Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
IMPLEMENTATION IN ATM
EMAIL:
karthi.doe@hotmail.com
manoj10390@gmail.com
ABSTRACT: EMBEDDED OPERATING SYSTEM
In the modern world , the Real-time operating systems
Embedded system plays a vital role in (RTOS) like VxWorks, C Executive and
the electronic component manufacturing RTX are used, but systems that provide
purposes, such as Video games, more power to their users require a more
Wearable computer, multiple levels of powerful embedded operating system
wireless networking, media caching, such as Microsoft Windows NT
Mobile phones. It also reached a peak on embedded, Windows CE, Embedded
its application in ATM. Generally linux, chorus and Palm operating
today’s people are filled with a lot of system.
tensions, appointments, etc. So it is a
tough job to keep the ATM cards more EMBEDDED SOFTWARE
securely, if there is a card theft. The programs on an
Shoulder surfing, Fake PIN pad overlay, embedded system must run with real-
PIN interception are the ways by which time constraints with limited hardware
PIN number is captured. In the following resources: often, there is no disk drive,
topics we see about the frauds and operating system, keyboard or screen. A
attacks in ATM and ways to prevent it. flash drive may replace the rotating
media, and a small keypad and LCD
INTRODUCTION: screen may be used in place of a PC’s
Embedded system is a keyboard and screen. The firmware is
special purpose computer system, which the software embedded in hardware
is completely encapsulated by the device devices, e.g. ROM/Flash memory chips.
it controls. It is a computer controlled
system. The core of any embedded DANGER IS CLOSER HOME
system is a microprocessor, programmed Many embedded systems
to perform a few tasks. The first modern interact with the real world. This
embedded system was the Apollo proximity can lead to serious
Guidance Computer, developed by consequences like property damage,
Charles Stark Draper at the MIT personal injury and even death if an
Instrumentation Laboratory. embedded system is tampered or
exploited. Embedded systems have no
real system administrator hence there is SECURITY REQUIREMENTS
nobody to ensure that only strong Embedded System
passwords are used, so anyone can architectures need to be flexible
attack the system. enough to support the rapid
evolution of security mechanisms
TAXONOMY OF ATTACKS and standards. Secure storage
involves securing information in
the embedded system’s storage
devices, external or internal to the
system.
TAMPER DETECTION
It enables the hardware device to
be aware of tampering. The elapsed time
interval between the launch of an attack
and its detection needs to be kept as low
as possible. This mechanism typically
fall into one of the following three
groups:
Switches and pressure contacts to
detect the opening.
Radiation sensors for x-rays used
for seeing what is inside of a
sealed device, and ion beams
TAMPER MECHANISMS
used for advanced attacks to
It is to prevent any attempt
focus on specific electrical gates
by an attacker to perform an
within an IC.
unauthorized electronic action against
Circuitry such as Nichrome wire The TrustZone
and fibre optics wrapped around security technology from ARM is an
critical circuitry or specific good example of how countermeasures
components on the board. against software attacks are implemented
for an embedded system-on-chip.It
offers a more secure solution from a
trusted environment that provides a safe
initialization to the secure world, with
benefits that include:
Easier to certify software
applications.
Implementation of flexible
system-wide security,
without constraints.
Basis for consistent OS
support – a step towards CPU
security standardization and
all the economies of scales
that bring to the industry.
PIN Security
The PIN is one of the most important
elements needed to steal the identity of
an ATM user. The following techniques
may be used to capture the PIN number.
• Shoulder Surfing (Direct Observation
as the consumers enter their PIN
number) Preventing Shoulder Surfing
• Fake PIN Pad Overlay In addition to camera
• PIN Interception surveillance, a mirror can be affixed to
the fascia of the ATM that would allow
users to easily see behind them as they
enter their information. The ergonomic
design of the ATM plays an important
Shoulder Surfing part in preventing shoulder surfing as the
Shoulder Surfing is the act of positioning of the keyboard, centered
direct observation, watching what directly below the monitor, allows for
number that person taps onto the keypad. the body to naturally cover the area of
Sometimes miniature video cameras are pin entry.
installed discretely on the fascia or
somewhere close to the PIN Pad, to Utilizing a Fake PIN Pad Overlay
record the PIN entry information. A fake PIN pad is placed over
the original Keypad.This overlay
captures the PIN data and stores the
information into its memory. Hackers the on-line PIN check. In order to
may also attach a portable monitor and capture the PIN internally, the criminal
card reader on top of the actual ATMs would require access to the
monitor and card reader to obtain the communication cable of the PIN pad
card and PIN information. inside the terminal, which can more
easily be done, at off- premise locations.
Preventing Fake PIN Pad Overlay
Educating ATM users to Preventing PIN Interception
be aware of abnormalities i.e., A MasterCard and VISA are
warning that there might be a PIN pad requiring new PIN pad security
overlay is no ***** asterisk appear on enhancements for ATMs that tie into
the screen when the PIN is entered. their network. In order to decrease PIN
Utilizing ATM monitoring software theft fraud, they are now requiring an
/services would enable notifications to encrypted PIN Pad in place of the
be sent to the network if there are keypad. The EPP is a sealed module that
repetitive occurrences of a “time out immediately encrypts the PIN entry so
message” during PIN entry. These that no “raw” PIN numbers are
messages could signify that a card has accessible to electronic Hackers. In
been inserted into the ATM, but the regards to on-line communication, the
transaction has timed out because no newly instituted Triple DES standard
data has been entered and the card strengthens the encryption algorithm.
returned, due to the pin pad overlay that
has received the PIN entry information.