Network/Communicational Vulnerability

Transcription

1 Automated teer machines (ATMs) are a part of most of our ives. The major appea of these machines is convenience The ATM environment is changing and that change has serious ramifications for the security of ATMs. Vunerabiity is appied to a weakness in a system which aows an attacker to vioate the integrity of that system. Vunerabiities may resut from bugs or design faws in the system. A consumer becoming more dependent on ATMs and the proiferation of ATM debit cards, computer crime in this area is more ikey to increase. This study is on the ATM vunerabiity and security issues, which types of vunerabiities are in system and which type of security we are providing in present and which type of new efforts we can make. The purpose of this study is to expain how ATM vunerabiities occurs, causes and possibe security soutions and designing a security mode to prevent such oss and efforts to overcome them and provide more security over auto teer machine transactions. ABSTRACT Information technoogy is a rapid growing sector now a day. Daiy new inventions are taking pace in market. In financia sector especiay the banking sector there are so many new technoogies are taking pace in financia operations.atm is an important invention for banking sector. The wonders of modern technoogy have made it possibe for bank customers to interact with an eectronic banking faciity as Automated Teer Machine (ATM) rather than with a human Being for cash transactions. Eectronic banking is one of the newest services offered by amost a banks to their customers. Eectronic banking invoves amongst others, Automated Teer Machine (ATM), Point-Of-Sae (POS), and Teephone banking and so on. The high cost of setting up and operating fu-service branch offices has ed recenty to a sharp expansion in imited-service faciities such as Automated Teer Machines (ATMs). The use of ATM has grown rapidy in popuarity because of its ow banks transactions costs and customers convenience which has made it a basic eement of today s financia service offering. However, the ATM which is meant to serve the customers better is now becoming a frightening for some

2 ( xi ) customers because of fraud perpetuated in their accounts through ATM withdrawas. This unpeasant experience by customers is one of the chaenges of the ATM through a over the word. As the ATM works without any human teer interactions It is designed with so many security features so that a costumer can perform banking financia transactions without any probem with secure transactions but remain there are some vunerabiities are there which make the transaction unsuccessfu and unauthorized transactions can be made using ATM. This research anayzes such vunerabiities and security issues the ATM chaenges and to extend suggestions that woud enhance better bank-customer services with protected environment. The subject of this thesis is the anaysis of vunerabiities and security issues is an anaytica design of a generic process framework aong with a nove approach for finding various vunerabiities in ATM system process and providing securities towards the ATM transactions. In this study, the necessary background is provided by examining the recent past, evoution and the vunerabiities occur in ATM transaction and various security issues and future trends of the new secure authentication and transaction authorization. This study is an anaysis of various vunerabiities /attacks /weaknesses and threats found in Auto teer Machine and its transactions. The first step of this study is to identify the various types of vunerabiities reated to ATM and its transaction security aspects as identified at the anaysis and reated security issues towards their technica aspects as emerged during the research phase. These chaenges are presented in this study. In next phase of this study we anayze various security issues and reated soutions reated to ATM security to provide the existing security soutions avaiabe in current scenario together with a detaied anaysis on the research topic. Finay, the in this research we proposed a conceptua frameworks (mode) for prevent the unauthorized access of ATM and enhanced the security towards iega or unauthorized access of an banking transaction.finay in the concusion the practica deiverabes of this thesis are summarized, aong with the possibe soution and with an open research area for further research. In this study we have divided the overa thesis in 6 chapters to expain a the topics propery and sef expanatory. Chapter I incudes the basic introduction about the banking operations especiay about the roe of Auto Teer machine in banking operations and its importance, definition, history of ATM and its basic diagram with roe of different components, This chapter incudes the interna architecture of an ATM with their different components,and their operation

3 ( xii ) process ike input unit, processing unit, output unit, keypad, card reader,encryption process,transmission, authentication process of the data communication process etc. use of each component of machine. In this chapter we have mentioned step by step processing of the data,how the card reader read the information from the card, how it process in ATM,how it verify and authenticate the data and pin verification and how it communicate the data from ATM to bank server and and bank server to ATM, how it transmit the data in a network.a context eve Data fow diagram is mentioned in this chapter to better understand the working process of ATM.In post phase of this chapter we have mentioned types of ATM and its advantages and disadvantages. Chapter 2 is of review of iterature, in which we have tried to incude maximum iterature avaiabe on ATM process and its transactions process, I have reviewed more than 30 artices/ research papers and white papers reated to vunerabiities and securities and persona interaction/ interviews with ATM manufacturers, technica persons who manages ATM operations, network professionas, banking officias etc. which are concuded in this chapter. Various types of vunerabiities which are recognized/find by different researchers are concuded in this chapter in summarized form which is used by me to concude the vunerabiities exist in current scenario and heped in my research. Summary of various research papers pubished on ATM aso incuded. We have aso tried to incude the iterature on the topic avaiabe from various sources. it was a very tedious task for us to arrange or coect the iterature data on ATM because of the high security and confidentiaity concerns it was very difficut to get the ATM security reated information from concern sources. This chapter divided in two parts.in first part various vunerabiity reated iterature described and in post phase a security concerns mentioned. Here I concude some types of security issues in post phase of this chapter which are pubished in various research papers, artices in various journas. Chapter 3 is anaysis of vunerabiities. As my research topic is anaysis of vunerabiity and security issues, in this chapter we have mentioned various vunerabiities which are exist in current scenario and in Automated teer machine transactions are discussed here. we have divided the overa types of vunerabiities in major three categories, these are Physica Vunerabiity

4 ( xiii ) Operationa /Logica Vunerabiity Network/Communicationa Vunerabiity Physica vunerabiities are those weaknesses which are due to manufacturing defect or some physica weakness in parts of ATM.eg: stoen of ATM, ram riding, cash vaut cutting due to weak structure or improper physica instaation of machine. Operationa/ogica vunerabiity are those weaknesses which are due to wrong operations in interna process of system ike wrong verification of card, dupicate card reading, skimming, more session time of transaction, wrong dispensing of money etc. there are few types of vunerabiities are mentioned in this thesis which defined the operationa vunerabiities. Network (Communicationa) vunerabiities are those vunerabiities which occur when the data communication is not secure. at the time of data communication in ATM or in network communication (ATM to Bank and vice versa) if data is not secure any hacker can hack the confidentia data within the communication process and use it in fraud financia operations. in this thesis I have tried to mention such vunerabiities which are exist in communicationa process of banking transaction which make the confidentia data communication more vunerabe and hackers or unauthorized persons can access the data and use it in fraud operations. In this chapter we have described various types of vunerabiities, threats and types of attacks can occur at the time of ATM transactions or with user and ATM itsef. Here we discussed various methods and types of weaknesses in the existing ATM system and how they are harmfu for banks and their authorized users. After anayzing different types of existing vunerabiities in ATM and its processing system we have discussed the reated security concerns in next chapter. Chapter 4 is designed for anaysis of various security issues and their effective security soutions.in this chapter we have described the various securities provided for reated vunerabiities and which type of new securities may be provide by the banks to protect the ATM and its users from unauthorized access of money from the ATM. Again we have categories the overa security types in three categories simiar to previous chapter. these security issues are further divided in foowing categories: Physica Security

5 ( xiv ) Operationa /Logica Security Network/Communicationa Security This chapter contains various security soutions anayzed and expained by us. These security concerns are reated to physica security, operationa security and network/communicationa security. There are some physica security issues anayzed which are reated to ATM security. To protect the ATM from physica attacks we can protect the externa structure of ATM with more secure meta body. For this some standards have to be foow by the manufacturers to make the externa structure of the ATM. In this chapter we have mentioned these standards which are to be foow by the companies. Different physica security issues are aso mentioned for different devices which are used in ATM. These are anti skimming devices, CCTV, anti tempering protection, smoke sensors, wa grounding of machine, different anti theft aarm system etc. different types of biometric soutions (DNA, finger, hand recognition, iris recognition, retina recognition etc.), various types of sensors for different types of actions, combinationa ocks, various data encryption methods, communicationa securities, aarming systems etc.. These types of soutions are described in here and some other cryptographic securities reated to secure communication process. In network security issues we have mentioned various network protocos used in secure data communication in banking network, various encryption methods used in banking data communication, data verification and authentication on both the eve at bank server and at ATM to ensure the safe transmission of data. Chapter 5 is reated to proposed security mode for automated teer machine security. In this chapter we have started with comparative existing securities avaiabe in current scenario incudes the current security mode used in ATM transaction with interna architecture of security provided by ATM. As per our study on vunerabiity we anayze that ATMs operationa and communicationa securities are good enough. There are so many soutions avaiabe for operationa and communicationa security because in these types of vunerabiities the contro is with bank and norma attackers or hackers or robbers cannot break these types of securities, but ATMs are more vunerabe from physica attacks. any norma attacker can gain access of card and Pin.attacker or fraudster can demand the card and PIN from the user on gun point or pressurized the user to make transaction for him and authorized user wi make the transaction

6 ( xv ) for attackers and in this case ATM security wi not be appicabe for user as according to bank user is genuine user if he is using correct PIN. To protect this type of physica attack we proposed a new security mode in our research. In this mode we have tried to impement the new security method which may be appy from the bank in guidance of Reserve Bank of India. In new ATMs mode banks are using biometric security to enhance security of ATM and authorized transactions but the probem wi remain exist from physica attacks and pressurized ogin.our security mode can be impemented on both type of authorizations singe PIN and biometric both. In existing scenario ATM authenticate the user on singe PIN,it verify the PIN with card PIN if matches transactions may process from machine but if some externa attacker pressurized to user to make transaction for him than current authentication cannot hep to protect the money and user from this type of attack and wi make transaction. in our new proposed mode we have designed new security steps to protect these type of attacks. In this chapter we mention the process of proposed mode with fow chart than agorithm and impementation of new mode with a simuator which is designed by us to expain the working of our security mode. In chapter 6 we have concude the overa anaysis and concusion of thesis and mentioned the future scope and further area of study which we can extends in future and high security methods to enhance the security of ATM with different types of vunerabiities and protect the ATM and its users from various types of unauthorized access and attacks. Concusion : This thesis is a broad overview about various vunerabiities and securities over ATM transactions. In this thesis we have tried to concude various types of vunerabiities exist in current scenario and which type of security we are providing to overcome the vunerabiities. Various security aspects concude in this thesis. Various categories of vunerabiities ike physica, operationa, communicationa vunerabiities are studied and Various security issues are aso studied and concuded in our findings which may hepfu to make the ATM transactions more safe and secure. this thesis covering security and technica issues with ATM transaction. Because of our particuar experience in the area, we focused our research activities on ATM cards and encryption, beginning with hardware vunerabiity and security issues and then operationa and

7 ( xvi ) communicationa vunerabiity and security prospective and naturay continuing with software aspects and operationa issues of our present work. Future scope : The thesis eve is preiminary and there is a ot of scope in this area for more research. We can make more secure communication of data in financia operations using more security soutions and it is open area to make more secure operations. Our proposed mode is a generaized mode which may impemented by bank to enhance the security of ATM and its user. Banks can impement the same mode and add more security things in our proposed mode for practica impementation in banks. The thesis ends with our fina anaysis and concusion.

8 ( xvii ) Objective of the Research The ATM (Automated Teer Machine) environment is changing and that change has serious ramifications for the security of ATMs. Vunerabiity is appied to a weakness in a system which aows an attacker to vioate the truthfuness of that system. Vunerabiities may resut from bugs or design faws in the system. A consumer becoming more dependent on ATMs and the proiferation of ATM debit cards, computer crime in this area is more ikey to increase. This study is on the ATM vunerabiity and security issues, which types of security we are providing in present and which type of new efforts we can make. The purpose of this study is to expain how ATM vunerabiities occurs, causes and possibe security soutions and designing a security mode to prevent such oss and efforts to overcome them and provide more security over auto teer machine transactions. This study is on the anaysis of Auto Teer Machine processing, operations different vunerabiities and reated security issues. In this research I had tried to find various types of vunerabiities exists in ATM and which types of securities we are providing in modern banking industry. The purpose of this research is to anayze the different type of vunerabiities are exist in banking transactions speciay in terms of Auto Teer machine, and expain how ATM fraud occurs, causes and possibe soutions can impement to prevent such oss and efforts to remove them and provide more security to them. In this research we anayze about the Auto teer machine processing then for different vunerabiities and an anaysis on existing vunerabiities and attacks is carried out. This study is step by step anaysis representation describing the different ways in which ATM transactions can be make vunerabe or attacked. The research discussion then moves on to various types of weaknesses/vunerabiities/attacks and threats which are discovered by different researchers. After this we anayze different ways of securities and protections which are provided and what is the current status of defenses from these vunerabiities which have been deveoped to protect against these attacks categorizing them and anayzing how successfu they are at protecting against the attacks. This research covers various types of vunerabiities which are discovered ti now and different security soutions having decared a current schemes for protecting ATM

9 ( xviii ) transactions acking in some way, the key aspects of the probem are identified. This is foowed by a proposed conceptua security mode for a more robust defense system which uses a sma security concept to protect cash and consumer both at the time of abnorma situation of cash dispensing.

10 ( ixx ) NEED OF THE STUDY The technoogy is grown up day by day and the processing time for the operations is reducing. New technoogies are impementing rapidy as we as repacing od technoogy with user friendy techniques. Banking sector is a major area where the new technoogies are impementing widey in terms of financia transaction. Now every human being is using onine banking, eectronic fund transfer, interbank or intra bank transactions, net banking and many other operations reated to financia transactions. It providing more usefu for customers to perform banking operations with the e banking and banking outside the bank ocation. An Auto teer machine is an exampe of financia operations outside the bank campus. Now a day human beings are using ATM as Cash dispensing machine by which they can get the money anywhere outside the bank. It is easy way to get the money outside the bank.it is more popuar in bank customers to withdraw the money and other banking operation as per their convenience at any time. As there are so many advantages of ATM but there are few disadvantages or drawbacks with this. In present era, Automated teer machine theft and vunerabiity is a critica probem. The ATM (Automated Teer Machine) environment is changing and that change has serious issues for the security of ATMs. Consumers becoming more dependent on ATMs and the use of computer crime in this area are more ikey to increase. This is the time to find these drawbacks and try to rectify these probems and find better soutions to eiminate unauthorized use through hardware or software soutions. Now the time to make some new security efforts to reduce these drawbacks or vunerabiities over Auto Teer Machine transactions. The present study has been made to find vauabe issues for the security of the ATM and the path of prevention of it in future so that the customers as we as financia institutions may aware about future frauds made by hackers.

11 Hypothesis of the Study There are two hypothesis have been seected for the study viz. nu hypothesis and aternative hypothesis. The detaied study of these hypotheses is as foows: H 0 = There is no vunerabiity in ATM H 1 = There is a vunerabiity in ATM H 2 = The existing security of Automatic Teer Machines transaction is sufficient and does positivey support the attitude towards using the technoogy. H 3 = The existing security of Automatic Teer Machines transaction is not sufficient and does not positivey support the attitude towards using the technoogy. q q q