Security Model For Data On Transit In Mobile Banking Applications

Abstract

Mobile banking applications is an advanced technology within mobile banking that exploits the use of wireless and cellular networks to deliver banking services to users with increased convenience round the clock. However, vulnerabilities on this banking channel are utilized by cybercriminals to gain unauthorized access and illegally acquire confidential information of customers to steal money from their accounts. Notably, it is essential to preserve customer data from online cyber thieves. In order to achieve this goal, this thesis sought to assess: operation of mobile banking applications; security threats affecting user-data on transit in mobile banking applications; techniques used to secure user-data on transit in mobile banking applications; develop a hybrid algorithm that ensures secure user-data on transit in mobile banking applications, and evaluate the developed hybrid algorithm for secure user-data on transit in mobile banking applications. Most state-of-the-art techniques have focused mainly on web-based systems rather than mobile banking applications. This study adopted a positivist research paradigm. This study embraced two research designs, that is, descriptive and data science methodologies. Secondary data was gathered from peer reviewed published journal articles, conference proceedings and books. Image processing dataset from The University of Southern California Signal and Image Processing Institute database was utilized to obtain high quality pictures for the hybrid algorithm test simulations. Data analysis was performed through several methods, including content analysis, gap analysis, visual quality analysis, entropy analysis, and statistical analysis. Inferences from the research were illustrated objective-wise, figures and tables. Simulations were carried out on Matlab (R2021a) software using six color pictures. Inferences from this study revealed that operation of mobile banking applications require registration and configuration of mobile banking applications while Transport Layer Security initiates a safe interconnection that links client application and the banks’ server. Threats to user data in mobile banking applications are mobile malware, packet sniffing attacks, Man-In-The-the-Middle attacks, Domain Name System poisoning attacks, Secure Sockets Layer strip session hijacking, eavesdropping attacks, Denial of Service attacks, and social engineering attacks. These security threats can be alleviated by utilization of cryptography, steganography, strong authentication, strong antivirus software, and user education. Development of the proposed hybrid algorithm assimilated Least Significant Bit steganography and Advanced Encryption Standard algorithm. Evaluation of the proposed hybrid algorithm was done using Mean Squared Error, Peak Signal-to-Noise Ratio, Histograms, and entropy. The hybrid algorithm exhibited low MSE values between 0.0001297 to 0.0005646 and high PSNR values of 80.65 to 87.04 decibel. Entropy values were between 6.295 and 7.762 inferring the developed hybrid algorithm was robust against MITM attacks for user-data on transit in mobile banking applications. Histograms analysis showed no conceivable differences between cover and Stego-pictures. This study recommended utilization of LSB-AES on transit user-data protection algorithm to fortify mobile banking applications.