EMBEDDED SYSTEMS SECURITY AND
IMPLEMENTATION IN ATM
ANGEL COLLEGE OF ENGINEERING AND
TECHNOLOGY
TIRUPUR
PAPER PARESENTED BY:
M.KARTHICK, M.MANOJ KUMAR,
FINAL YEAR, FINAL YEAR,
ECE DEPARTMENT ECE DEPARTMENT
EMAIL:
karthi.doe@hotmail.com
manoj10390@gmail.com
ABSTRACT: EMBEDDED OPERATING SYSTEM
In the modern world , the Real-time operating systems
Embedded system plays a vital role in (RTOS) like VxWorks, C Executive and
the electronic component manufacturing RTX are used, but systems that provide
purposes, such as Video games, more power to their users require a more
Wearable computer, multiple levels of powerful embedded operating system
wireless networking, media caching, such as Microsoft Windows NT
Mobile phones. It also reached a peak on embedded, Windows CE, Embedded
its application in ATM. Generally linux, chorus and Palm operating
today’s people are filled with a lot of system.
tensions, appointments, etc. So it is a
tough job to keep the ATM cards more EMBEDDED SOFTWARE
securely, if there is a card theft. The programs on an
Shoulder surfing, Fake PIN pad overlay, embedded system must run with real-
PIN interception are the ways by which time constraints with limited hardware
PIN number is captured. In the following resources: often, there is no disk drive,
topics we see about the frauds and operating system, keyboard or screen. A
attacks in ATM and ways to prevent it. flash drive may replace the rotating
media, and a small keypad and LCD
INTRODUCTION: screen may be used in place of a PC’s
Embedded system is a keyboard and screen. The firmware is
special purpose computer system, which the software embedded in hardware
is completely encapsulated by the device devices, e.g. ROM/Flash memory chips.
it controls. It is a computer controlled
system. The core of any embedded DANGER IS CLOSER HOME
system is a microprocessor, programmed Many embedded systems
to perform a few tasks. The first modern interact with the real world. This
embedded system was the Apollo proximity can lead to serious
Guidance Computer, developed by consequences like property damage,
Charles Stark Draper at the MIT personal injury and even death if an
Instrumentation Laboratory. embedded system is tampered or
exploited. Embedded systems have no
real system administrator hence there is SECURITY REQUIREMENTS
nobody to ensure that only strong Embedded System
passwords are used, so anyone can architectures need to be flexible
attack the system. enough to support the rapid
evolution of security mechanisms
TAXONOMY OF ATTACKS and standards. Secure storage
involves securing information in
the embedded system’s storage
devices, external or internal to the
system.
SECURING AGAINST SOFTWARE
ATTACKS
These attacks are
implemented through agents such as
viruses,worms and Trojan horses,
and can compromise the security of a
system from all standpoints-integrity,
privacy and availability.
Malicious software agents
mount software attacks by either
vulnerabilities or exposures.
Vulnerability allows the attacker to
This shows a broad classification of
gain direct access to the end system,
attacks on Embedded system
while an exposure, is where the
* Based on the
attacker may indirectly exploit to
functional objectives attacks.
gain access.
*Based on agents or
Debugging is especially difficult in
means used.
the embedded world.
The above figure shows the
various software security practices
applied in software design life cycle
(SDLC). Memory devices are the
favourite targets for internal attacks
because they hold both the product’s
firmware and sensitive data.
Several vendors offer secure
memory devices to protect internal data.
For e.g, as shown below the Dallas
semiconductor provides 1128 bits of 5V
EEPROM partitioned into 4 pages of
256 bits, a 64-bit write-only secret, and
as many as 5 general-purpose read/write
SOFTWAR
registers.
E SECURITY STANDARDS
In an effort to establish
standards for system security, USA,
Canada and several European nations
created the Common Criteria for
Information Technology Security
Evaluation e.g., Evaluation-assurance
levels(EAL’s) and Multiple Independent the device. Tamper mechanisms are
Levels of Security(MILS).Green Hills divided into four groups: Prevention,
Software, Linux Works and Wind River evidence, detection and
Software are vendors working on MILS- response/recovery.
complaint RTOS for military and
defence systems. TAMPER PREVENTION
SECURING AGAINST HARDWARE It include physical protection
ATTACKS mechanisms(hardened steel enclosures,
The design of a secure locks, encapsulation or security
product enclosure is crucial to prevent screws),hardware design(e.g., circuit
attackers from gaining access to the implementations whose timing and
internal circuitry. Opening a product is power characteristics are data
as simple as loosening a few screws or independent). A benefit is that physical
prying open the side with tools. changes can be visually observed.
TAMPER DETECTION
It enables the hardware device to
be aware of tampering. The elapsed time
interval between the launch of an attack
and its detection needs to be kept as low
as possible. This mechanism typically
fall into one of the following three
groups:
Switches and pressure contacts to
detect the opening.
Radiation sensors for x-rays used
for seeing what is inside of a
sealed device, and ion beams
TAMPER MECHANISMS
used for advanced attacks to
It is to prevent any attempt
focus on specific electrical gates
by an attacker to perform an
within an IC.
unauthorized electronic action against
Circuitry such as Nichrome wire The TrustZone
and fibre optics wrapped around security technology from ARM is an
critical circuitry or specific good example of how countermeasures
components on the board. against software attacks are implemented
for an embedded system-on-chip.It
offers a more secure solution from a
trusted environment that provides a safe
initialization to the secure world, with
benefits that include:
Easier to certify software
applications.
Implementation of flexible
system-wide security,
without constraints.
Basis for consistent OS
support – a step towards CPU
security standardization and
all the economies of scales
that bring to the industry.
TAMPER RECOVERY/RESPONSE Software compatibility
It refers to techniques used to between different TrustZone-
ensure that the attack is countered,and enabled SoCs.
that the system returns to secure Lower cost in terms of added
operation. RSA Security’s SecurID is hardware and software.
one of the most popular two-stage Minimum impact on system
authentication systems and many performance
organization use it for identifying remote
users. ATM FRAUD AND SECURITY
INTRODUCTION
IMPLEMENTING COUNTER In recent years there has been a
MEASURES proliferation of ATM frauds across the
globe. Managing the risk associated with devices comprised of slim mechanical
ATM fraud as well as diminishing its devices, often encased in a plastic
impact are important issues that face transparent film, inserted into the card
financial institutions as fraud techniques reader throat. Hooks are attached to the
have become more advanced with probes preventing the card from being
increased occurrences. Recent returned to the consumer at the end of
occurrences of ATM fraud range from the transaction.
techniques such as shoulder surfing and
card skimming to highly advanced
techniques involving software tampering
and/or hardware modifications to divert,
or trap the dispensed currency.
GENERAL PRACTICES TO DETER
FRAUD
* Video Surveillance
* Awareness and Consumer
Education
* Remote Monitoring
Preventing Card Theft
Card readers with the
ATM FRAUD TECHNIQUES AND
capability to detect if the shutter is
ITS PREVENTION
closed completely can provide an
The different
indication that a fishing device may have
techniques and methodologies of known
been inserted into the card reader. By
ATM fraud attempts on a global scale
using remote diagnostics to monitor the
and investigates recommended
ATM, error codes generated by the card
approaches to prevent or deter these
reader can be tracked. An increase in the
types of fraud.
occurrence of error codes related to
cards readers could be an indication that
Card Theft
a fraud attempt is in progress.
To obtain actual cards, criminals
have used a variety of card trapping
Skimming Devices
Skimming is the most
frequently used method of illegally
obtaining card track data. “Skimmers”
are devices used by criminals to capture
the data stored in the magnetic strip of
the card. Reading and deciphering the
information on the magnetic stripes of
the card can be
accomplished through
the application of small
card readers in close
proximity to, or on top
of, the actual card reader input slot, so it
is able to read and record the
information stored on the magnetic track
of the card.
The device is then removed,
allowing the downloading of the
recorded data. Skimming devices can be
smaller than a deck of cards and read the
magnetized strips on bankcards the way
Prevent Skimming
credit card scanners or ATMs read card
The following “anti-
information.They can capture and retain
skimming” solutions can be introduced:
the information from more than 200
• Controlling the speed of the movement
cards, including account numbers,
of the card or intentional erratic
balances and verification codes.
movement of the card during card
insertion and return by the motorized
card reader will confuse most skimming
devices and make it impossible for the
card information to be read accurately.
• Installing an auto alert system to
monitor the routine patterns of
withdrawals to help determine fraudulent
withdrawals.
• Migration towards chip cards and chip
card readers is less susceptible to
skimming
PIN Security
The PIN is one of the most important
elements needed to steal the identity of
an ATM user. The following techniques
may be used to capture the PIN number.
• Shoulder Surfing (Direct Observation
as the consumers enter their PIN
number) Preventing Shoulder Surfing
• Fake PIN Pad Overlay In addition to camera
• PIN Interception surveillance, a mirror can be affixed to
the fascia of the ATM that would allow
users to easily see behind them as they
enter their information. The ergonomic
design of the ATM plays an important
Shoulder Surfing part in preventing shoulder surfing as the
Shoulder Surfing is the act of positioning of the keyboard, centered
direct observation, watching what directly below the monitor, allows for
number that person taps onto the keypad. the body to naturally cover the area of
Sometimes miniature video cameras are pin entry.
installed discretely on the fascia or
somewhere close to the PIN Pad, to Utilizing a Fake PIN Pad Overlay
record the PIN entry information. A fake PIN pad is placed over
the original Keypad.This overlay
captures the PIN data and stores the
information into its memory. Hackers the on-line PIN check. In order to
may also attach a portable monitor and capture the PIN internally, the criminal
card reader on top of the actual ATMs would require access to the
monitor and card reader to obtain the communication cable of the PIN pad
card and PIN information. inside the terminal, which can more
easily be done, at off- premise locations.
Preventing Fake PIN Pad Overlay
Educating ATM users to Preventing PIN Interception
be aware of abnormalities i.e., A MasterCard and VISA are
warning that there might be a PIN pad requiring new PIN pad security
overlay is no ***** asterisk appear on enhancements for ATMs that tie into
the screen when the PIN is entered. their network. In order to decrease PIN
Utilizing ATM monitoring software theft fraud, they are now requiring an
/services would enable notifications to encrypted PIN Pad in place of the
be sent to the network if there are keypad. The EPP is a sealed module that
repetitive occurrences of a “time out immediately encrypts the PIN entry so
message” during PIN entry. These that no “raw” PIN numbers are
messages could signify that a card has accessible to electronic Hackers. In
been inserted into the ATM, but the regards to on-line communication, the
transaction has timed out because no newly instituted Triple DES standard
data has been entered and the card strengthens the encryption algorithm.
returned, due to the pin pad overlay that
has received the PIN entry information.
PIN Interception Locks and Closing Devices
After the PIN is entered, the Mechanical Locks
information is captured in electronic Mechanical locks allow the
format through an electronic data opening of the safe door only through
recorder. Capturing the PIN can be done the combination of different keys,
either inside the terminal, or as the PIN whereby each key is in the hands of a
is transmitted to the host computer for different person.
Type Alert Activity
Electronic Locks Temperatur Piercing with torch
Electronic locks allow multiple e
Tilting Detachment of the
combinations, each assigned to a
safe
different ATM maintenance facilitator, Vibration Piercing with tools
or different passwords for the operator, (drilling,cutting),
supervisor and conveyor. Some wedging
electronic locks feature intelligence, i.e.:
allowing the opening of the safe only A smoke pump was instituted in Brazil
during the specific time periods that to release smoke when an ATM was
have been pre-programmed. violated by a physical attack, like
vibration or tilting. The sensor that
Alarms and Sensors released the smoke also sends
Alarms are intended to: notification to the monitoring center.
• Detect the open/closed state of the safe
door (also of the electronic cabinet of the CONCLUSION
ATM). Thus the paper presents
• Monitor different parameters that can what are the security requirements of
be indicative of a robbery attempt. embedded system and ways to secure
• Report the status remotely to a from the attacks. The task of securing
monitoring center. the ATM in future lies at the hands of
the engineer at each level with a
desirable manner. Although historically,
various security issues have been
investigated in the context of
Sensors cryptography, network security and
The list of the most common Sensors: computer security, the challenges
imposed by the process of securing
emerging environments or networks of
embedded systems compel us to take a
fresh look at the problem.