LITERATURE STUDY ON CRYPTOGRAPHY

IN ATM AND MOBILE APPLICATION

Stemina SC
17TUCS236
III CSE-C
INTRODUCTION TO CRYPTOGRAPHY
Cryptography is associated with the process of converting ordinary plain text
into unintelligible text and vice-versa. It is a method of storing and transmitting
data in a particular form so that only those for whom it is intended can read and
process it. Cryptography not only protects data from theft or alteration, but can
also be used for user authentication. These deterministic algorithms are used
for cryptographic key generation and digital signing and verification to protect
data privacy, web browsing on the internet and confidential communications
such as credit card transactions and email.

Modern cryptography concerns with:

Confidentiality - Information cannot be understood by anyone.

Integrity - Information cannot be altered.

Non-repudiation - Sender cannot deny his/her intentions in the transmission

of the information at a later stage.

Authentication - Sender and receiver can confirm each.

TYPES OF CRYPTOGRAPHY
 Symmetric-key Cryptography
 Public-Key Cryptography
 Hash Functions

Symmetric-key Cryptography

Both the sender and receiver share a single key. The sender uses this key to
encrypt plaintext and send the cipher text to the receiver. On the other side the
receiver applies the same key to decrypt the message and recover the plain
text.
Public-Key Cryptography

This is the most revolutionary concept in the last 300-400 years. In Public-
Key Cryptography two related keys (public and private key) are used. Public
key may be freely distributed, while its paired private key, remains a secret.
The public key is used for encryption and for decryption private key is used.

Hash Functions

No key is used in this algorithm. A fixed-length hash value is computed as

per the plain text that makes it impossible for the contents of the plain text to
be recovered. Hash functions are also used by many operating systems to
encrypt passwords.

ENCRYPTION IN ATM
The introduction of the ATM also known as Automatic Teller Machine
proved to be an important technological development that enabled financial
institutions to provide services to their customers in a 24X7 environment. The
ATM has enhanced the convenience of customers by enabling them to access
their cash wherever required from the nearest ATM. The basic concept is that
a person with a valid card can conduct any banking transaction without
visiting a branch. They are well known for its convenience to the customers,
cost effectiveness to the bank and most importantly it is an extremely secure
banking method. The functions of ATMs depend on authorization of a
transaction by the bank via a secure communications network.

FOR YOUR EYES ONLY

To truly encrypt a message for a small set of people, you need to make sure that
only they have the symmetric key. So you should produce a new symmetric
key for every message that you send. But if you produce a symmetric key to
send a message, how do you get that symmetric key to the recipients? And how
to ensure that only they can read it? The answer is to have each of the recipients
produce an asymmetric key pair. This is a pair of keys, one public and the other
private, that can be used to privately share something small, like the symmetric
key. When a user installs the application on a device, the app produces a key
pair. It broadcasts the public key to all of the user's friends. The private key
never leaves the device. They send all of these encrypted keys back to their
respective recipients, each of whom decrypt it with their private key. The
sender can publish the encrypted message in a common place. It does not need
to be encrypted differently for each recipient. They all use the same symmetric
key to decrypt the message. But only the intended recipients have this shared
key, because only they had the private key necessary to decrypt it. Well, to
prevent that attack, the server should sign the public keys produced by a user's
devices. When they log in, they receive an authentication token. Then, the
device sends the server a signing request with that authentication token. The
server will sign it with a private key that only it knows. Now a sender can verify
that the public key of their friend actually belongs to that friend. They can
validate the server's signature by using its public key. Unlike the shared key,
the public key can be embedded within the mobile app. If the signature is valid,
then the sender trusts that the recipient had a valid authentication token, and is
therefore who they claim to be. Encryption alone is not enough. A secure
protocol considers all of the information that an attacker could obtain. If it's on
the wire or in the app package, then assume that the attacker knows it. Always
generate a unique symmetric key per message. And then use trusted public keys
to exchange those symmetric keys.

CRYPTOGRAPHY IN MOBILE BANKING

Authenticating users over the phone or on website is the most important factor
for any business, where transactions are carried out using insecure Internet
channel. The modern communication medium is very much exposed to
various threats. One time password (OTP) is used to prove ones identity over
the wireless channel. A One Time Password (OTP) is a password which is
valid for only one Login Session or transaction. The OTP sent to user
registered mobile number as SMS is most commonly used technique for user
authentication. The user can receive the OTP via text message. OTP SMS
which is one of the Smart way of sending a Pin, is a system to send to anyone
mobile phone a "one time password" for their money transfer and payment
operations and Internet Banking login. Neither the person nor anyone else can
use for a second time these five digit one time passwords generated by OTP
SMS. But the OTP SMS sent normally as plain text is vulnerable to various
attacks along the communication channel. The user needs to know the PIN to
read the OTP. The user can proceed with the business transaction, only after
this authentication. This process provides end-to-end-encryption of the OTP
SMS. The OTP which is encrypted can be decrypted only if the 4 digit PIN
entered by the user at his mobile is correct. Since the PIN is known only to
the user, it provides two levels of authentication. Only if PIN and OTP are
correct the user is allowed to proceed with the m-banking transaction that he
initiated. The OTP generated is encrypted using the powerful AES algorithm.
The generated OTP value is encrypted using powerful AES algorithm and
sends it to users. AES is an iterative and asymmetric key block cipher that
uses three keys strengths of 128, 192 and 256 bits. The AES uses 128 bits as a
block for encryption and decryption. It is one of the perfect cryptography
algorithms to protect personal data. .The encrypted AES tool converts the
input plain text to cipher text in a number of required repetitions based on the
encryption key. The AES decrypt method uses the same process to transform
the cipher text back to the original plain text using the same encryption key. It
is very difficult to break even using brute force attack.

CONCLUSION
In the future, the need for data security and integrity will continue to require
our careful thought and consideration. For carrying out critical transactions
like fund transfers, the banks, at the least, need to implement robust and
dynamic two-factor authentication through user id/password combination and
second factor like a digital signature or OTP/dynamic access code through
various modes (like SMS over mobile phones or hardware token).