Скачать презентацию MOBILE BANKING SECURITY MBS ISSUES DEVELOPMENTS Dr Скачать презентацию MOBILE BANKING SECURITY MBS ISSUES DEVELOPMENTS Dr

81cbe514fb0ab8749093cd5f31326ebc.ppt

  • Количество слайдов: 21

MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS Dr. V. N. Sastry Professor, IDRBT & MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS Dr. V. N. Sastry Professor, IDRBT & Executive Secretary, MPFI [email protected] ac. in +91 -40 -23534981 to 84 October 30, 2012 1

Main Points • MBS Issues • • • Developments • • Common Specific MPFI Main Points • MBS Issues • • • Developments • • Common Specific MPFI TSG on Mobile Banking Security (MBS) IBA-IDRBT WG on MBS IDRBT MBS Lab WPKI October 30, 2012 2

MBS Issues Awareness and Education on MBS As per the users background In his/her MBS Issues Awareness and Education on MBS As per the users background In his/her native language Specific to the Mobile Phone Features Enabling Secure Banking Services Through multiple Mobile Communication Channels ( SMS, USSD, IVRS, GPRS, NFC ) On different Types of Mobile Phones ( Low End, Medium Type and High End ) Using the features supported by the Mobile Phone October 30, 2012 3

MBS Issues Contd. . Developing Customized Mobile Banking Applications as per the OS Testing MBS Issues Contd. . Developing Customized Mobile Banking Applications as per the OS Testing of each of the Mobile Banking applications Handling of complaints on side channel and malware attacks on Mobile Phones Taking measures for fraud detection and prevention mechanisms Scalability issues to support high volume and real time Transactions of Mobile Payments Verification of MBS models and protocols in a simulated and testing environment. October 30, 2012 4

MBS Lab Experiments (48) Mobile Communication Banking (MC) (MB) Mobile Security (MS) Basic Level MBS Lab Experiments (48) Mobile Communication Banking (MC) (MB) Mobile Security (MS) Basic Level (BE) MCBE MBBE MSBE Advanced Level (AE) MCAE MBAE MSAE October 30, 2012 5

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. MBS Problems 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. MBS Problems Verification of Security Properties Authentication and Key Agreement Protocols Access Control Models Cryptographic Techniques Secure Mobile Payments : IMPS, AEPS, Mobile Wallet, NFC based Mobile Payments Mobile Banking Services (Saa. S) in a Secure Banking Cloud Framework Autonomic Computing (Self Healing and Self Protecting ) in Securing Mobile Operating Systems and Mobile Banking Applications IVRS based Customer Education Service in all Indian Languages MANETS for Financial Inclusion. Formal Methods for Design and Analysis of Secure Mobile Payment Protocols Testing of Mobile Banking Application : Functionality, Security and Compliance October 30, 2012 6

Mobile Banking Security Device Level Security Communication Level Security Application Level Security October 30, Mobile Banking Security Device Level Security Communication Level Security Application Level Security October 30, 2012 7

Major 3 Sections of a Mobile Phone Power Section Power distribution Charging section Radio Major 3 Sections of a Mobile Phone Power Section Power distribution Charging section Radio Section Band Switching RF Power Amplification Transmitter Receiver Computer Section CPU (central processing unit) Memory (RAM, FLASH, COMBO CHIP: SIM, USIM) Interfaces October 30, 2012 8

Classification of Mobile Attacks Behavior based Environment based Virus Channel based Application Based Worm Classification of Mobile Attacks Behavior based Environment based Virus Channel based Application Based Worm Trojan App) Spyware October 30, 2012 SMS NFC Wi-Fi Bluetooth GPRS IVRS USSD System External (OS) (Mob. Ban. 9

Attacks by Type of Malware (Q 1 2012) Virus: Malicious code that gets attached Attacks by Type of Malware (Q 1 2012) Virus: Malicious code that gets attached to a host file and replicates when the host software runs. Worm: Self-replicating code that automatically spreads across a network Trojan: A program that exhibits to be useful application but actually harbors hidden malicious code October 30, 2012 Spyware: Software that reveals private information about the user or computer system to eavesdroppers 10

Some reported attacks on Mobile Phones Phishing Botnet Fake Player Trojan horse Bluejacking ( Some reported attacks on Mobile Phones Phishing Botnet Fake Player Trojan horse Bluejacking ( Symbian ) Blue. Bug Blue. Snarfing Blue. Printing October 30, 2012 • Cabir (First in 2004 ) • Comwar • Skulls • Windows CE virus 11

WIRELESS PUBLIC KEY INFRASTRUCTURE (WPKI) 1) Certificate Authority 2) Validation Authority 3) Registration Authority WIRELESS PUBLIC KEY INFRASTRUCTURE (WPKI) 1) Certificate Authority 2) Validation Authority 3) Registration Authority 4) Certificate Repository 5) Digital Certificate 6) Digital Signature October 30, 2012 12

WPKI Implementation for MBS Requires ECC (Elliptic Curve cryptography) Crypto SIM enabled Mobile Phone WPKI Implementation for MBS Requires ECC (Elliptic Curve cryptography) Crypto SIM enabled Mobile Phone SLC (Short Lived Certificate) OCSP (Online Certificate Status Protocol) for certificate validation October 30, 2012 13

ELLIPTIC CURVE CRYPTOGRAPHY (ECC) ECC is a public key cryptography. One main advantage of ELLIPTIC CURVE CRYPTOGRAPHY (ECC) ECC is a public key cryptography. One main advantage of ECC is its small key size. A 160 -bit key in ECC is considered to be as secured as 1024 -bit key in RSA. It uses Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA does Signature Generation and Signature Verification. October 30, 2012 14

October 30, 2012 15 October 30, 2012 15

October 30, 2012 16 October 30, 2012 16

October 30, 2012 18 October 30, 2012 18

October 30, 2012 20 October 30, 2012 20

IVRS BASED EDUCATION SERVICE ON MOBILE BANKING AND ITS SECURITY BY MBSL, IDRBT-HYDERABAD CALL IVRS BASED EDUCATION SERVICE ON MOBILE BANKING AND ITS SECURITY BY MBSL, IDRBT-HYDERABAD CALL : 040 -30139900 October 30, 2012 21

MBS TESTING Functional Testing Security Testing Test Case Writing & Execution Interface Mapping Compliance MBS TESTING Functional Testing Security Testing Test Case Writing & Execution Interface Mapping Compliance Testing Secure Storage Transactions, Behaviour & Performance Verification of Security Properties Secure Communication Levels of Security Compliance Testing October 30, 2012 22

Mobile ad-hoc Networks (MANET) for Mobile Banking and Financial Inclusion § It is a Mobile ad-hoc Networks (MANET) for Mobile Banking and Financial Inclusion § It is a Mobile wireless network. § MANET nodes are rapidly deployable, self configuring and capable of doing autonomous operation in the network. § Nodes co-operate to provide Connectivity and Services. § Operates without base station and centralized administration. § Nodes exhibit mobility and the topology is dynamic. § Nodes must be able to relay traffic sense. § A MANET can be a standalone network or it can be connected to external networks(Internet). October 30, 2012 23