Enhanced security model for mobile banking systems in Tanzania

Abstract

In mobile banking schemes; financial services are availed and banking services are provided using mobile devices. GSM services are greatly utilized for data transmission by the technologies used in conducting mobile transactions. In their operations; these technologies send data in plaintext. Financial service providers tend to rely on the security services provided by the GSM which has been proved to be susceptible to cryptanalytic attacks. The used algorithms for crypto mechanisms are flawed leaving data carried through the network vulnerable upon interception. Operators need to take precaution by enforcing some protective measures on the information to be transmitted. This paper describes an SMS based model designed with security features to enhance data protection across mobile networks. Features for data encryption, integrity, secure entry of security details on the phone, and improved security policies in the application server are incorporated. We address issues of data confidentiality, user authentication and message integrity in order to provide end-to-end security of data carried on GSM networks.