mobile banking security (mbs) issues & developments
DESCRIPTION
MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS. Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI [email protected] +91-40-23534981 to 84. Main Points. MBS Issues Common Specific Developments MPFI TSG on Mobile Banking Security (MBS) IBA-IDRBT WG on MBS - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/1.jpg)
Dr. V.N.SastryProfessor, IDRBT & Executive Secretary,
+91-40-23534981 to 84October 30, 2012 1
![Page 2: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/2.jpg)
• MBS Issues• Common• Specific
• Developments• MPFI TSG on Mobile Banking
Security (MBS) • IBA-IDRBT WG on MBS• IDRBT MBS Lab
• WPKIOctober 30, 2012 2
Main Points
![Page 3: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/3.jpg)
MBS Issues Awareness and Education on MBS
As per the users backgroundIn his/her native language Specific to the Mobile Phone Features
Enabling Secure Banking Services Through multiple Mobile Communication
Channels ( SMS, USSD, IVRS, GPRS, NFC )
On different Types of Mobile Phones ( Low End, Medium Type and High End )
Using the features supported by the Mobile Phone
October 30, 2012 3
![Page 4: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/4.jpg)
MBS Issues Contd.. Developing Customized Mobile Banking
Applications as per the OS Testing of each of the Mobile Banking
applicationsHandling of complaints on side channel and
malware attacks on Mobile PhonesTaking measures for fraud detection and
prevention mechanismsScalability issues to support high volume and
real time Transactions of Mobile PaymentsVerification of MBS models and protocols
in a simulated and testing environment. October 30, 2012 4
![Page 5: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/5.jpg)
MBS Lab Experiments
October 30, 2012 5
![Page 6: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/6.jpg)
MBS Problems 1. Verification of Security Properties2. Authentication and Key Agreement Protocols3. Access Control Models 4. Cryptographic Techniques5. Secure Mobile Payments : IMPS, AEPS, Mobile Wallet,6. NFC based Mobile Payments7. Mobile Banking Services (SaaS) in a Secure Banking Cloud
Framework8. Autonomic Computing (Self Healing and Self Protecting ) in
Securing Mobile Operating Systems and Mobile Banking Applications
9. IVRS based Customer Education Service in all Indian Languages10. MANETS for Financial Inclusion.11. Formal Methods for Design and Analysis of Secure Mobile
Payment Protocols12. Testing of Mobile Banking Application : Functionality, Security and
ComplianceOctober 30, 2012 6
![Page 7: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/7.jpg)
Mobile Banking Security Device Level Security Communication Level Security
Application Level Security
October 30, 2012 7
![Page 8: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/8.jpg)
Major 3 Sections of a Mobile PhonePower Section
Power distributionCharging section
Radio SectionBand SwitchingRF Power AmplificationTransmitterReceiver
Computer SectionCPU (central processing unit)Memory (RAM,FLASH,COMBO CHIP: SIM,
USIM)Interfaces
October 30, 2012 8
![Page 9: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/9.jpg)
Classification of Mobile Attacks
Behavior based Environment based
Virus
Channel based Application Based
Worm
SMS
Trojan NFC System External
Wi-Fi (OS) (Mob. Ban. App)
Spyware Bluetooth
GPRS
IVRS
USSD
9October 30, 2012
![Page 10: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/10.jpg)
Attacks by Type of Malware (Q1 2012)
Virus: Malicious code that gets attached to a host file and replicates when the host software runs.
Worm: Self-replicating code that automatically spreads across a network
Trojan:A program that exhibits to be useful application but actually harbors hidden malicious code
Spyware:Software that reveals private information about the user or computer system to eavesdroppers
10October 30, 2012
![Page 11: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/11.jpg)
Some reported attacks on Mobile Phones
PhishingBotnetFake PlayerTrojan horseBluejacking ( Symbian )BlueBug BlueSnarfing BluePrinting
•Cabir (First in 2004 )
•Comwar
•Skulls
•Windows CE virus
October 30, 2012 11
![Page 12: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/12.jpg)
1) Certificate Authority
2) Validation Authority
3) Registration Authority
4) Certificate Repository
5) Digital Certificate
6) Digital Signature
WIRELESS PUBLIC KEY INFRASTRUCTURE (WPKI)
October 30, 2012 12
![Page 13: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/13.jpg)
WPKI Implementation for MBS Requires
ECC (Elliptic Curve cryptography)
Crypto SIM enabled Mobile Phone
SLC (Short Lived Certificate) OCSP (Online Certificate Status Protocol) for certificate validation
October 30, 2012 13
![Page 14: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/14.jpg)
ELLIPTIC CURVE CRYPTOGRAPHY (ECC)ECC is a public key cryptography.One main advantage of ECC is its small key size. A 160-bit key in ECC is considered to be as
secured as 1024-bit key in RSA.It uses Elliptic Curve Digital Signature Algorithm
(ECDSA).ECDSA does Signature Generation and
Signature Verification .
October 30, 2012 14
![Page 15: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/15.jpg)
October 30, 2012 15
![Page 16: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/16.jpg)
October 30, 2012 16
![Page 17: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/17.jpg)
October 30, 2012 18
![Page 18: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/18.jpg)
October 30, 2012 20
![Page 19: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/19.jpg)
October 30, 2012 21
![Page 20: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/20.jpg)
MBS TESTING
Functional Testing Security Testing
Interface Mapping
Secure Storage
Test Case Writing & Execution
Compliance Testing
Verification of Security Properties
Secure Communication
Levels of Security
Transactions, Behaviour & Performance
22October 30, 2012
Compliance Testing
![Page 21: MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS](https://reader030.vdocuments.net/reader030/viewer/2022033101/568149ab550346895db6e8c9/html5/thumbnails/21.jpg)
Mobile ad-hoc Networks (MANET) for Mobile Banking and Financial Inclusion It is a Mobile wireless network. MANET nodes are rapidly deployable, self configuring
and capable of doing autonomous operation in the network.
Nodes co-operate to provide Connectivity and Services. Operates without base station and centralized
administration. Nodes exhibit mobility and the topology is dynamic. Nodes must be able to relay traffic sense. A MANET can be a standalone network or it can be
connected to external networks(Internet).
October 30, 2012 23