Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security of Mobile Banking

Published byTiffany Peek Modified over 9 years ago

Similar presentations

Presentation on theme: "Security of Mobile Banking"— Presentation transcript:

1 Security of Mobile Banking
Presented by: Ming Ki Chong Kelvin Chikomo Supervisor: Alapan Arnab, Andrew Hutchison

2 Ming Ki Chong & Kelvin Chikomo
Overview Introduction SMS Banking GPRS Banking Conclusion Ming Ki Chong & Kelvin Chikomo

3 Introduction

4 Ming Ki Chong & Kelvin Chikomo
Hypothesis There are currently many flaws in the present mobile banking implementations. We believe we can build a more secure banking implementation using both SMS and GPRS protocols Ming Ki Chong & Kelvin Chikomo

5 Ming Ki Chong & Kelvin Chikomo
Project Outcomes Developed application should abide to the following security principles: Confidentiality Authenticity Integrity Non-repudiation Availability Comparison of SMS and GPRS implementations Ming Ki Chong & Kelvin Chikomo

6 Ming Ki Chong & Kelvin Chikomo
Timeline Milestone Duration Design 2 Weeks Development 4 Weeks Testing Web Page Development and poster 3 Weeks Final Report and Research paper Throughout the project time Project Demonstration 17 November Ming Ki Chong & Kelvin Chikomo

7 Ming Ki Chong & Kelvin Chikomo
Work Division Ming Ki Chong SMS Banking Kelvin Chikomo GPRS Banking Ming Ki Chong & Kelvin Chikomo

8 Work Division Secure Mobile Banking GSM + SMS Architecture
GSM + GPRS Architecture Secure GPRS Banking Secure SMS Banking Secure SMS Banking Server Secure GPRS Banking Server Secure Mobile Banking Ming Ki Chong & Kelvin Chikomo

9 SMS Banking

10 Ming Ki Chong & Kelvin Chikomo
SMS Banking Overview Back Ground Research GSM Architecture SMS Scenarios Current SMS banking What I Propose to Research What I Propose to Implement Concerns Ming Ki Chong & Kelvin Chikomo

11 Ming Ki Chong & Kelvin Chikomo
MS Mobile Station BTS Base Transceiver Station BSC Base Station Controller MSC Mobile Switching Centre GMSC Gateway MSC SMSC Short Message Service Centre OMC Operation and Maintenance Centre ISC International Switching Centre EIR Equipment Identity Centre AUC Authentication Centre HLR Home Location Register VLR Visitor Location Register GSM Architecture MSC OMC GMSC SMSC HLR VLR EIR AUC BSC BTS MS ISC Ming Ki Chong & Kelvin Chikomo

12 Ming Ki Chong & Kelvin Chikomo
SMS Security Flaws SMS is stored in plain text Short Message Entity SME SMSC HLR MSC VLR MS Access & Authenticate 1. Msg Transfer 2. Verify Restrictions 3. Forward Short Msg 4. Submit 5. Delivery Report 6. Delivery Report Ming Ki Chong & Kelvin Chikomo

13 Current Mobile Banking
WIZZIT MTN Mobile Banking Standard Bank FNB ABSA Use WIG (Wireless Internet Gateway) Ming Ki Chong & Kelvin Chikomo

14 What I Propose to Research
Different Protocols for SMS Banking Security of using SMSes to Perform Transactions SMS Encryption Authentication Possible Attacks Ming Ki Chong & Kelvin Chikomo

15 What I propose to Implement
Mobile Banking Application Using J2ME Secure SMS protocol SMS Banking Server Secure Connection between the Bank Server and the Database Bank Server Mobile Phone Database Ming Ki Chong & Kelvin Chikomo

16 Protocol Layers Banking Application Secure SMS Protocol
Mobile Phone Interface Short Message Transport Protocol GSM Network Banking Application Secure SMS Protocol Bank Server Interface Short Message Transport Protocol GSM Network GSM Architecture Bank Server Mobile Phone Ming Ki Chong & Kelvin Chikomo

17 Ming Ki Chong & Kelvin Chikomo
Concerns Cost J2ME vs. WIG Security vs. Performance Security vs. Functionality Hardware Platform (Compatibility) Usability (User Interface) Ming Ki Chong & Kelvin Chikomo

18 GPRS Banking

19 Ming Ki Chong & Kelvin Chikomo
Overview GPRS architecture Data route Security implementations and shortfalls Bank implementations (WAP) Handshakes Authentication mechanisms (Pins Voice prints) Security shortfalls What I propose to do Ming Ki Chong & Kelvin Chikomo

20 Ming Ki Chong & Kelvin Chikomo
Data route Ming Ki Chong & Kelvin Chikomo

21 GPRS security shortfalls
Authentication Center (RAND, Kc, Ki, SRES) Denial of service attack, using the RAND value. Problems with the A3/A8 authentication algorithm Problems with A5 algorithm Look at note Ming Ki Chong & Kelvin Chikomo

22 Bank implementations (WAP)
Handshakes Authentication mechanisms (Pins Voice prints) Security shortfalls Ming Ki Chong & Kelvin Chikomo

23 Ming Ki Chong & Kelvin Chikomo
Handshakes Ming Ki Chong & Kelvin Chikomo

24 Authentication mechanisms
Secret passwords Voice prints SIM verification codes Ming Ki Chong & Kelvin Chikomo

25 Ming Ki Chong & Kelvin Chikomo
Security Shortfalls There is no end-to-end encryption between client and bank server. Public key cryptosystems key sizes offered by the WTLS standard are not strong enough. Anonymous key exchange suites offered by the WTLS handshake are not considered secure. Ming Ki Chong & Kelvin Chikomo

26 Present implementations
My proposal implementation Ming Ki Chong & Kelvin Chikomo

27 Ming Ki Chong & Kelvin Chikomo
What I propose to do Build a WAP Gateway, that links the mobile station to the bank Server from the GPRS network. Either implement a Wap Browser plugin or J2ME App that will ensure Full Mutual Authentication during handshake protocol The Plugin or J2ME app should also update and maintain network settings Ming Ki Chong & Kelvin Chikomo

28 Ming Ki Chong & Kelvin Chikomo
If time permits Look into using different key sizes, and encryption algorithms like blow fish. Ming Ki Chong & Kelvin Chikomo

29 Ming Ki Chong & Kelvin Chikomo
Possible hindrances Time could be limited GPRS Access Point Ming Ki Chong & Kelvin Chikomo

30 Ming Ki Chong & Kelvin Chikomo
Future research Lawful tapping Session ID management on Bank Server side. (In case of abbreviated handshake) Ming Ki Chong & Kelvin Chikomo

31 Conclusion

32 Ming Ki Chong & Kelvin Chikomo
Outcome Two secure mobile banking solutions. SMS solution GPRS solution Secure banking server Research Paper citing shortfalls in current systems and our new implementation. Ming Ki Chong & Kelvin Chikomo

Download ppt "Security of Mobile Banking"

Similar presentations

Introduction to Public Land Mobile Network (PLMN)

Introduction to Public Land Mobile Network (PLMN)
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Mobile Communication MMS.

Mobile Communication MMS.
GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC

GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
GSM Security and Encryption

GSM Security and Encryption
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit

Topics In Information Security Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Presented by Idan Sheetrit
Cryptography and Network Security

Cryptography and Network Security
Telefónica Móviles España GPRS (General Packet Radio Service)

Telefónica Móviles España GPRS (General Packet Radio Service)
GSM standard (continued)

GSM standard (continued)
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
A Survey of WAP Security Architecture Neil Daswani

A Survey of WAP Security Architecture Neil Daswani
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
Chapter 8 Web Security.

Chapter 8 Web Security.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.

 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.
FTP. SMS based FTP Introduction Existing System Proposed Solution Block Diagram Hardware and Software Features Benefits Future Scope Conclusion.

FTP. SMS based FTP Introduction Existing System Proposed Solution Block Diagram Hardware and Software Features Benefits Future Scope Conclusion.
Mobile Computing Lecture: 4.

Mobile Computing Lecture: 4.

Similar presentations

Ads by Google