IIPROVINGONLINEBANKlNGSECURITYWITH HARDWARE DEVICES

Eventhough itprobably hasnever happened tous, itispossible tointroduce ourcredit cardonanATM andhaveitsteal the moneyfromouraccount oraccess ourbankaccount froma computer andhavesomeone else getting access toit. Inthefirst casewebelieve that theATM isatrusted device andwill never trytocheat us.Inthesecond case, webelieve that ourcomputer provides asafeenvironment forelectronic banking. Although there areafewrecords inhistory ofATM fraud, wegenerally believe that itwon'thappen tous.However, weallknowthat computers arenotsafe andstill taketherisk. Viruses andtrojans (malicious software) candoallthis andmuchmore, notonlyin movies butinthereal world. Thisispossible just because weare giving awayalltheinformation needed toaccess ourmoney instead ofkeeping them. Inthefirst casewearegiving awayour credit cardandthePIN(Personal Identification Number) andin thesecond casewearegiving awayourlogin andpassword/s. Anyonewhocanintercept thisinformation cansuccessfully pretend tobeusandwithdraw ourmoney.Digital signature can solve these problems providing themeansforvalidating auser oragiven operation without exposing thedata required todoit. However, thepoint isnotifdigital signature isthebest wayto protect ourmoney, buthowtoimplement thesystem inaway that iseasytouseandsafe enough. Herewewill propose somepossible implementations based on theideathat notonly digital signature isneeded butalso human interaction isrequired inorder toavoidaclassic man-in-themiddle-attack. Itisnotsafetointroduce a smartcardona standard smart cardreader, introduce thePINontheapplication usedtoaccess it, andthen expect theapplication todoexactly whatwetell ittodo.Thatwouldbeperfectly fine inaworld wherewecantrust eachother andwecanconsider computers to becompletely safe fromintrusions. Butthetruth isunfortunately farfrombeing like that andsoweneedtolookfornewwaysto protect usfromthis kindofattacks.