Presentation is loading. Please wait.

Presentation is loading. Please wait.

CISC 849 : Applications in Fintech Cybersecurity in Banking.

Published byShona Townsend Modified over 8 years ago

Similar presentations

Presentation on theme: "CISC 849 : Applications in Fintech Cybersecurity in Banking."— Presentation transcript:

1 CISC 849 : Applications in Fintech Cybersecurity in Banking

2 CISC 849 : Applications in Fintech Ashraf Bah Computer & Information Sciences University of Delaware Performance Evaluation on End-to- End Security Architecture for Mobile Banking System Cybersecurity in Banking

3 CISC 849 : Applications in Fintech Factors driving cyber attacks  Unfriendly nations seeking intelligence or intellectual property  Hacktivists making political statements  Organized crime groups seeking money  It is easier and cheaper for criminals of all types to seek out new ways to perpetrate cyber fraud

4 CISC 849 : Applications in Fintech Where are IT Systems managed

5 CISC 849 : Applications in Fintech Frequency at which managers are updated

6 CISC 849 : Applications in Fintech Mobile Banking Operations  Balance Inquiries  Payments  Transfers  Notifications  overdraft alerts  low balance warnings  large transactions alerts

7 CISC 849 : Applications in Fintech SMS Banking  The bank and the client communicate through SMS(Short Message Service) msg.  Problem: The default data format for SMS messages is in plaintext  Mutual authentication, text encryption, end-to-end security, non-repudiation were omitted during the design of GSM architecture  End-to-end encryption is not available. Only encryption is between transceiver base and bank. The encryption used is A5 which is vulnerable

8 CISC 849 : Applications in Fintech Using GPRS: WAP Sites Banking  WAP: Wireless Application Protocol (WAP)  “[It] is a technical standard for accessing information over a mobile wireless network.” -Wiki  Consumers with access to WAP can perform banking the same way it is done over internet.  Mobile banking using WAP is secure, but there are loopholes that can lead to insecure communication  There is no end-to-end encryption between the client and the Gateway and between the Gateway and the Bank  To resolve this, the bank server could have its own Access Point Name (APN) to serve as Gateway for the bank: No third parties in the middle.

9 CISC 849 : Applications in Fintech Public Key Infrastructure for Mobile Banking  In PKI, there is one public key for encryption and one private key for decryption  It works as follows:  User obtains bank’s public key from the directory uses it to encrypt the message  The encrypted message is sent to bank server  Only bank server is able to decrypt the message  Although everybody can read public-key directories, they must be protected from falsification. Hence, good PKI is needed.

10 CISC 849 : Applications in Fintech Proposed Framework  Framework Goal: Secure sensitive data over GPRS network, regardless of the Transport Protocol

11 CISC 849 : Applications in Fintech Proposed Framework  Device Authentication

12 CISC 849 : Applications in Fintech Proposed Framework  Client Functionality

13 CISC 849 : Applications in Fintech Proposed Framework  Server Functionality  Receives the client’s public key + concatenated msg and it splits the msg into the encrypted msg digest and encrypted option-id & secret-key  Decrypts the option-id and secret-key, using server’s private key  If secret key is not in database, send error msg  Else, decrypt the message digest using pin number and digital signature  Using client’s public key, digested digital signature is decrypted and split into option-id and secret-key  Verifies the original msg in the digital signature is same as the original message in the decrypted msg

14 CISC 849 : Applications in Fintech Experimental Setup  Basic client-server model  Heavy operations such as object creation are kept to the minimum  Expensive computations are performed on the server side  Intense throwing of the input/output and data exchange exceptions techniques to catch wireless network connection failures  J2ME on the client side  J2EE on the server side

15 CISC 849 : Applications in Fintech Technologies Used  Message Digest Algorithm: NIST's SHA-1  Encryption Algorithms:  RSA algorithm with variable key sizes of 1024 bits  3DES w/ variable key length 1024  AES algorithm with variable key length 256.  J2ME Wireless Toolkit (WTK) v2.5  WTK is used to compile, build, package, execute, and as debugger for developing MIDP apps  Wireless Client: Nokia N72  Server: Apache Tomcat server

16 CISC 849 : Applications in Fintech Results: Time Measurements

17 CISC 849 : Applications in Fintech Results: Memory Measurements

18 CISC 849 : Applications in Fintech Merits of the paper  Encrypting messages that constitute mobile banking transactions provides confidentiality and message integrity  The system utilizes a public-key infrastructure which is independent of financial institutions, network operators and mobile banking intermediaries but can be used by all of them.  No need for a browser  In terms of time and memory consumption, it is clear which encryption works best

19 CISC 849 : Applications in Fintech Shortcomings of the paper  The authors did not mention anything about the pros and cons of each of the three encryptions, or which one is best for encryption ( not time and memory usage).  The paper was published in 2008. IOS was unveiled in 2007, and Android was introduced in 2003 (though commercialized in 2008); yet the paper does not mention any of them.  No comparisons to other Nokia and Samsung  Many typos

20 CISC 849 : Applications in Fintech ECC-Based Biometric Signature: A New Approach in Electronic Banking Security Cybersecurity in Banking

21 CISC 849 : Applications in Fintech Emerging Security Trends  Integrating biometrics into mobile banking apps (fingerprint, voice recog)  Combining biometrics and PKI

22 CISC 849 : Applications in Fintech Approach  Resolves PKI’s key management problem  Private keys can be generated directly from the biometric scan  Use ECC-based biometric signature that uses the ECC algorithm to generate and verify signatures online  ECC (Elliptic Curve Cryptography)-based biometric has some advantages over RSA-based biometrics

23 CISC 849 : Applications in Fintech Advantages of the Approach  In this mechanism, there is no need to store or transmit any private value:  by simply sharing a few public values and using a live biometric scan, the two parties can share a secret key

24 CISC 849 : Applications in Fintech Startups  Lookout: https://www.youtube.com/watch?v=vdB_QVJNegs https://www.youtube.com/watch?v=vdB_QVJNegs  Trineba: focuses on the prevention side of the cybersecurity

Download ppt "CISC 849 : Applications in Fintech Cybersecurity in Banking."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Security of Mobile Banking

Security of Mobile Banking
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies

Similar presentations

Ads by Google