Risk-Linked Security Solutions for Mobile Financial Systems

UoM administered thesis: Phd

  • Authors:
  • Abdullah Alnajem


Abdullah Abdulaziz Ibrahim Alnajem,Risk-Linked Security Solutions for Mobile Financial Systems,Doctor of Philosophy, The University of Manchester, May 5, 2015.Owing to technological developments in areas such as the Internet and wireless communications, more and more services are being made available on-line (i.e. via the Internet) and to mobile users. Mobile banking (m-banking) is one of such services. However, the Internet, integrated with wireless channels, is extremely vulnerable to a wide range of cyber threats and attacks, and, owing to potential monetary gains, m-banking services are particularly attractive to cyber attackers. Risk-linked security solutions have been proposed in the literature recently to balance security protection levels and costs incurred in providing the security. This thesis addresses one of the open issues in realizing this risk-linked security concept, i.e. how to evaluate risk in a given context and do so as effectively and efficiently as possible. It proposes a novel approach to risk aggregation based on multiple risk factors, a copula-based risk evaluation method, which can be used to estimate an aggregated risk value from a set of risk factors that are either dependent or independent of each other. To reduce the execution time of the method, a number of optimization techniques have been applied and experimented. These include the application of a survival function, the geometrical representation of the Genz method and the use of massively parallel architecture on a GPU.In addition, a novel optimized method has also been designed, which could be used to authenticate a m-banking user with a multi-factor authentication method based on the underlying risk level derived. In other words, depending on the risk level, the method can decide which or how many factors should be used to authenticate the user. Moreover, it can decide what level of assurance should be applied for each authentication method to balance the aggregated assurance level with the aggregated risk level. To reduce execution time, the method is based on Lagrange multiplier rather than a global constrained Genetic Algorithm optimization method.Comprehensive experiments have been carried out to evaluate the effectiveness and efficiency of the novel methods. Experimental results show that the copula-based risk evaluation method produces more accurate risk estimation results than related work and can be used to identify evasive fraud. The optimization techniques employed in the risk evaluation and risk-linked authentication methods can reduce the methods' execution times markedly.


Original languageEnglish
Awarding Institution
Award date1 Aug 2015