Securing SMS Based One Time Password Technique from Man in the Middle Attack

TL;DR

This paper proposes a more secure SMS-based OTP system for e-commerce transactions by combining OTP with a secure key and RSA encryption, preventing man-in-the-middle attacks and protecting user data.

Contribution

It introduces a novel method that enhances OTP security using RSA encryption and secure key integration, reducing vulnerability to man-in-the-middle attacks.

Findings

Enhanced security against man-in-the-middle attacks

OTP is not transmitted over insecure networks

Improved protection of user confidential data

Abstract

Security of financial transaction in e-commerce is difficult to implement and there is a risk that users confidential data over the internet may be accessed by hackers. Unfortunately, interacting with an online service such as a banking web application often requires certain degree of technical sophistication that not all Internet users possess. For the last couple of years such naive users have been increasingly targeted by phishing attacks that are launched by miscreants who are aiming to make an easy profit by means of illegal financial transactions. In this paper, we have proposed an idea for securing e-commerce transaction from phishing attack. An approach already exists where phishing attack is prevented using one time password which is sent on users registered mobile via SMS for authentication.But this method can be counter attacked by man in the middle.In our paper, a new idea is proposed which is more secure compared to the existing online payment system using OTP. In this mechanism, OTP is combined with the secure key and is then passed through RSA algorithm to generate the Transaction password. A copy of this password is maintained at the server side and is being generated at the user side using a mobile application.So that it is not transferred over the insecure network leading to a fraudulent transaction.