................................................................................................  156   7.3   DEMOGRAPHIC  PROFILE  OF  PARTICIPANTS  ...........................................................................................  156   7.3.1   Dropout  Rates  ......................................................................................................................................  158   7.3.2   Affects  of  Social  Relationships  on  Dropout  Rates  .................................................................  160   7.4   PRELIMINARY  TEST  ....................................................................................................................................  161   7.4.1   Data  Preparation  ................................................................................................................................  161   7.4.2   Data  Screening  .....................................................................................................................................  163   7.4.3   Summary  ................................................................................................................................................  172   v 7.5   FACTORS  INFLUENCING  ADOPTION  OF  ONLINE  BANKING  ..................................................................  173   7.5.1   Demographic  Variables  Hypotheses  ...........................................................................................  173   7.5.2   Hypotheses  Testing  –  Demographic  Variables  ......................................................................  173   7.5.3   External  TAM  Variables  Hypotheses  ..........................................................................................  179   7.5.4   Hypotheses  Testing  –  TAM  External  Variables  ......................................................................  181   7.5.5   Research  Model  ....................................................................................................................................  183   7.6   MCA  –  USABILITY  AND  ACCEPTABILITY  ................................................................................................  184   7.6.1   Measuring  Usability  of  MCA  ...........................................................................................................  184   7.6.2   Measuring  Acceptability  of  MCA  ..................................................................................................  193   7.6.3   Comparison  with  Other  Studies  ....................................................................................................  196   7.7   CHAPTER  SUMMARY  ...................................................................................................................................  198   CHAPTER  8   CONCLUSION  ..............................................................................................................  200   8.1   INTRODUCTION  ............................................................................................................................................  200   8.2   RESEARCH  OBJECTIVES  AND  CONTRIBUTIONS  ......................................................................................  201   8.3   FUTURE  WORK  ............................................................................................................................................  204   8.3.1   More  Usable  Channels  .......................................................................................................................  204   8.3.2   MCA  for  the  Disabled  .........................................................................................................................  204   8.3.3   MCA  for  Corporate  Banking  ...........................................................................................................  204   8.4   A  FINAL  WORD  ............................................................................................................................................  205   BIBLIOGRAPHY  .....................................................................................................................................  206   APPENDIX  A  WEB-­‐APPLICATION  CODES/SCRIPTS  ...................................................................  219   APPENDIX  B  ONLINE  QUESTIONNAIRES  ......................................................................................  225   APPENDIX  C  DATA  SCREENING  RESULTS  .....................................................................................  235   APPENDIX  D  DEMOGRAPHICS  CHARACTERISTICS  ...................................................................  239   vi List of Tables Table  2-­‐1:  Summary  table  of  different  authentication  classes  .........................................................................................  24   Table  3-­‐1:  Overview  of  Usability  dimensions  (adapted  from  [103])  ..............................................................................  46   Table  5-­‐1:    Threats  affecting  elements  [219]  ........................................................................................................................  101   Table  5-­‐2:  Threat  rating  table  [227]  ........................................................................................................................................  111   Table  5-­‐3:    DREAD-­‐rating  table  ..................................................................................................................................................  112   Table  5-­‐4:    Threat  modelling  based  on  STRIDE  process  and  DREAD  rating  summary  table  ..........................  113   Table  7-­‐1:    The  list  of  hypotheses  developed  in  this  study  ...............................................................................................  133   Table  7-­‐2:  Chi-­‐square  test  for  independence  summary  results  between  demographic  profile  and  dropout   rates  ........................................................................................................................................................................................................  158   Table  7-­‐3:    Cross  tabulation  between  education  level  and  dropout  rates  ................................................................  159   Table  7-­‐4:    The  5  tasks  identifiers  ..............................................................................................................................................  162   Table  7-­‐5:  Pre-­‐questionnaire  variables  that  incurred  a  “missingness”  rate  higher  than  5%  .........................  164   Table  7-­‐6:    Crosstabulations  of  education  level  verses  other  common  variables  ..................................................  166   Table  7-­‐7:    Crosstabulations  of  monthly  income  group  verses  other  common  variables  ..................................  168   Table  7-­‐8:    Descriptive  statistics  for  the  raw  data  from  logs  .........................................................................................  169   Table  7-­‐9:    Descriptive  statistics  of  a  clean  version  of  logs  data  ..................................................................................  171   Table  7-­‐10:  Chi-­‐square  test  for  independence  summary  results  between  demographic  profile  and  attitude   towards  adopting  online  banking  ..............................................................................................................................................  173   Table  7-­‐11:  Cross  tabulation  between  age  group  and  users  with  online  banking  (OB)  experience  .............  177   Table  7-­‐12:  Cross  tabulation  between  monthly  income  group  and  users  with  online  banking  (OB)   experience  .............................................................................................................................................................................................  179   Table  7-­‐13:  Summary  of  the  ‘Factor  Analysis’  for  factors  influencing  adoption  of  online  banking  .............  180   Table  7-­‐14:    Correlation  analysis  results  ................................................................................................................................  182   Table  7-­‐15:  Assessment  of  the  TAM  external  variables  ....................................................................................................  183   Table  7-­‐16:  Sub-­‐tasks  completion  and  dropout  rates  .......................................................................................................  186   Table  7-­‐17:    Completion  time  of  experiment  tasks  .............................................................................................................  188   Table  7-­‐18:    Results  of  Mann-­‐Whitney  U  Test  and  independent-­‐sample  t-­‐test  for  differences  between   experience,  gender  and  age  group  on  overall  tasks  completion  time.  .......................................................................  189   Table  7-­‐19:    Descriptive  statistics  of  usability  questions  .................................................................................................  190   Table  7-­‐20:    Comparative  evaluation  of  social  relationships  on  satisfaction  using  Mann-­‐W.  U  Test  ..........  191   Table  7-­‐21:    Comparative  evaluation  of  experience,  gender,  and  age  on  users’  satisfaction  (MCA)  using   Mann-­‐Whitney  U  Test  ......................................................................................................................................................................  192   Table  7-­‐22:  Paired-­‐samples  t-­‐test  comparing  online  users’  preferences  for  using  online  banking  services   on  systems  with  MCA  and  without  MCA  ..................................................................................................................................  194   Table  7-­‐23:  Wilcoxon  Signed  Rank  Test  comparing  online  users’  preferences  for  using  online  banking   services  on  systems  with  MCA  and  without  MCA  .................................................................................................................  195   vii Table  7-­‐24:  Comparison  of  findings  between  this  research  and  another  study  in  the  same  area  .................  197   Table  7-­‐25:  Hypotheses  testing  results  ....................................................................................................................................  198   Table  8-­‐1:    Hypotheses  tested  in  this  study  ............................................................................................................................  201   Table  8-­‐2:  Hypotheses  testing  results  .......................................................................................................................................  203   viii

Description:
The research presents guidelines on how to implement the proposed mechanism, provides Figure 2-‐16: Web-‐application vulnerability disclosures by attack categories 2004 – 2009 (adapted from. [52]) . between people while others offer online market places where people can choose products.
ebook img

Al Fairuz, Mohamed Ali Suleiman (2011) An Investigation into the Usability and Acceptability of ... PDF

262 Pages·2011·8.62 MB·English
by  
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Al Fairuz, Mohamed Ali Suleiman (2011) An Investigation into the Usability and Acceptability of ...

Al Fairuz, Mohamed Ali Suleiman (2011) An Investigation into the Usability and Acceptability of Multi-channel Authentication to Online Banking Users in Oman. PhD thesis. http://theses.gla.ac.uk/3078/ Copyright and moral rights for this thesis are retained by the author A copy can be downloaded for personal non-commercial research or study, without prior permission or charge This thesis cannot be reproduced or quoted extensively from without first obtaining permission in writing from the Author The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the Author When referring to this work, full bibliographic details including the author, title, awarding institution and date of the thesis must be given Glasgow Theses Service http://theses.gla.ac.uk/ [email protected] An Investigation into the Usability and Acceptability of Multi-channel Authentication to Online Banking Users in Oman Mohamed Ali Al-Fairuz Ph.D. 2011 School of Computing Science Collage of Information and Mathematical Sciences Abstract Authentication mechanisms provide the cornerstone for security for many distributed systems, especially for increasingly popular online applications. For decades, widely used, traditional authentication methods included passwords and PINs that are now inadequate to protect online users and organizations from ever more sophisticated attacks. This study proposes an improvement to traditional authentication mechanisms. The solution introduced here includes a one-time-password (OTP) and incorporates the concept of multiple levels and multiple channels – features that are much more successful than traditional authentication mechanisms in protecting users' online accounts from being compromised. This research study reviews and evaluates current authentication classes and mechanisms and proposes an authentication mechanism that uses a variety of techniques, including multiple channels, to resist attacks more effectively than most commonly used mechanisms. Three aspects of the mechanism were evaluated: 1. The security of multi-channel authentication (MCA) was evaluated in theoretical terms, using a widely accepted methodology. 2. The usability was evaluated by carrying out a user study. 3. Finally, the acceptability thereof was evaluated by asking the participants in study (2) specific questions which aligned with the technology acceptance model (TAM). The study’s analysis of the data, gathered from online questionnaires and application log tables, showed that most participants found the MCA mechanism superior to other available authentication mechanisms and clearly supported the proposed MCA mechanism and the benefits that it provides. The research presents guidelines on how to implement the proposed mechanism, provides a detailed analysis of its effectiveness in protecting users' online accounts against specific, commonly deployed attacks, and reports on its usability and acceptability. It represents a significant step forward in the evolution of authentication mechanisms meeting the security needs of online users while maintaining usability. i Acknowledgements In the name of Allah, the Beneficent, the Merciful. They said, "Exalted are You; we have no knowledge except what You have taught us. Indeed, it is You who is the Knowing, the Wise." Quran (Surat Al Baqarah) – verse 32 First and foremost, all praise is for Allah, Who enlightened us with faith and knowledge, and Who is sufficient for us and has sheltered us. To my mother, thanks and may Allah bless you and give you health and long life. To my father, thanks and may Allah bless your soul. My wife and daughters thanks for being with me throughout this journey. My supervisor, Karen Renaud, thanks for trust, time, and patience. My family, grandmom, brothers and sisters, you were special people, thanks for everything. My friends: Munther Al Busaidi, Shahid Al Balushi, Qais Al Yahyahi, and my colleagues: Thiam Kian (TK), Dora, Mariam, and Melissa, thanks to you all for the support and help. May Allah grant you a bright future and everlasting success. ii Table of Contents ABSTRACT  ....................................................................................................................................................  I   TABLE  OF  CONTENTS  .............................................................................................................................  III   LIST  OF  TABLES  ......................................................................................................................................  VII   LIST  OF  FIGURES  .....................................................................................................................................  IX   LIST  OF  PUBLICATIONS  ........................................................................................................................  XII   CHAPTER  1   INTRODUCTION  ..............................................................................................................  1   1.1   RESEARCH  OBJECTIVES  ....................................................................................................................................  2   1.2   HYPOTHESIS  AND  THESIS  STATEMENT  .........................................................................................................  3   1.3   THESIS  STRUCTURE  ..........................................................................................................................................  4   CHAPTER  2   BACKGROUND  AND  RELATED  WORK  .....................................................................  6   2.1   INTRODUCTION  ..................................................................................................................................................  6   2.2   THE  NEED  FOR  AUTHENTICATION  .................................................................................................................  8   2.2.1   Knowledge-­‐based  Authentication  (KBA)  .....................................................................................  11   2.2.2   Token-­‐based  Authentication  (TBA)  ...............................................................................................  14   2.2.3   Biometric-­‐based  Authentication  (BBA)  .......................................................................................  17   2.2.4   Others  ..........................................................................................................................................................  18   2.2.5   Summary  ...................................................................................................................................................  23   2.3   AUTHENTICATION  IMPLEMENTATION  ........................................................................................................  25   2.3.1   Single-­‐factor  Authentication  ............................................................................................................  25   2.3.2   Multi-­‐factor  Authentication  ..............................................................................................................  25   2.3.3   Multilevel  Authentication  ..................................................................................................................  26   2.3.4   Multilevel,  Multi-­‐channel  Authentication  ...................................................................................  27   2.4   AUTHENTICATION  ATTACK  METHODS  .......................................................................................................  30   2.4.1   Attacks  on  Online  Service  Provider  (OSP)  ...................................................................................  30   2.4.2   Attacks  on  Communication  Channels  (CC)  .................................................................................  35   2.4.3   Attacks  on  End  Users  (EU)  .................................................................................................................  37   2.5   CHAPTER  SUMMARY  ......................................................................................................................................  43   CHAPTER  3   USABILITY  AND  ACCEPTABILITY  ..........................................................................  44   3.1   INTRODUCTION  ...............................................................................................................................................  44   3.2   USABILITY  ........................................................................................................................................................  45   3.2.1   Usability  Attributes  ...............................................................................................................................  45   iii 3.2.2   Usability  of  Authentication  Mechanisms  .....................................................................................  47   3.3   USABILITY  EVALUATION  ...............................................................................................................................  49   3.3.1   Assessing  Usability  of  Online  Banking  Systems’  Authentication  .......................................  50   3.4   ACCEPTABILITY  ..............................................................................................................................................  52   3.4.1   Information  Technology  Acceptance  ............................................................................................  53   3.5   ASSESSING  ACCEPTABILITY  OF  ONLINE  BANKING  SYSTEMS  ..................................................................  57   3.5.1   Demographic  characteristics  ...........................................................................................................  57   3.5.2   Internal  and  external  variables  .......................................................................................................  58   3.5.3   Summary  ...................................................................................................................................................  60   3.6   USABILITY  AND  ACCEPTABILITY  MEASUREMENT  ....................................................................................  60   3.7   CHAPTER  SUMMARY  ......................................................................................................................................  61   CHAPTER  4   ONLINE  BANKING  AND  MOBILE  COMMUNICATION  ........................................  62   4.1   ONLINE  BANKING  ...........................................................................................................................................  62   4.1.1   Factors  Influencing  the  Adoption  of  Online  Banking  .............................................................  63   4.1.2   Current  Status  .........................................................................................................................................  68   4.1.3   Authentication  Mechanisms  in  Online  Banking  .......................................................................  71   4.2   MOBILE  COMMUNICATION  ...........................................................................................................................  80   4.2.1   Usability  of  mobile  devices  and  network  .....................................................................................  80   4.2.2   Security  of  mobile  devices  and  network  ......................................................................................  83   4.2.3   Mobile  Devices  as  Authentication  Tokens  ...................................................................................  84   4.3   SUMMARY  ........................................................................................................................................................  85   CHAPTER  5   PROPOSED  SOLUTION  ...............................................................................................  86   5.1   INTRODUCTION  ...............................................................................................................................................  86   5.2   PROPOSED  INFRASTRUCTURE  ......................................................................................................................  86   5.2.1   MCA  for  Online  Banking  ......................................................................................................................  88   5.2.2   Applicability  of  MCA  .............................................................................................................................  90   5.2.3   Cost  of  MCA  ...............................................................................................................................................  92   5.2.4   Feedback  ....................................................................................................................................................  93   5.2.5   Advantages  over  Single  Channel  Authentication  (SCA)  ........................................................  94   5.3   MOBILE  NETWORK  AS  SECONDARY  CHANNEL  .........................................................................................  95   5.4   THEORETICAL  EVALUATION  OF  MCA  ........................................................................................................  96   5.4.1   MCA  Application  Model  and  Attack  Target  Nodes  ..................................................................  98   5.4.2   Identify  and  Categorize  Application  Threats  Based  on  STRIDE  ....................................  100   5.4.3   Build  an  Attack  Tree  ..........................................................................................................................  104   5.4.4   Evaluation  of  Threats  .......................................................................................................................  104   5.4.5   Risk  Mitigation  and  Security  Controls  .......................................................................................  110   5.4.6   Rate  the  Threats  (based  on  DREAD)  ..........................................................................................  110   iv 5.5   CHAPTER  SUMMARY  ...................................................................................................................................  112   CHAPTER  6   DESIGN  AND  IMPLEMENTATION  .........................................................................  114   6.1   INTRODUCTION  ............................................................................................................................................  114   6.2   ASPECTS  OF  THE  MCA  ...............................................................................................................................  114   6.2.1   Levels  ........................................................................................................................................................  115   6.2.2   Factors  .....................................................................................................................................................  117   6.2.3   Channels  ..................................................................................................................................................  118   6.3   DESIGN  RECOMMENDATIONS  ....................................................................................................................  120   6.3.1   User  Defined  versus  System  Generated  Passwords  ..............................................................  120   6.3.2   Language  Support  ..............................................................................................................................  120   6.3.3   Encryption  /  Securing  Key  Delivery  ............................................................................................  121   6.4   MCA  -­‐  DESIGN  OPTIONS  ............................................................................................................................  121   6.4.1   Design  option  1  –  Transaction-­‐based  Authentication  ........................................................  121   6.4.2   Design  option  2  –  Beneficiary-­‐based  Authentication  ..........................................................  123   6.5   MCA  IMPLEMENTATION  –  XYZ  BANK  ....................................................................................................  124   6.5.1   Application  Overview  ........................................................................................................................  125   6.6   IMPLEMENTATION  GUIDELINES  ...............................................................................................................  128   6.6.1   Security  guidelines:  ............................................................................................................................  129   6.6.2   Usability  guidelines:  ..........................................................................................................................  130   6.7   SUMMARY  .....................................................................................................................................................  131   CHAPTER  7   EVALUATION  ..............................................................................................................  132   7.1   SURVEY  DESIGN  ...........................................................................................................................................  134   7.1.1   Online  Questionnaire  Design  .........................................................................................................  134   7.1.2   Indirect  Observation  ..........................................................................................................................  135   7.2   EXPERIMENT  TRIALS  ..................................................................................................................................  136   7.2.1   First  Experiment  Trial  ......................................................................................................................  136   7.2.2   Pilot  Test  of  the  Second  Experiment  Trial  ...............................................................................  140   7.2.3   Usability  Issues  Addressed  in  the  Second  Trial  ......................................................................  140   7.2.4   Application  Requirements/Tasks  (Second  Trial)  .................................................................  142   7.2.5   Participants  ...........................................................................................................................................  156   7.3   DEMOGRAPHIC  PROFILE  OF  PARTICIPANTS  ...........................................................................................  156   7.3.1   Dropout  Rates  ......................................................................................................................................  158   7.3.2   Affects  of  Social  Relationships  on  Dropout  Rates  .................................................................  160   7.4   PRELIMINARY  TEST  ....................................................................................................................................  161   7.4.1   Data  Preparation  ................................................................................................................................  161   7.4.2   Data  Screening  .....................................................................................................................................  163   7.4.3   Summary  ................................................................................................................................................  172   v 7.5   FACTORS  INFLUENCING  ADOPTION  OF  ONLINE  BANKING  ..................................................................  173   7.5.1   Demographic  Variables  Hypotheses  ...........................................................................................  173   7.5.2   Hypotheses  Testing  –  Demographic  Variables  ......................................................................  173   7.5.3   External  TAM  Variables  Hypotheses  ..........................................................................................  179   7.5.4   Hypotheses  Testing  –  TAM  External  Variables  ......................................................................  181   7.5.5   Research  Model  ....................................................................................................................................  183   7.6   MCA  –  USABILITY  AND  ACCEPTABILITY  ................................................................................................  184   7.6.1   Measuring  Usability  of  MCA  ...........................................................................................................  184   7.6.2   Measuring  Acceptability  of  MCA  ..................................................................................................  193   7.6.3   Comparison  with  Other  Studies  ....................................................................................................  196   7.7   CHAPTER  SUMMARY  ...................................................................................................................................  198   CHAPTER  8   CONCLUSION  ..............................................................................................................  200   8.1   INTRODUCTION  ............................................................................................................................................  200   8.2   RESEARCH  OBJECTIVES  AND  CONTRIBUTIONS  ......................................................................................  201   8.3   FUTURE  WORK  ............................................................................................................................................  204   8.3.1   More  Usable  Channels  .......................................................................................................................  204   8.3.2   MCA  for  the  Disabled  .........................................................................................................................  204   8.3.3   MCA  for  Corporate  Banking  ...........................................................................................................  204   8.4   A  FINAL  WORD  ............................................................................................................................................  205   BIBLIOGRAPHY  .....................................................................................................................................  206   APPENDIX  A  WEB-­‐APPLICATION  CODES/SCRIPTS  ...................................................................  219   APPENDIX  B  ONLINE  QUESTIONNAIRES  ......................................................................................  225   APPENDIX  C  DATA  SCREENING  RESULTS  .....................................................................................  235   APPENDIX  D  DEMOGRAPHICS  CHARACTERISTICS  ...................................................................  239   vi List of Tables Table  2-­‐1:  Summary  table  of  different  authentication  classes  .........................................................................................  24   Table  3-­‐1:  Overview  of  Usability  dimensions  (adapted  from  [103])  ..............................................................................  46   Table  5-­‐1:    Threats  affecting  elements  [219]  ........................................................................................................................  101   Table  5-­‐2:  Threat  rating  table  [227]  ........................................................................................................................................  111   Table  5-­‐3:    DREAD-­‐rating  table  ..................................................................................................................................................  112   Table  5-­‐4:    Threat  modelling  based  on  STRIDE  process  and  DREAD  rating  summary  table  ..........................  113   Table  7-­‐1:    The  list  of  hypotheses  developed  in  this  study  ...............................................................................................  133   Table  7-­‐2:  Chi-­‐square  test  for  independence  summary  results  between  demographic  profile  and  dropout   rates  ........................................................................................................................................................................................................  158   Table  7-­‐3:    Cross  tabulation  between  education  level  and  dropout  rates  ................................................................  159   Table  7-­‐4:    The  5  tasks  identifiers  ..............................................................................................................................................  162   Table  7-­‐5:  Pre-­‐questionnaire  variables  that  incurred  a  “missingness”  rate  higher  than  5%  .........................  164   Table  7-­‐6:    Crosstabulations  of  education  level  verses  other  common  variables  ..................................................  166   Table  7-­‐7:    Crosstabulations  of  monthly  income  group  verses  other  common  variables  ..................................  168   Table  7-­‐8:    Descriptive  statistics  for  the  raw  data  from  logs  .........................................................................................  169   Table  7-­‐9:    Descriptive  statistics  of  a  clean  version  of  logs  data  ..................................................................................  171   Table  7-­‐10:  Chi-­‐square  test  for  independence  summary  results  between  demographic  profile  and  attitude   towards  adopting  online  banking  ..............................................................................................................................................  173   Table  7-­‐11:  Cross  tabulation  between  age  group  and  users  with  online  banking  (OB)  experience  .............  177   Table  7-­‐12:  Cross  tabulation  between  monthly  income  group  and  users  with  online  banking  (OB)   experience  .............................................................................................................................................................................................  179   Table  7-­‐13:  Summary  of  the  ‘Factor  Analysis’  for  factors  influencing  adoption  of  online  banking  .............  180   Table  7-­‐14:    Correlation  analysis  results  ................................................................................................................................  182   Table  7-­‐15:  Assessment  of  the  TAM  external  variables  ....................................................................................................  183   Table  7-­‐16:  Sub-­‐tasks  completion  and  dropout  rates  .......................................................................................................  186   Table  7-­‐17:    Completion  time  of  experiment  tasks  .............................................................................................................  188   Table  7-­‐18:    Results  of  Mann-­‐Whitney  U  Test  and  independent-­‐sample  t-­‐test  for  differences  between   experience,  gender  and  age  group  on  overall  tasks  completion  time.  .......................................................................  189   Table  7-­‐19:    Descriptive  statistics  of  usability  questions  .................................................................................................  190   Table  7-­‐20:    Comparative  evaluation  of  social  relationships  on  satisfaction  using  Mann-­‐W.  U  Test  ..........  191   Table  7-­‐21:    Comparative  evaluation  of  experience,  gender,  and  age  on  users’  satisfaction  (MCA)  using   Mann-­‐Whitney  U  Test  ......................................................................................................................................................................  192   Table  7-­‐22:  Paired-­‐samples  t-­‐test  comparing  online  users’  preferences  for  using  online  banking  services   on  systems  with  MCA  and  without  MCA  ..................................................................................................................................  194   Table  7-­‐23:  Wilcoxon  Signed  Rank  Test  comparing  online  users’  preferences  for  using  online  banking   services  on  systems  with  MCA  and  without  MCA  .................................................................................................................  195   vii Table  7-­‐24:  Comparison  of  findings  between  this  research  and  another  study  in  the  same  area  .................  197   Table  7-­‐25:  Hypotheses  testing  results  ....................................................................................................................................  198   Table  8-­‐1:    Hypotheses  tested  in  this  study  ............................................................................................................................  201   Table  8-­‐2:  Hypotheses  testing  results  .......................................................................................................................................  203   viii

Description:
The research presents guidelines on how to implement the proposed mechanism, provides Figure 2-‐16: Web-‐application vulnerability disclosures by attack categories 2004 – 2009 (adapted from. [52]) . between people while others offer online market places where people can choose products.
See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users