Professional Documents
Culture Documents
Securing Atm Using Otp and Biometric
Securing Atm Using Otp and Biometric
Securing Atm Using Otp and Biometric
AND BIOMETRIC
By
Hamid Khan
Under guidance: Dr. Jyoti Joglekar
Outlines
• ATM machine frauds
• ATM card frauds
• Existing system
• Problem definition
• Proposed system
• Objective of the system
• OTP and OTP generation
• Biometric authentication
• Purpose of the system
• Changes to current system
• Implementation constraints
ATM MACHINE FRAUDS
• Card-trapping devices: This type of fraud occurs
when a fraudster uses a device at the ATM to capture
your card.
• Skimming from the magnetic stripe: Skimming is
the term used when a fraudster attaches a device to an
ATM to record the electronic details from the
magnetic stripe of your card.
• Shoulder surfing: Shoulder surfing is the term used
when the fraudster observes you entering your PIN at
an ATM or in a shop.
This video was published on YouTube on feb,2015
ATM CARD FRAUDS
• Counterfeit card fraud: This type of fraud occurs when
a fake card is created using compromised card details.
• Lost or Stolen ATM card: by using ones stolen card, it
can be used by anyone who knows the password (like
family member) can have all the access. Or it can be used
as debit card for online purchase.
• Card not present: This type of fraud occurs when a
fraudster uses your personal card details to make
purchases without the card being present. This may be
online, over the phone or by mail order.
Existing System
• In present days the ATM holds only one thing (i.e. PIN) to
secure the money saved in the bank and if we are not
considering the physical attacks.
– User enters the card to machine.
– Card Reader reads the information on the magnetic strip on the card and sends
the information to the bank server. If the card information is valid according to
the bank, the ATM will ask for PIN.
– User will enter PIN to the ATM machine.
– If PIN entered by User is correct according to server, User will be allowed
further to access for transactions.
– This is process will only be applicable for one time, i.e. if user want to
withdraw more money than he/she have to repeat the process again.
Problem definition
• The problem with current ATM banking is,
every day there is something new that make
bad impact on security related to ATM
banking. This leads to necessity of new
techniques or algorithms to deal with new
possible attacks that can happen.
Proposed system
• Swipes • Validates
•
card
Asks PIN
• OTP •
card
Verifies
IC
• ASKs to • OTP
• ASK to choose generate
gener
one option OTP or to
ator
check
Biometric • OTP
authentica to
• tion user
Enters
OTP/
Biometric • Send OTP • D
• Access
B
SAKEC 534480d2acc986f8ebb895655dc8b6280a98f57
SAKEC0123456789 e2ea34548628caf9278a225c456c60597f26cb8
SAKEC01234567899870908062chembur12345678932 fcdf34826cfd5c6c7813b667f466fab49d609aa8
SAKEC01234567899870908062chembur12345678932 29699c7fc6a0dc40cba6671486393d8f59e87ec
10.30.12:12-12-2014
OTP generation example
Hash value: 29699c7fc6a0dc40cba6671486393d8f59e87ec
Step 2:
• Extract all numeric values from hash value.
2969976040667148639385987
• Select a number randomly from above string say
for example 9 is selected.
• Than a pointer will point to 9 th position of string
and 5 numbers from that position will be selected.
• Here 40667 will be considered as a OTP.
OTP generation example
SAKEC01234567899870908062chembur123456
7893210.30.13:12-12-2014:
Hash value:
9cc1f30d516e4ec1202d174b352262bcdcca7149
Only Numeric values:
9130516412021743522627149
Selection of OTP: (suppose 7th is selected)
64120
OTP delivery
• OTP will be delivered on mobile phone of the
user.
• There are some prerequisites
– Mobile number of the user should be present in the
database of the bank
– Mobile number should not be DND activated.
Comparison between OTP generation
methods
• This section compares three algorithms in
terms of following factors
– Time taken to generate number of OTP.
– Repetition of OTP (if any)
– Possibility of regeneration of OTP.
Comparison on System 1*
Table 1. Results for 10000 to 50000 OTP calculation on system 1
* System 1:
Processor: AMD FX™-6100 Six Core Processor (3.30 GHz)
RAM: 4GB of RAM.
Comparison on System 1
Table 2. Results for 100000 to 200000 OTP calculation on system 1
Comparison on System 2*
Table 3. Results for 10000 to 50000 OTP calculation on system 2
* System 2:
Processor: Intel Core i3 4th Gen
RAM: 4GB of RAM.
Comparison on System 2
Table 4. Results for 100000 to 200000 OTP calculation on system 2
Biometric authentication
• Biometric authentication refers to the
identification of humans by their
characteristics or attribute.
• Biometrics is used in computer science as a
form of identification and access control.
• Examples of biometric attributes are
fingerprint, Iris, hand geometry, voice etc.
Fingerprint biometric
• Fingerprint is easy and oldest method in
biometric.
• In fingerprint biometric patterns of ridges are
matched with the database pattern, and if the
ridges are matching system access will be
granted.
Fingerprint biometric
• The three basic patterns of fingerprint
ridges are the arch, loop, and whorl:
– arch: The ridges enter from one side of the
finger, rise in the center forming an arc, and
then exit the other side of the finger.
– loop: The ridges enter from one side of a
finger, form a curve, and then exit on that
same side.
– whorl: Ridges form circularly around a central
point on the finger.
Pattern-based algorithm
• Pattern based algorithms compare the basic
fingerprint patterns (arch, whorl, and loop) between a
previously stored fingerprint and a current candidate
fingerprint.
• To do this images are aligned in the same orientation.
Then algorithm finds a central point the images.
• The candidate fingerprint is graphically compared
with stored fingerprint.
Purpose of system