Enhanced web security application for online financial transactions

 

Table Of Contents


  • <p> TITLE PAGE ……………………………………………………………………………………………………………… ii<br>DECLARATION ………………………………………………………………………………………………………..iii<br>CERTIFICATION ……………………………………………………………………………………………………… iv<br>DEDICATION ……………………………………………………………………………………………………………. v<br>ACKNOWLEDGEMENT …………………………………………………………………………………………… vi<br>ABSTRACT ………………………………………………………………………………………………………………. ix<br>TABLE OF CONTENTS ……………………………………………………………………………………………… x<br>LIST OF FIGURES ………………………………………………………………………………………………….. xiv<br>LIST OF TABLES …………………………………………………………………………………………………….. xv<br>LIST OF ABBREVIATIONS …………………………………………………………………………………….. xvi<br>

Chapter ONE

INTRODUCTION

  • …………………………………………………………………………………………………………. 1<br>INTRODUCTION ………………………………………………………………………………………………………. 1<br>
  • 1.1Background of the Study ……………………………………………………………………………………… 1<br>
  • 1.2Research Motivation …………………………………………………………………………………………… 2<br>
  • 1.3Research Aim and Objectives ………………………………………………………………………………. 3<br>
  • 1.4Research Methodology …………………………………………………………………………………………… 4<br>
  • 1.5Contribution to Knowledge ………………………………………………………………………………….. 4<br>
  • 1.6Organization of the Dissertation …………………………………………………………………………… 4<br>

Chapter TWO

LITERATURE REVIEW

  • ………………………………………………………………………………………………………… 5<br>LITERATURE REVIEW …………………………………………………………………………………………….. 5<br>xi<br>
  • 2.1Introduction …………………………………………………………………………………………………… 5<br>
  • 2.2History of the Web …………………………………………………………………………………………. 5<br>2.
  • 2.1Online banking ………………………………………………………………………………………… 5<br>2.
  • 2.2History of Online Banking ………………………………………………………………………… 6<br>2.
  • 2.3Security ………………………………………………………………………………………………….. 8<br>
  • 2.3Online Attacks ……………………………………………………………………………………………… 10<br>2.
  • 3.1MAN-IN THE-BROWSER ATTACK ……………………………………………………… 11<br>2.
  • 3.2Other Threats ………………………………………………………………………………………… 12<br>
  • 2.4Security Features ………………………………………………………………………………………….. 14<br>2.
  • 4.1SALT……………………………………………………………………………………………………. 14 2.
  • 4.2HASHING…………………………………………………………………………………………….. 15<br>2.
  • 4.3SESSIONS ……………………………………………………………………………………………. 15<br>2.
  • 4.4DYNAMIC JAVASCRIPT ……………………………………………………………………… 16
  • 2.5Technologies Used ……………………………………………………………………………………….. 17 2.
  • 5.1Server Side Scripting Language……………………………………………………………….. 17<br>2.
  • 5.2Client Side Scripting Language ……………………………………………………………….. 17<br>2.
  • 5.3HTML ………………………………………………………………………………………………….. 18<br>2.
  • 5.4MySQL ………………………………………………………………………………………………… 18<br>
  • 2.6Literature Review …………………………………………………………………………………………. 19<br>

Chapter THREE

SYSTEM DESIGN AND IMPLEMENTATION

  • …………………………………………………………………………………………………… 22<br>MATERIALS AND METHODS …………………………………………………………………………………. 22<br>xii<br>
  • 3.1Introduction …………………………………………………………………………………………………. 22<br>
  • 3.2The Proposed Enhanced Security System ………………………………………………………… 22<br>3.
  • 2.1Functionalities of the System …………………………………………………………………… 23<br>3.
  • 2.2System Architecture ……………………………………………………………………………….. 24<br>3.
  • 2.3System Flow Chart …………………………………………………………………………………. 26<br>
  • 3.3The Security Model Mitigating MITB …………………………………………………………….. 28<br>3.
  • 3.1The Anti-Form Grabbing Technique ………………………………………………………… 28<br>3.
  • 3.2Token Generation…………………………………………………………………………………… 31<br>3.
  • 3.3JSON Web Token (JWT) ………………………………………………………………………… 32<br>3.
  • 3.4Email Verification Service ………………………………………………………………………. 32<br>
  • 3.4Theoretical Evaluation of the Security Model ………………………………………………….. 33<br>

Chapter FOUR

SYSTEM TESTING AND EVALUATION

  • ……………………………………………………………………………………………………… 38<br>IMPLEMENTATION AND DISCUSSION …………………………………………………………………. 38<br>
  • 4.1Introduction …………………………………………………………………………………………………. 38<br>
  • 4.2Code Implementation ……………………………………………………………………………………. 38<br>4.
  • 2.1Coding the proposed algorithm ………………………………………………………………… 38<br>4.
  • 2.3Email authentication handler …………………………………………………………………… 42<br>
  • 4.3Discussion of Results…………………………………………………………………………………. 42<br>
  • 4.4Model Comparison Analysis ………………………………………………………………………….. 46<br>

Chapter FIVE

SUMMARY, CONCLUSION AND RECOMMENDATIONS

  • …………………………………………………………………………………………………….. 50<br>SUMMARY, CONCLUSION AND RECOMMENDATION ……………………………………… 50<br>xiii<br>
  • 5.1Summary …………………………………………………………………………………………………….. 50<br>
  • 5.2Conclusion …………………………………………………………………………………………………… 51<br>
  • 5.3Recommendation ………………………………………………………………………………………….. 51<br>REFERENCES …………………………………………………………………………………………………………. 52 <br></p>

Project Abstract

<p> </p><p>Online users now make use of internet banking as a major platform of making payments of products online. Cybercriminals are using newer and more advanced methods to target online users. One of the fastest growing threats and attacks in the world today is Man-in-the-Browser (MITB) attacks. As the advance in technology continues to influence the way society makes payment for goods and services, then more advanced security approach is required for transaction authentication on the internet. This dissertation provides a more secure authentication for online transaction using an enhanced security approach that uses an Anti-form grabbing technique to encode user inputs to random characters, JSON Web Token (JWT) to provide and secure safe passage of information between two parties, a One Time Password (OTP) token for authentication and the use of Email as another verification channel from the server to combat MitB attacks.</p><p>&nbsp;</p> <br><p></p>

Project Overview

<p> INTRODUCTION<br>1.1 Background of the Study<br>When using services in a web environment, security is of great importance especially for both the user and the provider. The information in use must be handled in a way that does not compromise its security. Passwords are only secured as long as the user keeps them secret. Not everyone is aware of the risk that comes with compromised passwords and other security leaks (Nilsson, 2012).<br>Lately, client side attacks on online banking and electronic commerce are on the rise due to inadequate security awareness amongst end users. As a result, end user would not be aware if there is vulnerability on their machine or platform that might lead to client side attack such as man-in-the-browser (MitB) attacks. For instance, man-in-the-middle (MitM) attack techniques which are mainly targeting the information flow between a client and a server have now evolved to become man-in-the-browser (MitB) attack. MitM attack occurs when someone manages to eavesdrop on web traffic by fooling the other connections (Web Server and Client Server) to connect to the attacker instead of connecting to each other. One of the common ways to counter these attacks is to use secure channel like SSL(Secured Socket Layer) when sensitive data is transmitted between the client and the server. MitB attack is designed to infiltrate the client software such as the internet browser and manipulate or steal any sensitive information. It takes place on the client side of the connection. The ability of these trojans to perform Man-in-the-Middle-Attacks/ Man-in-the-Browser-Attacks on valid transactions is most worrying since they silently change the information from the client such as the user’s bank details or sensitive information to the attacker’s account details(Fazli et al., 2012).<br>2<br>The password remains the most popular authentication mechanism in use today. In order to complete any web-based transaction exchange, the online user will be required to enter his/her password into an online system.<br>As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases.<br>In order to mitigate these security issues, this proposed dissertation proffers a solution to the problem by integrating different authentications and methods to provide an improved and secure online transaction between the client and the server. The thesis introduces an anti-form grabbing technique which disallows the attacker from “grabbing” sensitive information and modifying it when they are being sent to the server by the client and also protects the web contents through JSON Web Token (JWT) which is a safe means of transferring information between two parties. The system also minimizes the risk of man-in-the-browser (MitB) by using One Time Password (OTP), a password that is valid for only one login session or transaction within a limited time along with the use of Email as a different verification channel.<br>1.2 Research Motivation<br>Cyber criminals are using newer and more advanced methods to target online users and one of the fastest growing threats in the world today is man-in-the-browser (MitB) Trojan attacks (RSA, 2011). What makes MitB attacks difficult to detect from the client side is that any activity performed seems as though it is originating from the legitimate user’s web browser and with this, it silently changes the information of the user’s account details to the attacker’s account details which is most worrying.<br>The losses attributed to financial fraud are alarming. The financial services industry has become a primary target of cyber-attacks on a global scale and, in 2009 alone, suffered losses totalling $54 billion – an increase from $48 billion in 2008 (SafeNet, 2010).<br>3<br>In 2010, there has been an exponential increase in the number of these attacks against financial institutions including the European consumer banking and U.S. corporate banking markets (RSA, 2011).<br>The hackers target the most sensitive information such as the account number and the amount and alter it for their own benefit. One must be able to trust the data that is transmitted to the bank server which is why an enhanced web security application will be developed to tackle the online security threat.<br>1.3 Research Aim and Objectives<br>The aim of this dissertation is to develop mechanisms for preventing Man-in-the-Browser (MitB) attacks on online financial transaction. The research objectives of this proposed dissertation are to:<br>a) Develop anti-form grabbing technique to encode the user inputs as they are being entered.<br>b) Implement an authentication mechanism using One Time Password (OTP).<br>c) Develop a medium that make use of Email from the server for identity verification.<br>4<br>1.4 Research Methodology<br>The following are methods that were adopted for this research:<br>a) Develop the anti-form grabbing algorithm to encode user inputs.<br>b) Develop the OTP algorithm to authenticate the user.<br>c) Develop a medium that make use of Email from the server for identity verification.<br>d) Design the proposed system architecture to mitigate MitB attack.<br>e) Implement the proposed system.<br>f) Assess performance of the proposed system.<br>1.5 Contribution to Knowledge<br>The Enhanced Web Security Application was developed to tackle MitB attacks and in doing that, the following contributions were made to this dissertation:<br>a) The Anti-form grabbing algorithm was developed to tackle form grabbing which is a technique of MitB attack.<br>b) The web contents were encrypted with JWT to protect the information exchange between two parties.<br>c) The use of Email for verification channel.<br>1.6 Organization of the Dissertation<br>The organization of the rest of the dissertation with a brief outline of the chapters is as follows. In chapter 2, history of online banking will be discussed and also related works on MitB will be carried out. In chapter 3, the proposed design of the enhanced security application will be discussed, especially the security components; Anti-form grabbing, JWT, OTP and the use of Email which makes up the system architecture. Chapter 4 will involve the implementation of the design proposed in chapter 3. Chapter 5 will summarize the dissertation and outlining of the future work.<br>5 <br></p>

Blazingprojects Mobile App

📚 Over 50,000 Project Materials
📱 100% Offline: No internet needed
📝 Over 98 Departments
🔍 Software coding and Machine construction
🎓 Postgraduate/Undergraduate Research works
📥 Instant Whatsapp/Email Delivery

Blazingprojects App

Related Research

Computer Science. 3 min read

Adaptive Cybersecurity Threat Detection Using Machine Learning Techniques...

What This Project Is About This project focuses on developing a system that can detect cybersecurity threats, such as hacking attempts or malware, more effectiv...

BP
Blazingprojects
Read more →
Computer Science. 3 min read

AI-Powered Real-Time Language Translation System...

What This Project Is About This project involves creating a system that can understand and translate spoken language from one language to another instantly. The...

BP
Blazingprojects
Read more →
Computer Science. 4 min read

Developing an AI-Powered Personal Health Assistant Chatbot...

What This Project Is About This project focuses on creating a chatbot that uses artificial intelligence (AI) to help people manage their health. The chatbot wil...

BP
Blazingprojects
Read more →
Computer Science. 4 min read

Deep Learning-Based Real-Time Cybersecurity Threat Detection System...

This project is about creating a system that can automatically detect cybersecurity threats, such as hacking attempts or malware attacks, in real-time using adv...

BP
Blazingprojects
Read more →
Computer Science. 3 min read

Development of an AI-Powered Personalized Learning Platform...

This project is about creating a smart online learning platform that adapts to each student's individual needs and ways of learning. Traditional education metho...

BP
Blazingprojects
Read more →
Computer Science. 2 min read

Predicting Disease Outbreaks Using Machine Learning and Data Analysis...

The project topic, &quot;Predicting Disease Outbreaks Using Machine Learning and Data Analysis,&quot; focuses on utilizing advanced computational techniques to ...

BP
Blazingprojects
Read more →
Computer Science. 2 min read

Implementation of a Real-Time Facial Recognition System using Deep Learning Techniqu...

The project on &quot;Implementation of a Real-Time Facial Recognition System using Deep Learning Techniques&quot; aims to develop a sophisticated system that ca...

BP
Blazingprojects
Read more →
Computer Science. 2 min read

Applying Machine Learning for Network Intrusion Detection...

The project topic &quot;Applying Machine Learning for Network Intrusion Detection&quot; focuses on utilizing machine learning algorithms to enhance the detectio...

BP
Blazingprojects
Read more →
Computer Science. 2 min read

Analyzing and Improving Machine Learning Model Performance Using Explainable AI Tech...

The project topic &quot;Analyzing and Improving Machine Learning Model Performance Using Explainable AI Techniques&quot; focuses on enhancing the effectiveness ...

BP
Blazingprojects
Read more →
WhatsApp Click here to chat with us