Network/Communicational Vulnerability

11 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

of these machines is convenience The ATM environment is changing and that change has serious ramifications for the security of ATMs. Vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from bugs or design flaws in the system. A consumer becoming more dependent on ATMs and the proliferation of ATM debit cards, computer crime in this area is more likely to increase. This study is on the ATM vulnerability and security issues, which types of vulnerabilities are in system and which type of security we are providing in present and which type of new efforts we can make. The purpose of this study is to explain how ATM vulnerabilities occurs, causes and possible security solutions and designing a security model to prevent such loss and efforts to overcome them and provide more security over auto teller machine transactions.

ABSTRACT

Information technology is a rapid growing sector now a day. Daily new inventions are taking place in market. In financial sector especially the banking sector there are so many new technologies are taking place in financial operations.ATM is an important invention for banking sector. The wonders of modern technology have made it possible for bank customers to interact with an electronic banking facility as Automated Teller Machine (ATM) rather than with a human Being for cash transactions. Electronic banking is one of the newest services offered by almost all banks to their customers. Electronic banking involves amongst others, Automated Teller Machine (ATM), Point-Of-Sale (POS), and Telephone banking and so on. The high cost of setting up and operating full-service branch offices has led recently to a sharp expansion in limited-service facilities such as Automated Teller Machines (ATMs). The use of ATM has grown rapidly in popularity because of its low banks transactions costs and customers convenience which has made it a basic element of today’s financial service offering. However, the ATM which is meant to serve the customers better is now becoming a frightening for some

(2)

customers because of fraud perpetuated in their accounts through ATM withdrawals. This unpleasant experience by customers is one of the challenges of the ATM through all over the world. As the ATM works without any human teller interactions It is designed with so many security features so that a costumer can perform banking financial transactions without any problem with secure transactions but remain there are some vulnerabilities are there which make the transaction unsuccessful and unauthorized transactions can be made using ATM . This research analyzes such vulnerabilities and security issues the ATM challenges and to extend suggestions that would enhance better bank-customer services with protected environment. The subject of this thesis is the analysis of vulnerabilities and security issues is an analytical design of a generic process framework along with a novel approach for finding various vulnerabilities in ATM system process and providing securities towards the ATM transactions. In this study, the necessary background is provided by examining the recent past, evolution and the vulnerabilities occur in ATM transaction and various security issues and future trends of the new secure authentication and transaction authorization. This study is an analysis of various vulnerabilities /attacks /weaknesses and threats found in Auto teller Machine and its transactions. The first step of this study is to identify the various types of vulnerabilities related to ATM and its transaction security aspects as identified at the analysis and related security issues towards their technical aspects as emerged during the research phase. These challenges are presented in this study. In next phase of this study we analyze various security issues and related solutions related to ATM security to provide the existing security solutions available in current scenario together with a detailed analysis on the research topic. Finally, the in this research we proposed a conceptual frameworks (model) for prevent the unauthorized access of ATM and enhanced the security towards illegal or unauthorized access of an banking transaction .finally in the conclusion the practical deliverables of this thesis are summarized, along with the possible solution and with an open research area for further research.

In this study we have divided the overall thesis in 6 chapters to explain all the topics properly and self explanatory. Chapter I includes the basic introduction about the banking operations especially about the role of Auto Teller machine in banking operations and its importance, definition, history of ATM and its basic diagram with role of different components, This chapter includes the internal architecture of an ATM with their different components ,and their operation

(3)

process like input unit, processing unit , output unit, keypad, card reader ,encryption process ,transmission, authentication process of the data communication process etc. use of each component of machine. In this chapter we have mentioned step by step processing of the data ,how the card reader read the information from the card, how it process in ATM ,how it verify and authenticate the data and pin verification and how it communicate the data from ATM to bank server and and bank server to ATM, how it transmit the data in a network .A context level Data flow diagram is mentioned in this chapter to better understand the working process of ATM .In post phase of this chapter we have mentioned types of ATM and its advantages and disadvantages.

Chapter 2 is of review of literature, in which we have tried to include maximum literature available on ATM process and its transactions process, I have reviewed more than 30 articles/ research papers and white papers related to vulnerabilities and securities and personal interaction/ interviews with ATM manufacturers, technical persons who manages ATM operations, network professionals, banking officials etc. which are concluded in this chapter. Various types of vulnerabilities which are recognized/find by different researchers are concluded in this chapter in summarized form which is used by me to conclude the vulnerabilities exist in current scenario and helped in my research. Summary of various research papers published on ATM also included. We have also tried to include the literature on the topic available from various sources. it was a very tedious task for us to arrange or collect the literature data on ATM because of the high security and confidentiality concerns it was very difficult to get the ATM security related information from concern sources. This chapter divided in two parts .in first part various vulnerability related literature described and in post phase all security concerns mentioned. Here I conclude some types of security issues in post phase of this chapter which are published in various research papers, articles in various journals.

Chapter 3 is analysis of vulnerabilities. As my research topic is analysis of vulnerability and security issues, in this chapter we have mentioned various vulnerabilities which are exist in current scenario and in Automated teller machine transactions are discussed here. we have divided the overall types of vulnerabilities in major three categories, these are

(4)

l Operational /Logical Vulnerability l Network/Communicational Vulnerability

Physical vulnerabilities are those weaknesses which are due to manufacturing defect or some physical weakness in parts of ATM.eg: stolen of ATM, ram riding, cash vault cutting due to weak structure or improper physical installation of machine.

Operational/logical vulnerability are those weaknesses which are due to wrong operations in internal process of system like wrong verification of card, duplicate card reading, skimming, more session time of transaction, wrong dispensing of money etc. there are few types of vulnerabilities are mentioned in this thesis which defined the operational vulnerabilities.

Network (Communicational) vulnerabilities are those vulnerabilities which occur when the data communication is not secure. at the time of data communication in ATM or in network communication (ATM to Bank and vice versa) if data is not secure any hacker can hack the confidential data within the communication process and use it in fraud financial operations. in this thesis I have tried to mention such vulnerabilities which are exist in communicational process of banking transaction which make the confidential data communication more vulnerable and hackers or unauthorized persons can access the data and use it in fraud operations.

In this chapter we have described various types of vulnerabilities, threats and types of attacks can occur at the time of ATM transactions or with user and ATM itself. Here we discussed various methods and types of weaknesses in the existing ATM system and how they are harmful for banks and their authorized users.

After analyzing different types of existing vulnerabilities in ATM and its processing system we have discussed the related security concerns in next chapter. Chapter 4 is designed for analysis of various security issues and their effective security solutions .in this chapter we have described the various securities provided for related vulnerabilities and which type of new securities may be provide by the banks to protect the ATM and its users from unauthorized access of money from the ATM. Again we have categories the overall security types in three categories similar to previous chapter. these security issues are further divided in following categories:

(5)

l Operational /Logical Security l Network/Communicational Security

This chapter contains various security solutions analyzed and explained by us. These security concerns are related to physical security, operational security and network/communicational security. There are some physical security issues analyzed which are related to ATM security. To protect the ATM from physical attacks we can protect the external structure of ATM with more secure metal body. For this some standards have to be follow by the manufacturers to make the external structure of the ATM. In this chapter we have mentioned these standards which are to be follow by the companies. Different physical security issues are also mentioned for different devices which are used in ATM. These are anti skimming devices, CCTV, anti tempering protection, smoke sensors, wall grounding of machine, different anti theft alarm system etc. different types of biometric solutions (DNA, finger, hand recognition, iris recognition, retinal recognition etc.), various types of sensors for different types of actions, combinational locks, various data encryption methods, communicational securities, alarming systems etc.. These types of solutions are described in here and some other cryptographic securities related to secure communication process. In network security issues we have mentioned various network protocols used in secure data communication in banking network, various encryption methods used in banking data communication, data verification and authentication on both the level at bank server and at ATM to ensure the safe transmission of data.

Chapter 5 is related to proposed security model for automated teller machine security. In this chapter we have started with comparative existing securities available in current scenario includes the current security model used in ATM transaction with internal architecture of security provided by ATM. As per our study on vulnerability we analyze that ATMs operational and communicational securities are good enough. There are so many solutions available for operational and communicational security because in these types of vulnerabilities the control is with bank and normal attackers or hackers or robbers cannot break these types of securities, but ATMs are more vulnerable from physical attacks. any normal attacker can gain access of card and Pin .attacker or fraudster can demand the card and PIN from the user on gun point or pressurized the user to make transaction for him and authorized user will make the transaction

(6)

for attackers and in this case ATM security will not be applicable for user as according to bank user is genuine user if he is using correct PIN. To protect this type of physical attack we proposed a new security model in our research. In this model we have tried to implement the new security method which may be apply from the bank in guidance of Reserve Bank of India. In new ATMs model banks are using biometric security to enhance security of ATM and authorized transactions but the problem will remain exist from physical attacks and pressurized login .our security model can be implemented on both type of authorizations single PIN and biometric both. In existing scenario ATM authenticate the user on single PIN ,it verify the PIN with card PIN if matches transactions may process from machine but if some external attacker pressurized to user to make transaction for him than current authentication cannot help to protect the money and user from this type of attack and will make transaction. in our new proposed model we have designed new security steps to protect these type of attacks. In this chapter we mention the process of proposed model with flow chart than algorithm and implementation of new model with a simulator which is designed by us to explain the working of our security model.

In chapter 6 we have conclude the overall analysis and conclusion of thesis and mentioned the future scope and further area of study which we can extends in future and high security methods to enhance the security of ATM with different types of vulnerabilities and protect the ATM and its users from various types of unauthorized access and attacks.

Conclusion :

This thesis is a broad overview about various vulnerabilities and securities over ATM transactions. In this thesis we have tried to conclude various types of vulnerabilities exist in current scenario and which type of security we are providing to overcome the vulnerabilities. Various security aspects conclude in this thesis. Various categories of vulnerabilities like physical, operational , communicational vulnerabilities are studied and Various security issues are also studied and concluded in our findings which may helpful to make the ATM transactions more safe and secure. this thesis covering security and technical issues with ATM transaction. Because of our particular experience in the area, we focused our research activities on ATM cards and encryption, beginning with hardware vulnerability and security issues and then operational and

(7)

communicational vulnerability and security prospective and naturally continuing with software aspects and operational issues of our present work.

Future scope :

The thesis level is preliminary and there is a lot of scope in this area for more research. We can make more secure communication of data in financial operations using more security solutions and it is open area to make more secure operations. Our proposed model is a generalized model which may implemented by bank to enhance the security of ATM and its user. Banks can implement the same model and add more security things in our proposed model for practical implementation in banks.

(8)

Objective of the Research

The ATM (Automated Teller Machine) environment is changing and that change has serious ramifications for the security of ATMs. Vulnerability is applied to a weakness in a system which allows an attacker to violate the truthfulness of that system. Vulnerabilities may result from bugs or design flaws in the system. A consumer becoming more dependent on ATMs and the proliferation of ATM debit cards, computer crime in this area is more likely to increase. This study is on the ATM vulnerability and security issues, which types of security we are providing in present and which type of new efforts we can make. The purpose of this study is to explain how ATM vulnerabilities occurs, causes and possible security solutions and designing a security model to prevent such loss and efforts to overcome them and provide more security over auto teller machine transactions. This study is on the analysis of Auto Teller Machine processing, operations different vulnerabilities and related security issues. In this research I had tried to find various types of vulnerabilities exists in ATM and which types of securities we are providing in modern banking industry. The purpose of this research is to analyze the different type of vulnerabilities are exist in banking transactions specially in terms of Auto Teller machine, and explain how ATM fraud occurs,causes and possible solutions can implement to prevent such loss and efforts to remove them and provide more security to them.

In this research we analyze about the Auto teller machine processing then for different vulnerabilities and an analysis on existing vulnerabilities and attacks is carried out. This study is step by step analysis representation describing the different ways in which ATM transactions can be make vulnerable or attacked. The research discussion then moves on to various types of weaknesses/vulnerabilities/attacks and threats which are discovered by different researchers. After this we analyze different ways of securities and protections which are provided and what is the current status of defenses from these vulnerabilities which have been developed to protect against these attacks categorizing them and analyzing how successful they are at protecting against the attacks. This research covers various types of vulnerabilities which are discovered till now and different security solutions having declared all current schemes for protecting ATM

(9)

transactions lacking in some way, the key aspects of the problem are identified. This is followed by a proposed conceptual security model for a more robust defense system which uses a small security concept to protect cash and consumer both at the time of abnormal situation of cash dispensing.

(10)

NEED OF THE STUDY

The technology is grown up day by day and the processing time for the operations is reducing. New technologies are implementing rapidly as well as replacing old technology with user friendly techniques. Banking sector is a major area where the new technologies are implementing widely in terms of financial transaction. Now every human being is using online banking, electronic fund transfer, interbank or intra bank transactions, net banking and many other operations related to financial transactions. It providing more useful for customers to perform banking operations with the e banking and banking outside the bank location. An Auto teller machine is an example of financial operations outside the bank campus. Now a day human beings are using ATM as Cash dispensing machine by which they can get the money anywhere outside the bank. It is easy way to get the money outside the bank .it is more popular in bank customers to withdraw the money and other banking operation as per their convenience at any time. As there are so many advantages of ATM but there are few disadvantages or drawbacks with this. In present era, Automated teller machine theft and vulnerability is a critical problem. The ATM (Automated Teller Machine) environment is changing and that change has serious issues for the security of ATMs. Consumers becoming more dependent on ATMs and the use of computer crime in this area are more likely to increase. This is the time to find these drawbacks and try to rectify these problems and find better solutions to eliminate unauthorized use through hardware or software solutions. Now the time to make some new security efforts to reduce these drawbacks or vulnerabilities over Auto Teller Machine transactions.

The present study has been made to find valuable issues for the security of the ATM and the path of prevention of it in future so that the customers as well as financial institutions may aware about future frauds made by hackers.

(11)

There are two hypothesis have been selected for the study viz. null hypothesis and alternative hypothesis. The detailed study of these hypotheses is as follows:

H0 = There is no vulnerability in ATM H1 = There is a vulnerability in ATM

H2 = The existing security of Automatic Teller Machines transaction is sufficient and does positively support the attitude towards using the technology.

H3 = The existing security of Automatic Teller Machines transaction is not sufficient and does not positively support the attitude towards using the technology.

Figure

Updating...

References

Updating...

Related subjects :