A Proof of Concept Attack against Norwegian Internet Banking Systems

13 years 6 months ago

Download www.nowires.org

Abstract. The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet. The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population. This paper describes a practical man-inthe-middle attack against online banking applications using BankID. The attack gives an adversary access to customer bank accounts in two different online banking systems. Proof of concept code has been developed and executed to demonstrate the seriousness of the problem.

Yngve Espelid, Lars-Helge Netland, André N.

Real-time Traffic

Cryptology | FC 2008 | National Id Infrastructure | Online Banking | Online Banking Applications |

claim paper

» SSLTLS SessionAware User Authentication

Post Info
More Details (n/a)

Added	19 Oct 2010
Updated	19 Oct 2010
Type	Conference
Year	2008
Where	FC
Authors	Yngve Espelid, Lars-Helge Netland, André N. Klingsheim, Kjell Jørgen Hole

Comments (0)

Sciweavers

A Proof of Concept Attack against Norwegian Internet Banking Systems

Cryptology | FC 2008 | National Id Infrastructure | Online Banking | Online Banking Applications |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers