Automated Teller Machine Communication Security

Automated Teller Machines were first used in 1939. Nowadays, about 1.5 million are installed worldwide [ [http://www.atmmarketplace.com/news_story_24706.htm Number of ATMs worldwide expected to hit 1.5 million in December 2005] www.atmmarketplace.com article.] .

In the consideration of ATM, there are different aspects that should be considered. First, one has to have an idea about the communication within ATMs. Second, the issue of security is of paramount importance due to the fact that all over the world, there is an increasing use of ATMs and so the risks of hacking turn to be a reality more than ever before. In the past, the function of ATMs was to deliver cash in the form of bank notes and to debit a corresponding bank account. Cards were used to identify the user. As for the withdrawal of money, different methods were used. For instance, punched cards were used. By the use of such cards, only one payment was authorized. Thereby, a user had to get a supply of cards from his/her bank because the punched cards were not returned to the user. Another example was the use of a magnetic card which had a limited life. The use of such cards allowed; for instance, twenty withdrawals of money. From the beginning, personal identification number PIN has been of very great importance in the overall operation.

The use of it has been done with the aim to decrease the risks that might result from the loss of cards and the misuses that might be connected to that. In fact, in the past as well as in the present, there have been different aspects in the consideration of the designing and the communicative basics of Automated Teller Machines. One aspect of it has been how communication between its participants could be possible [cite book|last=Ross Anderson|title=Security Engineering: A Guide to Building Dependable Distributed Systems, Banking and Bookkeeping|publisher=|location=England|url=http://www.cl.cam.ac.uk/%7Erja14/Papers/SE-09.pdf| year=2001] . The second of it has been to take into consideration the purposes which could be a part and a parcel of any communicative act. In this context, there are different participants involved in ATMs communication. To cite but a few of them, in an ATM communication, there are remote partners and interfaces to the outside world and these interfaces are in their turn subject to more than one classification. The first interface represents the relationship between the End-user and Automated Teller Machine. The second interface occurs between the ATM and the central bank computer.

= Protection of Communication [cite book|last=Meyer, Carl H. & Stephen M. Matyas|title= Cryptography : a new dimension in computer data security ; a guide for the design and implementation of secure systems|year=1982|publisher=|isbn=0-471-04892-5] =

PIN validation, Management and Algorithmic Checking

The method of checking relies on an algorithm which is typically a cipher [http://en.wikipedia.org/wiki/Cipher] with a secret key.

PIN Validation for local Transactions

On-Line PIN Validation

The validation of on-line PIN occurs if the terminal in question is connected to the central data base. The customer's enteredPIN is always compared against as in the financial institutions recorded PIN of reference.

Off-Line PIN Validation

In off-line PIN validation, the ATM is not connected to the central data base. A condition for off-line PIN validation is that the ATM should be able to compare the customer's entered PIN against the PIN of reference. the terminal must be able to perform cryptographic operations and it must have at its disposal the required encryption keys

PIN Validation for Interchange Transactions

There are three PIN procedures for the operation of a high secure interchange transaction. PIN is encrypted at the entry terminal, a secret cryptographic key is used. In addition to other transaction elements, the encrypted PIN is transmitted to the acquirer's system. Second the encrypted PIN is routed from the acquirer's system to a Hardware Security Module. Within it, with the use of the cryptographic key of the terminal, the PIN will be decrypted. With a cryptographic key used for interchange, the decrypted key will be immediately reencrypted and will be routed to the issuer's system over normal communications channels. Third, the routedPIN will be decrypted in the issuer's security module and then validated on the basis of the techniques for on-line local PIN validation.

Shared ATMs []

There are different methods used in shared ATMs with regards to the encipherment of PIN and message authentication among them is the so called "ZONE ENCRYPTION". In this method, a trustful authority is appointed to operate on behalf of a group of banks so as they could interchange messages for ATM payment approvals.

Hardware Security Module

For a successful communication between a bank and ATMs, the incorporation of a cryptographic module named security module is of a very great importance. The security module is designed to be tamper resistant [cite book|last=Kjell Jørgen Hole|title=Automatic Teller Machines|publisher=|location=NoWires Research GroupDepartment of Informatics University of Bergen|url=http://www.kjhole.com/WebSec/PDF/ATM.pdf| year=2007] . The security module performs a plethora of functions among them PIN verification, PIN translation in interchange, Key management and message authentication. As far as the use of PIN in interchanges is concerned, the PIN can be translated by the security module from the cryptographic key and format used by ATM to the format used for interchange. Moreover, the generation, the control,the maintenance and the protection of all keys associated with the user's network are within the capacities of the security module.

Authentication and Data Integrity

In the consideration of the personal verification process, it begins with the user's supply of personal verification information. It is "the users remembered information". These information include among others a PIN and the provided customer's information which is recorded on the bank card. In cases where there is a storage of a cryptographic key on the bank card, it is called Personal key (KP). the performance of personal identification can be done by the Authentication Parameter (AP). There are two possible ways of its operation. On the one, an AP can be time invariant. In such a case, an AP of reference can be stored in a verification table at the issuer and it can be precomputed. On the other, an AP can be time variant. In such a case, we have the dynamic computation of an AP of reference. Another point worth mentioning is the case where we have an IP which is based on both time variant information and on the transaction request message. In such a case where an AP can be used as a message authentication code (MAC), the use of message authentication is made recourse to find out stale or bogus messages which might be routed both into the communication path and the detection of modified messages which are fraudulent and which can traverse non-secure communication systems. In such cases, AP turns out to perform a double purpose. That is, it must be made recourse to for personal verification and message authentication. In cases where a duplicate of AP is recorded in a verification table at the authenticating code or where the authenticator is able to compute an AP of reference, the personal authentication code is used. In cases where it is not possible to assure the integrity of the verification table or the secrecy and the integrity of the recorded information to compute the AP of reference, then the personal identification can dwell on ID, AP and a personal authentication code (PAC).

= Security [cite book|last=Ross Anderson|title= Perspectives - Automatic Teller Machines|publisher=|location=Cambridge University|url=http://axion.physics.ubc.ca/atm.html| year=1992] =

A first approximation of security exposures in Electronic funds transfer systems can be done without delimiting their components. Electronic funds transfer systems have three components; namely communication links, computers, and terminals(ATMs). To begin with, communication links are subject to attacks. There are two techniques made recourse to as far as the inception of messages is concerned. On the one, they are subject to attack by the use of passive techniques such as listening. On the other, they might be subject to attack by active techniques such as data alteration and substitution. Moreover, both techniques can be used in combination. The second component is computer security. There are different techniques that can be used in order to have access to a computer such as the access to it via a remote terminal or other peripheral devices as the card reader. As a result of such attacks, abusers could copy, replace or even destroy programs or data saved in or being processed in a computer system. As for terminal security, it is of a great importance in cases where cipher keys reside in terminals. In the absence of physical security, an abuser may be probe for a key or substitute its value. In order to avoid such abuses, the preserving of both the integrity of non-secret parameters and the confidentiality of secret parameters should be incorporated. Moreover, the use of public key cryptosystem (PKC) where public keys in the Electronic funds transfer are made recourse to prove to be insecure in the absence of physical security at the entry points. Moreover, as a public key allows the terminal the authentication of the response messages received from the issuer, for the generation of the MACs on transaction request messages sent to the issuer, a secret key is still needed. In the conduction of transactions at the Electronic funds transfer terminal, the only required thing is personal verification. That is, the authentication of a message between the EFT terminal and the issuer is theoretically not required. In such a case, the installation of a public key in the Electronic funds transfer terminal would be adequate as far as the permission of personal verification is concerned

Conclusion

The application of cryptography to electronic funds transfer systems has shown that attacks may occur in different sub-systems. In other words, the protection of Electronic funds transfer terminals from attack by unauthorized outsiders is realized. Terminal's protection from authorized insiders is an impossible task. In order to go beyond these problems, the combined implementation of physical security, procedural protection and cryptography should be applied.

References

External links

* http://www.crypto.rub.de/its_seminar_ws0708.html - Chair for Communication Security, "Ruhr University Bochum"