Master's Thesis Page
This page contains material related to thesis Security Analysis of Internet Bank Authentication Protocols and their Implementations.
Thesis was defended for the degree of Master of Science in Cyber Security (M.Sc.) in Tallinn University of Technology on June 11, 2012.
Here are the slides from the defense.
The final version of the thesis document was turned in on June 1, 2012.
- On 9th October 2014, the Estonian Banking Association released a new protocol which fixes authentication protocol related security issues.
- On 8th November 2012, I gave a talk about security of bank link authentication in ISACA Latvia Chapter and CERT.LV annual conference.
- On 27th September 2012, the Estonian TV News program mentioned (video) security problems of bank link authentication.
- On 27th September 2012, the Estonian newspaper "Eesti Paevaleht" ran an article (translation) about (in)security of bank link authentication.
- On 9th September 2012, the TV3 Latvia program "Nothing Personal" made a story about (in)security of Internet bank authentication.
- The proof-of-concept video showing Internet bank authentication bypass in Latvian service providers.
- The proof-of-concept video showing authentication token cross-site replay against Latvian service providers.
- The proof-of-concept video showing authentication token cross-site replay against Estonian service providers.