Conceptual Design and Implementation of FIDO2 compatible Smart Card for Decentralized Financial Transaction System
Anisha Ghosh, Aditya Mitra, Sibi Chakkaravarthy Sethuraman, Aswani Kumar Cherukuri
TL;DR
The paper addresses the vulnerabilities of password-based fintech authentication by proposing PP2PP, a FIDO2-enabled, passwordless system that uses hardware-backed smart cards (CTAP/WebAuthn) to securely authenticate users and protect transaction data stored in the cloud. It advances a cloud-edge architecture with robust security measures (HTTPS, DDoS protection, firewalls, private links) and defines clear roles (Sender, Bank, Receiver) to enable secure peer-to-peer transactions in an IoT context. The work details device registration and a multi-path transaction flow (QR, NFC, link sharing, direct transfer) with strong integrity and auditability, plus an experimental evaluation on Azure-based infrastructure demonstrating favorable latency and scalable resilience. Its contributions span system design, cryptographic primitives, registration and transaction workflows, attack analyses, and performance assessments, aiming to produce a practical, phishing-resistant framework for secure decentralized financial services. This approach has significant implications for improving security, privacy, and inclusivity in fintech, particularly for unbanked or underrepresented populations.
Abstract
With challenges and limitations associated with security in the fintech industry, the rise to the need for data protection increases. However, the current existing passwordless and password-based peer to peer transactions in online banking systems are vulnerable to advanced forms of digital attacks. The influx of modern data protection methods keeps better records of the transactions, but it still does not address the issue of authentication and account takeovers during transactions. To the address the mentioned issue, this paper proposes a novel and robust peer to peer transaction system which employs best cloud security practices, proper use of cryptography and trusted computing to mitigate common vulnerabilities. We will be implementing FIDO2 compatible Smart Card to securely authenticate the user using physical smart cards and store the records in the cloud which enables access control by allowing access only when an access is requested. The standard incorporates multiple layers of security on cloud computing models to ensure secrecy of the said data. Services of the standard adhere to regulations provides by the government and assures privacy to the information of the payee or the end-user. The whole system has been implemented in the Internet of Things scenario.