Download presentation
Presentation is loading. Please wait.
Published byArthur Mosley Modified over 9 years ago
1
Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI vnsastry@idrbt.ac.in +91-40-23534981 to 84 October 30, 20121
2
MBS Issues Common Specific Developments MPFI TSG on Mobile Banking Security (MBS) IBA-IDRBT WG on MBS IDRBT MBS Lab WPKI October 30, 20122 Main Points
3
MBS Issues Awareness and Education on MBS As per the users background In his/her native language Specific to the Mobile Phone Features Enabling Secure Banking Services Through multiple Mobile Communication Channels ( SMS, USSD, IVRS, GPRS, NFC ) On different Types of Mobile Phones ( Low End, Medium Type and High End ) Using the features supported by the Mobile Phone October 30, 20123
4
MBS Issues Contd.. Developing Customized Mobile Banking Applications as per the OS Testing of each of the Mobile Banking applications Handling of complaints on side channel and malware attacks on Mobile Phones Taking measures for fraud detection and prevention mechanisms Scalability issues to support high volume and real time Transactions of Mobile Payments Verification of MBS models and protocols in a simulated and testing environment. October 30, 20124
5
MBS Lab Experiments October 30, 20125
6
MBS Problems 1. Verification of Security Properties 2. Authentication and Key Agreement Protocols 3. Access Control Models 4. Cryptographic Techniques 5. Secure Mobile Payments : IMPS, AEPS, Mobile Wallet, 6. NFC based Mobile Payments 7. Mobile Banking Services (SaaS) in a Secure Banking Cloud Framework 8. Autonomic Computing (Self Healing and Self Protecting ) in Securing Mobile Operating Systems and Mobile Banking Applications 9. IVRS based Customer Education Service in all Indian Languages 10. MANETS for Financial Inclusion. 11. Formal Methods for Design and Analysis of Secure Mobile Payment Protocols 12. Testing of Mobile Banking Application : Functionality, Security and Compliance October 30, 20126
7
Mobile Banking Security Device Level Security Communication Level Security Application Level Security October 30, 20127
8
Major 3 Sections of a Mobile Phone Power Section Power distribution Charging section Radio Section Band Switching RF Power Amplification Transmitter Receiver Computer Section CPU (central processing unit) Memory (RAM,FLASH,COMBO CHIP: SIM, USIM) Interfaces October 30, 20128
9
Classification of Mobile Attacks Behavior based Environment based Virus Channel based Application Based Worm SMS Trojan NFC System External Wi-Fi (OS) (Mob. Ban. App) Spyware Bluetooth GPRS IVRS USSD 9October 30, 2012
10
Attacks by Type of Malware (Q1 2012) Virus: Malicious code that gets attached to a host file and replicates when the host software runs. Worm: Self-replicating code that automatically spreads across a network Trojan: A program that exhibits to be useful application but actually harbors hidden malicious code Spyware: Software that reveals private information about the user or computer system to eavesdroppers 10October 30, 2012
11
Some reported attacks on Mobile Phones Phishing Botnet Fake Player Trojan horse Bluejacking ( Symbian ) BlueBug BlueSnarfing BluePrinting Cabir (First in 2004 ) Comwar Skulls Windows CE virus October 30, 201211
12
1) Certificate Authority 2) Validation Authority 3) Registration Authority 4) Certificate Repository 5) Digital Certificate 6) Digital Signature WIRELESS PUBLIC KEY INFRASTRUCTURE (WPKI) October 30, 201212
13
WPKI Implementation for MBS Requires ECC (Elliptic Curve cryptography) Crypto SIM enabled Mobile Phone SLC (Short Lived Certificate) OCSP (Online Certificate Status Protocol) for certificate validation October 30, 201213
14
ELLIPTIC CURVE CRYPTOGRAPHY (ECC) ECC is a public key cryptography. One main advantage of ECC is its small key size. A 160-bit key in ECC is considered to be as secured as 1024-bit key in RSA. It uses Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA does Signature Generation and Signature Verification. October 30, 201214
15
October 30, 201215
16
October 30, 201216
17
ECDSA - Elliptic Curve Digital Signature Algorithm: a) Signature Generation For signing a message m by sender A, using A’s private key dA 1. Calculate e = HASH (m), where HASH is a cryptographic hash function, such as SHA-1. 2. Select a random integer k from [1,n − 1] 3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If r = 0, go to step 2 4. Calculate s = k − 1(e + d r)(mod n). If s = 0, go to step 2 5. The signature is the pair (r, s). b) Signature Verification : For B to authenticate A's signature, B must have A’s public key QA 1. Verify that r and s are integers in [1,n − 1]. If not, the signature is invalid 2. Calculate e = HASH (m), where HASH is the same function used in the signature generation 3. Calculate w = s −1 (mod n) 4. Calculate u1 = ew (mod n) and u2 = rw (mod n) 5. Calculate (x1, y1) = u1G + u2QA 6. The signature is valid if x1 = r(mod n), invalid otherwise October 30, 201217
18
October 30, 201218
19
October 30, 201219
20
October 30, 201220
21
IVRS BASED EDUCATION SERVICE ON MOBILE BANKING AND ITS SECURITY BY MBSL,IDRBT-HYDERABAD CALL : 040-30139900 October 30, 201221
22
MBS TESTING Functional TestingSecurity Testing Interface Mapping Secure Storage Test Case Writing & Execution Compliance Testing Verification of Security Properties Secure Communication Levels of Security Transactions, Behaviour & Performance 22October 30, 2012 Compliance Testing
23
Mobile ad-hoc Networks (MANET) for Mobile Banking and Financial Inclusion It is a Mobile wireless network. MANET nodes are rapidly deployable, self configuring and capable of doing autonomous operation in the network. Nodes co-operate to provide Connectivity and Services. Operates without base station and centralized administration. Nodes exhibit mobility and the topology is dynamic. Nodes must be able to relay traffic sense. A MANET can be a standalone network or it can be connected to external networks(Internet). October 30, 201223
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.