Factors affecting the adoption of Internet banking in the Kingdom of Bahrain

Janahi, Yusuf M. A. M.

January 2016

The emergence of the Internet in business as a marketing tool and as a communication medium is one of the existing challenges for the banking industry. Because of this evolution, the banking industry has adopted Internet banking both for financial transactions and for the provision of information about products and services. Based on the ideas mentioned, this study aimed to examine the factors which may affect the intention to use Internet banking in the Kingdom of Bahrain with the following research objectives to be achieved: first, to identify the factors which affect the intention to use and adopt Internet banking in the Kingdom of Bahrain; second, to develop a model based on the identified factors that affect the intention to use Internet banking in the Kingdom of Bahrain; and third, to test the reliability and validity of the proposed model and find its implications on the intention to use and adopt Internet banking. In this study, five variables were initially chosen, namely, perceived privacy protection, perceived security protection, perceived trust, perceived information quality and perceived risks/benefits that may affect the intention to use Internet banking. Besides the five variables, two more variables were included: cultural dimension and biometric technology to measure a significant relationship with any of the five variables that might affect the intention of bank customers to use Internet banking in Bahrain. As a quantitative method of research, the study focused on assessing the co-variation among naturally occurring variables with the goal of identifying predictive relationships by using correlations or more sophisticated statistical techniques. In analysing the data, the descriptive statistics were used. In addition, construct reliability and discriminant validity tests were conducted and structural equation modelling were used to test the research model and verify the hypotheses. The cultural context has rarely been commented on in previous research, but as a result of taking this factor into account in addition to the more technical issues, a number of practical implications became evident for banking in Bahrain that may have applicability elsewhere in the Arab world. These include both a focus on relationship management as well as the need for additional levels of security through biometric fingerprinting to be implemented by banks wishing to increase the adoption of Internet banking amongst existing customers. These strategies also have potential to attract new market segments.

Authentication aura : a cooperative and distributed approach to user authentication on mobile devices

Hocking, Christopher George

January 2015

As information technology pervades our lives we have increasingly come to rely on these evermore sophisticated and ubiquitous items of equipment. Portability and the desire to be connected around the clock has driven the rapid growth in adoption of mobile devices that enable us to talk, message, tweet and inform at will, whilst providing a means to shop and administer bank accounts. These high value, high risk, desirable devices are increasingly the target of theft and improvement in their protection is actively sought by Governments and security agencies. Although forms of security are in place they are compromised by human reluctance and inability to administer them effectively. With typical users operating across multiple devices, including traditional desktop PCs, laptops, tablets and smartphones, they can regularly find themselves having a variety of devices open concurrently. Even if the most basic security is in place, there is a resultant need to repeatedly authenticate, representing a potential source of hindrance and frustration. This thesis explores the need for a novel approach to user authentication, which will reduce the authentication burden whilst providing a secure yet adaptive security mechanism; a so called Authentication Aura. It proposes that the latent security potential contained in surrounding devices and possessions in everyday life can be leveraged to augment security, and provides a framework for a distributed and cooperative approach. An experiment was performed to ascertain the technological infrastructure, devices and inert objects that surround individuals throughout the day. Using twenty volunteers, over a fourteen-day period a dataset of 1.57 million recorded observations was gathered, which confirmed that between 6am and 12pm a significant device or possession is in near proximity 97.84% of the time. Using the data provided by the experiment as the basis for a simulation of the framework, it suggests a reduction of up to 80.36% in the daily number of required authentications for a user operating a device once every 30 minutes, with a 10 minute screen lock in place. Examining the influence of location alone indicated a reduction of 50.74% in user interventions lowering the average from 32 to 15.76, the addition of the surroundings reducing this further to 13.00. The analysis also investigated how a user’s own authentication status could be used to negate the need to repeatedly manually authenticate and it was found that it delayed the process for up to 90 minutes for an individual user. Ultimately, it confirms that during device activation it is possible to remove the need to authenticate with the Authentication Aura providing sufficient assurance.

005.25

Towards Internet Voting in the State of Qatar

Al-Hamar, Jassim Khalid

January 2011

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government.

320

A secure quorum based multi-tag RFID system

Al-Adhami, Ayad

January 2018

Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.

An integrated intelligent approach to enhance the security control of it systems : a proactive approach to security control using artificial fuzzy logic to strengthen the authentication process and reduce the risk of phishing

Salem, Omran S. A.

January 2012

Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.

An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing

Salem, Omran S.A.

January 2012

Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.

Trust & Security issues in Mobile banking and its effect on Customers / Trust & Security issues in Mobile banking and its effect on Customers

Bilal, Muhammad, Sankar, Ganesh

January 2011

Context: The invention of mobile phones makes the human life easier. The purpose of this study is to identify security risks in mobile banking and to provide an authentication method for mobile banking transaction by using bio-metric mechanism. Objectives: Current mobile banking authentication is challenging and identified as a major security risk. Literature review shows that customer distrusts mobile banking due to security issues. The authors discuss security risks in current authentication methods in mobile banking. Methods: There are different methods and approaches to handle authentication in mobile banking. In this thesis, we propose a new approach of authentication in mobile banking. The strengths and weaknesses of existing approaches of authentication are identified with the help of Literature Review and interviews. The authors present basic transaction model and include security risks. By Literature Review it is found that finger print mechanism is a suitable method for authentication. Authors focus on authentication method and present a biometric scanning device which can identify the customer’s finger print thus enabling the customer to access mobile banking facility. Results: An authentication model is proposed through design process. The proposed biometric design was validated by conducting a workshop. The analysis of the workshop’s results showed that customer’s trust in security for mobile banking will be increased by finger print mechanism. To promote mobile banking, it is necessary to improve customer trust in terms of security. Conclusions: The authors concluded that, only authorized person will be able to use mobile banking services by incorporating bio-metric finger-print mechanism. By literature review and interview it was found that finger-print mechanism is more suitable than other ordinary mechanisms like login and password mechanism, SMS etc. / Using mobile phones for mobile banking, customers can push or pull the details like Funds transfer, Bill payment, Share trade, Check order and also inquiries like Account balance, Account statement and Check status Transaction history etc. It means that the customer is interacting with the files, databases etc., of the bank . Database at the server end is sensitive in terms of security. Customers distrust mobile devices to transfer money or for making any transactions. The reason is that security is a major concern for the customer’s fulfillment. Customer’s main concern in using mobile devices for mobile banking is the authentication method used to ensure that the right person is accessing the services like transaction etc.The authors made a basic model for mobile banking transaction. All security risks were included in the transaction model. Then the authors focused on authentication method. By literature review and interview it was concluded that security can be improved by bio metric methods. The authors focused on different bio-metric mechanism and concluded that fingerprint mechanism is more suitable as it requires less storage capacity in database and identifies the uniqueness of customers. The authors suggest a possible solution by proposing finger-print mechanism model and designed a bio-metric scanning device as a solution through which customer can interact with banking system using their finger-print. The result of workshop shows that bio-metric finger print mechanism is more suitable and secure then other authentication methods for mobile banking. / 004531847791

Trust

Security Authentication

bio-metric finger print

Computer Sciences

Datavetenskap (datalogi)

Human Computer Interaction

Databáze specifikací bezpečnostních protokolů / Specifications Database of Security Protocols

Ondráček, David

January 2008

Original protocols, which were created during early development of computer networks, no longer provide sufficient security. This is the reason why new protocols are developed and implemented. The important component of this process is formal verification, which is used to analyze the developed protocols and check whether a successful attack is possible or not. This thesis presents selected security protocols and tools for their formal verification. Further, the selected protocols are specified in LySa calculus and results of their analysis using LySatool are presented and discussed.