A Secure Mobile Banking Using Kerberos Protocol

Abstract

Because the network is an open environment, a lot of care must be taken whentransferring sensitive information especially when related with financial data. This dependson the principals to be trusted which is a problematic and since the first step in networksecurity is the authentication, this paper presents a proposed modal for secure mobilebanking (m-banking) applications using Kerberos (the network authentication protocol).The aim of this paper is to establish a secure communication between the clients andmobile-bank application server in which they can use their mobile phone to securely accesstheir bank accounts, make and receive payments, and check their balances.The integration of smart card into classic Kerberos enhances the security for clientauthentication by storing the cryptographic keys and perform dual factor authentication.Other enhancement to Kerberos is the PKINIT in which the shared key is mapped withpublic- private key. To build a robust client authentication the client uses his/her mobilephone to author Kerberos's messages, process the replay and establish securecommunication with the application server.