Saxena - ACSAC WiP.pptx

Loading...
An Integrated Approach for SMS-Based Secure Mobile Banking in India *Neetesh Saxena, Narendra S. Chaudhari IIT Indore, India

Introduction — 

Various M-banking channels SMS, USSD, GPRS, WAP and phone based applications

— 

Nowadays, SMS is very popular and frequently used worldwide

— 

Traditional SMS service does not provide any security to transmitted message

— 

SMS-based m-banking can be extended as a secure channel

12/12/13

Neetesh Saxena

2

Problem Statement — 

The objective à secure mobile banking using SMS ◦  for the people who are living in the rural part of India ◦ 

don’t have java support cellular phones and Internet facility (limited)

— 

Presently, SMS is in clear text without any ciphering mode while transmitting

— 

SMS and its banking environment must be secure from various attacks

— 

Some banks provide change password option through SMS which is a threat

— 

Secure m-banking à authentication, confidentiality, integrity, non-repudiation.

— 

In India ◦  Only banks can provide the facility of m-banking while ◦  Other countries like Kenya and Philippines non-bank organizations can also do 12/12/13

Neetesh Saxena

3

Solving Approach — 

The SIM à issued by à Govt. authorized body of Telecomm. Department of India

— 

Store a secret key for each bank onto the SIM at the time of manufacturing and in the database of respective banking server

— 

To manage SIM storage, limit a user à 3 to 5 m-banking services of different banks

— 

As per Reserve Bank of India (RBI) guidelines only banks can provide such facility ◦ 

The current guidelines must be reviewed.

— 

An integration of service providers and different banks must be encouraged

— 

Proposed a separate SIM for the secure channel of communication

12/12/13

Neetesh Saxena

4

Continued… Session Keys à by key stored onto SIM + Bank Database

Strong Authentication Protocol

Mutual Authentication

Prevents Redirection, Impersonation Attack

Confidentiality

Prevents MITM and Replay Attack

SMS Content +User Identity + Timestamp

Encryption DES, Triple DES, AES, Twofish, RC6, Blowfish, CAST6, RC2, MAES

Authentication functions MD5, SHA1

Integrity

Digital Signature RSA, DSA, ECDSA

NonRepudiation

12/12/13

SIM + handset à Registered à Bank Database

Prevents SMS tampering & message disclosure

Prevents Repudiation Attack DoS, SMS Spoof Attack

Neetesh Saxena

5

Results — 

The platform used is J2ME Wireless Toolkit for user interface, MySQL database and Tomcat as server. The results have been generated with JDK1.7 and J2ME wireless messaging API.

12/12/13

Neetesh Saxena

6

Results

— Future Work — 

(1) Confidence interval for the MAES algorithm for ciphering;

— 

(2) Storage space for each key and algorithm: used physical, virtual and swap memory size;

— 

(3) Energy & Time Efficiency: CPU time, Encryption/Decryption time, Key generation time;

— 

(4) Implement a variant of ECDSA algorithm which is more secure than ECDSA (previous published work in ICMSAO-2013). 12/12/13

Neetesh Saxena

7

12/12/13

Neetesh Saxena

8

Loading...

Saxena - ACSAC WiP.pptx

An Integrated Approach for SMS-Based Secure Mobile Banking in India *Neetesh Saxena, Narendra S. Chaudhari IIT Indore, India Introduction —  Vario...

1MB Sizes 0 Downloads 0 Views

Recommend Documents

Cryptography - acsac
Cryptography. Marshall D. Abrams and Harold J. Podell. This essay discusses cryptographic protection of information conf

Program - ACSAC
Dec 11, 2006 - Meeting Locations All meeting locations are indicated in parentheses throughout the program. ... focused

Reflections on UNIX Vulnerabilities - acsac
Matt Bishop. Department of Computer Science. University of California at Davis. Davis, CA 95616-8562 [email protected]

SimSpace Cyber Range - acsac
cyberduck.install intellijidea-community bginfo filezilla.server bleachbit xbmc nscp vmwarevsphereclient hxd sharex btsy

SHREE RAVI S. SAXENA - Scribd
1,8th Floor, Sachivalaya, Gandhinagar – 382 010. Dear Sir Ref.:- “Gmbell Healthcare (India) Pvt. Ltd.” 345/346, Mahaguja

CURRICULUM VITAE Amol Saxena - PAMF
procedures), classifications and instruments (including a bone grafting retractor ..... “The Valenti Procedure for Hal

Pulkit Saxena | Samsung R&D Institiute -DelhiTechGig.com
Pulkit Saxena working at Samsung R&D Institiute -Delhi. View the profile of Pulkit Saxena and know more about his work e

Haal e dil harshit saxena free download
3 days ago - Kerajaan Islam Di Indonesia Ppt Pdf - Ebooks -. A Global Religion in a Modern Nation-State - PowerPoint PPT

The Protection of Information in Computer Systems - acsac
information in computers. Access. The ability to make use of information stored in a computer system. Used frequently as

Saxena Lab - Faculty Profile | Brooklyn College - The City University of
Anjana Saxena studies nucleolar stress factors (NSFs) and their role/s in regulating cell cycle under normal conditions