Edinburgh Napier University

  E-commerce applications provide on-line clients and merchants with a quick and convenient way to exchange goods and services. However, the deployment of these applications is still facing many problems such as security threats; and on-line attacks. These often cause users to be concerned about their own privacy and encourage them to stop using on-line methods. Thus, a number of on-line authentication technologies and methods have been developed in order to authenticate users and merchants, verify their identities, and therefore overcome e-commerce security threats. Although
stand-alone authentication solutions have been successful in
authenticating legitimate clients and in defeating on-line attacks,
they are often weak in overcoming the Man-In-The-Browser
(MITB) attack, which is a type of Internet threat that infects a
web-browser in a concealed fashion, and is invisible to both client
and host applications. This paper presents a Mobile User
Authentication System (MUAS) that uses QR code technology to
authenticate on-line users, through a challenge/response protocol.
Based on this mechanism, the system integrates different
authentication technologies and methods to provide an improved
and secure on-line user and merchant authentication system that
overcomes MITB attack, without compromising usability and
ubiquity.