With the rapid growth of Web-based applications, the Internet is a perfect target for hackers. Attacking an individual person or a multi-billionaire company is achievable in a click of a button. Today, almost everything is done by means of using the Internet, from simple email access to paying bills online, managing online banking, filling out taxes, shopping, and so on. As a result, the Internet has become a feeding ground for hackers. These presents a great deal of concerns and challenges for the organization’s security. Users are constantly demanding new applications and features with easy to use interfaces. Conversely, they are worried about increasing dangers. These demands from users creates a wide range of attack from …show more content…
Two of the most common attacks are offline credential-stealing attacks and online channel-breaking attacks. “Offline credential-stealing attacks aim to fraudulently gather a user’s credential either by invading an insufficiently protected PC via malicious software (such as a virus or Trojan horse) or by tricking a user into voluntarily revealing his or her credentials via phishing” (Hiltgen, Kramp, Weigold, p.g, 21). Online channel-breaking attacks is known to be more sophisticated. It is done by a malicious man in the middle. In this type of attacks, “the intruder unnoticeably intercepts messages between the client PC and the banking server by masquerading as the server to the client and vice versa” (Hiltgen, Kramp, Weigold, p.g, 21). Even though servers are authenticated by a public-key certificate when an SSL/TLS session is established, the user sometimes trustingly ignores messages about invalid or untrusted certificates. To make matters worse, the user is even fooled into trusting online-generated fake server certificates from a nested intruder certification authority. As a result, a hacker could hijack the authenticated banking session or unnoticeably manipulate transaction data (Hiltgen, Kramp, Weigold, p.g, 21,22). With such vulnerabilities in online banking systems, sooner or later, users and banks will have to adopt various secure authentication