CHAPTER 4 ANALYSIS OF SECURITY ISSUES OF ATM 4.1 ATMs SECURITY ISSUES The security and vunerabiity are opposite sides of the same coin, an Automated machine becomes vunerabe due to weakness of its security. Automated teer machine manufactures go on adding and strengthening security features of Automated teer machine so that customer can carry banking transactions hasse free and without any fear of siphoning of amount from their account and the same frauds works with simiar speed to crack the innovated security feature so that they can have access over the Automated teer machine to expoit the accounts of bank customers. Today banking system is changing and innovating for quick and safe transactions at minimum cost and the banking sector is in no way eft behind from the other industries. Automated teer machine is one of such vita instrument for the banking sector to remain in competition, which provides faciity to customer to carry their banking operations not ony beyond the bank premises and banking hours but aso to transact anywhere in the word that too in oca currency, where the cients makes the transactions. Banks started Automated teer machine as sef-service terminas to primariy withdraw money. Main objective of Automated teer machine was to suppy higher service to the shoppers and ower the banks vaue. Automated teer machine eements cut back per unit transaction cost, supports innovation, produce new service
Anaysis of Security Issues of ATM 123 opportunities and increase fexibiity and quaity eves of product and services. At the same time however, financia institutions and their Automated teer machine are becoming more vunerabe to simiar security-reated attacks as known from the reguar computing environment. This can be particuary of concern in an exceedingy ever-changing context wherever Automated teer machines were owned by monetary estabishments and put in their premises, in the main on bank branch faciities, to a repacement reaity wherever a ot of and a ot of Automated teer machines are a unit paced off-premises and Automated teer machine acquirer networks area unit a ot of typicay owned and controed by freeance Automated teer machine operators. Automated teer machine crime has become a wordwide issue that faces not soey customers, however conjointy bank operators. Security measures at banks wi pay an essentia, conducive roe in preventing attacks on customers. These measures are essentia importance once considering vunerabiities and faith in civi proceedings and banks shoud meet bound standards so as to make sure safe and secure banking surroundings for his or her customers. Automated teer machine security probems and Automated teer machine fraud probems typicay foow some distinct patterns based mosty upon the situation of the Automated teer machine security attacks or Automated teer machine fraud incidents. Automated teer machine fraud probems within the most haf invove MasterCard fraud and open-end credit fraud. During the first to midde 1970 s, the primary recognizaby trendy Automated teer machine were put in within the United Kingdom of Great Britain and Northern Ireand and overseas. The magnetic strip card was introduced at this point, and card standards were united through the American Bankers Association that area unit sti in effective these days. Because of the issues encountered with ATM card forgers, banks tried to cipher the PIN on the cardboard, or derive it from the account range, or offer another suggests that of checking it, in an exceedingy means that they hoped woudn t be too obvious to criminas and hackers.
Anaysis of Security Issues of ATM 124 In fact, if one has got a Barcaycard or Barcay charge card that dates back a coupe of decades, to detect that the primary and fourth digits of your PIN add up to an equivaent because the second and third, or that the primary and third add up to an equivaent because the second and fourth. However this kind of security wasn t abundant sensibe against a bright forger, and this brings United States to the second contribution that Automated teer machine created to aptop science and thus fostered industria deveopment of cryptography, that is that the study of codes and ciphers. Automated teer machine security attacks invoving physica attacks against the Automated teer machine security encosure area unit wide unfod. Automated teer machine exposive attacks is today very Europe, Austraia and African countries. The study on the trends of attacks on Automated teer machine in various regions sha be taken separatey. Automated teer machine ram raid incidents conjointy occur gobay however area unit most rife within the United States may be partiay thanks to the biggest range of Automated teer machines depoyed in soft-target ocations ike convenience stores. Today s Automated teer machines have become pretty vunerabe. Severa of them use in operation systems ike Microsoft Windows. Around majority of security incidents occur on Windows systems and use IP networks as their communication mechanism. This exposes the system to high security risks thanks to the abundant vunerabiity in open systems of this sort, and that they are iabe to maware infection. There ought to be a necessity of some dominant system that ought to customize for monetary sef-service systems, enabing a centraized check to be unbroken of that appications are a unit run on the system, that native or remote resources area unit accessed and that different
Anaysis of Security Issues of ATM 125 system area unit communicated with. By suggesting that of this sort of management package ensures a high security Automated teer machine surroundings isoating at suppy any infection by viruses, Trojan horses, worms or different maware, whereas conjointy preventing any maicious package from being entered or run with access to sensitive Automated teer machines resources. Every Automated teer machines during which this sort of package fitted has associate degree Access management List (ACL) giving an associate degree compete definition of the processes, system resources (fies and ibraries) and permissibe communications. The other part not showing on this ist ought to be mechanicay bocked. Automated teer machines security provided by the banks to safeguard the Automated teer machine. The major security risks of Automated teer machines can be grouped broady in four divisions: I. Physica Security II. Software/Package Security III. Logica Security IV. Communication Security 4.2 PHYSICAL SECURITY: Automated teer machines is amost a direct currency dispenser termina permitting the cient to directy get the money, however a whie thanks to ack of security in some way or the other, some unauthorized user or hackers or criminas take an opportunity to tamper the machine and stea the money by physica attacks on Automated teer machines and by tampering with the machine, cutting the safe, bombing, shouder surfing, ram riding are the other common abuse of
Anaysis of Security Issues of ATM 126 Automated teer machines by the frauds. There are severa crimina attacks on Automated teer machines invoving hod-up, remova of Automated teer machines from its premises by force, or by assaut to the Automated teer machines within the premises with safe-breaking instrumentay or by exposives. In the majority of attempts of attacks, the crimina has gained success of varying degree. To safeguard from this sort of frauds some security features are being added/created for Automated teer machines from time to time but these security features gets hoed by the criminas. LOCKS FOR ENTRY IN ATM KISOKS The first security feature a customer comes across before operating an Automated teer machine is digita ock at the entrance of Automated teer machine housing or kiosks. The door aows the customer to open the door ony after inserting ATM card into designated sot. However these doors do not require card to insert whie eaving the Automated teer machine kiosks as door can be opened by puing inside. Though these features have been added to restrict unauthorized person from entering the Automated teer machine kiosks, but importance in imparting security to the machine is imited as an wanted guest can aways enter through Automated teer machine kiosks door in time gap of cosing the door of a genuine ATM card hoder or may enter whie a cient is eaving the Automated teer machines after competing his transactions. Normay there are more than one Automated teer machine instaed in an Automated teer machine kiosk and thereby numbers of both genuine and fake customer may be found at any moment in Automated teer machine kiosks. Presence of arge number person inside kiosks enhances physica security threat to the Automated teer machines
Anaysis of Security Issues of ATM 127 Figure 4.1 digita ock at ATM kiosk door. The door ocks of Automated teer machine kiosks having one or more machine have been considered to aow ony genuine ATM card hoders entry into the kiosks, the digita ocks cannot restrict the entry by use of fake/coned ATM cards. These door digita ocks are aso misused some times by frauds by instaing card reader device which can send the detais of ATM cards inserted in it. EXTORTIONS INSIDE ATM KIOSKS. Wayside cheaters and gangster used to oot money from victims at deserted/isoated paces by nabbing the passerby, with introduction of Automated teer machine, they did find sma money or no money from the victims. Since they noticed that invariaby a the victims had ATM cards
Anaysis of Security Issues of ATM 128 with them, they added the practice of forced withdrawa from the victims from ATM cards. Gangster either wait in Automated teer machine kiosks for the victim as if they are waiting to withdraw the money or nab a victim at deserted pace and bring the victims to Automated teer machine kiosks and force the victim at knife point or gunpoint to use his ATM card and withdraw the money from the Automated teer machine using ATM card and his PIN number. Figure 4.2 Attack in ATM housing PHYSICAL SECURIRTY THREASTS TO ATMs Initiay Automated teer machine were introduced by the banks and its transactions were imited to the same bank by connecting through computer system of the bank having account detais of its customer and therefore it was not paced at much distant from the bank. But with sharing of transactions on Automated teer machine by host of bank apart from the bank to
Anaysis of Security Issues of ATM 129 whom Automated teer machine beongs has ed to situation where Automated teer machines are being at any pace which is convenient to its customer/cients. Instaation of kiosks in Ma/ shoping centre have become common apart from other paces such busy market intersections, hospitas, raiway stations, bus stands, air port and a host of other paces where the bank thinks that Automated teer machine sha be abe to fetch good business. The Automated teer machine instaed within cosed area of a bank or shops/ma are amost secure from the point that thieves or frauds cannot operate in crowded pace and where otherwise aso security arrangement exits on reguar basis and therefore can be rated as highy secured Automated teer machines. The Automated teer machines instaed within the premises of bank or Shoping Ma can be categorized in the security zone next the Automated teer machines paced within banks/ Shopping Ma, as it has be ooked after the agencies entrusted for the security of the bank/ shoping ma. The figure 4.3 is an iustration of an Automated teer machine paced by a bank within its premises but outside its banking area. Figure 4.3 ATM in bank premises
Anaysis of Security Issues of ATM 130 The Automated teer machine instaed in kiosks to cater the demand of cients by being paced on the spot highy frequented by the cients/users but isoated pace are prone to its misuse by thieves for forced transactions.these Automated teer itsef can be disengaged from its pace of instaations and carried way to convenient pace for break opening of its money chest as iustrated beow: Figure 4.4 Decamping of ATM The concentrate of this approach is to stop physica attack on the Automated teer machines can be achieved in 2 ways that a. By victimization dispenser mechanism that creates it troubesome to retrieve cash whie not correct authority. b. The second way is to use of dye markers and smoke canisters that stop the empoyment of the money within the machine by a thief.
Anaysis of Security Issues of ATM 131 HARDWARE SECURITY FOR MANUFACTURER: There are a unit some standard area unit deveoped by totay different nations against that Automated teer machines wi be factory-made with interference of physica attacks. These standards are a unit as foows : American Underwriting Laboratories UL291 Leve one and Leve a pair of Standards, French RMET15 and RMET30 eves, CS, C1, C2 eves Nordic customary INSTA 612 German RAL626/3 customary Automated teer machines safes that go with these standards need totay different eves of resistance against hand toos, eectrica toos, and therma toos. The INSTA customary conjointy needs resistance against exposive attack. UL291 CUSTOMARY FOR ATM SECURITY: Most of the Automated teer machines have unit of 2 forms of safes or security cupboards for securing cash. One sort of Automated teer machines safe is that the Business Hours (BH) safe and aso the different the twenty four Hours Leve one safe. Each safes have to be compeed to meet the UL 291 security customary designed by Underwriters Laboratories, associate degree freeance product-safety testing company. This customary needs that the Automated teer machines manufacturer must suppy a degree of protection against unauthorized remova of currency and aso the remova or manipuation of deaing records[53]. In different words, Automated teer machines with either sort of safe shoud stand up to attacks from somebody attempting to rob cash or amendment the deaing records. Each sort of Automated teer machines safes must be abe standby in environmenta and endurance needs.
Anaysis of Security Issues of ATM 132 ATMs SECURITIES (i) BUSINESS HOURS ATM MACHINE An Automated teer machines with a Business Hours safe is meant to store money soey throughout business hours under the watchfu eye of an accountabe owner, manager, or worker. The money hod on during this sort of safe ought to be removed at the shot of the business day. The meta of the Business Hours Automated teer machines shoud stand up to a physica attack from a steaer armed with wires, ines, chises, pry bars, or wrenches for a minimum of 5 minutes. This provides enough time for the shop owner, manager, or worker to make a decision and ca the poice. Business-hour Automated teer machines must meet the UL 291 standards and Automated teer machines shoud typicay weighs around one hundred twenty five metric weight unit. (ii) TWENTY FOUR HOURS LEVELS ATM MACHINE Automated teer machines with Leve one have one safe unit designed to be used twenty four hours every day and shoud weigh around 250 metric weight units and may hod money unattended. The stee of the one safe shoud withstand physica pressure of fifty thousand psi. This sort of Automated teer machines are meant to face up to higher degree of attack, victimization fishing, trapping, and forcing techniques, on the currency instrumentaity from the cient access pane for east haf-hour. Attacks on different parts of the safe, victimization picks and moveabe eectrica toos ike dris and grinders wi be resisted by this sort of safe for up to fifteen minutes. A of our Automated teer machines modes have the Automated teer machines safe is separated from the cient access pane space, that is an additiona security feature that creates Automated teer machines fraud and theft that far more troubesome and difficut.
Anaysis of Security Issues of ATM 133 (B) ENVIRONMENTAL NEEDS A Automated teer machines have to be compeed to stand up to eighty five percent humidness for twenty-four hours. This ensures that each one of Automated teer machine maintains records and aso the quaity of the currency within the automatic teer machine. Severa existing Automated teer machines incorporate a security to meet the guideines as aid down by the American Underwriters Laboratories UL291 customary Leve one. This needs that associate degree Automated teer machines safe resists attack by common hand toos soey. The quaity conjointy needs that the safe be made of 1» stee pate to the body and door or of a coth giving equivaent protection to 1» stee pate. Underwriters Laboratories have accepted that ½» high tensie pate which can accord with this demand and variety of Automated teer machines safes is factory-made of such materia. However UL291 Leve one customary does not provide fu protection against force attack ike wedging of the door or associate degree attack on the door or body victimization ange grinders and no protection against exposive or attack by eement cutting instrumentaity. (C) MECHANICAL/COMBINATIONAL LOCKS FOR PHYSICAL SECURITY: To protect the Automated teer machines from physica attacks, mechanica or combination ocks are a unit used wherever in their area unit 2 sets of mechanica ocks and Automated teer machines opens ony if each the ock opened propery with 2 separate keys i.e. there is a mixture of 2 ocks contro to open the money container with this sort of ock. It stops the Automated teer machines from in house worker attacks if any banking officia wi perform a fraud it stop the system. (D) TIME/TIME DELAY LOCK: Lock providing time protection associate degree/or time deay faciities can enhance the protection of an Automated teer machines safe by providing a deterrent to hod-up.
Anaysis of Security Issues of ATM 134 (E) CLOSED CIRCUIT TV (CCTV): Strategicay sited cameras wi offer continuing poice investigation (ocay or from an overseas observation Centre) of the approaches to the Automated teer machines. They conjointy offer a hepfu visua deterrent. Recorder empoyed in conjunction with the cameras wi record events endessy or once activated by movement detectors. A nationa egisation regarding the empoyment of CCTV ought to be discovered. (F) ATM CLADDING Reinforcement panes wi be fitted to hide the door associate degrees one or a ot of body sites of an Automated teer machines safe to extend resistance to physica attack. The panes conjointy defend the present protection system which might be increased by upgraded bot work, strap work and hinge protection. (G) LINE UPS To prevent customers from shouder surfboarding banks create barricades before the Automated teer machines to outine the road up positions for users and restricting the side view of person standing behind the actua user of the Automated teer machine. This sha prevent shouder surfboarding to a greater extent. Beow is that the image shows the road up distance users to safeguard the user input data. Figure 4.5 ine ups for physica security
Anaysis of Security Issues of ATM 135 (H) SENSORS EMPLOYED IN ATM SECURITY: In new generations of Automated teer machines, to combat and minimize the Automated teer machines from physica attacks ike cutting, fire, tempering etc. sensor are fitted. New series of Automated teer machines are equipped with heat detector, vibrating detector and tampering detector, which are designed to defend the Automated teer machines from externa attacks and foresta the Automated teer machines from being taken to outside Automated teer machines premises. HEAT SENSOR New Automated teer machines unit are assembed with a heat detector, if an associate degree offender attempt to create a hearth to achieve the money from ATM and ift the firepace is cabin than heat detector activate and ring an aarm for that and start hearth fighting system on. VIBRATION SENSOR Simiar to heat detector, vibration sensor area unit currenty conjointy fixed either within the Automated teer machine or premises housing Automated teer machine. Vibration aarm activates once somebody attempt to cut causing vibration in the Automated teer machine and its premises for taking appropriate actions to defend the Automated teer machine from cutting and foresta the Automated teer machine from any sort of tampering with the machine. The vibration detectors are used in the Automated teer machine, which contains sophisticated signa process anayzer (EVD Exposion Vibration Detector and mechanica device uneash mechanism housed among a sturdy stee encosure. This mix offers are refined to attack detection of associate degrees by controed access to the protected unit by an authorized user.
Anaysis of Security Issues of ATM 136 Fig 4.6 Vibration Sensor And Atm Safe The above figure 4.6 shows the ATM and its companion magnet hasp, the atter is fitted to the forefront of the door. Once the door is cosed the magnet is hidden beow the id of the Automated teer machine and door standing wi be monitored. To permit access to the safe, a ow-tension DC offer is appied to the Automated teer machine indicated by an inexperienced junction rectifier. The icensed user presses the discharge switch and aso the id of the ATM8 wi be opened (imited trave) thereby reeasing the magnet and permitting the safe door to be opened. Additionay to twin anti-tamper protection (singe output), the ATM8 offers variety of further outputs : VIBRATION. Attack by means of grinding, hammering, driing, or therma cutting device can trigger the VIB output. IMPACT. Exposives, a series of consistent strikes or makes an attempt at ram-raid can activate the IMP output instanty.
Anaysis of Security Issues of ATM 137 TILT. Any decide to move the protected instrumentaity can activate the ean output. Additionay, high-energy attacks ike ATM ram-raid aso wi trigger this output. DOOR. A votage-free contact that reports the state of the safe door. SLIDE. A votage-free contact indicating if the Automated teer machine cow is opened/ cosed. The principe to operate vibration aarm system of the Automated teer machine is signa processing and anaysis of the assorted on-board sensors then to require acceptabe action within the event of a egitimate attack. Additionay, this unit features a range of dedicated inputs that support remote sensors that enhance and extend the word of coverage. VIBRATION SENSOR Aarm system based on vibration sensor is based on sensing increase in vibration eve which might woud have occurred due equipments depoyed for forced remova of the Automated teer machine or attempt to damage the safe of the Automated teer machine to oot the cash kept in Automated teer machine. Any attempt to harm the Automated teer machine physicay by any mechanica means sha generate vibration much above the norma eve of noise in Automated teer machine kiosks and it this increase in eve of vibration which is needed to be sensed for raising the aarm and activating the aarm at poice contro room and the bank office. A vibration sensor caed Shear mode acceerometer designs feature on sensing crystas attached between a centre post and a seismic mass. A compression ring or studsare appied as pre-oad force to the eement assemby to insure a rigid structure and inear behaviour. Under acceeration, the mass causes a shear stress to be appied to the sensing crystas. This stress resuts in a proportiona eectrica output by the piezoeectric materia. The output is coected by eectrodes and transmitted by ightweight ead wires to either the buit-in signa conditioning circuitry of ICP sensors, or directy to the eectrica connector for charge mode types.
Anaysis of Security Issues of ATM 138 Figure 4.7 vibration aarm The sensing crystas are isoated from the base and housing. Shear mode acceerometers rejects therma transient and base-bending effects to a arger extent. The shear geometry aows itsef to end to sma size to promote high frequency in the response whie minimizing mass oading effects on the test structure. With combination of idea characteristics, shear mode acceerometers normay offer optimum performance to meet the requirement. SELECTION OF AN ACCELEROMETER : Seection of the best acceerometer for specific predictive maintenance appication is difficut, even for the most seasoned of engineers/technicians. Typicay, the process the best suited acceerometer can be chosen by examining or fitered down to a series of quaifying questions reated to actua requirement for a particuar purpose, in this case to have scope to defend the Automated teer machine from burgar who is attempting to cut the Automated teer machine from its instaation for breaking upon its chest to decamp with money stashed inside i.e.
Anaysis of Security Issues of ATM 139 acceerometer needs to be activated when the sound eve increases in an Automated teer machine from its norma working eve to noise of cutting the meta pates by meta cutter or eectric cutter or gas cutters as noise eve of these cutting device is much higher than the norma eve for generaized Automated teer machine operation for conducting financia transactions. This might seem obvious at first in seecting acceerometer is the step to actua vibration present in an Automated teer machine by measuring and aso measuring the eve of vibration whie disodging an Automated teer machine from its pedestas i.e. determining the goas. Vibration can be monitored with acceerometers that provide raw vibration data or transmitters that provide the cacuated overa root mean square (RMS) vibration. Anaysts find raw vibration readings to be usefu because they contain a the information in the vibration signa. The true peak ampitudes and vibration frequencies may be avaiabe. The overa RMS or peak vaues are usefu in contro systems such as PLC, DCS. SCADA and PI because of their continuous 4-20mA signa and some appications use both. By determining signa variety is required for the appication significanty narrows the search of equipment required. Vibration has to be measured in terms of acceeration, veocity or dispacement. Some industria sensors measure variation in temperature aong with vibration. Finay, some appications, such as vertica pumps, are best monitored in more than one vibration axis in which case does the appication require singe, biaxia or triaxia measurement. There are two main differences between ow-cost and precision acceerometers. First, precision units typicay receive a fu caibration, that is, the sensitivity response is potted with respect to the usabe frequency range. Low cost acceerometers receive a singe-point caibration and the sensitivity is shown ony at a singe frequency. Second, precision acceerometers have tighter toerances on some specifications such as sensitivity and frequency range. For exampe, a precision acceerometer might have a nomina sensitivity of 100mV/g ± 5% (95 to 105mV/g) (see Figure 1) whie a ow-cost acceerometer might have a sensitivity of
Anaysis of Security Issues of ATM 140 100mV/g ± 10 % (90 to 110mV/g). Customers with data acquisition systems wi often normaise the inputs with respect to the caibrated sensitivity. This aows a group of ow cost sensors to provide accurate, repeatabe data. Regarding frequency, a precision acceerometer typicay has frequency ranges in which the maximum deviation is 5% whie ow-cost sensors frequency might offer a 3dB frequency band. Even so, a ow cost sensor might offer exceent frequency response. The maximum ampitude or range of the vibration being measured determines the sensor range that can be used. Typica acceerometer sensitivities are 100mV/g for a standard appication (50g range) and 500mV/g for a ow-frequency or ow-ampitude appication (10g range). Genera industria appications with 4-20mA transmitters commony use a range of 0-25mm; s or 0-50mm/s. Physica structures and dynamic systems respond differenty to varying excitation frequencies. A vibration sensor is no different. Piezoeectric materias, by nature, act as high pass fiters and as a resut, even the best piezoeectric sensor wi have a ow-frequency imit near 0.2Hz. A ranges in which the maximum deviation is 5% whie ow-cost sensors might offer a 3dB frequency band. Even so, a ow cost sensor might offer exceent frequency response. The maximum ampitude or range of the vibration being measured determines the sensor range that can be used. Typica acceerometer sensitivities are 100mV/g for a standard appication (50g range) and 500mV/g for a ow-frequency or ow-ampitude appication (10g range). Genera industria appications with 4-20mA transmitters commony use a range of 0-25mm; s or 0-50mm/s. Physica structures and dynamic systems respond differenty to varying excitation frequencies. A vibration sensor is no different. Piezoeectric materias, by nature, act as high pass fiters and as a resut, even the best piezoeectric sensor wi have a ow-frequency imit near 0.2Hz. A sensor that acts as a dynamic system with one degree of freedom exhibits natura frequencies. The signa is greaty ampified at the natura frequency, eading to significant change in sensitivity and possibe saturation. Most industria acceerometers have singe or
Anaysis of Security Issues of ATM 141 doube-poe RC fiters to combat saturation excitation at the resonant frequency. Thus it is critica to seect a sensor with a usabe frequency range that incudes every frequency of interest. Appications with extremey high temperatures can pose a threat to the eectronics buit into acceerometers and 4-20mA transmitters, Charge-mode acceerometers are avaiabe for use in very high temperature appications. These have no buit-in eectronics, but instead have remote charge ampifiers. Charge-mode acceerometers with integra hard ine cabe are avaiabe for appications hotter than 260 C, such as gas turbine vibration monitoring. Industria acceerometers with integra poyurethane cabe can be competey immersed in iquid for permanent instaation. For high-pressure appications, it is a good idea to test the sensors at pressure for one hour. An integra cabe is aso normay required if the appication is sprayed rather than being competey immersed, such as cutting fuid on machine toos. Industria acceerometers can be constructed with corrosion and chemica resistant stainess stee bodies. Consider using PTFE cabe with corrosion resistant boot connectors if the appication is in an environment with harmfu chemicas. Consuting a chemica compatibiity chart is strongy recommended for any suspect chemicas. Integra armour-jacketed cabes offer exceent protection for cabes that might come into contact with debris such as cutting chips or worker s toos. Utimatey, the sensor wi need to be instaed on equipment in convenient position. However, sensor geometry has itte effect on its performance, but factors such as the space avaiabe and positioning that ensures that a maintenance engineer can gain safe access, do need to be taken into account. Acceerometers and 4-2OmA transmitters are both avaiabe with CSA and ATEX approvas for use in hazardous areas. Compare the type of approva needed with the sensor s pubished approvas to ensure it meets requirements. SENSOR TECHNOLOGY FOR SENSING VIBRATION: It is aso worth to consider to specify a shear or compression technoogy sensor before choosing one for specific purpose. This question coud command an artice a of its own but in essence,
Anaysis of Security Issues of ATM 142 the argument bois down to the proven reiabiity, accuracy and repeatabe performance deivered by shear designs against the earier compression technique that can be sensitive to base bending and therma transient effects causing measurement errors. The answers to these questions can greaty narrow searches for the best soution in a specific appication. Keep in mind, some combination of answers might be mutuay excusive, i.e. a soution meeting every criterion does not exist. For exampe, a particuar mode might not carry the proper ATEX certification for use in hazardous area appications and some additiona feature for speciaized appications needs to be considered. HEAT AND SMOKE SENSOR: The damage to the Automated teer machine can be caused by cutting the machine to remove the machine from the housing or forced opening of the safe. In both the case if mechanica instruments are used, they are bound to generate vibrations of high eve sufficient for the aarm system to activate. Other method which can be used for removing the Automated teer machine or forced opening of the safe can be by gas cutter or eectrode cutters. The cutting too may not be abe generate high eve of vibration but certainy increase the heat eve of the kiosks and raise the smoke eve above permissibe imits. Hence Heat/smoke sensor sha be needed to depoyed in combination with vibration sensor. Internationa Code Counci (ICC) has set combined codes into a singe set of mode buiding and fire codes. The ICC Internationa Buiding Code and Internationa Fire Code were first pubished in 2000 and were adopted by some states. SMOKE SENSORS: There are two basic types of smoke detectors are used today: v Ionization v Photoeectric.
Anaysis of Security Issues of ATM 143 The sensing chambers of these detectors use different principes of operation to sense the visibe or invisibe partices of combustion given off in deveoping fires. The purpose of this guide is to provide information concerning the proper appication of smoke detectors used in conjunction with fire aarm systems. The guide outines basic principes that shoud be considered in the appication of eary warning fire and smoke detection devices. It presents operating characteristics of detectors and environmenta factors, which may aid, deay, or prevent their operation. The use of eary warning fire and smoke detection systems resuts in significant reduction in fire deaths. The sooner a fire is detected, the better the outcome for saving ives. This document provides guidance for the proper operation of fire detection systems for those who appy, insta, and maintain them. This document presents information for fire protection, mechanica, and eectrica engineers; fire service personne, fire aarm designers; and instaers. A key eement in the effectiveness of smoke detection systems is the atest version of NFPA 72 for instaation and testing of systems. Instaation must compy with a code requirements and directions from Authorities Having Jurisdiction (AHJs). AHJ directives aways take precedence over other codes and exercise fina authority over instaations and maintenance procedures. Correct instaation and maintenance of smoke detectors prevents unwanted nuisance aarms. Occupants can become desensitized when repeated nuisance aarms occur. In worst case scenarios, technicians coud disconnect aarms from the system to avoid the unnecessary disruption. Either situation negates a detector s potentia ife saving benefit, making the proper operation of an eary TESTING LABORATORIES: Testing aboratories test smoke detectors, contro panes, and other components of fire aarm systems to verify conformance with NFPA requirements and their own standards. Equipment that passes their tests is identified by a abe and/or isting
Anaysis of Security Issues of ATM 144 IONIZATION SMOKE DETECTOR OPERATION: A typica ionization chamber consists of two eectricay charged pates and a radioactive source (typicay Americium 241) for ionizing the air between the pates. The radioactive source emits partices that coide with the air moecues and disodge their eectrons. As the moecues ose eectrons, they become positivey charged ions. As other moecues gain eectrons, they become negativey charged ions. Equa numbers of positive and negative ions are created. The positivey charged ions are attracted to the negativey charged eectrica pate, whie the negativey charged ions are attracted to the positivey charged pate. This creates a sma ionization current that can be measured by eectronic circuitry connected to the pates ( norma condition in the detector). Partices of combustion are much arger than the ionized air moecues. As partices of combustion enter an ionization chamber, ionized air moecues coide and combine with them. Some partices become positivey charged and some become negativey charged. As these reativey arge partices continue to combine with many other ions, they become recombination centers, and the tota number of ionized partices in the chamber is reduced. WORKING OF SMOKE DETECTORS : This reduction in the ionized partices resuts in a decrease in the chamber current that is sensed by eectronic circuitry monitoring the chamber. When the current is reduced by a predetermined amount, a threshod is crossed and an aarm condition is estabished. Changes in humidity and atmospheric pressure affect the chamber current and create an effect simiar to the effect of partices of combustion entering the sensing chamber. To compensate for the possibe effects of humidity and pressure changes, the dua ionization chamber was deveoped and has become commonpace in the smoke detector market.
Anaysis of Security Issues of ATM 145 A dua-chamber detector utiizes two ionization chambers; one is a sensing chamber, which is open to the outside air. The sensing chamber is affected by particuate matter, humidity, and atmospheric pressure. The other is a reference chamber, which is partiay cosed to outside air and is affected ony by humidity and atmospheric pressure, because its tiny openings bock the entry of arger particuate matter incuding partices of combustion. Eectronic circuitry monitors both chambers and compares their outputs. If the humidity or the atmospheric pressure changes, the outputs of both chambers are affected equay and cance each other. When combustion partices enter the sensing chamber, its current decreases whie the current of the reference chamber remains unchanged. The resuting current imbaance is detected by the eectronic circuitry. There are a number of conditions that can affect dua-chamber ionization sensors such as dust, excessive humidity (condensation), significant air currents, and tiny insects. A of these can be misread as partices of combustion by the eectronic circuitry monitoring the sensors. PHOTOELECTRIC SMOKE DETECTOR OPERATION: Smoke produced by a fire affects the intensity of a ight beam passing through air. The smoke can bock or obscure the beam. It can aso cause the ight to scatter due to refection off the smoke partices. Photoeectric smoke detectors are designed to sense smoke by utiizing these effects of smoke on ight. PHOTOELECTRIC LIGHT SCATTERING SMOKE DETECTOR Most photoeectric smoke detectors are of the spot type and operate on the ight scattering principe. A ight-emitting diode (LED) is beamed into an area not normay seen by a photosensitive eement, generay a photodiode. When smoke partices enter the ight path, ight strikes the partices and is refected onto the photosensitive device causing the detector to respond.
Anaysis of Security Issues of ATM 146 PHOTOELECTRIC LIGHT OBSCURATION SMOKE DETECTOR Another type of photoeectric detector, the ight obscuration detector, empoys a ight source and a photosensitive receiving device, such as a photodiode. When smoke partices partiay bock the ight beam, the reduction in ight reaching the photosensitive device aters its output. The change in output is sensed by the detector s circuitry, and when the threshod is crossed, an aarm is initiated. Obscuration type detectors are usuay of the projected beam type where the ight source spans the area to be protected. SMOKE DETECTOR DESIGN CONSIDERATIONS Athough smoke detectors are based on simpe concepts, certain design considerations need to be observed. They shoud produce an aarm signa when smoke is detected, but shoud minimize the impact of an unwanted signa which can arise from a variety of causes. In an ionization detector, dust and dirt can accumuate on the radioactive source and cause it to become more sensitive. In a photoeectric detector, ight from the ight source may be refected off the was of the sensing chamber and be seen by the photosensitive device when no smoke is present. Insects, dirt, drywa dust, and other forms of contamination can accumuate in the sensing chamber and refect ight from the ight source onto the photosensitive device. Eectrica transients and some kinds of radiated energy can affect the circuitry of both ionization and photoeectric smoke detectors and be interpreted by the eectronic circuitry to be smoke, resuting in nuisance aarms. The aowabe sensitivity ranges for both types of detectors are estabished by Underwriters Laboratories, Inc. (UL). Detector performance is verified in fire tests. A smoke detectors are required to respond to the same test fires regardess of their principe of operation.
Anaysis of Security Issues of ATM 147 SELECTION OF DETECTORS: The characteristics of an ionization detector make it more suitabe for detection of fast faming fires that are characterized by combustion partices in the 0.01 to 0.4 micron size range. Photoeectric smoke detectors are better suited to detect sow smodering fires that are characterized by particuates in the 0.4 to 10.0 micron range. Each type of detector can detect both types of fires, but their respective response times wi vary, depending on the type of fire. It is often difficut to predict what size particuate matter wi be produced by a deveoping fire because the protected buidings normay contain a variety of combustibes. The fact that different ignition sources can have different effects on a given combustibe further compicates the seection. A it cigarette, for exampe, wi usuay produce a sow smodering fire if it is dropped on a sofa or bed. However, if the cigarette happens to fa upon a newspaper on top of a sofa or bed, the resuting fire may be better characterized by fames rather than by smodering smoke. The innumerabe combustion profies possibe with various fire oads and possibe ignition sources make it difficut to seect the type of detector best suited for a particuar appication. SMOKE DETECTOR S LIMITATIONS: Smoke detectors offer the eariest possibe warning of fire. They have saved thousands of ives. Specia appication rues can compensate for the imitations of smoke detectors. Smoke detectors may not provide eary warning of a fire deveoping on another eve of a buiding. Detectors shoud be ocated on every eve of a buiding. Detectors may not sense a fire deveoping on the other side of a cosed door. In areas where doors are usuay cosed, detectors shoud be ocated on both sides of the door. As aready indicated, detectors have sensing imitations. Ionization detectors are better at detecting fast, faming fires than sow, smodering fires. Photoeectric smoke detectors sense smodering fires better than faming fires. Because fires deveop in different ways and are often unpredictabe in their growth, neither type of detector is aways best. A given detector may not
Anaysis of Security Issues of ATM 148 aways provide significant advance warning of fires when fire protection practices are inadequate, nor when fires are caused by vioent exposions, escaping gas, improper storage of fammabe iquids such as ceaning sovents, etc. TYPICAL SYSTEM LAYOUT WIRING SUPERVISION The initiating circuits that connect smoke detectors to a contro pane shoud be supervised to detect and annunciate a faut (troube) condition that coud interfere with the proper operation of the circuit. Smoke detectors are generay categorized as either 2-wire or 4-wire detectors. Two-wire detectors derive their power from their connection to the fire aarm contro pane aarm initiating device circuit. Since they are dependent on the initiating circuit, these 2-wire detectors must be tested and isted for compatibiity with the associated contro pane, to ensure proper operation. Four-wire detectors are powered from a separate pair of wires, and, ike the 2-wire detector, appy an eectrica short across the associated aarm initiating device circuit to transmit an aarm. Because they do not derive power from the aarm initiating device circuit, eectrica compatibiity is predicated upon the operating parameters of the power suppy to which the detectors are connected, and not the initiating circuit. Supervision of the power to 4-wire detectors is mandated through the use of an end-of ine power supervision reay. When power is on, the reay contacts of the end-of-ine reay are cosed and connected in series with the end-of-ine resistor beyond the ast initiating device. Loss of power at any point in the power suppy circuit wi cause the reay to de-energize and a troube con-
Anaysis of Security Issues of ATM 149 CLASS A CIRCUITS: Cass A circuits aso differentiate between short circuits across the oop and open fauts on the oop. Supervision is accompished by monitoring the eve of current passing through the instaation wiring and the end-of-ine resistor, which in a Cass A circuit is an integra part of the fire aarm contro pane. Cass A wiring must return to and be terminated in the contro pane. This technique requires that a minimum of four conductors terminate at the pane. It aso requires the fire aarm contro pane to monitor Cass A circuits. The additiona circuitry necessary for Cass A supervision enabes the contro pane to condition the initiating circuit to monitor the initiating circuit from both ends when in a troube mode due to an open faut on the oop. This conditioning ensures that a devices are capabe of responding and reporting an aarm despite a singe open circuit or non-simutaneous singe ground Wireess Circuits Wireess detectors and their interna transmitters use one or more interna batteries as the source for their operating power and are UL isted. Supervision of the interna battery power source is incorporated within the smoke detector circuitry. If the battery power source depetes to the threshod specified by UL, the smoke detector wi sound a oca aert and initiate a troube signa once per hour for a minimum of seven days or unti the battery or batteries are repaced. The wireess initiating devices are supervised for tamper and/or remova by initiating a distinct troube signa. Each wireess device aso initiates a test transmission every hour to verify the communication circuit. Any device faiing to communicate is identified on the contro pane no ess than every four hours.
Anaysis of Security Issues of ATM 150 I INITIA INITIA FIRE ALARM Figure 4.8 Cass B Circuit Cass B circuits differentiate between short circuits across the oop (aarm) and open fauts on the oop (troube). Supervision of this circuit is accompished by passing a ow current through the instaation wiring and an end-of-ine resistor. The fire aarm contro pane monitors the increases or decreases in the supervisory current and sends an aarm or troube condition, respectivey. A singe open in a Cass B circuit disabes a devices eectricay beyond the open GENERAL ZONING GUIDELINES: The faster the source of an aarm can be pinpointed, the faster action can be taken. Athough forma rues for zoning are not given in fire protection codes, an exception is the rue for wireess devices stating that each smoke detector must be individuay identified. It is aways advisabe to zone any system that contains more than a sma number Fire Safety Functions. Often smoke detectors are utiized to contro anciary equipment. Care shoud be taken to ensure that detectors utiized in such a manner are approved for their intended purpose. A few of the typica appications are as foows:
Anaysis of Security Issues of ATM 151 to contro the fow of smoke in air handing and air conditioning systems, to reease doors to contain smoke in a fire situation, to reease ocks to aow exit in a fire situation, to capture and reca eevators in a fire situation, to activate a suppression system. Spacing and pacement requirements for detectors used in reeasing service may be different from detectors used in conventiona open area appications. 4-wire detectors are recommended in these situations because the contro pane and detectors used wi affect the power requirements. More than one detector reay on a circuit may not receive enough power from the 2-wire circuit to operate during an aarm. NFPA pubishes standards for the proper appication, instaation, and maintenance of automatic smoke detectors. The principa codes and standards, which shoud be reviewed before specifying or instaing automatic smoke detectors. The purpose of this guide is to provide information concerning the proper appication of smoke detectors used in conjunction with fire aarm systems. The guide outines basic principes that shoud be considered in the appication of eary warning fire and smoke detection devices. It presents operating characteristics of detectors and environmenta factors, which may aid, deay, or prevent their operation. The use of eary warning fire and smoke detection systems resuts in significant reduction in fire deaths. The sooner a fire is detected, the better the outcome for saving ives. This document provides guidance for the proper operation of fire detection systems for those who appy, insta, and maintain them. Correct instaation and maintenance of smoke detectors prevents unwanted nuisance aarms. Occupants can become desensitized when repeated nuisance aarms occur. In worst case scenarios, technicians coud disconnect aarms from the system to avoid the unnecessary disruption. Either situation negates a detector s potentia ife saving benefit, making the proper operation of an eary warning fire and smoke detection system indispensabe. This
Anaysis of Security Issues of ATM 152 document presents information for fire protection, mechanica, and eectrica engineers; fire service personne, fire aarm designers; and instaers. A key eement in the effectiveness of smoke detection systems is the atest version of NFPA 72 for instaation and testing of systems. Instaation must compy with a code requirements and directions from Authorities Having Jurisdiction (AHJs). AHJ directives aways take precedence over other codes and exercise fina authority over instaations and maintenance procedures, Testing aboratories test smoke detectors, contro panes, and other components of fire aarm systems to verify conformance with NFPA requirements and their own standards. Equipment that passes their tests is identified by a abe and/or isting. The manufacturers of the smoke detectors being used may be contacted for any pubished information pertaining to their products (I) TERRIBLE SYSTEM: The security provided by the Automated teer machine safe is of the foremost importance, the protection of associate degree Automated teer machine is improved by interoper Aarm and Hod-Up device. The system shoud be put in accordance with reevant standards and codes of fow and be maintained under contract. Associate degree interoper aarm associate degrees Hod-Up System wi soey offer a deterrent to associate degree attack on the associate degree Automated teer machine system and assist in conjuration a response by an acceptabe authority. The deterrent worth of the associate degree device protective a high steaing risk against competent and determined criminas is a smaer amount than for a coffee steaing risk. The speed and potency of the particuar response to the activation is thus of nice importance. It foows that the upper the strength of the Automated Teer Machine safe the bigger the worth of the device as a resut of a robust safe engthens the time out there for response. The Automated teer machine possess hooked up to that observers ready to detect strategies of attack doubtess to be used against a secure by criminas ike driing, ripping, percussion, exposives and every
Anaysis of Security Issues of ATM 153 one sorts of cutting. The detectors ought to be of a kind decared by the manufacturer to be appropriate to be used with associate degree Automated teer machine. The detectors ought to be put in consistent with any recommendations or directions provided with them however atogether cases: (a) One to be hooked up to every door to the ATM safe, one to be hooked up to the ATM safe esewhere than on the door (s). (b) Every door to the Automated teer machine safe ought to be fitted, in positions inaccessibe from outside the Automated teer machine, with a method designed to convey associate degree aarm condition once the door, the ock or bot(s) of the door don t seem to be within the secure position. Associate degree aarm condition ought to be once the door(s) of the Automated teer machine safe is/are not cosed and secured. (c) Throughout associate degree amount that the premises containing an Automated teer machine area unit unattended, the traditiona approaches to the Automated teer machine ought to be protected additionay by movement detector(s) of the specification giving the simpest out there sensitivity, dependabiity and resistance to interference (e.g. Masking). it s essentia that the system stye takes account of the chance of fase aarms, e.g. : from the activity of ceaners etc. (J) HOLD-UP TRIGGERING DEVICES: (a) One or a ot of hod-up triggering device(s) ought to be fitted within and/or near the Automated teer machine to be used throughout oading/maintenance procedures. The device(s) ought to be paced for simpe use and minimum risk to workers. (b) Instead or to boot, wire-free hod-up triggering aarm (s) ought to be carried by the person(s) supervision oading/maintenance procedures. In most cases these area units to be more popuar to mount devices.
Anaysis of Security Issues of ATM 154 (c) Hod-up triggering devices may be engineered into the management and signifying instrumentaity and/or (d) Hod-up triggering device(s) shoudn t be paced in a section to that the genera pubic have access and since this may create to fase aarms. (K) SUPPLEMENTARY MANAGEMENT INSTRUMENTS. CONTROL AND INDICATING INSTRUMENTS (a) The management and indicating instrumentaity to the device protecting the Automated teer machine ought to be cited among the word protected by the system and not accessibe to the genera pubic. Wherever doabe a method of making a hod-up aarm condition ought to be incorporated within the management and indicating instrumentaity. (b) Care is {required} that the protection to the Automated teer machine is active once required, i.e.: that it s not unset due, for instance, to its being encosed in zones protective different areas. Ideay a of the protection provided to the Automated teer machine ought to get on one zone of the system and aso the hod-up triggering devices on another. (c) Automated teer machine aarm signas ought to wherever doabe be distinguished at the Remote observation Centre from those of different components of the instaation and conjointy distinguish between hod-up and intrusion. WARNING DEVICES (a) A native warning devices ought to be instant. Wherever a deay is needed, this to be for the minimum amount acceptabe to the acceptabe authority.
Anaysis of Security Issues of ATM 155 (b) Hearabe warning devices, ike bes or sirens, shoudn t operate upon the activation of anti hod-up devices. USE OF LIFE SCIENCE IN ATM SECURITY: Though not in India, Biometric Authentication have been successfuy used within the banking system within the context of Automated teer machines. A ife science system may be: Biometrics detais of a cient (account hoder) to be vaidated or demonstrate victimization physica, activity attribute or their characteristics. These characteristics shoud be verified automaticay. The identification has the advantage of checking the user s persona attribute or characteristics. These characteristics wi be physica ones ike fingerprints, face, iris or activity ike voice, written signature, keyboard sound etc. This resuts in a doabe spit within the typicay referred to as what we tend to area unit i.e. physica ife science and what we tend to do i.e. activity ife science. Activity characteristics are a unit ess stabe than physica characteristics. OPERATING ON BIOMETRIC SYSTEMS: To demonstrate the user in biometric systems, Automated teer machine ATM usage typicay, works on two-factor authentication requiring one thing you have got i.e. associate degree ATM card and one thing you recognize i.e. a PIN code or a countersign otherwise you are a unit i.e. ife science it shoud be Fingerprinted, Face, Iris etc.. The identification has the advantage of checking the user s persona characteristics. These characteristics wi be physica ones ike fingerprints, face, iris or activity ones ike voice, written signature, keyboard sound etc. To use an associate degree Automated teer machine presenty, demands having a card that must be excusabe by PIN as a second issue authentication. There have been some experimenta testing situations in reference to machine machines at the tip of the twentieth century. In recent years the banking organizations everywhere the panet have enforced new Chip card and PIN authentication schemes in machine machines so as to cut back card fraud prices. Identification is used to verify a person s identity by activity digitay bound human characteristics and compare those measurements with peope who are hoding on in an exceedingy exampe for that very same person. Tempates wi be hod on at the biometric device, the institution s
Anaysis of Security Issues of ATM 156 information, a user s positive identification, or a sure Third Party service provider s information. There area unit 2 major casses of biometric techniques: physioogica (fingerprint verification, iris anaysis, hand geometry-vein patterns, ear recognition, odor detection, DNA pattern anaysis and sweat pore anaysis), and activity (handwritten signature verification, keystroke anaysis and speech anaysis). Recenty, Biometric Automated teer machine unit have been introduced to be used beside ATM card. This can be positivey impacted on the number frauds if absoutey enforced. Most deveopment has created identification wherever pam vein is empoyed as a method of authentication. When, in situ of cards, some biometric options ike iris, membrane scans or face area unit captured and more authentication is competed by pam or fingerprint, then Automated teer machine transactions can t be done except by the authentic owner of the account. We can divide the identification in 2 totay different areas : 1. Physica 2. Behaviora Physica Fingerprint Retina/ Iris Face recognition Voice DNA Ear Behaviora Handwriting Signature Handgrip dynamics Voice dynamics Lips dynamics Gait Shape Tabe : 4.1 types of biometric identification
Anaysis of Security Issues of ATM 157 In the above tabe 4.1 few biometric recognition patterns are shown. FINGERPRINT RECOGNITION Fingerprint recognition reies on the imaging of the fingertips. The structure of a fingerprint ridge and vaeys is recorded as a picture or digita exampe (a simpified information, minutiaebased most of the time) to be more compared with different pictures or exampes for authentication or verification, see figure1 picture of fingertips are captured with specific fingerprint sensors. Figure : 4.9 Fingerprint Ridge and Vaey Among a the biometric techniques, fingerprint-based identification is a ot of known technique that has been with success used in Automated teer machine user authentication. A fingerprint coud be a set of skin ines, domesticay parae, named ridges and empty area between 2 consecutive ridges named vaeys. The 3 internationa shapes of this pattern, divided in arches, oops and whors, area unit the primary eve of knowedge we tend to might examine to cassify fingerprints. The common worth of ridge to ridge frequency is about regarding 0.5 a
Anaysis of Security Issues of ATM 158 mm and aso the average worth of the vae to ridge height is of regarding 0.1mm. By convention, the fingerprint image is dispayed because the trace the inked finger woud go away on a paper, or, in different words, because the atent print of the finger. After a this 1st eve data is useess to proceed with fingerprint verification. Fig 4.10 Trivia Specific Point The figure above shows he Fingerprint s trivia specific point of a person indicating wherever a ridge is ending or bifurcating. Figure 4.11 Points Extracted From A Fingerprint
Anaysis of Security Issues of ATM 159 The above figure shows points extracted from the finger print of a person, the pattern of extraction are enough and reiabe fingerprint verification authentications in biometric method. The second eve of knowedge used is trivia. These are specific point of the Fingerprint wherever a ridge ends or bifurcates. Tens of such points are aso to be extracted from a fingerprint for data to be enough to proceed with reiabe fingerprint verification. This is one of the way of that authentication method can used to visuaize the beievabiity/ authenticity of the user. Forensic sciences are conducting fingerprint identification for over 100 years for identification of criminas. Other, however not adequate, second eve data area unit core(s) and deta(s) ocation, The pattern of ridges and vaeys, with its trivia, core(s) and deta(s) area unit distinctive to every individua (different even for identica twins) and this pattern is thought to be stabe throughout the time period[54]. The third eve data are pores ocation on the ridges the empoyment of pore ocation is young, and coming back with the deveopment of recent generation fingerprint sensors, ready to capture such detais. As present, fingerprint recognition agorithms victimization system doesn t seem to be mature enough to exchange minutiae-based ones. RETINA/IRIS RECOGNITION User authentication supported the attention spits in 2 famiies: 1- Iris recognition reies on the extraction of representative information from the outwardy visibe coored ring round the pupi, whereas 2- membrane recognition reies on the anaysis of the vesse pattern paced within the posterior portion of the attention.
Anaysis of Security Issues of ATM 160 Figure 4.12 Iris And Retina Identification Process The automatic technique of iris recognition, during this the iris coud be a musce among the attention that reguates the dimensions of the pupi, dominant the number of sunshine that enters the attention. The coor reies on the number of endocrine pigment among the musce. Iris imaging needs use of a top quaity camera. Today s industria iris camera generay use cose to infrared radiation to iuminate the iris whie not inficting hurt or discomfort to the cient. FACE RECOGNITION: Face recognition reies on the imaging of the face. The structure of the face is recorded as an image or digita tempate a penty, non-mature, simpified information formats for more comparison. Eary face recognition agorithms used straightforward geometric modes, however the popuarity method is currenty stirring into a science of refined mathematica representations and matching processes. Major advancements and initiatives within the past 10 years have propeed this technoogy into the spotight.
Anaysis of Security Issues of ATM 161 Figure 4.13 Facia Recognitions Points The authentication method coud be a comparison between a preregistered reference image, or exampe (representative information extracted from the raw image, engineered throughout associate degree registration step) and a new captured candidate image, or tempate. Looking at the correation between these 2 sampes, the formua can verify if the someone is accepted or rejected. This appied math method resuts in a Fase Acceptance Rate (FAR) i.e. the ikeihood to simpy accept a non-authorized user and a Fase Rejection Rate (FRR) i.e. the ikeihood to reject a icensed user. VEIN PATTERN RECOGNITION The Vein Pattern technoogy works on characteristic the hypodermic (beneath the skin) vein patterns in associate degree individua s hand. Once a user s hand is paced on a scanner, a near-infrared ightweight maps the situation of the veins. Figure 4.14 Vain Patterns for Biometric Identification
Anaysis of Security Issues of ATM 162 Figure 4.15 Vain Pattern Recognition Points The red bood ces gift within the veins absorbs the rays and show up on the map as back ines, whereas the remaining hand structure shows up as white. When the vein exampe is extracted, it s compared with an antecedenty hod on patterns and a match is created. Above mentioned biometric securities issues are hepfu and acceptabe for enhance the Automated teer machine security from dishonest attacks on system. 4.3 SOFTWARE SECURITY: Software security in terms of Automated teer machine coud be a major concern. There are 2 sets of software empoyed in Automated teer machine. One is that the package and another is that the program that works for different user operations on machine. In current generations of Automated teer machine the windows XP package is empoyed for many of the Automated teer machines. To use the windows XP in new Automated teer machines is its dependabiity and safety features that make the system safer and protected with package attacks. Windows XP permits the configuration of coarse security settings through the Loca Security User Rights management what actions specific users and/or teams are permitted to perform on the system. These restrictions wi create the package security a ot of robust in terms of an operation of associate degree Automated teer machine and create the system safer. Here is few operating operations and their actions are a unit mentioned beow by that we are abe to set the actions for specific tasks.
Anaysis of Security Issues of ATM 163 SECURITY SETTING FOR USERS/GROUPS Working Type Action Access this computer from the network No one Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Change the system time Back up fies and directories Aow ogon through Termina Services Create a token object Debug programs Deny ogon as a batch job Enabe computer and user accounts to be No one No one Administrators Administrators Administrators No one No one Administrators No one No one trusted for deegation Load and unoad device drivers Administrators Perform voume maintenance tasks Administrators Modify firmware environment vaues Administrators Manage auditing and security og Administrators Take ownership of fies or other objectsadministrators Tabe : 4.2 security settings for user s and groups
Anaysis of Security Issues of ATM 164 Windows XP permits the configuration of granuar security settings through the Loca Security Poicy. The recommendations beow ought to be anayzed and tested on non-production Automated teer machines to make sure compatibiity with specific Automated teer machine package versions, appications and operationa support needs. To boot, consut the Automated teer machine seer/manufacturers for a determination on specific settings isted beow. Poicy Recommended Security Setting Status/Action Accounts : Administrator account status Enabed Limit oca account use of bank passwords to consoe ogon ony Rename administrator account Enabed Rename Audit : Shut down system immediatey if unabe Disabed to og security audits Audit : Audit the access of goba system Not Defined Objects the use of Backup and Restore Not Defined priviege Devices : Aowed to format and eject removabe media Aow unock without having to og on Administrators Not Defined
Anaysis of Security Issues of ATM 165 Prevent users from instaing printer Enabed Drivers Unsigned driver instaation behaviour Warn but aow instaation Domain controer: Aow server operators to schedue tasks Not Defined Domain member : Digitay encrypt or sign secure channe data (aways) Not Defined Digitay sign secure channe data (when possibe) Disabe machine account password changes Enabed Maximum machine account password age Enabed Require strong (Windows 2000 or ater) session key Disabed 7 days Enabed Interactive ogon: Do not dispay ast user name Enabed Interactive ogon : Do not require CTRL+ALT+DEL Disabed
Anaysis of Security Issues of ATM 166 Microsoft network cient : Digitay sign communications (aways) Not Defined Digitay sign communications (if server agrees) Enabed Send unencrypted password to third-party SMB servers Disabed Microsoft network server : Amount of ide time required before suspending session 15 minutes Digitay sign communications (aways) Not Defined Digitay sign communications (if cient agrees) Enabed Network access : Aow anonymous SID/Name transation Disabed Do not aow anonymous enumeration of SAM accounts Enabed Do not aow anonymous enumeration of SAM accounts and shares Disabed Let Everyone permissions appy to anonymous users Not defined Remotey accessibe registry paths Not defined Named Pipes that can be accessed anonymousy for oca accounts Sharing and security mode
Anaysis of Security Issues of ATM 167 Network security : Do not store LAN Manager hash vaue on next password change Enabed Force ogoff when ogon hours expire Disabed LAN Manager authentication eve Send NTLMv2 response LDAP cient signing requirements ony/refuse LM & NTLM Minimum session security for NTLM SSP based (incuding secure RPC) cients Negotiate signing Minimum session security for NTLM SSP based (incuding secure RPC) servers Require NTLMv2 session security, require 128 bit encryption Recovery consoe : Aow automatic administrative ogon Aow foppy copy and access to a drives and a foders Shutdown: Aow system to be shut down without having to og on Shutdown: Cear virtua memory page fie Disabed Disabed Disabed Enabed System cryptography : Use FIPS compiant agorithms for encryption, hashing, and signing Enabed Tabe:4.3 Poicy Recommended Security Setting and their status
Anaysis of Security Issues of ATM 168 4.4. LOGICAL SECURITY : Automated teer machines have begun to use industry-standard and mutivendor hardware architectures (with USB connections for peripheras, oca area network and IP communications), in operating systems and customary appication ayer deaing protocos, introducing substantia changes within the means Automated teer machines are depoyed and put in. New reaity wherever a ot of and a ot of Automated teer machines are paced off-premises and Automated teer machines acquirer networks area unit a ot of typicay owned and controed by freeance Automated teer machines operators. There is such a arge amount of fraud cases on ATMs has come into the notice during which crimina activities have junction rectifier to penetration of Automated teer machines networks and unauthorized distribution of money. Automated teer machines are getting a ot of and a ot of refined in terms of scae, utiized technoogy, funding, coming up with and execute. Automated teer machines fraud is high of mind for a monetary estabishments and has created them invoved regarding the integrity of their Automated teer machines package stack and their risks on monetary and name osses. Logica security compusory through deveoping secure payment systems moreover as in network and appication penetration testing (certified mora hacking) and rhetorica anaysis cose compromises of cardhoder information, has permitted to deveop a seected and goa oriented approach to vunerabiity assessment of Automated teer machines and associated ogica security protection to known and unknown attacks. Expoiting combined vunerabiities and aso the deveoped maware program code in operation on the standardized process, in this sort of hacking, hacker is in a position to begin unauthorized money dispensing from the Automated teer machines by accessing the Automated teer machines at a sef-seected time and date. The resut with cash-out wi be timey deayed or triggered by a predefined device. Logica security is taken into account on these sorts of risks given in Automated teer machines to reduce the attacks. Compromises of cardhoder information, has aowed to deveop a seected
Anaysis of Security Issues of ATM 169 and targeted approach to vunerabiity assessment of Automated teer machines and associated network ogica security protection to proverbia and unknown threats. The foowing strategies wi be empoyed in the associate degree attack: The offender wi attempt to buid amendment and/or deete information in/from databases or transmit queries to Information bases that come back a ot of data than the system woud do once operating propery. Secure Socket Layer man-in-the-midde attacks: If an associate degree offender with success carries out associate degree SSL man-in-the-midde attack He wi sniff information into the encoded tunne, see, amendment and take a ook at to fasify it, just in case such decoded ogin Data and sensitive data area unit transmitted among the tunne. Session-hijacking attacks wherever the offender can attempt to takeover user-sessions and see, change, fasify or deete any user-data. Test on repay potentiaities wherever it s tested to check if the info from one shopper wi be recycabe through Information discosure: provocation of error messages to achieve version detais of services. This provides some carefu data regarding the server services and their configuration, At an equivaent time provides data regarding security vunerabiities, consequenty permitting targeted attacks. Tests of buffer or a heap overfow (POST) attacks whereby a DoS wi be caused by movement down or phase change the server service. It be doabe to open a root-
Anaysis of Security Issues of ATM 170 she and gain compete body access to the system, add further users or compromise the system in our own way (e.g. By putting in key oggers etc.). Spoofing and fuzzing: generay appied in an exceedingy back-box approach to seek out vunerabiities by manipuating protocos, fies, etc. Appy brute force strategies or otherwise expoit weak cryptography Based on previous anaysis or no heritabe documentation, the offender can verify and use vunerabiities through anaysis and investigation of interfaces and protocos. In this sort of ogica security probems an avid Whitebox approach appicabe at the amount of Automated teer machines contros. Expoiting combined vunerabiities and aso the injection of deiberatey deveoped program code (maware) in operation on the XFS standardized interface. They put in package incudes the (hardened) package, the Automated teer machines appication (end-user appication moreover because the administration appications, for instance, appication package downoading, package updates, observation of the Automated teer machines), the periphera drivers and aso the computer code (hardware intimate code). Usuay, mechanisms are a unit in situ to observe an ateration of the package. As a of the periphera are in restraint of the Automated teer machines, they re a doubtess candidates for attacks. Vunerabiity assessment and penetration testing area unit centered on the chances of manipuating the (arrow-ined) interfaces, with the aim to see if unauthorized access or different maicious activity may ead to unauthorized distribution of money. Typica penetration testing incudes network and appication ayer testing moreover as contros and processes round the networks and appications. A typica API approach ought to be appicabe for accessing associate degrees manipuating the assorted periphera devices of an Automated teer machines. Access to interface commands ought to be restricted through the access management mechanisms of the Automated teer machines package. As totay different interpretations of the quaity exist, typicay, a middeware ayer is empoyed to even out the variations between varied patforms.
Anaysis of Security Issues of ATM 171 This middeware ayer is sometimes the resuts of a proprietary deveopment by the Automated teer machines manufacturer, typicay requested by Automated teer machines operators to possess specific practicaity encosed for his or her specific purpose and thus a ot of prone to attacks expoiting weaknesses during this management ayer. APPROACH TO PENETRATION TESTING The foowing documents as a baseine in paying penetration testing: Documentation for Penetration tests, BSI (Standardization of information and data Security) Ethica Hacking and Countermeasures pointers, EC Severa trade Best Practices These documents are the inspiration for Penetration Testing Approach during which the subsequent phases and approaches are defined: Figure: 4.16 penetration testing approach phases
Anaysis of Security Issues of ATM 172 Referring to the amount of information provided on systems, architectures, networks, appications, in operating systems, procedures, access mechanisms, etc., initia anaysis and actua testing wi be performed on the premise of 3 totay different approaches mentioned within the image above: Back-box approach, accuratey simuating associate degree actua outsider hacker with no or restricted previous information on any of the higher than things. Pubicy out their data (view as an exampe queries on search engines, maiing ists, newsgroups, pubic databases and different web sources) is coected to seek out out regarding proverbia maware and expoits. Aso, passive and active assessment of environmenta data through e.g. packet-sniffing, port scans, OS and appication process, service identification, desktop firewa evasion, IPS/IDS detection and network mapping is empoyed to seek out out regarding probabiistic existent vunerabiities. Greybox approach, with a narrowed down scope and with an avid target one threat situation with one entry purpose at bound suspected components of the ATM. This approach wi be hepfu just in case the ATM operator needs to receive a ot of carefu investigations on a seected (e.g. Known) insider attack, whie not aready reveaing a out there (and principay confidentia) data. Reverse engineering (if not restricted by native aws) as a technique to know the appying ogic wi be a part of this. Whitebox approach, accuratey simuating associate degree actua insider hacker assautive with within information up to the amount of knowedge that bank branch workers, IT workers or Automated teer machines manufacturer technica workers have. A Whitebox approach assumes information of e.g. manufacturer s product documentation, interface descriptions and protoco data, appications, programming anguages, package deveopment ife cyce, priviege management, work mechanisms, data on security and committed to writing poicies (e.g. Hardening guideines) and patch management, manufacturer test- and debugging toos, suppy codes, access to
Anaysis of Security Issues of ATM 173 manufacturer technica workers, etc. additionay and if not absoutey and firmy encrypted, a core Automated teer machines memory device wi be investigated via rhetorica associate degreeaysis (on a virtuaized associate degree secure rhetorica copy of the initia information) to mimic the case of an offender possessing an Automated teer machines device when steaing with the aim to assess that confidentia or essentia data (e.g. The card data, cient information, ogin credentias, etc.) is offered. The increasing quantity of knowedge provided within the higher than 3 approaches is directy proportiona to the ikeihood of success in assautive the Automated teer machines. A approaches aim to achieve carefu information of transport and appication ayer protocos on each interna and externa interfaces and just in case a vunerabiity is detected and soey when the specific agreement of the Automated teer machines operator or effort bank cient, specific program code (maware) wi deiberatey be deveoped that s want to prove the vunerabiity idea. 4.5. COMMUNICATIONAL SECURITY: In the networking system information communicates in communicationa ines.norma information transmission wi communicate in the traditiona type of however confidentia information might transmit within the kind of encrypted form o that no-one wi hack the direction from communicationa ines. The banking sector is one in a the vita sector wherever a sort of monetary data send through the communicationa ines and it desires the high security of knowedge. Varied encryption agorithms are a unit want to defend the info among a network for eectronic communication. Automated teer machines is additionay associate degree exampe wherever we d ike high security of knowedge in terms of knowedge communication from Automated teer machines to bank Server and contrariwise.
Anaysis of Security Issues of ATM 174 NETWORK COMMUNICATION LINE: Communicationa security in Indian banking industry, off-premise or remote Automated teer machines area unit deary-won to contro, primariy due to the vaue of the chartered teecommunication ines that banks have required to make sure the best eve of security between the Automated teer machines associate degreed its server (or deaing processor an externa third-party eement (hardware device) that inks with bank databases and authorizes transactions). Chartered ines area unit generay terriby deary-won, particuary reative to the vaue of empoying a pubic network, which might be as very itte as ten % of the monthy vaue of a chartered ine. The appearance of wireess ceuar networks has conjointy created it doabe to avoid provisioning and putting in a wire ine that is additionay deary-won and ong. The first drawback with empoying a pubic network has been eectronic communication security. As a resut of a giant companies and monetary institutions company networks area unit connected to a pubic network (i.e., the Internet), and since kingdom has centered its crimina efforts on steaing individuaity data, monetary data, money, and trade secrets, web property has created a repacement avenue to achieve embezzed access to direction. There is a unit such a arge amount of efforts area unit created to keep up and improve information security around enterprise networks. As a resut of Automated teer machines systems ought to be protected by a minimum of an equivaent eve of security as different enterprise systems, chartered ines are wont to create the Automated teer machines system a vicinity of the company network. In the same sequence connecting to associate degree Automated teer machines to a bank s Automated teer machines server over the net compromises the enterprises security soutions, exposing Automated teer machines systems to attack. Banks, however, ike a giant enterprises, area unit perpetuay chaenged to cut back in operation prices in each section of their businesses. The fexibiity to cut back the first budget items of associate degree Automated teer machines
Anaysis of Security Issues of ATM 175 (the chartered ine property charges) creates an awfuy engaging come back on investment. Bank enthusiasm for past market soutions has been restricted due to the reduction in security and aso the corresponding risk of a security breach that might harm the bank s name and monetary stabiity. the utimate issue concerned in changing from wired eased-ine property to wireess ceuar property is wireess carrier spec. Wireess carriers have typicay catered to cient markets and area unit invoved soey regarding providing a reiabe, ow cost association to the net. Sady, ceuar communications wi be too simpy eavesdropped, captured, or jammed. In essence, this vioates the Gramm-Leach-Biey Act that states that monetary transactions shoud be firmy transmitted. Since the addition of security or re-architecture to denationaize their networks adds a ayer of quaity that raises instrumentaity and support prices, carriers haven t been wiing to create those investments. Instead, they use routabe, pubic addresses with scant segmentation, exposing their cient and company customers to vunerabiity scans and attacks that wi compromise information or expoit compromised devices to attack different devices. Sady, most carriers think about any new design that interferes with a straightforward data-com pipe business to be too speciaized and outdoors their core business. Due to the mixture of carrier individuaistic security attitudes and aso the vita come back on investment for victimization the genera pubic web as a transport mechanism for Automated teer machines transactions, there exists a right away went for an extremey secure ceuar design meant for monetary transactions and services. to the current finish, JBM physics has partnered with Communications and Security Compiance Technoogies (CSCT) to deiver resoution an answer} that fufis this want whie not requiring the repacement of existing Automated teer machines within the fied a serious advantage over any soution presenty being thought by the carriers themseves.
Anaysis of Security Issues of ATM 176 DATA ENCRYPTION TECHNIQUES: Data encryption technique for secure eectronic communication in banking and ATM transactions: In Automated teer machine for secure eectronic communication, varied encryption strategies area unit used. These are: DES AES 3DES RC4 EPP DES is that the customary for eectronic communication. DES (Data cryptography Standard) is that the transformation (of data or information) to a type that is not possibe to scan whie not the acceptabe knowedge or key. Information cryptography customary (DES) was deveoped to suppy data security in network by associate degree IBM team around 1974 and adopted as a word customary in 1977. Encryption customary (DES) coud be a customary cryptoogica system with the sort and mode symmetry formua. Cryptoogica agorithms empoyed in DES that is named the info cryptography formua (DEA) is that the process of bits within the kind of bock cipher (Cipher bock). DES coud be a bock cipher victimization sixty four-bit bocks and victimization externa key ength of 64 bits moreover (same with a bock size). In DES, the method encryption (pain text) victimization the interior key or sub-key in fifty six bits are generated from the associate degree externa key. The procedure is competed by formua DES is as foows: Step 1: Paintext bock was permutated by initia permutation matrix (Initia permutation /IP)
Anaysis of Security Issues of ATM 177 Step 2: To dam the initia permutation proficiency eve in these enciphering method (Encryption) to try and do sixteen rounds (Round). During this method used interna keys for various every rotation. Step 3: The resuts of the enciphering method are permutated victimization reversa permutation matrix (the inverse initia permutation/ip-1) DES within the bood profie mode is empoyed for a cryptography. The Automated teer machines computer keyboard or EFTPOS teephone set contains an intrinsicay tamper-proof master kiometer proverbia soey to the machine and aso the host aptop. Each time the machine is started up (e.g. Every morning, associate degreed typicay a ot of frequencies) the host aptop sends to the Automated teer machines a repacement daiy key kd encrypted victimization kiometer and an initia deaing key kt conjointy encrypted victimization kiometer. The initia kt is empoyed for the primary deaing. For ater transactions a repacement kt is cacuated from kt:=kt ast MAC sent by the Automated teer machines this can be referred to as chaining the key kt; it s done to create it not possibe to record messages from associate degree ATM to its host machine then pay them back at a ater time. At the ater time the key kt can have atered since it s a operate of kd and every one the transactions that have occurred since the ast initia kt was oaded. A MAC (Message Authentication Code) used with associate degree Automated teer machines coud be a 64-bit range that s cacuated from associate degree unencrypted message by running it through DES with key kd victimization bood profie mode. The ensuing 64-bit bock is that the MAC. A transmissions area unit checked empoying a MAC. In impact the deaing key kt is itsef subject to bood profie cryptography.
Anaysis of Security Issues of ATM 178 FOR TRANSACTIONS ON ASSOCIATE DEGREE ATM: 1. The account range and name area unit scan from the card; the PIN is entered. Aow us to decision this the message. 2. From this message a corresponding MAC is cacuated then the message is encrypted victimization kt. Next the encrypted message and aso the MAC area unit sent to the host aptop. 3. The host decrypts the encrypted message victimisation kt to retrieve the message ; the host then uses the message to cacuate a MAC, and checks that this can be adequate the MAC sent with the encrypted message. This authenticates the message as having return from the Automated teer machines. The host then checks the account detais and PIN on its information, and if everything checks out propery it then repies with a go ahead message encrypted with kt, and foowed by its own MAC. 4. You enter the info for the deaing, and another message is made by the ATM, together with the date, time, Automated teer machines number, a sequence range, and detais of the deaing. this can be encrypted by the Automated teer machines victimization kt and sent (aong with its MAC). 5. When authenticating the Mack as before, and when checking the account baance etc., the host sends as OK to pay message together with the new baance etc., once more encrypted victimization kt and with its own MAC. In off-ine mode the PIN is checked against a PIN hod on in encrypted type on the ATM card. Detais of the deaing area unit recorded and ater transmitted to the host. As no confirmation from the host of your identity is offered, the withdrawa imits area unit typicay owers with this mode. EFTPOS is comparabe however incudes some bourgeois data moreover. It is conjointy
Anaysis of Security Issues of ATM 179 counseed that a random range is encosed at the beginning of every message, before the MAC is cacuated and before cryptography is competed. This can be to more increase the protection. ADVANCED CRYPTOGRAPHY CUSTOMARY (AES) : The Nationa Institute of Standards and Technoogy (NIST) has created AES, that coud be a new Federa science customary (FIPS) pubication that describes associate degree cryptography technique. AES coud be a privacy rework for IPSec and web Key Exchange (IKE) and has been deveoped to exchange the info cryptography customary (DES). AES is meant to be safer than DES: AES offers a bigger key size, whereas guaranteeing that the soe proverbia approach to rewrite a message is for associate degree interoper to do each doabe key. AES features a variabe key ength the formua wi specify a 128-bit key (the defaut), a 192-bit key, or a 256-bit key. AES ready to method six fod quicker compared with the tripe DES for an equivaent process capabiity. However the empoyment of tripe DES remains enough encountered thanks to the quickness of the COS giant enough to modify to the technoogy new. additionay, compared with AES, tripe DES impementation is fet a ot of appropriate for appication on the device hardware, ike network system communications, VPN network devices or at associate degree Automated teer machines. 3DES: DES was approved by the Yankee Nationa Standards Institute (ANSI X3.92) in 1981 as non-pubic sector cryptography customary and is that the most generay depoyed industria cryptoogica formua within the word. This formua uses a 56-bit key ength. Within the twenty years of its use, there have not been any findings indicative of recursive weakness. Despite the strength of the DES formua, advances in aptop speed and process power area unit approaching
Anaysis of Security Issues of ATM 180 the purpose wherever brute-force searches of its 56-bit key area wi be accompished among an inexpensive period of time. The Tripe DES formua answers this drawback by specifying 3 rounds of DES operations, effectivey increasing the key ength to 168 bits. 3DES coud be a revised variation of DES thanks to the requirement for higher eves of security. A the banks area unit victimization this cryptography customary for secure eectronic communication in an exceedingy pubic network. 3DES coud be a variant deveopment of DES (Data cryptography Standard) antecedenty noted as mutipe DES essentiay thanks to the tripe DES just continua use of DES; during this case repetition performed 3 times. Tripe DES is usuay caed TDES or by the term stands 3DES. Security issues within the use tripe DES, remains doabe there assaut with the empoyment of 232 Known-paintexts, 2113 steps, 290 DESdetermination, and 288 memory capabiity. DES40 formua, out there internationay, coud be a variant of DES during which the key key s preprocessed to suppy forty effective key bits. it s designed to be used by customers outside the USA and North American country WHO need to use a DES-based cryptography formua. This feature provides industria customers a seection within the formua they use, notwithstanding their geographic ocation. RSA RC4: It may be an extremey Secure, High Speed formua The RC4 formua, deveoped by RSA information Security opposition, has quicky become the de-facto internationa customary for high-speed encryption. Despite in progress makes an attempt by cryptoogica researchers to crack the RC4 formua, the soe possibe technique of breaking its cryptography proverbia these days remains brute-force, systematic idea, that is usuay unworkabe. RC4 coud be a stream cipher that operates at many times the speed of DES, creating it doabe to cipher even giant buk information transfers with stripped performance consequences. RC4_56 and RC4_128 RC4 coud be a variabe key-ength stream cipher. The Orace Advanced Security choice uneash eight.1.5 for domestic use offers associate degree
Anaysis of Security Issues of ATM 181 impementation of RC4 with five6 bit and 128 bit key engths. This provides robust cryptography with no sacrifice in performance compared to different key engths of an equivaent formua[55][56]. ENCRYPTED PIN PAD (EPP) : With traditiona keypads, the PIN entered by the cient is shipped in raw state via a cabe to a separate printed circuit modue containing cryptography integrated circuits. for many countries, this arrangement was satisfactory as a resut of the cabe ogic gate card area unit paced among the secure chest space of the ATM. so as to decrease PIN steaing fraud, VISA associate degreed MasterCard area unit currenty requiring an encrypted PIN pad (EPP) in situ of the computer keyboard. The EPP coud be a seaed modue that now and domesticay encrypts the PIN when entry. There are not any raw PIN numbers accessibe to eectronic hackers either by physicay sound onto wires among the ATM or remotey sensing no particuate radiation emitted. ALARM SYSTEMS: In order to safe guard the Automated teer machines at remote ocations as we as the user of Automated teer machine at such ocations, we have discussed that there is need to insta equipment capabe of raising aarm at poice station and the bank to which Automated teer machine for immediate interventions. Sounding of the aarm at the Automated teer machine is ikey to increase danger eve than mitigating the danger. There can three types of aarm, which can be fitted inside the Automated teer machine kiosks for the purpose and these are aarms working by sensing vibration, haet and smoke inside a teer machine housing. Detais of each types of these aarm are here under. q q q