The advent of newer technology has always emphasized the need of providing more security. An example of one such service is a financial service outlet (e.g. an ATM, petrol station outlet). The users of such services are forced to trust a service outlet to be authentic which could be a spoofed one, meant to collect user information and use it later. The traditional outlets are susceptible to attacks like fake PIN pad overlay attack, using skimming devices, shoulder surfing etc. Moreover, the cost (both installation and operational) of an outlet is high as a fall out of using I/O devices for display (e.g. monitor) and input (e.g. keyboard) and persistent connectivity to the network. The downside of this is that banks are reluctant to install an outlet in areas with little population or no network connectivity. We at IITK, as a security group, address these issues and propose a new model for such financial services. Some important aspects of the new model are given below.
- The model uses Public Key Infrastructure to verify the identity of each of the outlet and the customer using digital certificates.
- Use of smart card in place of magnetic stripes help in a way that information stored in the smart card can be protected against unauthorized reading, copying or modification.
- The proposed model would use the I/O devices of the personal electronic device such as a mobile phone. This would do away with the need of I/O devices for the outlet and would bring down the cost tremendously.
- The communication of the personal electronic device with the outlet takes place over a secure channel using technologies like bluetooth.
|