Abstract

Different technologies and devices have various methods of authenticating users through various authentication models, USSD technology used in carrying out mobile financial services uses single factor authentication model. Sadly, the USSD technology on which this authentication model is implemented has the flaw of conveying and displaying all its data in plain text. These data displayed in plain text even at mobile interface are subjected to shoulder surfing attack.

To secure users data at mobile interface, while using USSD technology to carry out mobile financial services, a secure authentication model against shoulder surfing attack, which considered the inherent flaws in this technology was developed. In order to achieve this aim, a secure authentication model was designed based on the existing USSD banking architecture. The new authentication model includes, randomization obfuscation technique to secure users data at mobile interface against shoulder surfing attack, one time password and bag of soft biometric details of the user.

The performance of the model was evaluated against usability and security. To determine the usability of the system, the amount of errors made by user while entering authentication data and the time it took a user to enter the authentication data were considered. The security of the model was determined by considering the ratio of time taken by an attacker to capture users’ response to the time taken by a user to submit a response. The result obtained showed that the developed model is highly usable and more secure against shoulder surfing attack, than the existing authentication model in USSD banking today.

Though this model was developed and tested on mobile financial service platform, it can be applied in all areas that are customer-service based.