Mid Defence Final

Secure Debit Card Device Model

Final Year Project Mid Defense

Presented by: Saad Bin Khalid Rumaisah Munir

Advisor: Dr. Abdul Ghafoor AbassiCo-Advisor: Sir Nasir Mahmood Dr. Awais Kamboh

Title Page

Introduction Motivation Problem Statement Literature Review Analysis and Functionality Implementation and Screen shorts References Questions

Agenda

We plan to make a secure ATM-type device, that uses smart cards for transaction operations instead of Credit cards or cash.

The system will have software and hardware modules.

The software module will consist of a user friendly interface that will prompt the user to enter PIN code.

The hardware modules securely communicate with the software modules for transactions.

Introduction

The user enters PIN code in the GUI at a merchant PoS terminal.

The system will first verify if the entered PIN code is present in the backend database.

If it is present, the system will display the menu which has 5 functions:

1. Account to Account Transfer2. Over the counter Transfer3. Cash Depost4. Cash Withdrawal5. Settings

Analysis and Functionality

Depending on the option that the user selects, the system proceeds to perform the operation after insertion of smart card in the reader.

If the user selects “settings”, the user is allowed to access his personal settings and alter them.

If the user selects “cash deposit”, the user is asked to enter cash in the currency reader which detects and processes the currency data and forwards it to the system.

Analysis And Functionality

If the user selects any of the other 3 options, cash is deducted from the user’s account and balance displayed.

Analysis and Functionality

The motivation behind the project is the need to provide security to users by securing their personal data.

Further this system is the “future”. As smart-card based systems, prevail in Europe, the system has entered USA, and very much reduced the fraud cases worth a billion.

In a few years to come, the system will prevail around the world.

Motivation

Signal Processing of images in the form of currency notes and sending them to the system.

Embedded Systems in terms of all the hardware features involved.

Information security in terms of user’s financial data.

Domains involved in the project

Financial frauds keep increasing day by day whether they are cash frauds or credit card frauds.

There is very small chance of getting caught.

Why should we care?Because there is no preventive solution to

this problem.

The Problem

Our goal is to design a system which eliminates cash transactions by use of smart card (which aids in performance of transactions) instead of cash and keeps the user’s data intact by providing high security level.

Objective Of The FYP

Types of Cards: Magnetic Stripe Cards Proximity Cards (Contact less RFIDs) Smart Cards

Literature Review:

Why use Smart Cards in our system?

We will justify now why we prefer Smart Cards over other cards

Magnetic stripe of a magnetic-stripe card is composed of ferric (iron) material.

To store data, the magnetic property of the ferric material is modified.

The card requires physical contact by sweeping it inside the reader.

Cannot support multiple applications.

Literature Review: What are Magnetic-Stripe Cards?

Literature Review: Misuse of Magnetic Stripe Cards: Magnetic stripe Cards use magnetic stripe

technology. Illegal copies of magnetic stripe cards can

easily be made. Data on magnetic stripe cards can be easily

read, modified and copied.

Hence, this causes insecurity of financial information

Proximity Cards are cards that can read without inserting the card into the reader.

With some range, the card is held nearby the electronic reader and a beep indicates that the card is read.

An example of such a system is an RFID card which uses radio frequency EM waves to transfer data.

Also uses magnetic stripe. Cannot support multiple applications.

Literature Review: What are Proximity Cards:

Due to use of magnetic stripe technology in these cards also, card data is not encrypted.

No authentication mechanism in these cards.

Users get tracked. In the wireless transmission, card is easy to

mimic by recording the transmission and replaying it.

Hence, not reliable for monetary transactions

Literature Review: Misuse of Proximity Cards

It is a device made up of integrated circuits/microprocessors and can support multiple applications.

Encryption is present since cryptographic algorithms are applied.

Provide strong security for SSO, identification, application processing and data storage.

Hence, the smart card ensures security of data specially financial data.

Literature Review:What is a Smart Card?

Smart cards allow access to stored information only to authorized users whereas other cards provide lesser security.

Other cards store limited amount of data and that cannot be updated once issued.

Cost of smartcard reader is less than that of the magnetic stripes card reader.

Literature Review: Smart Card vs. Other Cards

The birth of smart cards began in Europe. Smart credit cards arrived in USA for the first time in 2010.

The fraud costs have significantly lowered in Europe because of smart-card based systems.

In few years, all systems will be replaced by smart card technology once economic barriers are overcome

Literature Review: Adoption of Smart Card

The FYP is a continuation of a previous year’s FYP called “Digital Wallet”.

A device was developed which enabled users to perform monetary transactions at local levels.

The device was not centralized and needed an accompanying PC, which increased the cost of the system.

Literature Review: Previous Work

No centralized database was maintained, leading to security issues and killing the purpose of using a smart card based system.

Literature Review: Previous Work

Our Approach

We overcome these problems in our FYP by creating a centralized database stored at the backend web server using SQL 2008.

This eliminates the need to use the extra PC, eliminating extra cost of the system.

We further use Standard Widget Toolkit for user interface implementation which is portable on all platforms instead of Swing/Abstract Windowing Toolkit.

How we overcome these problems?

Design And Implementation

ERD For Database Implementation

Entity-Relationship Diagram

Use Cases

Simple User Client Side

Admin-User

Flow Charts Generic Commands

Function 1: Account to Account

Client:{

“Message Type”: Money Transaction account to account “Command”: Cash transaction

“To Account”: User No.1 “From Account”: User No.2 “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}


Server Acknowledgment

{ “Message Type”: Money Transaction account to account

“Command”: Cash transaction “To Account”: User No.1 “From Account”: User No.2 “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}


Function 2: Cash Deposit

Client

{ “Message Type”: Money Transaction cash to account

“Command”: Cash transaction “To Account”: User No.1 “From Account”: currency detector “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}



{ “Message Type”: Money Transaction cash to account

“Command”: Cash transaction “To Account”: User No.1 “From Account”: currency detector “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}


Function 3: Cash Withdrawal

Client

{ “Message Type”: Money Transaction Account to cash

“Command”: Cash transaction “To Account”: currency detector “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}


Server Acknowledgment:

{ “Message Type”: Money Transaction Account to cash

“Command”: Cash transaction “To Account”: currency detector “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}


Function 4: Transaction Over The Counter

Client:

{ “Message Type”: Money Transaction Over the counter

“Command”: Cash transaction “To Account”: Merchant “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}



{ “Message Type”: Money Transaction Over the counter

“Command”: Cash transaction “To Account”: Merchant “From Account”: User “Amount”: Rs. 100/- “Time”: 1100 hours “Date”: 13-5-2012

}


Final Flow Chart

User Interface Implementation






public class Ro { Display display = new Display(); Shell shell = new Shell(display); Label label2; Text pincode; Text text; public Ro() { shell.setLayout(new GridLayout(2, false)); shell.setText("Login form");

Code( To Enter Pin)

label2=new Label(shell, SWT.NULL); label2.setText("Enter Pincode: "); pincode = new Text(shell, SWT.SINGLE | SWT.BORDER); System.out.println(pincode.getEchoChar()); pincode.setEchoChar('*'); pincode.setTextLimit(30);

Button button=new Button(shell,SWT.PUSH); button.setText("Submit"); button.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { String selected1=pincode.getText();

Code( To Enter Pin)

if(selected1==""){ MessageBox messageBox = new MessageBox(shell, SWT.OK | SWT.ICON_WARNING |SWT.CANCEL); messageBox.setMessage("Enter Pincode"); messageBox.open(); } else{ Rough n= new Rough(); /*MessageBox messageBox=new MessageBox(shell,SWT.OK|SWT.CANCEL); messageBox.setText("Login Form"); messageBox.setMessage("Welcome User"); messageBox.open();*/ } } });

Code( To Enter Pin)

pincode.setLayoutData(new GridData(GridData.FILL_HORIZONTAL)); shell.pack(); shell.open(); while (!shell.isDisposed()) { if (!display.readAndDispatch()) { display.sleep(); } } display.dispose(); } public static void main(String[] args) { new Ro(); } }

Code(To Enter Pin)

public class Rough {

public static void main(String[] args){ Rough thee=new Rough(); } public Rough() { final Shell shell = new Shell(); shell.setSize(250, 300); shell.setText("Transaction Type"); shell.open();

final Button opener = new Button(shell, SWT.PUSH); opener.setText("Settings"); opener.setBounds(20, 20, 50, 25);

‘Transaction Type’ Window(Code)

final Button opener1 = new Button(shell, SWT.PUSH); opener1.setText("Account to Account"); opener1.setBounds(20, 50, 120, 50); opener1.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }}); final Button opener2 = new Button(shell, SWT.PUSH); opener2.setText("Cash Withdrawal"); opener2.setBounds(20, 100, 120, 50); opener2.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }});


final Button opener3 = new Button(shell, SWT.PUSH); opener3.setText("Cash Deposit"); opener3.setBounds(20, 150, 120, 50); opener3.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }}); final Button opener4 = new Button(shell, SWT.PUSH); opener4.setText("Pay Over The Counter"); opener4.setBounds(20, 200, 120, 50); opener4.addListener(SWT.Selection, new Listener() { public void handleEvent(Event event) { transaction n= new transaction(); }});


for(int i = 0; i < 3; i ++) { new Button(shell, (i % 2 == 0) ? SWT.RADIO : SWT.PUSH).setText("Button

" + i); new Text(shell, SWT.BORDER).setText("same size"); } final Shell dialog = new Shell(shell, SWT.APPLICATION_MODAL | SWT.DIALOG_TRIM); dialog.setText("Settings"); dialog.setSize(200, 100);

final Label label = new Label(dialog, SWT.NONE); label.setText("Click OK to proceed?"); label.setBounds(30, 5, 100, 20);

final Button okButton = new Button(dialog, SWT.PUSH); okButton.setBounds(20, 35, 40, 25); okButton.setText("OK");


final Shell dialog1 = new Shell(shell, SWT.APPLICATION_MODAL

| SWT.DIALOG_TRIM); dialog1.setText("Account To Account"); dialog1.setSize(150, 100);

final Label label1 = new Label(dialog, SWT.NONE); label1.setText("Click OK to proceed?"); label1.setBounds(35, 5, 100, 20);

final Button button2 = new Button(dialog, SWT.PUSH);

button2.setBounds(20, 35, 40, 25); button2.setText("OK");


Button cancelButton = new Button(dialog, SWT.PUSH); cancelButton.setBounds(70, 35, 40, 25); cancelButton.setText("Cancel");

final boolean[] response = new boolean[1]; response[0] = true;

Listener listener = new Listener() { public void handleEvent(Event event) { if (event.widget == okButton) { response[0] = true; } else { response[0] = false; } dialog.close(); } };


okButton.addListener(SWT.Selection, listener); cancelButton.addListener(SWT.Selection, listener);

Listener openerListener = new Listener() { public void handleEvent(Event event) { dialog.open(); } };

opener.addListener(SWT.Selection, openerListener);

}}


public class transaction{ public transaction(){ final Shell shell = new Shell(); shell.setLayout(new GridLayout()); shell.setText("Payment Options"); shell.setSize(200,250); final Group group1 = new Group(shell, SWT.SHADOW_IN); group1.setText("Choose An Amount To Pay:"); group1.setLayout(new RowLayout(SWT.VERTICAL)); new Button(group1, SWT.CHECK).setText("25 Rs"); new Button(group1, SWT.CHECK).setText("50 Rs"); new Button(group1, SWT.CHECK).setText("75 Rs"); new Button(group1, SWT.CHECK).setText("100 Rs"); new Button(group1, SWT.CHECK).setText("125 Rs"); new Button(group1, SWT.CHECK).setText("150 Rs"); shell.open(); } public static void main(String[] args) { transaction window = new transaction(); //window.open(); } }

Amount Entrance Code:

Completion of software by creating a backend database and a web server for transfer of messages between client and server (the database backbone is ready).

Hardware completion by interfacing all the components.

Future Work Methodology

Project Timeline

Project Timeline

A financial device that performs the following functions:

Account to Account Cash Transfer. Cash Deposit in an account. Cash Withdrawal from account. Authentication. Management of multiple users.

End Product Description

We plan to accomplish this system and remove the barriers that are present in the way of its market penetration.

The system will aid in reducing the financial fraud issues.

Conclusion:

http://en.wikipedia.org/wiki/Radio-frequency_identification

http://www.josephhall.org/tmp/mit_prox_vulns.pdf

http://www.smartcardalliance.org/resources/pdf/smart_cards_vs_mag_stripe_cards_122111.pdf

https://www.philadelphiafed.org/consumer-credit-and-payments/payment-cards-center/publications/discussion-papers/2002/SmartCard_042002.pdf

References:












http://www.sans.org/reading_room/whitepapers/authentication/identity-protection-smart-card-adoption-america_1122


References:







Questions

Documents

Mid Defence Final