multi level robust data security systemnearly 3.2 million debit cards in 2016, was caused by a...

Multi Level Robust Data SecuritySystem

R.Anirudh Reddy1, T.Vasudeva Reddy1,G.Akhil2, S.ManinderReddy2,

P.S.S.Pavan Kumar2,N.Siva Dinesh2

Faculty1, Student2,Electronics and Communication Engineering1,2,

B.V.Raju Institute of Technology1,2,Narsapur, Hyderabad, Telangana, India

April 28, 2018

Abstract

Nowadays security aspect is one of the prime concerns.In the rapid changing environment its not easy to main-tain integrity and authenticity of persons. There is a lotof risk to losing money and identity if we lose our ATMPIN.At present, In Automatic Teller Machines (ATMs), theauthentication of users bank card is based on pin number.So it is a risky factor to solely depend upon single phaseof authentication, so there is need of multilevel data secu-rity system which leads to the addition of Biometric ver-ification.Biometric authentication of any kind is the pro-cess by which a person can be distinguished from one an-other by assessing one or more physical attributes. Addingtogether fingerprint recognition and iris recognition alongwith pin number would definitely make the authenticationof users bank card safer..In the process of accessing the bankcard, the pin number, fingerprint recognition, iris recogni-tion make the first, second and third level of security. Theuser can either opt for fingerprint recognition or iris recog-nition or both i.e. based on his required level of security but

1

International Journal of Pure and Applied MathematicsVolume 118 No. 24 2018ISSN: 1314-3395 (on-line version)url: http://www.acadpubl.eu/hub/Special Issue http://www.acadpubl.eu/hub/

entering pin number is mandatory as a first level of security.Global System for Mobile (GSM) helps the user in knowinghis transactions occurring with or without his knowledge.A Globally Positioned System (GPS) finds the position ofthat place i.e. in terms of latitude and longitude, where thebank card is authenticated.

Key Words:Fingerprint Recognition, IRIS Recognition,GSM, GPS,Raspberry-Pi,Security

1 Introduction

In the current framework the way banking andtransaction system isreforming with time in global scope, the validation, authenticationand endorsement of a person is very predominant and should be ofmore concern. Due to the rapid digitalization of the world the tallyof individuals using ATM is in great number when compared to thatof people not utilizing them. Nowadays the prompt and immediaterequirement of any individual is money and its security. Peoplethese days are laboriously concerned about earning the money, sothey implicitlyhave the right to secure their money. Due to thetechnical advancements in ATMs individuals are able to transactmoney, check the account balance and in recent times payment ofbills and transfer of money is also possible through point of saleterminals(POS). From ATMs the transactions are done with thehelp of either debit card or credit card which are provided by therespective banks of the personnels.The card that is given to the in-dividuals subsists of a magnetic strip and a memory chip embeddedin it which has the coded information along with unique identity ofthe corresponding individual.

The ATM machine takes the card as an input and reads thedata of the card through the magnetic strip. But as we all knowthat there are two sides of a coin, the technological advances alsoassisted the fraudsters in recreating the actual cards of users i.e..,cloned cards and they are using them without the cognizance of theauthorized user.

To impede these fraudulent activities biometric verification sub-stitutes as the solution for foolproof security.

2

International Journal of Pure and Applied Mathematics Special Issue

2 MOTIVATION

The motivation behind this concept of putting couple ofauthenti-cation steps after entering pin number for accessing the bank cardis described in the following paragraphs.

The largest data breach in Indias banking system, which affectednearly 3.2 million debit cards in 2016, was caused by a malwareinjection. While the debit card data was compromised between 21May and 11 July of 2016, it was not until September 2016 that thebanking system became aware of this large-scale data breach [5].

The breach is said to have originated in malware introduced insystems of Hitachi Payment Services, enabling fraudsters to stealinformation allowing them to steal funds. Hitachi, which providesATM, point of sale (POS) and other services. The malware, beingsophisticated in its design, had been able to work undetected andhad concealed its tracks.

Banks received multiple complaints from customers about cardsbeing used in China at various ATMs and point of sale terminals.A forensic audit has been ordered by Payments Council of India onIndian bank servers and systems to detect the origin of frauds thatmight have hit customer accounts.

The reason why such cyber attacks are happening today is be-cause of the ineffective implementation of the payment securitystandards. Organizations need to pay a lot more emphasis to thisthan they currently do. With demonetization, and with an increasein the number of digital payments, such attacks are going to getworse.

3 EXISTING SYSTEM

ATM is Automated Teller Machine. Its been a boon to the peo-ple as it is modeling the livesof theindividualseffortless. All thatis obligatory to have access to the ATM is, the card given to theaccountholder by the respective bank and the pin number .By hav-ing those, one can withdraw money from any ATM machine of thatcorresponding bank. All that we have nowadays at the ATMs istwo factor authentications. That is a card and the pin. The firstphase of authentication being the card and it is followed by thevalid pin number. In the current scenario, with the aid of technical

3


furtherances, the fraudsters are able to make a guile copy of thoseactual cards and reuse them without the perception of the actualauthorized user.

Figure 1: Internal Structure of ATM

This is an example of UML internal structure diagram whichshows composite structure of a bank Automated TellerMachine(ATM). The motive of this diagram is to display the internal ar-chitecture of a bank ATM and correlation between different blockof the ATM. Bank ATM is typically made up of several devicessuch as central processor unit (CPU), crypto processor, memory,customer display, function key buttons (usually located near thedisplay), magnetic and/or smart chip card reader, encrypting PINPad, customer receipt printer, vault, modem.

Card Reader: functionality is to accept the valid card insertedby the user.Keypad: Use for PIN code input, choices, amount of money etcas the input to the ATM machine.Display Screen: It is a small screen used for displaying the activ-ities of the process for users convenience.Screen Buttons: When options are given on the screen one usercan choose any of the options accordingly +by the use of buttonon left or right side of the screen. These buttons select the option

4


from the screen.Cash Dispenser: Withdrawal money is given by this slot. De-posit Slot: To deposit money this slot is use.Speaker: Speaker facilities to the customer by giving auricularfeedback.

Figure 2: Interactive Components of ATM

In the consideration of ATM, the concern of security is of primeimportance because all over the world, there is an increasing use ofATMs and so the risks of hacking them to be a reality more thanever before. The purpose of ATMs is to supply cash in the formbank notes and to charge a respective bank account. In the case ofwithdrawal of money, different routines were used. For illustration,punched cards were used. By the manoeuvre of such cards, onlysingle payment was authorized. Thereby, an individual had to geta bunch of cards from the respective bank because the punchedcards were not returned to the user. Another exemplar was theuse of a magnetic card which had a finite life. The use of magneticcards enabled for specimen, twenty withdrawals of money. Personalidentification number (PIN) has been of very supreme importancein the operation of ATM.

The There are possibilities of hacking keys or duplicated; Signa-tures could be forged, passwords could be easily 65Stolen or hackedby a specialist people. To avoid all these accidental loses, we should

5


enter biometric security and all our fears could be laid to rest. Bio-metric security system simply allows indentifying yourselves by yourinherent biological feature like eye, fingerprint, voice; facial charac-teristics etc. By verifying your biological or physical characteristicsyou can authenticate yourself very easily just like your signature ona check

4 PROPOSED SYSTEM

Passwords and PIN numbers are the uncomplicated and key tar-gets to be purloined or discovered by any means and after that theycan beexploited by people with criminal mindset over the internetand also at other business places for their use. Moving towardsbiometric security from the conventional PIN code access control-ling, may mitigate the chances offrauds and it may also expels theneed of multi password authenticity system. So our proposal isto make use of biometrics as the multiple phases of authenticationthat would assuredly result in resolute level of security. Biometricsecurity solution is the way of validating the physical characteristicsof a person such as fingerprints, iris, retina, voice, facial featuresand few other physical characteristics to discern and authenticatea person.

The most cardinal point that has to be taken into scrutiny whileselecting biometrics as the authentication phases is the reliabilityof biometrics with respect to time [1]. That is, there is a stipulatingrequirement that the physical features of those selected biometricsmust be stable throughout the life of the individual. We can differ-entiate biometric technology into two broad Categories accordingto what they measure: devices based on the physiological charac-teristics of any person (e.g. the hand geometry or fingerprint) andSystems based on Behavioral characteristics of any person (e.g. sig-nature dynamics). Few biometrics that can be competing with eachother in this scenario are,• Fingerprint Verification: The fingerprints of any individual re-mains the same throughout the life and no two fingerprints are everalike [1]. But for this to work accurately and precisely it requiresclean and dry hands without having any injuries or irregularities totheir prints otherwise itll prevent proper identification.

6


• Face recognition: This is one of the most flexible methods asthis can be done without the person being cognizant that they arescanned.• Retina scanning:This is the pattern of blood vessel located atthe back of eye and is unique for each and every individual and itis almost never changing throughout the life of an individual. Butthe most supreme disadvantage is that it takes almost 15 seconds ofcareful attention of individual towards the scanner and the retinawill change its pattern for diabetes affected people.• Vein geometry recognition: Here the geometrical alignmentof vein pattern is scrutinized and scanned so that the validation iscarried out based on the outcome.• Iris scanning: This is the most secure biometrics that is trust-worthy to be used as a secure option. It will be a very arduous taskto forge iris [4]. It is a colored pattern present in individuals eyeand it is also the one of the most reliable biometrics. That is, it isstable and ever constant throughout the life of the mortal soul.• Voice recognition: It is the use of unique voice of an individualas a distinguishing factor. But it is not reliable as it can be easilymodulated and the echo can be reproduced by the professionals.So by taking all the factors into consideration it is advised to use thefingerprint and iris as the biometrics authentication phases, sincethey are more reliable compared to other biometrics.

Biometrics techniques can be easily espoused along with theconventionally used techniques in financial organizations such asbanks, at retail locations to be used with smart cards, AT machines,credit cards and debit cards, and anywhere you are able to performa financial transaction. It may work as standalone or in concoctionwith the PIN to securely identify user as the genuine owner of thecard and the person who has permission to exchange the money.

Here the alternate biometric security to be selected is left tothe choice of the respective authorized user. That is, the user mayopt for pin associated with fingerprint, or, pin combined with irisverification, or, pin combined with both fingerprint as well as irisverification. The individual may opt for any of above mentionedpossibilities depending upon the level of security he/she needed. Itis completely user prerequisite.

In the light of the numerous security provocations encounteredby Automated Teller Machines (ATM) and users and given that the

7


existing security in the ATM system has not been able to addressthese challenges, there is the need to enhance the existing ATMsecurity system to overcome these challenges. This project pivotson how to enhance security of transactions in ATM system usingfingerprint and IRIS. The aim of this project therefore is to developATM prototype based fingerprint and IRIS verification operationsin order to reduce frauds associated with the use of ATM.

In supplementing to fingerprint and iris verifications, the pro-posed project is customized to send SMS alerts to registered mo-bile number of the authorized user using GSM module. So, whenan unauthorized person attempts to access the account a signalthrough microcontroller is instantiated and the GSM will send in-formation regarding the transaction. There is also the provisionof a speaker installed in theATM centre. When the fraudster inhis attempts, if tries to authenticate and successively fails for morethan three times, a siren starts ringing in the ATM centre whichalerts the security guard or the people nearby the ATM. A GPSmodule is also embedded in the proposed system, whose function-ality is to send the location of transaction to the authorized userwith the help of GSM module. This would be helpful for the lawenforcement agencies to find the fraudsters easily.

Figure 3: Block Diagram.

The above block diagram explains about the communicationbetween several blocks of the proposed system. The reason behind

8


choosing two different microcontrollers is, promptly to avoid thecomplexity and arduino doesnt support image processing and thathas to be done by raspberry pi.

The new alternative system proposed only intends to interfaceATM with a fingerprint scanner and IRIS scanners which wouldcost up to RS 10,000 and would also does not requires any majorhardware changes to the existing system. But the major changehas to come from the mindset of the individual to recognize theneed of extended security only at the cost of their small amount oftime adapting to the changed system.

5 COMPONENTS USED

1. Raspberry pi: A Raspberry Pi is a credit card-sized com-puter originally designed for education, inspired by the 1981BBCMicro. Used for image processing techniques. It has About 1GBSDRAM and operates at 450 MHz. It has 40 pin GPIO configura-tions. To this GPS and GSM modules are connected. Raspberry piis programmed with the help of ubuntu operating system. It has anavailable CSI camera port for connecting the Raspberry Pi cameraand also DSI display port for connecting the Raspberry Pi touchscreen display

2. Arduino Uno: The Arduino microcontroller is an easy touse yet powerful single board computer that has gained consider-able traction in the hobby and professional market. The Arduinois open-source, which means hardware is reasonably priced and de-velopment software is free.It is basic board used in the proposedsystem.

To this fingerprint scanner and Rfid tag reader are connected.The board is powered with the help of 9v battery or external powersupply.

3. RFID Card Reader: Reads the frequency of the rfid tagcard, and enables the gpio pin high and operates at the frequencyrange of 850 MHz- 950 MHz. It uses the principle of near fieldinclusion.

9


4. Finger Print Scanner: Scans the user finger print usinglight rays hence the name optical finger print scanner. It is avail-able in integrated image collecting and algorithm chip together,ALL-in- One package. Fingerprint reader can conduct secondarydevelopment; can be embedded into a variety of end products. Ithas the following characteristics; they are, Low power consump-tion, low cost, small size, excellent performance. It can used ourprofessional optical technology and has precise module manufac-turing techniques. It has Good image processing capabilities, cansuccessfully capture image up to resolution 500 dpi.

5. GSM SIM 900A: This is used to send /receive the dataabout users transactions to registered mobile number. It is of dualband GSM/GPRS900/ 1800 MH. It supports RS232 interface fordirect communication with computer or MCU kit.

Its baud rate is configurable and Power controlled using 29302WUIC. It is modeled with slid in SIM card tray and also provided withStub antenna and SMA connector. It requires input voltage of 12VDC.6. GPS: Abbreviated as Global positioning system, will locate thecoordinates of ATM which are used for banker references about thetransactions. It has Positional accuracy (CEP50) autonomous posi-tional error less than 2.5meters. It has SiRF Star IV GPS chip. Fewof Satellite-based augmentation systems: WAAS, EGNOS, MSAS,GAGAN. It has High sensitivity navigation engine (PVT) tracks aslow as 163 dBm. It is a Modbus slave device and supports RS-485half-duplex serial communications.

6 HOW DOES IT WORK

A Flow chart is made relating to the working process of the pro-posed system. It is presented below with a neat data flow

10


Figure 4: Flow chart.

Initially the process begins with the tagging of rfid card overthe rfid card reader, then later after its successful verification en-ters into the first phase of authentication, that is.., the system asksthe user to enter the pin and if the pin given to the system for thatrespective card is valid, then it further proceeds to the later phaseof authentication termed as biometric authentication which is com-bination of both finger print scanner and Iris scanner. It is solely upto the individual to choose the type of biometric verification. Theindividual may choose to go with only fingerprint or, else for onlyiris or, for the combination of both the biometric verifications. Italso depends upon the level of security he needed to his respectiveaccount.

A few demonstrations are provided below to give the audiencea brief clarity of the working procedure of our proposed system.

11


Figure 5: First phase of authentication.

Here the system asks the user to tag their card and later onproceeds to ask the pin. Now the user delivers the pin throughthe keypad provided. If the pin entered is valid then the systemadvances to the next phase of authentication that is, biometricverification.

Figure 6: Validating through finger print.

The user will place his finger over the fingerprint scanner andthen the template of the fingerprint is stored in the form of binarycode and it is compared with that of previously enrolled fingerprinttemplate, which is stored in the database.

If the individual is found to be the authorized user then thesystem may proceed to iris validation or the process ends at thestage of successful verification of fingerprint depending upon thelevel of security the user has chosen.

12


Figure 7: A user scanning his iris.

If the iris is verified and matched with that of previously enrolledimage then the authentication phase is completed and the ATM willdispense the money there by completing the transaction process anda message regarding successful transaction will be notified to theuser.

7 CONCLUSION

As we can see that security concerns have exponentially rose tovery high extent as terrorism and other unidentified dangers arearound which cause considerable damage to human life and intel-lectual property. To safeguard against all these high quality techni-cal attacks and intrusions we need equally sophisticated foolproofbiometric security systems. Biometrics security system has rev-olutionized the way people generally perceive security. The onlyhurdle to deploy these seemingly fool-proof security measures ispeoples acceptance and their patience. Once issues and objectionslike invasion of privacy, undue physical harassment etc. are sortedout, biometrics security products will have increased acceptancefrom people and will workout as the most effective security systemever. Biometric systems embedded with the existing systems and

13


technology can produce a very well secured system where consumercan have a peaceful life regarding securing their money and beingfree from money theft.

References

[1] A. K. Jain, A. Ross and S. Pankanti, ”Biometrics: a tool forinformation security,” in IEEE Transactions on InformationForensics and Security, vol.

[2] no. 2, pp. 125-143, June 2006.

[3] B. M. Nelligani, N. V. U. Reddy and N. Awasti, ”Smart ATMsecurity system using FPR, GSM, GPS,” 2016 InternationalConference on Inventive Computation Technologies (ICICT),Coimbatore, 2016, pp. 1-5.

[4] S. Patil, S. Gudasalamani and N. C. Iyer, ”A survey on Irisrecognition system,” 2016 International Conference on Elec-trical, Electronics, and Optimization Techniques (ICEEOT),Chennai, 2016, pp. 2207-2210.

[5] A. Albadarneh, I. Albadarneh and J. Alqatawna, ”Iris recog-nition system for secure authentication based on textureand shape features,” 2015 IEEE Jordan Conference on Ap-plied Electrical Engineering and Computing Technologies(AEECT), Amman, 2015, pp. 1-

[6] Gogineni Prathusha,R.Anirudh Reddy, Multiple Security Sys-tem Using Signature Verification On Android Smartphone, In-ternational Journal of Technology and Science,2015 Volume V,Issue 1, 2015 pp. 12-15

[7] https://www.livemint.com/Industry/jVF2Aw72w0DcBsUGseV0UP/ Malware-caused-Indias-biggest-debit-card- fraud-Audit-repor.html.

14


multi level robust data security systemnearly 3.2 million debit cards in 2016, was caused by a...

Documents