Institute for Development and Research in Banking … for Development and Research in Banking Technology Explore, ... Mr. Pankaj Mittal of Axis Bank ... Institute for Development and

Volume , No.20 1

Newsletter, 201January 7

Institute for Development and Research in

Banking Technology(Established by Reserve Bank of India)Explore, Enable, ExcelExplore, Enable, Excel

WE organized the Banking Technology ExcellenceAwards function at IDRBT on July 18, 2016.

Dr. Raghuram Rajan, Governor, Reserve Bank of Indiagraced the occasion and gave away the awards to thewinning banks. Our publication “Banking Technology inIndia: Present Status and Future Trends” was released bythe Governor.

We have been striving to make the publication veryinformative, by including invited articles from the toptechnology officials of banks, IBA and IIBF in addition tothe report prepared by our knowledge partner using thedata obtained as part of the awards process. The otherimportant publication released during the awardsfunction was the “Cyber Security Checklist” byShri R. Gandhi, Deputy Governor, Reserve Bank of Indiaand Chairman, IDRBT. We have been receiving feedbackfrom bankers that the checklist has been quite useful.

Taking a cue from the usefulness of the two forums,IDRBT has been coordinating – CISOs Forum and CIOsForum, the Institute has mooted the idea of forming aForum for Analysts in Banks. Accordingly, a preliminarymeeting was conducted November 16, 2016, whereinonimportant stakeholders from banks have participated.There has been general appreciation of the initiative ofthe Institute to start a forum for Analysts. On theoccasion of the meeting, a publication of the Institutetitled “Digital Banking Framework” was released by theC Ghief uest, Dr. Rajeeva Karandikar, Director, ChennaiMathematical Institute.

The other important activities of the Institute included a2-day Conference on Banking Technology for Membersof Boards of Banks and the 10-day internationalprogramme on nformation ecurity organized inI Scollaboration with SUNY, Buffalo. The IDRBTAnnualDoctoral Colloquium (IDC) has been growing as anattractive event for doctoral students to show case theirhigh quality research work. There has been very goodaresponse from students of reputed institutes for the IDCorganized during December 8-9, 2016.

The Institute has commenced the one-year PostGraduate Diploma in Banking Technology (PGDBT)course from July 2016. The students are exposed to all

important topics relevant to banking technology and areexpected to fill the gap in the skill set in banking industryfrom this year onwards.

Blockchain Technology (BCT) is being looked closely byacademicians, governments and industry in view of itsability to provide a distributed ledger platform, usingwhich several applications can be designed, developedand deployed. The Institute has been in the forefront innot only studying the features of BCT, but also in itsadoption to Indian Banking and Financial Sector. In theprocess, the Institute has formed a Working Group toprepare a White Paper detailing all aspects relating toBCT like concept, concerns, global experiences,applicable areas in the Indian scenario and Proof-of-Concept for a specific case. The White Paper is plannedto be released on January 5, 2017.

It is the day on which the International Conference onDistributed Computing and Networking (ICDCN) will beinaugurated by Dr. Duvvuri Subbarao, Former Governor,R B I along with the release of theeserve ank of ndia,White Paper on BCT Two workshops on BCT are planned.prior to and during the conference in collaboration withIIT, Bombay and IBM.

What an exciting way to start the new year!

Wishing you all a very Happy New Year 2017.

(Dr. A. S. Ramasastri)

From the Director's Desktop...

Explore, Enable, Excel

Happy New Year 2017!!!

Fast Forward | January 2017

01


02


IDRBT Launches Chief Analytics Officers Forum

ANALYTICS has taken significant strides in theBanking Sector by creating huge business potential

yet posing several critical challenges in terms ofimplementation. In order to address the commonproblems identified in implementing advanced bankingtechnologies by leveraging Analytics, Dr. A. S. Ramasastri,Director, IDRBT, put forth the idea of creating a ChiefAnalytics Officers (CAO) Forum.

Taking this idea forward, the Institute launched theChief Analytics Officers (CAO) Forum on November 16,2016 with the participation of Dr. Rajeeva L. Karandikar,Director, Chennai Mathematical Institute, and 23banking executives from various public and privatesector banks.

Speaking on the occasion, the Director, IDRBThighlighted the role of the Institute in improvingbanking technologies and provided a snapshot of thefunctioning of the CIO and CISO Forums, which havebecome a common platform for the bankers to share,discuss and resolve the critical issues faced by the banksin terms of security, implementation of technologies,etc. The Director also emphasized the role of the ChiefAnalytics Officers in elevating the banks.

The CAO Forum has Working Groups on DataGovernance, Business Process Reengineering forAnalytics, Risk Analytics, Fraud Analytics, CreditRecovery Analytics, Security Analytics, OperationalAnalytics, as well as HR Analytics. The initial focus is topublish Standards and Frameworks in these areas for theBanking Sector. The various topics of focus suggested bythe bankers include Data Quality, Data Governance,Audit Analytics, Infrastructure Analytics, CostAnalytics, etc.

Dr. Rajeeva L. Karandikar delivered the keynote addresson Role of Statistics in the Age of Big Data He stressed.that in the area of Analytics, domain knowledge andsource of data are of vital importance. He proposed anew architecture SI layer (Statistical Intelligence) on topof BI (Business Intelligence) layer and explained howvarious models go wrong.

A snapshot of the views shared by bankers isvariouspresented here under:

� Ms. Lalitha Natraj, ICICI Bank, shared how ICICI isusing analytics and how their teams are dividedinto horizontals and verticals

� Mr. Rajesh Kumar R, HDFC Bank explained theanalytics work in HDFC bank

� Mr. Balaji of Andhra Bank focused on how they areusing SQL and R

� Mr. R. Bhuvan from Indian Overseas Bankillustrated how Data Warehouse is built usingOracle based BI Tools

� Mr. Pankaj Mittal of Axis Bank emphasised usageof analytics in banking and also explained theneed of analytics in paving the bank's wayforward

� Mr. Devendra Sharnagat, Kotak Mahindra Bank,shared that they first implemented OCRM usingSiebel and also analytics for dashboard creation

� Mr. Manas Ranjan Mohanty, State Bank of Indiahighlighted the drastic changes in the size of datawhen the SBI Associates are merged.

Dr. V. Ravi, Professor, IDRBT, elaborated the objectives ofCentre of Excellence in Analytics (CoEA) i.e., to run pilotprojects with banks on ACRM problems and to provide

CAOs come together for the Inaugural CAO Forum Meet at IDRBT

Continued in Page 25...

12 IDRBT Banking Technologyth

Excellence Awards 2015-16


03

IMPACT

Dr. Raghuram G Rajan, Governor, RBI and Shri R. Gandhi, Deputy Governor, RBI with Dr. A. S. Ramasastri, Director, IDRBT

during the 12 IDRBT Banking Technology Awards function�ʰ


THE Twelfth edition of the IDRBT BankingTechnology Excellence Awards was held on July 18,

2016. Dr. Raghuram G. Rajan, Governor, Reserve Bank ofIndia, and Visitor, IDRBT was the Chief Guest. He wasjoined by Shri R. Gandhi, Deputy Governor, ReserveBank of India, and Chairman, IDRBT.

Dr. A.S. Ramasastri, Director, IDRBT, extended a warmwelcome to all the distinguished dignitaries and focusedattention on the recent achievements of the Instituteincluding:

� Signing MoUs with NIT, Warangal and NIT, Trichy,for full-time Ph. D. programmes focusing onBanking Technology

� Re gular ly organiz ing reputed researchconferences with the Fifth InternationalConference on Fuzzy and Neural Computing(FANCCO), organized in December 2015 and theInternational Conference on DistributedComputing and Networking (ICDCN), beingorganized in January 2017

� Launch the full-time one-year Post GraduateingDiploma in Banking Technology (PGDBT), withthe first batch commencing from July 04, 2016

� Set up two new Research Centres Cloudting onComputing and Payment Systems

� Starting the bi-annual IDRBT Staff Paper Series onissues of critical relevance to the Indian Bankingand Financial Sector. While the inaugural issue

focused attention on Mobile Banking, the secondissue dealt with Payment Systems

� Organizing the IDRBT Banking ApplicationContest on April 11, 2016 and the RBI- sponsoredPayment System Innovation Contest on June 24,2016

� Inaugurating the IDRBT BankTech Museum onApril 24, 2016.

Shri R. Gandhi, Deputy Governor, RBI and Chairman,IDRBT, presented the Opening Remarks, highlightingthe following:

� Banking and finance are eminently suitable,cont inuous , innovat ive appl icat ions oftechnology

� The ever-increasing volume of transactions andthe ever-changing customer expectations are thekey differentiating drivers for leveraging bettertechnology

� Reserve Bank has now constituted a WorkingGroup on Financial Technology, to ful lyunderstand the new paradigm of FinTech and tochart out the best way of using it

� Technology has thrown challenges and thefollowing five need special attention:

� Cyber Security: IT systems of banks are theprime target for cyber crimes. safe andFor


04

EVENT Explore, Enable, Excel

secure banking, providing safe IT systems areundeniable requirements. The role of theChief Information Security Officer assumesimportance, especially in keeping continuedvigilance and warranting concerted proactiveprotective actions

� New Technologies: Cloud based computing,blockchain processing technologies andvirtualization of IT systems are a few exampleswhichholdpotential forbeingusedinabigway

� FinTech Companies: The techies have nowgrown as FinTech companies and areemerging as direct competitors. Technologyhas dissected the entire value chain ofbanking and finance and bundled out thechunks in innovative ways i.e., they whointermediate between savers and investors, orbetween sender and receiver of funds.Therefore, banks have to find ways to co-operate, co-opt and compete with FinTechcompanies

� Payment Revolution: New initiatives inpayment systems need to aim at providingbetter customer comfort and ensure that thesystems are safe, thus, resulting in the overallefficiencies including reduced costs to thecommon man

� Varied Choices of Technology for FinancialInclusion: Financial Inclusion is an achievablereality, and the role of IT is very significant andfundamental. Integrating account openingand KYC related requirements with othersystems such as Aadhaar, allowing use offunds without actual movement of cash, andensur that the common persons haveingaccess to banking and financial services attheir doorsteps are key steps forward.

Dr. Raghuram G. Rajan, Governor, Reserve Bank ofIndia, and Visitor, IDRBT, delivered the Keynote Addresson th special occasion and turned the spotlight on theisfollowing:

� Payment Systems are the plumbing of thefinancial system. The Reserve Bank, as theregulator of payment and settlement systems,aims to ensure easy accessibility and interoperabilityof the payment infrastructure, while ensuringsafety and security of transactions

� Non-bank entities are providing innovativepayment products and services, forcing banks toreflect upon their strategy – to compete or tocollaborate

� Desirable Features of Payment Systems:

� Our regulations governing payment systemshave to be ownership, institution, andtechnology-neutral to encourage the mostefficientoutcomes

� First, being more open to experimentation atthe early stages of a product or method ofservice will be cleared in the peer-to-peerlending regulations and the need to be moreconscious of the risks to stability as innovationscatch on and expand. This phased approach isnow being called the sand-box approachelsewhere

� Second – preference would be given topayment platforms that offer broad basedaccess, rather than that limit access

� Third – payment mechanisms should be cheapand scalable, so that they are suited to oureconomy where ticket sizes are small buttransaction volumes huge

� Fourth – need for systems that offer securityeven to the unsophisticated user, whichrequires greater emphasis on transactionmonitoring and identification of suspiciouspatterns by the system operator

� Fifth – need for an effective process ofconsumer redressal that allows speedy andfair resolution of customer complaints.

� Ro l e s a n d Re s p o n s i b i l i t i e s o f B a n k s –Challenges

� Does the bank's vision and strategy take intoaccount payment services aspects? Are thereadequate human resources to projectrequirements and implement them?

� A d o p t i n g t e c h n o l o g y i s m o r e t h a nautomation cal l ing for efforts at re-engineering business processes. There has tobe a conscious evaluation of processdependencies taking into account customerexperience, security issues, etc., besideshaving a long term view of the developments


05

IMPACTExplore, Enable, Excel

of interoperability within and across systems

� Despite the huge potential, activation ratesand usage levels of various electronicpayment services remain at low levels, thoughgrowth is picking up

� Creating appropriate customer awarenesswould not only enable the customers tochoose their mix of payments taking intoaccount time criticality, security and risk andthe cost involved, but also enable the banks tooptimize their payment product mixdepending upon their customer profiles

� Banks have a high level of responsibility whenadopting digital channels – not only to ensuresecurity at the infrastructure level, and toprotect data security and personal privacy atsystem level, but to create customerawareness in security matters.

Issues concerning customer liabil ity and riskmanagement for electronic payment transactions needto be addressed.

Awards 2015-16

The IDRBT Banking Technology Excellence Awards issynonymous with excellence in technology adoption,upgradation, absorption and innovation. In its twelfthedition this year, the IDRBT Banking TechnologyExcellence Awards, are the benchmark for recognizingbanks, which innovate and explore technology toimprove cost, reach, customer service and efficiency.Pioneering and out-of-the-box approaches in the usageof technology for improving productivity andprofitability are recognized through these awards.

As technology evolves and changes, the categories ofawards also undergo changes. Over the past eleveneditions, several categories have been dropped and newcategories introduced. This year, the Institute hasredefined quite a few categories so as to reflect thetechnological changes in the Indian Banking andFinancial Sector.

The Jury for the Twelfth Edition of the IDRBT BankingTechnology Excellence Awards is as under:

� Smt Usha Thorat, Former Deputy Governor,Reserve Bank of India (Chairperson)

� Shri M.V. Tanksale, Chief Executive, IndianBanks' Association

� Prof. B.H. Jajoo, Indian Institute of Management,Ahmedabad

� Prof. G. Sivakumar , Indian Institute ofTechnology, Bombay

� Dr. Santanu Paul, Chief Executive Officer &Managing Director, TalentSprint, Hyderabad

� Shri Rajesh Doshi, Former Senior ExecutiveDirector, National Securities Depository Limited.

This year, the IDRBT Banking Technology ExcellenceAwards, were presented in eight categories to theCommercial Banks and one category each toCo-operative Banks and Regional Rural Banks. Since theparticipating banks vary in terms of size and scale ofbusiness and operations, the banks classified ntowere ithree categories – large, mid-size and small, on the basis ofthe business they have done to make comparisons andrecognition more meaningfulandpragmatic.

Winners of 12 IDRBT Banking Technology Excellence Awards 2015-16, with the Governor, Deputy Governor, RBI and Director, IDRBTth


06

EVENT Explore, Enable, Excel

Award Category Award Winner

Best Bank Award for Use of Technology for Financial Inclusion among Large Banks Union Bank of India

Best Bank Award for Use of Technology for Financial Inclusion among Mid-Size Banks Bank of Maharashtra

Special Mention for Use of Technology for Financial Inclusion among Small Banks Karnataka Bank Ltd.

Best Bank Award for Analytics and Big Data among Large Banks ICICI Bank Ltd.

Best Bank Award for Digital Banking among Large Banks State Bank of India

Best Bank Award for Digital Banking among Mid-Size Banks Andhra Bank

Best Bank Award for Digital Banking among Small Banks The Karur Vysya Bank Ltd.

Best Bank Award for Electronic Payments among Large Banks Bank of India

Best Bank Award for Electronic Payments among Mid-Size Banks Vijaya Bank

Best Bank Award for Electronic Payments among Small Banks South Indian Bank Ltd.

Best Bank Award for Use of Technology for Fraud Prevention and NPA Managementamong Large Banks

HDFC Bank Ltd.

Best Bank Award for Managing IT Ecosystem among Large Banks Bank of India

Best Bank Award for Managing IT Ecosystem among Mid-Size Banks Andhra Bank

Best Bank Award for Managing IT Ecosystem among Small Banks The Karur Vysya Bank Ltd.

Best Bank Award for Cyber Defence among Large Banks ICICI Bank Ltd.

Best Bank Award for Cyber Defence among Mid-Size Banks Yes Bank Ltd.

Best Bank Award for Cyber Defence among Small Banks RBL Bank Ltd.

Best Bank Award for Innovative Use of Technology among Large Banks State Bank of India

Best Bank Award for Innovative Use of Technology among Mid-Size Banks State Bank of Hyderabad

Best Bank Award for Innovative Use of Technology among Small Banks IndusInd Bank Ltd.

Best Bank Award for Best IT-Enabled Regional Rural Bank Andhra Pradesh Grameena VikasBank

Special Mention for IT-Enabled Co-operative Bank The Karad Urban Co-operative BankLtd.

Dr. Raghuram G. Rajan, presented the IDRBT Banking Technology Excellence Awards for the year 2015 – 16, at a veryspecial function at IDRBT and the winners re:we

Dr. Y. V. Reddy, Former Governor, Reserve Bank of India, the top management of the Reserve Bank of India and theIndian Banking including Managing Director & CEOs, CIOs and IT Chiefs of Public, Private and Foreign BanksSectorparticipated in this special function at IDRBT, Hyderabad.

EXECUTIVESeminar on Banking Technology for Directors on Bank Boards

IDRBT organized a two-day seminar on BankingTechnology for Directors on Bank Boards on

September 26-27, 2016, to help them appreciate the needfor taking the digital banking journey forward and at thesame time strengthen the preparedness of banks incyber defence, in view of the growing threats.

The seminar opened with a keynote address byShri. R. Gandhi, Deputy Governor (DG), RBI andChairman, IDRBT, read out by Shri. S. Ganesh Kumar,CGM-in-Charge of DIT, since the DG could not bepresent personally due to sudden exigencies. The DGexhorted the Directors to play an active role in ensuringstrategic alignment of IT and business in banks to pavethe way for improving efficiency and effectiveness ofbanking operations.

Prof. G. Sivakumar, IIT Bombay, in his talk on “ITInfrastructure Management in Banks: Challenges andOpportunities” highlighted the various optionsavailable for making appropriate technology choices forbanks. He also emphasised the need for board levelencouragement and support for the managements inbanks to tackle the critical problems associated withsourcing, supply and support of technology-enabledservices and platforms in banking.

“Cyber Security Preparedness in Banks” was the focus ofintense interaction between the delegates and Smt.Meena Hemachandra, Executive Director, RBI. Shedwelt at length on the recent circular and guidelinesfrom RBI in this regard, explained the various

requirements stipulated and the purpose behind theseinitiatives. The need for achieving a baseline cybersecurity framework and a cyber-crisis management planin banks, as early as possible, as envisaged by the RBI wasof paramount importance, she reiterated and requestedthe boards to actively help and guide the banks in thisregard.

Dr. Santanu Paul, CEO, TalentSprint, painted a picture ofwhere the banks are heading with regard to artificialintelligence and robotics. The need for using bots forimproving internal efficiency and enhancing customerexperience was demonstrated through the examples ofwhat is happening already in a number of otherindustries and services.

Smt. Shubhalakshmi A. Panse, former CMD of AllahabadBank, in her interaction with the delegates on “BoardLevel Focus on Banking Technology” took them througha guided tour on almost all aspects of board leveldecision-making regarding technology alignment,acquisition, deployment and monitoring. She also listedout a good number of practical suggestions and usefultips to help the board members in this important task.

Dr. A. S. Ramasastri, Director, IDRBT, interacted with thedelegates and briefed them on what IDRBT is doing topromote banking technology adoption, upgradation,absorption and innovation in India. He also highlightedthe useful and proactive role played by the ResearchCentres in IDRBT focusing on Analytics, Mobile Banking,Cyber Security, Cloud Computing and AffordableTechnologies, in helping banks reduce their lead time indeploying these technologies and solutions.

The seminar ended with a vote of thanks byDr. M.V. Sivakumaran, Faculty, IDRBT.


07


Smt. Meena Hemachandra, Executive Director, RBI,

interacting with Directors of Banks

PROGRAMMESFifth International Programme on Information Assurance Management&

CONTINUING with the initiative to expose theIndian Banking and Financial Sector to the latest

ideas and innovations in the areas of InformationAssurance and Management, the Institute incollaboration with the University at Buffalo, The StateUniversity of New York, organized the 5 International

th

P r o g r a m m e o n I n f o r m a t i o n A s s u r a n c e a n dManagement, from August 24 – September 03, 2016.

This programme was held in three parts – one at IDRBT(August 24-26, 2016), second at Niagara Falls (August 28– September 01, 2016) and finally at New York City(September 2-3, 2016).

The programme began at IDRBT with the welcomeaddress by Dr. A. S. Ramasastri, Director, IDRBT. This wasfollowed by a session on Cyber Defence for Banks andDigital Forensics by Dr. B. M. Mehtre, Professor, IDRBTand oordinator of the programme. Other sessionsCincluded Recent Advances in Network Security by Prof.Atul Negi, University of Hyderabad; Securing andManaging Network Infrastructure to Mitigate Risk byMr. Samson Naik, Stock Holding Corporation of IndiaLtd.; Mr. Ashutosh Bahuguna, Scientist, CERT-In, onCyber Security and Crisis Management Plan; MobilePayment Security by Dr. V. N. Sastry, Professor, IDRBT;and Data Center Management and Metrics by Dr. G. R.Gangadharan, Associate Professor, IDRBT .

The second part of the programme in the USA washandled by a mix of faculty from the academia, industryand practitioners including Dr. Venu Govindaraju, VicePresident for Research and Economic Development,University at Buffalo Turning Excellence, who spoke oninto Impact.

While Mr. Jeff Murphy, Information Security ProgramManager, University at Buffalo, spoke on SecurityArchitecture; Dr. Anoop Singhal, National Institute ofStandards and Technology, explained the SecurityMetrics and Risk Analysis for Enterprise Systems.


08


Mr. Prakash Samaga, Senior Vice President, First NiagaraFinancial Group Inc., presented way and means forsFighting against Financial Crime and Prof. Mark Frank,University at Buffalo, spoke on Deception Detection. Dr.Manish Gupta, Blue Cross Blue Shield, provided a peekinto Cyber Warfare: Monitoring and Alerts, Cyber andSecurity: Risks and Mitigation. Mr. Subbu Annaswamy,Executive Director, Morgan Stanley talk on Strategiesedto Stay Safe and Sound – Improving Technology Controlsin the Financial Sector. Mr. Scott R. Patronik, Chief,Special Services Division, Erie County Sheriff's Officefocused on Digital Forensics.

Dr. Varun Chandola, Assistant Professor, University atBuffalo spoke on Anomaly Detection, followed by alecture on Strategic Forensics in an EnterpriseEnvironment by Dr. Catherine Ullman – SeniorInformation Security Analyst, University at Buffalo. Thenext session was on Malware by Dr. Aziz Mohaisen,Assistant Professor, University at Buffalo.

The programme also included two panel discussions on:

� Key Security Issues for Financial Institutionsand What Can be Done to Mitigate Them? Thepanel members included Dr. Anoop Singhal, NIST;Johan Walp, KPMG; Mr. Corey Amo, Wall StreetAVP/Sr. IS Analyst and Mr. Kevin Thomsen, IBM.

� Effective Approaches to Tackling ControlChallenges in the Financial Services. The paneldiscussion was moderated by Mr. SubbuAnnaswamy, Executive Director, Morgan Stanley,NY he panelists were M/s Brian Barnier,and tValue Bridge Advisors; Mr. Khalid Wasti, Partner,PwC; Mr. Anthony Fanizza, Partner, Deloitte; Mr.Paul Bateman, Daiwa Capital Markets America;and Mr. Nigel James, Managing Director, MorganStanley.

The programme had 20 participants and as part of theprogramme, they visited the Computer ScienceDepartment and Center for Unified Biometrics andSensors, University at Buffalo; Yahoo Data Center andSUNY Global Center, New York.

BANKTECHIndian Banks' CIO FORUM

THE Third Meeting of the CIO Forum, held on July17–18, 2016, was fully devoted to exploring ways and

means for meeting the compliance requirements in tunewith the circular on Cyber Security issued by the RBI,recently.

The Director, IDRBT, exhorted the captains of IT inbanking to be proactive by looking for good, innovativeideas from different sources and try to put them to bestuse for the benefit of banks and their customers. Thewealth of ideas thrown up by the two contests hosted byIDRBT, the IBAC and the PSIC can be tapped into by thebanks and the promising ideas can be further workedupon with the involvement of the contestantsconcerned, he advised.

Thereafter, Shri S. Kumar, GM and CIO, CorporationBank, set the ball rolling by dwelling at length on the RBICircular on Cyber Security while outlining what isalready in place in most of the banks and what needs tobe put in place, further.

Dr. Rajarshi Pal, Faculty, IDRBT, then introduced theCyber Security Checklist, prepared by a group ofindustry experts, bankers and academics. The purpose ofthe checklist is to highlight the relevant details that areto be taken care of in each of the five major domains,namely, Enterprise Control, Outsourcing Security, foreffective Cyber Crisis Management Planning. The CIOsfound this checklist very handy and useful for theimmediate task on hand.

The CIOs then formed five groups to focus on the fivemajor domains identified in the Cyber SecurityChecklist. The groups deliberated on the modalities andapproaches for implementation in their respectivedomains and presented the outcome of their groupdiscussions to the forum on the next day.

These presentations not only saw many interestingdetails emerge, but also spurred extensive discussionsand interventions. The meeting provided the muchneeded inputs and clarifications for complying with theguidelines on Cyber Security as per the RBI circular.

The two-day meeting, well-attended by over 25 CIOsfrom various banks, ended with a vote of thanks byDr. M.V. Sivakumaran, Faculty, IDRBT.

CISO FORUM

DURING the last six months, the CISO Forum etmtwice – on August 18-19, 2016 at IDRBT, Hyderabad

and November 24-25, 2016 at Corporation Bank,Mangalore.

Meeting on August 18-19, 2016

� The Director, IDRBT stressed the need forempanelment of forens ic auditors andinformation security professionals so that bankscan approach them and work out a calendar forCyber Drill and all member banks can participatein it

� CISOs discussed various strategies for cyberdefence to tackle recent attacks, including thelatest malware based compromise of SWIFTmessaging system

� Shri Patrick Kishore, Senior Domain Expert,IDRBT focused attention on the fortress securitymodel and how CIA can be implemented toprotect the assets

� While Dr. B.M. Mehtre, Professor, IDRBTsummarized the IDRBT Cyber Security Checklist,Shri Lalit Mohan, Senior Domain Expert, IDRBTpresented the results of cloud survey organizedby IDRBT and loud ecurity llianceC S A

� S h r i J a i d e e p S i n g h Ko c h a r, M i c r o s o f t ,demonstrated various free security tools such asSecurity Compliance Manager, Attack SurfaceAnalyzer, Enhanced Mitigation ExperienceToolkit, etc.

� CISOs from 47 banks .participated


09


Meeting on November 24-25, 2016

� Shri Gopal Murli Bhagat, Executive Director,Corporation Bank, welcomed the Forum

� The Director, IDRBT agenda forset thedeliberation on following key points: Recent carddata compromise in India; setting up task forcefor major security breaches to ensure that theescalation of frauds do not take place; measuresto increase usefulness of IB-CART to banks; VAPTfor IB-CART; empanelment of Security Auditorswith the help of CISO Forum

� Shri Anjibabu, Corporation Bank shared his views,on “Onion Layered Security Incidents” andemphasised on the importance of studying thepattern of logs to detect anomalies and toconduct proper root-cause analysis of the eventsin this context

� Prof. B. M. Mehtre, Professor, IDRBT presented a,summary report of the 7 Cyber Drill

th

� Dr. Rajarshi Pal, Assistant Professor, IDRBT,presented the latest developments of IB-CART

� Shri V. S. Mahesh, AGM, IDRBT presentedinformation about recent card data compromisein India and highlighted the importance of thefollowing – proper auditing of ATMs andswitches; protection of ATMs from malwares andskimming devices; vigilance on staff smemberwho handle critical infrastructure

FORUMS

CISOs of various banks at IDRBT for the CISO Forum meet

� Shri Bharat Panchal, NPCI explained the case ofcard data compromise in detail

� Shri Babu K., RSA, discussed about advancedmachine learning capabilities to identifypotential threats

� Shri Tarique Ansari, Palo Alto Networks,explained the modus operandi of few recentmalware attacks

� Shri Kunal Pande, KPMG highlighted theimportance of following points in the context ofrecent cyber-attacks – threat intelligence, cybersecurity drills, establishing baseline, appropriatemanagement oversight and team, adequate andproperly deployed technology, Intelligent andquick response capability

� CISOs suggested that IDRBT share the list of toolscapable of successfully detecting cyber attacksand also deliver selected crucial informationthrough SMS

� CISOs from 34 banks attended the meet.


10


Sixth IDRBT Doctoral Colloquium

THE Annual IDRBT Doctoral Colloquium is aninitiative aimed at forming a network of technology

researchers, sharing knowledge and exploring emergingareas of research in various domains of technology. Thisyear, the Institute organized the Sixth IDRBT DoctoralColloquium on December 08-09, 2016, wherein 12research scholars from reputed institutions like IISc., ISI,IITs, IIMs, IIITs presented their research.

The Colloquium was inaugurated by Prof. Chin-Teng Lin,Distinguished Professor, University Technology ofSydney, Australia. In his inaugural address, Prof. Linspoke on “Type-1 Fuzzy-Neural-Networks to Type-2Fuzzy-Neural-Networks” and stressed on the following:

� Many investigators have developed novelalgorithms based on computational intelligence(CI) technologies to monitor, maintain, or trackthe human cognitive states and operatingperformance

� How to utilize the main Bio-findings and CItechniques (Bio-CI) to develop the monitoringand feedback systems

� Real-life applications of BCI on various aspectsincluding clinics, homecare, personnel training,or even computer gaming.

Dr. A. S. Ramasastri, Director, IDRBT, focused attentionon the importance of collaboration, the opportunities itbrings and the immense possibilities that exist forresearch and innovation in the Indian FinTech Sector.

The details of the scholars and the topic of theirpresentation are as under:

S. No. The Topic The Scholar Institution

1On Kernel Density Estimation and Dimensionality Reduction forPattern Recognition

Sreevani ISI Kolkata

2Object Tracking in Complex Environments like Camouflage andOcclusion

Ajoy Mondal ISI Kolkata

3 Analysis of Mixed, Correlated and Heterogeneous Data Yogalakshmi Jayabal IIIT Bangalore

4Classification of Human Actions using Pose-Based Features andStacked Auto Encoder

Earnest Paul Ijjina IIT Hyderabad

5 Predicting Amendments via Right to Information Query Analysis Nayantara Kotoky IIT Guwahati

6 Renarrating Web for Better Web Accessibility Gollapudi VRJ Sai Prasad IIIT Hyderabad

7A Heterogeneous Network based Tag RecommendationFramework on Stack Overflow

Suman Kalyan Maity IIT Kharagpur

8 Linked Data Enrichment using Pattern Extraction Subhashree S IIT Madras

9 A Closer Look into DHCP Starvation Attack in Wireless Networks Nikhil Tripathi IIT Indore

10 Keep it Concurrent and Correct Suvam Mukherjee IISc Bangalore

11Unsupervised Parallel Clustering Algorithms with Mixed DataApproach for Credit Card Scoring

Urvashi Prakash Shukla MNIT Jaipur

12A Rough Set Approach to Find Cohesive Subgroups in FinancialCredit Networks

Samrat Gupta IIM Lucknow


11

LATESTExplore, Enable, Excel

Awards and Evaluation

The Jury for the Sixth IDRBT Doctoral Colloquiumconsisted of:

� Prof. Shalabh Bhatnagar, Indian Institute ofScience, Bangalore

� Prof. Bala Subramanian, Indian Institute ofTechnology, Roorkee

� Prof. Panduranga Rao, Indian Institute ofTechnology, Hyderabad.

The Jury evaluated the paper presentations on theparameters of Originality, Depth of Work (Modelling,Design, Experimentation, Results), Technical Content(Models, Optimization, Technologies, Analysis),Presentation (PPTs, Graphs, Explanations, Language,Clarity), Relevance (Applicability, Modernism) andCorrectness of Work (Correct, Complete, Gaps).

RESEARCH


12

And the inners wereW :

A Joint First-Second Prize was shared among threeresearch scholars which carried a reward of Rs. 50, 000/-and a citation each.

� Mr. Ajoy Mondal, Indian Statistical Institute,Kolkata, for his contribution entitled “ObjectTr a c k i n g i n Co m p l ex Env i r o n m e n t l i keCamouflage and Occlusion”

� Mr. Earnest Paul Ijjina, Indian Institute ofTechnology Hyderabad for his contributionentitled “Classification of Human Actions UsingPose-based Features and Stacked Auto Encoder”

� Mr. Suvam Mukherjee, Indian Institute ofScience Bangalore, for his contribution entitled“Keep it Concurrent and Correct".

Third Prize: , Indian Institute ofMr. Samrat GuptaManagement, Lucknow, for his contribution entitled “ARough Set Approach to Find Cohesive Subgroups inFinancial Credit Networks”. The 3 prize carried a reward

rd

of INR 35,000/- a citation.

The Colloquium now emerging as the preferred,platform for technology researchers in India todemonstrate and discuss their research ideas and getinvaluable feedback, was coordinated by Dr. N. V.Narendra Kumar and Dr. Nagesh. S. Bhattu, Faculty,IDRBT.

Winners of the Sixth IDC along with the Jury, Director, IDRBT and Colloquium Coordinators

Inaugural Address by Prof. Chin-Teng Lin


NEWMobile Banking through USSD

THE Centre for Mobile Banking, IDRBT, has prepareda user guide on Mobile Banking through USSD.

The objective of this user guide is to create moreawareness of usage of USSD based Mobile Banking andMobile Payments amongst public and contribute tomake India progress faster in digital payments. The userguide was released on the Institute's website onDecember 08, 2016.

Digital Banking Framework

DIGITAL Banking is the new paradigm that offersconsiderable benefits to banks in terms of

increasing productivity and profitability. It is difficult todefine exactly what digital banking is and to say whenany bank has become totally digital. It is equally difficultfor an individual bank to make an assessment of itself,draw plans and take necessary steps to attain the statusof a digital bank. It is in this context that a need was feltto provide a framework that can help banks in theirefforts to move towards digital banking.

The framework presents a holistic way of defining anddesigning a digital bank. It provides goals, maps andsignposts in the digital banking journey and comprisesof various definitions of a digital bank, overview ofdistinct functions/dimensions of digital bank. Theframework is expected to help banks in their efforts togo digital.

Dr. Rajeeva L. Karandikar, Director, ChennaiMathematical Institute released the Digital BankingFramework on November 16, 2016.

Dr. Rajeeva L. Karandikar releasing the

Digital Banking Framework

Cyber Security Checklist

CYBER Security is a major concern across the IndianBanking and Financia l Sector. The Chief

Information Security Officers and Chief InformationOfficers of Banks during their regular forum meetings atIDRBT have been sharing the changing challenges beingfaced by banks in tackling Cyber Crimes.

In the Gyan Sangam, an annual retreat of Heads of PublicSector Banks along with the top officials of theGovernment of India and the Reserve Bank of India, heldon March 4-5, 2016, the sub-group on Technologyidentified Cyber Security as critical for the IndianBanking and Financial Sector and expressed the need fora Cyber Security Checklist.

Accordingly, IDRBT formed an Expert Group withmembers from banks, industry and academia to preparethe Cyber Security Checklist. This checklist is expectedto help banks in identifying the gaps, if any, in their CyberSecurity systems and address them, and also help theboard level sub-committees on Risk Management andInformation Security in monitoring the cyber defencepreparedness of the banks.

Shri R. Gandhi, Deputy Governor, RBI and Chairman,IDRBT, released the Cyber Security Checklist on July 18,2016.

Shri R. Gandhi releasing the Cyber Security Checklist


13


PUBLICATIONS

FOR over a decade, the Institute has been evaluatingand presenting the IDRBT Banking Technology

Excellence Awards. In the process, we have been closelywatching the developments in the adoption oftechnology by banks and attempting to share insightswith all by bringing out a book every year.

We enhanced the book last year by publishing invitedarticles from banking professionals, in addition to thestatus of technology adoption based on the informationfurnished by the banks as part of the awards process.While continuing the invited articles and the status ofthe technology adoption; this year, we have included asection by the Knowledge Partner for this year's BankingTechnology Awards, Deloitte, on what they see as futuretrends in Banking Technology.

The book, containing contributions from the topmanagement of Indian Banks' Association, IndianInstitute of Banking and Finance, IT Heads of sevenPublic and Private Sector Banks, a oreign ank, theF BKnowledge Partner, Deloitte, a section on IDRBTandBanking Technology Excellence Awards 2015 – 2016:Who won and why? is evolving into a useful document,detailing the present status and dwelling on futuretrends in Banking Technology in India, with glimpses ofglobal scenario.

Dr. Raghuram G. Rajan released the Book on “BankingTechnology in India: Present Status & Future Trends” onJuly 18, 2016.

Book on Banking Technology inIndia: Present Status andFuture Trends

Workshop on Application ofBlockchain Technology inBanking and Finance

THE Institute is working in the area of blockchaintechnology so as to explore the possibilities of its

adoption in banking, payments and other financialapplications. Taking forward this work, the Instituteorganized a one-day Workshop on Application ofBlockchain Technology in Banking and Financial Sectoron August 19, 2016.

Senior officials from RBI, NPCI, CCIL, IBA and banksalong with experts from academia and industryparticipated and deliberated on the implementationstrategies, concerns, issues and use-cases of blockchaintechnology in the Banking and Financial Sector.

While Dr. Sourav Sen Gupta from Indian StatisticalInstitute focused attention on the principles ofBlockchain Technology; Shri Deepak Hoshing of Infosys,presented use cases on storing documents onBlockchain and Dr. Dilip Krishnaswamy, IBM ResearchLabs, spoke on Hyperledger – an open source project ona BCT platform.

Towards the end of the workshop, a Working Group withrepresentatives from RBI, IDRBT, ISI, NPCI, CCIL, IBAand a few banks & IT companies was formed to prepare awhite paper on application of Blockchain Technology inrelevant areas of banking and finance in India. The whitepaper is expected to be released in January 2017. It wasalso agreed to conduct a PoC with active participationfrom IDRBT, NPCI and a few banks.

The next two workshops on Blockchain Technology arescheduled during January 2-4, 2017 along with IITBombay and on January 7, 2017 as part of ICDCN 2017.


14

Dr. Raghuram G. Rajan releasing the Book on Banking

Technology in India: Present Status and Future Trends


NETWORKINGProject Trainees – 2016

THE IDRBT Project Trainee Scheme offers new avenues for bright youngsters pursuing their Graduation and PostGraduation from premier Institutions to carry out projects on various aspects of Banking Technology. This

scheme provides an ideal opportunity to put ideas into action and in the last eight years, over 250 students havecarried out projects. This year, 27 students carried out some interesting projects, the details of which are presentedbelow:

Text Mining – Financial News Impact on IndianStock Markets

Rishabh MiglaniIntegrated M.Sc. (Mathematics andComputing) – III Year

IIT KharagpurGuide: Dr. V. Ravi

Description

Financial time series analysis has emerged as one of theimportant topics of interest over time. The proposedmodel in this study uses only textual data in the form ofpublished news articles to prepare a model efficientenough to predict stock prices in the Indian financialmarkets. This approach involves the following steps: 1.Extraction of news articles and historical stock pricescorresponding to companies in Indian stock market; 2.Processing of extracted news documents using LIWC(Linguistic Inquiry and Word Count) tool; and 3.Preparation of a model solely on the basis of thesesemantic textual features. Different models like SVR,QRRF, GMDH, GRNN, RPART, RF and MLP were tested toobtain relevant results in the prediction analysis. It wasobserved that GMDH and GRNN showed better resultsas compared to other machine learning techniques.

Objectives

� To prepare a predictive model for financialforecasting using qualitative textual data, withoutany use of quantitative numerical data available inthe form of historical prices

� Compare the results of prediction accuracy withapplication of various models including SVR, QRRF,GMDH, GRNN, RPART, RF and MLP using statisticalerror measures MAPE and NRMSE.

Deliverables

� Dataset of news articles for seven majorcompanies in Indian financial markets

� A predictive model based on LIWC feature scoresusing GMDH, GRNN and other implementedMachine Learning Techniques

� Comparative analysis of results on extractedcompany datasets by various feature selectionprocesses.

Development of Graphical User Interface forR Users in Banking Technology

Pavan Srikar Akella

B. Tech. (ECE) – III Year

ISM DhanbadGuide: Dr. V. Ravi

&

Description

The Graphical User Interface (GUI) was developed usingPython and R programming languages. Python was usedfor creating the GUI using the 'PyQt4' module and thewhole back end process was done using R. The Pythonmodule 'rpy2' was used for accessing R environment fromPython. The 'Qt Designer' enabled us to create the GUI byits widget drag and drop UI designing feature and the'PyQt4' module converts the UI into python code forgenerating the UI.

Anugu Vishwatej Reddy


15


Objectives

� For data analysis, bankers would require in-depthknowledge of programming languages toimplement data analysis algorithms for huge data

� To develop a GUI for R language users in bankingtechnology with basic knowledge of statistics andno knowledge of programming languages.

Deliverables

� A GUI for R users in the banking domain, which isfree from any programming

� The GUI has been included with the basic datamining tasks like basic Classification Techniques, K-means Clustering, Association Rule Mining,Multiple Linear Regression.

Botnet Detection Tools and Techniques: A Review

Kanchan BhaleSummer Research Fellowship

Indian Academy of Sciences, BangaloreGuide: Dr. B. M. Mehtre

Description

Botnet detection techniques are broadly based on eithersetting up of a honeypot to collect bot binaries ordeveloping intrusion detection system IDS. The IDSidentifies botnet traffic by monitoring network andsystem logs. It can be based on anomaly behavior orsignature or DNS. The NetFlow analyzer is a popular toolfor detecting botnet anomaly based detection. The Snort,Suricata, ntop and BotHunter are the other tools whichare based on signatures of botnet. The DNS based botnettraffic is monitored by Wireshark. The BotMiner tool usesclustering algorithm to detect botnet. Zeus toolkit ispopular among hackers' community for analysis ofbotnet internals.

Objectives

To analyze and test botnet detection tools andtechniques.

Deliverables

We tested and analyzed Zeus toolkit and Snort IDS forbotnet detection. The performance of Snort IDS wasevaluated on CTU-13 datasets. The CTU-13 contains 13datasets of different botnets. The overall efficiency of thepresent Snort rules for botnet detection is 70% for alldatasets, but for some datasets like BOTNET-44, 47, and49 is very less. The Snort rules are revised and tested onthe same datasets. These revised rules contain the newbotnet signatures that was not present in old Snort rules.Because of the addition of new signatures, the botnetdetection efficiency improved up to 80% and was asignificant improvement in datasets like BOTNET– 44, 47and 49.

Anti-Forensics Analysis of File Wiping Tools

Narendra PanwarMS (Cyber Security) – Final Year

Sardar Patel University of Police Securityand Criminal Justice, JodhpurGuide: Dr. B. M. Mehtre

Description

This study deals with the scope of Anti-Forensics (AF)tools and verification of three Anti-Forensics File WipingTools. Anti-Forensics is a collection of tools andtechniques to counter the forensics process and tofrustrate the forensics investigation. Anti-Forensics toolsare either used for privacy or to avoid forensicsinvestigation. In this research, we have tested three AFfile wiping tools namely, “Eraser”, “File Shredder” and “R-Wipe and Clean” and examined the Anti-Forensicsqualities of these tools.

Objectives

To identify whether “Eraser”, File Shredder” and “R-Wipeand Clean” tools are better Anti-Forensics tools or not,and to find out files artifact after wiping the files usingthese tools.

Deliverables

� All three tools which we have tested are nottheentirely AF, they leave some file related artifacts inthe system

GENNEXT


16


Collecting Threat Intelligence from Tor

Tarun TrivediMS (Cyber Security) – Final Year

Sardar Patel University of PoliceSecurity and Criminal Justice, JodhpurGuide: Dr. B. M. Mehtre

Description

We have developed the tool for extracting the keywordsfrom the onion sites using Tor proxy. Our tool collects allthe keywords related to attacks such as hacking, tracing,tracking, bandwidth, etc., from the onion sites. Aftercollecting keywords, our tool identifies URLs of onionsites whenever the keywords are found. Once URLs areextracted, we send an e-mail to the owner of the onionsite as a client. The onion site owner replied to the mailand was received as an e-mail header. Finally, we havelocated the geographical location of the site and IP aswell from the e-mail header.

Objectives

This application is useful for intelligence agencies whoare collecting threats and evidence to monitor andconduct surveillance on the activity in the hidden darkweb. We use this technique to prevent the DDoS attack,SYN flood attack, and Sniffer attack. It also helps todetect attacks which was done in the past like websiteattack, e-mail hacking, social account hacking and moneyfraud.

Deliverables

� We monitored and eavesdropped on onion site,where attackers comment and blog about futureattacks

� We predicted the type of attack possible in thenear future.

Security Apps on Android Platform: An Evaluation

Vikas YadavMS (Cyber Security) – II Year


Description

The popularity of Security Apps has increased thedependency of the users on these apps. Essentially,Security Apps claim complete protection for the deviceson par with traditional PC Security Tools. This studyevaluates Security Apps to validate their claims againstwell-known OS-level vulnerabilities on different AndroidOS versions. Apart from this, we introduced a Privacy-Sensitive String Analyzer (PssA), a Python-based script,which is capable of analyzing apps' source code and findprivacy related sensitive strings in application sourcecode.

Deliverables

We have identified two issues in Security Apps, includinginsufficient permission documentation and effectivenessof Security Apps against OS-Level attacks on unpatchedAndroid OS versions.

Multi-Layer Intrusion Detection and PreventionSystem: A New Approach

Vikash Kumar SainiMS (Cyber Security)


Description

The study focusses on detection and prevention ofnetwork attacks. A multi-layer architecture is proposedfor intrusion detection and prevention. Two devices(Snort, Suricata) are used in this scheme. Multi-layerarchitecture is based on the signatures as well asanomaly based detection and prevention mechanisms. Adecision-making process is implemented in thearchitecture. Intrusions and data flood attacks aredetected and blocked by the proposed design. On the

� A report shows detailed forensics examinationresults of the system after wiping files using thesethree tools

� Components of ideal Anti-Forensics file wipingtool.


17


basis of test results, it is clear that the proposedarchitecture gives better performance compared toindividual (single) unit of IDS/IPS. It also collectsdropped packets for analysis. This can be used forprediction and prevention of new attacks. Thus, theproposed architecture gives enhanced security to thenetwork.

Objectives

There is a possibility of bypassing single-level (IDS/IPS)security by using intrusions. Therefore, a newarchitecture is proposed for detecting and preventingintrusions.

Deliverables

We have implemented and tested multi-layer schemeusing the combination of Snort and Suricata. It isobserved that Snort detects and prevents moreintrusions as compared to Suricata.

Copy Move Forgery Detection UsingKey-Points Structure

Vinod PariharMS (Cyber Security) – Final Year


Description

Modification of information of an image is an easy taskdue to increasing number of image editing tools andtechniques. This leads to widespread usage of forgedimages for various purposes intently and unintently. Incopy-move image forgery, a region of an image is copiedand pasted on the same image. In this study, a Copy MoveForgery Detection (CMFD) method is proposed, whichworks well for geometric based attacks like translation,rotation and scaling. This method is based on keypointstructure. Another method is also proposed for CMFDwhich is based on Texture feature (Localized AngularPhase (LAP) feature).

Objectives

� To detect all types of geometric based attacks liketranslation, rotation and scaling in copy-moveforgery

� To detect all types of post-operation based attackslike noise, blurring, compression, etc., in copy-move forgery.

Deliverables

We have implemented a tool (Desktop application) forCMFD which can detect geometric-based attack liketranslation, rotation (degree range 0° to 330°) and scaling(size range 0.5 to 2).

An Automated Tool for VulnerabilityAssessment of HTTPS Web Applications

Anand RameshB. Tech. (Avionics) – II Year

Indian Academy of Sciences, BangaloreGuide: Dr. B. M. Mehtre

Description

This study proposes an efficient method to assess thevulnerability of HTTPS web applications. We havedeveloped a completely automated tool using Python,which can be used to conduct Vulnerability Assessmenton web applications which use HTTPS protocol. This toolis user-friendly and no technical knowledge is required touse the tool. It is developed in such a way that it is open tofurther development and new functionalities can beeasily added in the form of modules. The tool successfullyestablishes connection with SSL servers. The test wasconducted on both local and remote servers. Webapplications were analyzed and vulnerabilities found.

Objectives

� To develop a test web application (HTTP)

� Manual test of various attacks on the webapplication

� Conversion of the test web application to HTTPS

� Development of an automated tool to analyze thevulnerabilities in HTTPS application

� Testing of the tool on various web applications.

Deliverables

� A basic web application which simulates bankingenvironment

� A completely automated tool for the vulnerabilityassessment of HTTPS web application.


18


Cancellable Fingerprint Templates

Bulusu Amrutha LakshmiB. Tech. (ECE) – III Year

NIT RaipurGuide: Dr. M.V.N.K. Prasad

Description

Cancellable fingerprint templates are generated usingminutiae vicinity decomposition. It involves formingminutiae vicinities based on Euclidean distance andfinding the local invariant features of the trianglesformed from the vicinities. The feature matrix, thusgenerated is converted into a bit string and bloom filter isapplied to the string.

Objectives

To generate cancellable fingerprint templates in amethod which is feasible and enhances irreversibility,performance and security.

Deliverables

Cancellable fingerprint templates will be generated fromthe above proposed method.

Particle Swarm Optimisation based VirtualMachines Scheduling Algorithm using MapReduce

R. Sai PranavB. Tech. (CSE) – III Year

VIT University, ChennaiGuide: Dr. G. R. Gangadharan

Description

Generally, the virtual machine (VM) placement issue isconsidered as a NP Hard Problem inferring that anoptimal arrangement cannot be found in deterministicpolynomial time. In literature, near optimal solutions areachieved using soft computing approaches. This studyfocusses on the implementation of a Particle SwarmOptimisation (PSO) based VM scheduling algorithmwhich schedules the virtual machines after checking withthe existing load (minimum) of the existing host.

Objectives

To implement the PSO-based VM scheduling algorithmusing MapReduce Framework.

Deliverables

Developed a model for optimal scheduling of VirtualMachines using Particle Swarm Optimisation inMapReduce environment.

Public Key Encryption for Peer-to-PeerCommunication

Giryraj MaheshB.Tech. (ECE) – III Year

Gitam University, HyderabadGuide: Dr. G. R. Gangadharan

Description

Peer-to-peer systems are now ubiquitous. But theproblems faced in peer-to-peer system varies withrespect to many parameters such as the users in thenetwork, network traffic, the type of overlay network, thetype of cryptographic protocol, etc. This report is asurvey of Public Key Encryption system. We studiedvarious identity based encryption protocols with respectto different trust models and addressed the problems. Apublic key encryption has been proposed which uses theconcept of Diffie Hellman ey xchange and Shamir'sK Esecret sharing. A code for encrypting a 4-digit integermessage has been executed.

Objectives

To study various types of Public Key Based Encryptions toanalyze the most suitable encryption for various trustmodels in a peer-to-peer communication system.

Deliverables

� Three different identity based encryption protocolshave been stated with respect to different trustmodels forpeer-to-peercommunication

� A public key encryption has been proposed whichuses the concept of Diffie Hellman Key Exchangeand Shamir's secret sharing

� Code for implementing for a 4-digit integermessage has been executed for the abovementioned public key encryption.


19


QoS-Aware Web Service Composition

Rishi YadavIntegrated Dual Degree (CSE) – III Year

IIT (BHU), VaranasiGuide: Dr. G. R. Gangadharan

Description

In web service composition, QoS is an importantcriterion to focus on, because it fulfills the non-functionalrequirements of composition. In this study, we used'Canonical Correlation Analysis (CCA)', which analyzescorrelation extent between two sets of variables. Weused this method in our algorithm to find out optimalservice composition from a service plan.

Objectives

To find out optimal web service composition from aservice plan of different tasks, each having a number ofcandidate services.

Deliverables

A novel approach to find out an optimal web servicecomposition, considering all the transactional propertiesand QoS metric values at a time.

A Detailed and Practical Analysis of Various Toolsfor Visualization of Geographic Information inBanking Sector

K. L. Harsha Vardhan

Description

The aim of this study is to build a visualization platformfor performing geospatial analytics and sharing theresults with various stakeholders – bank customers, bankofficials and government entities. To the bank customer,the data visualization tool provides a means to search for

S. Geetha Reddy

&

B. Tech. (CSE) – IV Year

JNTU, HyderabadGuide: Dr. N. Raghu Kisore

closest ATMs and bank branches and also obtaininformation about the bank such as services available,IFSC code and working hours. We used mapping tools likeQuantum Geographic Information System (QGIS),QGIS2WEB.

The second part of the project was to identify the bestopen source tool for visualization of geospatial data. Forthis, the map containing the information had to bepublished on the web with the help of some publishingsoftware or plug-in like QGIS2WEB XAMPP along withMySQL. In the last part, an idea of mobile-basedapplication was proposed to provide specific user-oriented information based on his/her current locationand other preferences related to him/her.

Objectives

� To empirically analyze data visualization tools forgeographic data and then recommend the mostsuitable one which provides a mechanism forspatial queries

� To practically analyze the various tools forvisualization of geographic data and thenrecommend the most suitable one which providesthe entire query-related facilities.

Deliverables

After detailed analysis, we concluded that QGIS is thebest tool for the visualization of data on a desktop. Onthe other hand, various options are available forpublishing the map on the web. For instance, a XAMPPserver configured with PostgreSQL (spatial database)along with QGIS2WEB is the best choice for a stable andsystematic visualization application capable of handlingdata.


20


Prediction-error Expansion based ReversibleWatermarking using Quad-tree Decomposition

Aniruddha RaoM. E. (Embedded Systems) – II Year

BITS-Pilani, HyderabadGuide: Dr. Rajarshi Pal

Description

This study aims to exploit the feature of quad-treedecomposition to divide the image into homogeneousregions. The basic objective of reversible data hiding is tomake slightest modifications in the cover media forembedding the watermark and at the same time ensurethat the recovery does not affect the fidelity of the coverimage. The embedding distortion is minimum when datais embedded in smoother regions of the image. This studyexploits the idea by considering each of thehomogeneous blocks as a separate image and embedsdata in each block using the existing PVO-based mappingscheme in two dimensions.

Objectives

To develop a new scheme of reversible data hiding thataims to outperform existing schemes.

Deliverables

� Proposed a new scheme of reversible data hiding

� Compared the proposed scheme with the existingschemes of reversible data hiding. The schemeoutperforms the existing schemes. The maximumgain in PSNR values is typically 2 dB.

Efficient and Revocable Threshold Multi-AuthorityAccess Control System in Public Cloud Storage

Maheswara Reddy ChennuruB. Tech. (CSE) – IV Year

ISM DhanbadGuide: Dr. P. Syam Kumar

Description

This study designs an efficient and revocable data accesscontrol scheme for multi-authority cloud storage

systems by combining threshold secret sharing (k, n) andproxy re-encryption techniques. In our method, multipleauthorities co-exist and each authority is able to issueattributes independently and attribute revocationmethod can efficiently achieve both forward andbackward security.

Objectives

� To improve security and efficiency in public cloudstorage systems, give data owners more directcontrol on their access policies, and toaccommodate many data contributors and datausers to access the data in cloud

� To design an efficient and fine-grained data accesscontrol system for public cloud systems

� To deal with the shortcomings of multi-authorityattribute systems by introducing threshold secretsharing mechanism

� To efficiently revoke users from the currentsystem while minimizing the impact on theremaining legitimate users.

Deliverables

Designed a full-fledged CP-ABE by introducing thresholdsecret sharing mechanism and efficient revocationmechanism for efficient and secure data storage andretrieval in public cloud storage.

A Privacy-Preserving Multi-keyword Ranked SearchScheme over Encrypted Cloud Data using MIR-tree

Sonu Pratap Singh GurjarIntegrated Dual Degree (CSE) – III Year

IIT (BHU), VaranasiGuide: Dr. P. Syam Kumar

Description

Privacy preservation and data integrity are the mainconcerns which restrict users from outsourcing theirsensitive data. In this study, a privacy preserving multi-keyword ranked search scheme over encrypted clouddata along with data integrity using MIR-tree isdeveloped.

Objectives

To find out an optimal verifiable search scheme, over the


21


large data collection, to provide efficient search resultauthentication technique, by considering privacypreservation and integrity of result data.

Deliverables

This approach increases the confidence level of the usersto outsource their sensitive data on the cloud server, andretrieve it securely without disclosing any information.

Enabling Cloud Storage Security based onRateless Codes

Parth PahariyaIntegrated Dual Degree (CSE) – III Year

IIT (BHU), VaranasiGuide: Dr. P. Syam Kumar

Description

We proposed rateless code based cloud to ensure theConfidentiality, Integrity and Availability of data. Wemodified the rateless codes for improving the reliabilityand security in cloud. First, the scheme encrypts the datablocks into ciphertext, then proxy encodes it usingrateless codes and stores redundancy blocks into randomcloud storage servers. Then, TPA uses parity check matrixto check the integrity of codewords. Finally, the userdecodes the data using OFG algorithm for data retrievaland the security and performance of the system isanalyzed.

Objectives

To increase the data storage security in cloud such asConfidentiality, Integrity and Availability with minimumcomputation overheads.

Deliverables

A noble secure protocol based on rateless code for cloudstorage system with parity check matrix for integritycheck and encryption for securing the data.

Security of Wi-Fi Direct in Android based Devices

Morampudi Reshma ChowdaryB. Tech. (CSE) – III Year

ISM DhanbadGuide: Dr. Rajib Ranjan Maiti

Description

We investigated the security of Wi-Fi Direct Protocolused in Android based devices by checking whetherDenial-of-Service (DoS) attack vulnerability is present inthis protocol. We mimic a DoS attacker and launch theattack on different versions of Android which has Wi-FiDirect feature.

Objectives

To study the vulnerabilities present in Wi-Fi DirectProtocol and to check if the versions of the Androiddevices that implement Wi-Fi direct are secured.

Deliverables

� Using Wi-Fi Direct in Android version 4.4.4 orearlier may not be safe as it is seen to bevulnerable to enial-of- ervice attack. In fact, itD Smay cause severe harm as the attack reboots thedevice when launched appropriately

� However, Android version 5.1.1 or higher is notv u l n e r a b l e t o e n i a l - o f- e r v i c e a t t a c kD Sirrespective of whether the corresponding devicecommunicates with a vulnerable Wi-Fi Directenabled device or not.

Investigating the Quality of VoIP Traffic OverIPv6 Enabled Network

Borra SahithiB. Tech. (CSE) – III Year

ISM DhanbadGuide: Dr. Rajib Ranjan Maiti

Description

We investigated the quality of VoIP traffic sent over anetwork that use either IPv4 or IPv6 with the help ofnetwork simulation using OPNET Modeler 14.5 simulator.


22


We built a network scenario where a set of handsets(both cal l ing and cal led) are connected to awired/wireless switch which is in turn connected to arouter, and the routers in calling and called sides areconnected through internet with default configurationpresent in the simulator. We used a set of performancemetrics like end-to-end delay, voice jitter, packet delayvariation, mean opinion score, traffic delivery ratioavailable in the simulator.

Objectives

� To investigate the feasibility of availing theservices of VoIP over IPv6 enabled network

� To evaluate the performance gain in IPv6 for thesame.

Deliverables

A detailed project report on the performancemeasurement of VoIP over IPv6 and IPv4 enablednetworks. The measurement is made over both wired andwireless networks.

Sparse Aspect Rating Model for SentimentSummarization

Agni Besh ChauhanB. Tech. (CSE) – III Year

IIT PatnaGuide: Dr. S. Nagesh Bhattu

Description

This study deals with rigorous analysis of review datacrawled from various sources to deliver aspectsegmented sentiment. It tackles the latent aspect miningproblem in an unsupervised manner by considering theuser and item side information of review text formodeling of aspect generation leading to improvementon the accuracy and reliability of predicted aspectratings. The task investigated here takes a collection ofreview text in banking domain as input with overallnumerical rating; and with the goal of discovering a set ofaspect and predict ratings on each aspect for each reviewby applying unsupervised machine learning techniques.

Objectives

To investigate aspect mining problem that aims to deliveropinion based summarization of text reviews in financial

domain. Our goal is to derive the hidden aspect which hasbeen discussed in the text data. Further, we retrieve theaspect intensity with which the user emphasis on a givenaspect in the review and give a score to each aspect.

Deliverables

� An algorithm to retrieve aspect-based intrinsicinformation for analysis of service quality of banksand other public entities

� A prepared review dataset of banking domain bycrawling from web sources.

File Transfer API: An Interface between SFMSand CBS

Pranavi Jalapati Satya Naraparaju

&

B. Tech. (CSE) – II Year

JNTU, HyderabadGuide: Shri G. Raghuraj

Description

This study proposes an interface between the SFMS(Structured Financial Messaging System) and CBS (CoreBanking System) which invokes two primary functions ofthe SFMS Bank API namely 'Send' and 'Receive'messages. The message sent can either be in a file formator a string structure. The received message has to be in astring structure which is a requirement of the SFMS.After an authorised activation of the interface server, itdynamically connects to the SFMS server using the portspecified at the client end. The interface supportsmultiple file transfer averting network congestion. Theserver acknowledges successful transfer and reports aNAK (Negative Acknowledgment) otherwise. Onreceiving a positive acknowledgment, the files at theparent location are deleted to avoid redundancy.Moreover, all the transactions and login activity is loggedusing a database for accountability.

Objectives

� Transfer multiple files and push messages acrossSFMS and CBS avoiding manual intervention


23


� Log the details of all the transaction attemptsalong with the login activity

� Delete the files at the parent directory once theyare successfully transferred in order to avoidredundancy.

Deliverables

An API (Application Programme Interface) which pushesmultiple files and messages across SFMS and CBS andlogs the transfers attempted and login activity.

MIS Module for Issue of Digital Certificate andApplication Tracker

G T Rohit Krishna RaghavendraB. Tech. (CSE) – III Year

Shiv Nadar UniversityGuide: Shri V. S. Mahesh

Description

MIS module for Issue of Digital Certificate helps inmaintaining customer transactions viz., bank-wisecredits, TDS deducted by customers and types of digitalcertificates issued to the customers. Service Taxcomponent is derived. The reports module helps ingenerating daily, monthly, quarterly and other periodicreports. Information with respect to transactions viz.customer-wise transactions, etc., can be generated.

In the Application and Correspondence Tracker, details ofapplications received for issue of certificate are capturedand various stages encompassing the life cycle of issuingof digital certificate is captured to enable efficientdelivery to the customer and also ensures controls inplace for the department. Similarly, audit reportsreceived by the department can also be updatedcustomer-wise for further follow-up.

Objectives

� To maintain customer transactions viz . ,organisation-wise credits, TDS deducted bycustomers and types of digital certificates issuedto customers

� To capture the details of applications received bythe department for issue of and various stagesencompassing the lifecycle of issuing of digitalcertificate so as to enable efficient delivery to the

customer and also ensures controls.

Deliverables

� MIS Module for Issue of Digital Certificate

� Application and Correspondence Tracker.

MIS Module for Issue of Digital Certificate andApplication Tracker

Sai Krishnan TB.E. (CSE) – III Year

Osmania UniversityGuide: Shri S. Lalit Mohan

Description

The aim of the study is to build a search engine for banks,for searching information related to the domain ofInformation Security. We have made use of the opensource cloud environment called OpenStack formanaging the nodes. The crawler is used to crawl throughthe web and collect the necessary information. Once theinformation has been retrieved, ranking algorithms wereused to rank the web pages and machine learning tools sothat the search engine will be learning automatically.Finally, a user interface needs to be created for the user toenter their query and access the information.

Objectives

To create a domain-specific search engine than beinggeneric and the domain dealt here is InformationSecurity.

Deliverables

Have successfully set up the OpenStack cloudenvironment up and running on the Ubuntu 14.04servers, and are able to run the Apache Nutch crawlerimage using a Docker container.


24


Inaugural Batch of Post GraduateDiploma in Banking TechnologyGets Going

THE Inaugural batch of the Institute’s Post GraduateDiploma in Banking Technolog y (PGDBT)

commenced July 04, 2016. This Post GraduateonDiploma in Banking Technology is a unique programmedesigned to provide the Indian Banking and FinancialSector, on a regular basis, a pool of talentedprofessionals with technology expertise to stronglysupport their technology deployment initiatives.

The PGDBT is a full-time regular one year programme,spread over four terms, that provides essential learninginputs on technology implementation, integration andmanagement to both directly selected candidates aswell as practicing bankers, so as to enable them to meetthe changing technology requirements of the BankingSector. The programme focuses on present technologiesas well as emerging technologies that can contribute tothe growth of banks.

The batch of candidates have completed theirinauguralfirst two terms and their placement process is on.Almost half of the batch ha placed and alls already beenthe remaining are expected to be placed well-studentsbefore they complete even their third term.

Admissions to the second batch of the PGDBTprogramme would be announced by February 2017 andinterested candidates may visit the Institute's website atwww.idrbt.ac.in for details.


25

consultancy on these projects. He briefed about the useof the software available in CoEA – SAS Enterprise Minerand IBM SPSS Modeler, KNIME, Rapid Miner, the recentdevelopment of R User Interface for Banking Analytics(RUIBA). He explained the work done in CoEA especiallyin the development of Algorithms/Architectures inData/Text/We Mining, Evolutionary/Fuzzy/Neuro/bSoft Computing, Global/Multi Criteria Optimization,Time Series Data Mining, Social Media Analytics, BigData Analytics, Statistical Machine Learning.

Dr. Nagesh B. Sristy, Assistant Professor, IDRBT, spokeon the importance of Analytics and Data Warehouse andbriefly explained the tools and techniquesrelated .

...Continued from Page 02

THE popularity of “App” or “Application Software” hasgrown tremendously in recent years, with people

across nations, irrespective of age and gender, gettinghooked to the “Apps” culture.

Responding to this new habit, Indian banks too have beenbuilding “Apps”, but the requirements of customers andbanks may not be met only by the internal teams ofbanks. Moreover, “Apps” are an area where there aretalented individuals, geeks and small companies, who areworking with great passion, and there is a need to tapthese apps for the benefit of the banking sector.

In order to provide a boost to developing “Apps” andbring out the innovations happening in the area of “Apps”which could be useful for the Indian Banking andFinancial Sector, the Institute started organizing thenational level Annual IDRBT Banking ApplicationContest (IBAC) in 2016 and the first IBAC was held onApril 11, 2016.

Since new apps are being developed frequently, there is aneed to tap them quickly to benefit the banking sector.Accordingly, the Institute has announced the SecondIDRBT Annual Banking Application Contest on April 07,2017. Please visit for details.www.idrbt.ac.in

Second IDRBT Banking ApplicationContest

COMING UP


JANUARY 2017

Migrating to IPv6 09 – 11

Cyber Defence for Banks 09 – 13

R for Analytics 17 – 20

Data Centre Management 18 – 20

Trends and Technologies in Mobile Banking 23 – 24

IT Vendor Management 23 – 25

IT for Functional Executives in Banks 30 – 01

Digital Forensics for Banks 30 – 03

FEBRUARY 2017

Big Data Analytics for Banks 01 – 04

Emerging Trends on Operational DBMS for Banks 06 – 10

Banking Technologies 06 – 10

Cloud 13 – 17Adoption in Banks

Network Security 13 – 17

Data Quality 20 – 21

Payment Systems 20 – 22

Mobile App Development for Banks 27 – 03

SFMS Platform for LCs, BGs, RTGS & NEFT 27 – 03

MARCH 2017

Registration Authority Operations 02 – 03

Secure Coding Practices 06 – 10

Information Systems Control & Audit 20 – 24

APRIL 2017

Social Media Analytics for Banks 17 – 21

Technologies for Financial Inclusion 24 – 26

Website Security 24 – 26

MAY 2017

Mobile Security and Mobile Application Testing 01 – 03

Payment Systems 01 – 03


Registration Authority Operations 08 – 09

Data Warehousing for CRM & Analytics 15 – 18

Security Operations Centre 15 – 19

Digital Forensics for Banks 15 – 19

Migrating to IPv6 22 – 24

Emerging Authentication Techniques for Banks 22 – 24

Virtualization and Cloud Computing 22 – 26

JUNE 2017

Open Source Technologies 05 – 07

Fraud Analytics 12 – 16

Big Data & Cloud Computing Challenges 19 – 23

Network Security 19 – 23


Technologies for Financial Inclusion 27 – 29

Mobile Governance and Mobile Cloud Services 28 – 29

Design of Secure Enterprise LAN 28 – 30

FORTHCOMING PROGRAMMES

Explore, Enable, ExcelExplore, Enable, Excel

Castle Hills, Road No. 1, Masab Tank, Hyderabad - 500 057, India.

+91 - 40 - 23 , +91 - 40 - 2353515729 4999EPABX : Fax :

www.idrbt.ac.in [email protected] : E-mail :

Institute for Development and Research in Banking Technology(Established by Reserve Bank of India)

Published by:

Documents

Institute for Development and Research in Banking … for Development and Research in Banking Technology Explore, ... Mr. Pankaj Mittal of Axis Bank ... Institute for Development and