Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI +91-40-23534981 to 84 October 30, 20121.

Published byArthur Mosley Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI +91-40-23534981 to 84 October 30, 20121."— Presentation transcript:

1 Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI vnsastry@idrbt.ac.in +91-40-23534981 to 84 October 30, 20121

2 MBS Issues Common Specific Developments MPFI TSG on Mobile Banking Security (MBS) IBA-IDRBT WG on MBS IDRBT MBS Lab WPKI October 30, 20122 Main Points

3 MBS Issues Awareness and Education on MBS As per the users background In his/her native language Specific to the Mobile Phone Features Enabling Secure Banking Services Through multiple Mobile Communication Channels ( SMS, USSD, IVRS, GPRS, NFC ) On different Types of Mobile Phones ( Low End, Medium Type and High End ) Using the features supported by the Mobile Phone October 30, 20123

4 MBS Issues Contd.. Developing Customized Mobile Banking Applications as per the OS Testing of each of the Mobile Banking applications Handling of complaints on side channel and malware attacks on Mobile Phones Taking measures for fraud detection and prevention mechanisms Scalability issues to support high volume and real time Transactions of Mobile Payments Verification of MBS models and protocols in a simulated and testing environment. October 30, 20124

5 MBS Lab Experiments October 30, 20125

6 MBS Problems 1. Verification of Security Properties 2. Authentication and Key Agreement Protocols 3. Access Control Models 4. Cryptographic Techniques 5. Secure Mobile Payments : IMPS, AEPS, Mobile Wallet, 6. NFC based Mobile Payments 7. Mobile Banking Services (SaaS) in a Secure Banking Cloud Framework 8. Autonomic Computing (Self Healing and Self Protecting ) in Securing Mobile Operating Systems and Mobile Banking Applications 9. IVRS based Customer Education Service in all Indian Languages 10. MANETS for Financial Inclusion. 11. Formal Methods for Design and Analysis of Secure Mobile Payment Protocols 12. Testing of Mobile Banking Application : Functionality, Security and Compliance October 30, 20126

7 Mobile Banking Security Device Level Security Communication Level Security Application Level Security October 30, 20127

8 Major 3 Sections of a Mobile Phone Power Section Power distribution Charging section Radio Section Band Switching RF Power Amplification Transmitter Receiver Computer Section CPU (central processing unit) Memory (RAM,FLASH,COMBO CHIP: SIM, USIM) Interfaces October 30, 20128

9 Classification of Mobile Attacks Behavior based Environment based Virus Channel based Application Based Worm SMS Trojan NFC System External Wi-Fi (OS) (Mob. Ban. App) Spyware Bluetooth GPRS IVRS USSD 9October 30, 2012

10 Attacks by Type of Malware (Q1 2012) Virus: Malicious code that gets attached to a host file and replicates when the host software runs. Worm: Self-replicating code that automatically spreads across a network Trojan: A program that exhibits to be useful application but actually harbors hidden malicious code Spyware: Software that reveals private information about the user or computer system to eavesdroppers 10October 30, 2012

11 Some reported attacks on Mobile Phones Phishing Botnet Fake Player Trojan horse Bluejacking ( Symbian ) BlueBug BlueSnarfing BluePrinting Cabir (First in 2004 ) Comwar Skulls Windows CE virus October 30, 201211

12 1) Certificate Authority 2) Validation Authority 3) Registration Authority 4) Certificate Repository 5) Digital Certificate 6) Digital Signature WIRELESS PUBLIC KEY INFRASTRUCTURE (WPKI) October 30, 201212

13 WPKI Implementation for MBS Requires ECC (Elliptic Curve cryptography) Crypto SIM enabled Mobile Phone SLC (Short Lived Certificate) OCSP (Online Certificate Status Protocol) for certificate validation October 30, 201213

14 ELLIPTIC CURVE CRYPTOGRAPHY (ECC) ECC is a public key cryptography. One main advantage of ECC is its small key size. A 160-bit key in ECC is considered to be as secured as 1024-bit key in RSA. It uses Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA does Signature Generation and Signature Verification. October 30, 201214

15 October 30, 201215

16 October 30, 201216

17 ECDSA - Elliptic Curve Digital Signature Algorithm: a) Signature Generation For signing a message m by sender A, using A’s private key dA 1. Calculate e = HASH (m), where HASH is a cryptographic hash function, such as SHA-1. 2. Select a random integer k from [1,n − 1] 3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If r = 0, go to step 2 4. Calculate s = k − 1(e + d r)(mod n). If s = 0, go to step 2 5. The signature is the pair (r, s). b) Signature Verification : For B to authenticate A's signature, B must have A’s public key QA 1. Verify that r and s are integers in [1,n − 1]. If not, the signature is invalid 2. Calculate e = HASH (m), where HASH is the same function used in the signature generation 3. Calculate w = s −1 (mod n) 4. Calculate u1 = ew (mod n) and u2 = rw (mod n) 5. Calculate (x1, y1) = u1G + u2QA 6. The signature is valid if x1 = r(mod n), invalid otherwise October 30, 201217

18 October 30, 201218

19 October 30, 201219

20 October 30, 201220

21 IVRS BASED EDUCATION SERVICE ON MOBILE BANKING AND ITS SECURITY BY MBSL,IDRBT-HYDERABAD CALL : 040-30139900 October 30, 201221

22 MBS TESTING Functional TestingSecurity Testing Interface Mapping Secure Storage Test Case Writing & Execution Compliance Testing Verification of Security Properties Secure Communication Levels of Security Transactions, Behaviour & Performance 22October 30, 2012 Compliance Testing

23 Mobile ad-hoc Networks (MANET) for Mobile Banking and Financial Inclusion  It is a Mobile wireless network.  MANET nodes are rapidly deployable, self configuring and capable of doing autonomous operation in the network.  Nodes co-operate to provide Connectivity and Services.  Operates without base station and centralized administration.  Nodes exhibit mobility and the topology is dynamic.  Nodes must be able to relay traffic sense.  A MANET can be a standalone network or it can be connected to external networks(Internet). October 30, 201223

Download ppt "Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI +91-40-23534981 to 84 October 30, 20121."

Similar presentations

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.

Mobile Viruses and Worms (Project Group 6) Amit Kumar Jain Amogh Asgekar Jeevan Chalke Manoj Kumar Ramdas Rao.
Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday,

Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday,
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Mobile Payment Forum of India (MPFI) Dr.V.N.Sastry, Executive Secretary, MPFI Professor, IDRBT May 30, 2014 : 10 th GBM of MPFI,

Mobile Payment Forum of India (MPFI) Dr.V.N.Sastry, Executive Secretary, MPFI Professor, IDRBT May 30, 2014 : 10 th GBM of MPFI,
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google