Enhancing OTP Transaction Security through Federated Learning in IoT Environments
Abstract
We live in a digitalized age where banks breathe data and hospitals pulse through networks. The internet of things (IoT) has transmitted and transformed the normal norm into a digitized ecosystems, automated and algorithmically connected. Yet, in this architecture of convenience lies an invisible vulnerability. As devices multiply, so do the attacks; as connectivity expands, so does the cyber fragility. Among the most pervasive threats in this digital intimacy is the one-time password (OTP) fraud—a subtle yet devastating breach of trust engineered through deception, phishing, and manipulation, which are risks at stake. A single click, tap, submit or accept push button fractures and damages the boundary between privacy and harsh truth exposed, granting unauthorized access to sensitive data and financial credentials. This research reimagines cybersecurity not as a centralized surveillance, but as a decentralized intel. In this research, we propose an IoT-based monitoring framework powered by federated learning (FL), a paradigm shift from data extraction to data sovereignty. Within this architecture, models are trained locally across distributed IoT nodes. Only encrypted model updates are aggregated, ensuring privacy preservation while enabling intelligence. This approach represents more than a technical upgrade; it is a philosophical repositioning of cybersecurity. We acknowledge in the research that in a post-digital society, privacy is not merely a feature – it is a fundamental design principle. The prototype features: data localization and sovereignty, reduction in centralized breach risks, real-time fraud detection, scalable privacy-preserving intelligence, and ethical AI deployment within the ecosystems. Overall, by synthesizing IoT infrastructure with federated learning algorithms, this research demonstrates that security and privacy coexist through distributed cognition. In an era where information is currency and identity is code, the fusion of federated learning and IoT-based monitoring systems provides a resilient, secure, and safe solution.
References
S. Nasiri, M. T. Sharabian, and M. Aajami, “Using combined one-time password for prevention of phishing attacks,” Engineering, Technology & Applied Science Research, vol. 7, no. 6, pp. 2328–2333, Dec. 2017.
A. Mosenia and N. K. Jha, “A comprehensive study of security of Internet-of-Things,” IEEE Transactions on Emerging Topics in Computing, vol. 5, no. 4, pp. 586–602, Oct. 2017.
H. B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” arXiv preprint, 2016.
Q. Yang, Y. Liu, T. Chen, and Y. Tong, “Federated machine learning: Concept and applications,” ACM Transactions on Intelligent Systems and Technology, vol. 10, no. 2, pp. 1–19, Feb. 2019.
J. Kang, Z. Xiong, D. Niyato, S. Xie, and J. Zhang, “Incentive mechanism for reliable federated learning: A joint optimization approach combining reputation and contract theory,” IEEE Internet of Things Journal, vol. 6, no. 6, pp. 10700–10714, Dec. 2019.
X. Li, K. Huang, W. Yang, S. Wang, and Z. Zhang, “On the convergence of FedAvg on non-IID data,” arXiv preprint, Jun. 2020.
N. Kumar, S. Zeadally, and J. J. P. C. Rodrigues, “Vehicular delay-tolerant networks for smart grid data management using mobile edge computing,” IEEE Communications Magazine, vol. 54, no. 10, pp. 60–66, Oct. 2016.
K. Bonawitz et al., “Practical secure aggregation for privacy-preserving machine learning,” in Proc. ACM SIGSAC Conf. Computer and Communications Security (CCS), Oct. 2017, pp. 1175–1191.
T. Li, A. K. Sahu, A. Talwalkar, and V. Smith, “Federated learning: Challenges, methods, and future directions,” IEEE Signal Processing Magazine, vol. 37, no. 3, pp. 50–60, May 2020.
W. Y. B. Lim et al., “Federated learning in mobile edge networks: A comprehensive survey,” IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 2031–2063, 2020.
