1 / 21

MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS

MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS. Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI vnsastry@idrbt.ac.in +91-40-23534981 to 84. Main Points. MBS Issues Common Specific Developments MPFI TSG on Mobile Banking Security (MBS) IBA-IDRBT WG on MBS

quana
Télécharger la présentation

MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI vnsastry@idrbt.ac.in +91-40-23534981 to 84

  2. Main Points • MBS Issues • Common • Specific • Developments • MPFI TSG on Mobile Banking Security (MBS) • IBA-IDRBT WG on MBS • IDRBT MBS Lab • WPKI

  3. MBS Issues • Awareness and Education on MBS • As per the users background • In his/her native language • Specific to the Mobile Phone Features • Enabling Secure Banking Services • Through multiple Mobile Communication Channels ( SMS, USSD, IVRS, GPRS, NFC ) • On different Types of Mobile Phones ( Low End, Medium Type and High End ) • Using the features supported by the Mobile Phone

  4. MBS Issues Contd.. • Developing Customized Mobile Banking Applications as per the OS • Testing of each of the Mobile Banking applications • Handling of complaints on side channel and malware attacks on Mobile Phones • Taking measures for fraud detection and prevention mechanisms • Scalability issues to support high volume and real time Transactions of Mobile Payments • Verification of MBS models and protocols in a simulated and testing environment.

  5. MBS Lab Experiments

  6. MBS Problems • Verification of Security Properties • Authentication and Key Agreement Protocols • Access Control Models • Cryptographic Techniques • Secure Mobile Payments : IMPS, AEPS, Mobile Wallet, • NFC based Mobile Payments • Mobile Banking Services (SaaS) in a Secure Banking Cloud Framework • Autonomic Computing (Self Healing and Self Protecting ) in Securing Mobile Operating Systems and Mobile Banking Applications • IVRS based Customer Education Service in all Indian Languages • MANETS for Financial Inclusion. • Formal Methods for Design and Analysis of Secure Mobile Payment Protocols • Testing of Mobile Banking Application : Functionality, Security and Compliance

  7. Mobile Banking Security • Device Level Security • Communication Level Security • Application Level Security

  8. Major 3 Sections of a Mobile Phone • Power Section • Power distribution • Charging section • Radio Section • Band Switching • RF Power Amplification • Transmitter • Receiver • Computer Section • CPU (central processing unit) • Memory (RAM,FLASH,COMBO CHIP: SIM, USIM) • Interfaces

  9. Classification of Mobile Attacks Behavior based Environment based Virus Channel based Application Based Worm SMS Trojan NFC System External Wi-Fi (OS) (Mob. Ban. App) Spyware Bluetooth GPRS IVRS USSD

  10. Attacks by Type of Malware (Q1 2012) Virus: Malicious code that gets attached to a host file and replicates when the host software runs. Worm: Self-replicating code that automatically spreads across a network Trojan: A program that exhibits to be useful application but actually harbors hidden malicious code Spyware: Software that reveals private information about the user or computer system to eavesdroppers

  11. Some reported attacks on Mobile Phones • Cabir (First in 2004 ) • Comwar • Skulls • Windows CE virus • Phishing • Botnet • Fake Player • Trojan horse • Bluejacking ( Symbian ) • BlueBug • BlueSnarfing • BluePrinting

  12. WIRELESS PUBLIC KEY INFRASTRUCTURE (WPKI) • Certificate Authority • Validation Authority 3) Registration Authority 4) Certificate Repository 5) Digital Certificate 6) Digital Signature

  13. WPKI Implementation for MBS Requires • ECC (Elliptic Curve cryptography) • Crypto SIM enabled Mobile Phone • SLC (Short Lived Certificate) • OCSP (Online Certificate Status Protocol) for certificate validation

  14. ELLIPTIC CURVE CRYPTOGRAPHY (ECC) • ECC is a public key cryptography. • One main advantage of ECC is its small key size. • A 160-bit key in ECC is considered to be as secured as 1024-bit key in RSA. • It uses Elliptic Curve Digital Signature Algorithm (ECDSA). • ECDSA does Signature Generation and Signature Verification .

  15. IVRS BASED EDUCATION SERVICE ON MOBILE BANKING AND ITS SECURITY BY MBSL,IDRBT-HYDERABADCALL : 040-30139900

  16. MBS TESTING Functional Testing Security Testing Test Case Writing & Execution Interface Mapping Secure Storage Compliance Testing Verification of Security Properties Transactions, Behaviour & Performance Secure Communication Levels of Security Compliance Testing

  17. Mobile ad-hoc Networks (MANET) for Mobile Banking and Financial Inclusion • It is a Mobile wireless network. • MANET nodes are rapidly deployable, self configuring and capable of doing autonomous operation in the network. • Nodes co-operate to provide Connectivity and Services. • Operates without base station and centralized administration. • Nodes exhibit mobility and the topology is dynamic. • Nodes must be able to relay traffic sense. • A MANET can be a standalone network or it can be connected to external networks(Internet).

More Related