CLOUD -ATM
CHAPTER 1 INTRODUCTION ABSTRACT ATM (automated teller machine) is an electronic telecommunications device that enables the customers of a financial institution to perform financial transactions, particularly cash withdrawal, without the need for a human cashier, clerk or bank teller. On most modern ATMs, the customer is identified by inserting a ATM card with a magnetic stripe or a plastic smart card with a chip that contains a unique card number and some security information. In every ATM, authentication is provided by the customer entering a Personal Identification Number (PIN). We develop an android application for ATM which operates through cloud. As customers register in our application, server will approve and then a PIN is created for authentication purpose. Using this PIN the user has to authenticate himself, then they are allowed to perform transactions like access their bank deposit or credit accounts in order to make a variety of transactions such as cash withdrawals, check balances, or credit mobile phones. The app can find out all the nearest ATMs and can suggest ATMs where the required amount is available.
AIM OF THE PROJECT
The main aim of this project is to provide security.
PIN authentication is provided on user’s registration.
We can search for nearby ATM, its working condition along with required amount availability.
All the users’ details and transactions are maintained in the cloud server.
INTRODUCTION TO SYSTEM
A cash machine, also known as an automated teller machine (ATM), automated banking
machine (ABM), cashpoint, cashline, or
minibank
is
an
electronic
telecommunications device that enables the customers of a financial institution to perform financial transactions, particularly cash withdrawal, without the need for a human cashier, clerk or bank teller. According to the ATM Industry Association (ATMIA), there are now close to 3 million cash machines installed worldwide. On most modern cash machines, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smart card with a chip that contains a unique card number and some security information such as an expiration date or CVVC (CVV). Authentication is provided by the customer entering a personal identification number (PIN). Using a cash machine, customers can access their bank deposit or credit accounts in order to make a variety of transactions such as cash withdrawals, check balances, or credit mobile phones. If the currency being withdrawn from the cash machine is different from that in which the bank account is denominated the money will be converted at an official exchange rate. Thus, cash machines often provide the best possible exchange rates for foreign travelers, and are widely used for this purpose. Most cash machines are connected to interbank networks, enabling people to withdraw and deposit money from machines not belonging to the bank where they have their accounts or in the countries where their accounts are held (enabling cash withdrawals in local currency). Cash machines rely on authorization of a financial transaction by the card issuer or other authorizing institution on a communications network. This is often performed through an ISO 8583 messaging system. Many banks charge cash machine usage fees. In some cases, these fees are charged solely to users who are not customers of the bank where the cash machine is installed; in other cases, they apply to all users. In order to allow a more diverse range of devices to attach to their networks, some interbank networks have passed rules expanding the definition of a cash machine to be a terminal that either has the vault within its footprint or utilizes the vault or cash drawer within the merchant establishment, which allows for the use of a scrip cash dispenser. Before a cash machine is placed in a public place, it typically has undergone extensive testing with both test money and the backend computer systems that allow it to perform transactions. Banking customers also have come to expect high reliability in their ATMs,[98] which provides incentives to ATM providers to minimize machine and network
failures. Financial consequences of incorrect machine operation also provide high degrees of incentive to minimize malfunctions. Cash machine and the supporting electronic financial networks are generally very reliable, with industry benchmarks. If cash machine networks do go out of service, customers could be left without the ability to make transactions until the beginning of their bank's next time of opening hours. This said, not all errors are to the detriment of customers; there have been cases of machines giving out money without debiting the account, or giving out higher value notes as a result of incorrect denomination of banknote being loaded in the money cassettes. The result of receiving too much money may be influenced by the card holder agreement in place between the customer and the bank. Errors that can occur may be mechanical (such as card transport mechanisms; keypads; hard disk failures; envelope deposit mechanisms); software (such as operating system; device driver; application); communications; or purely down to operator error.
CHAPTER 2 LITERATURE SURVEY
EXISTING SYSTEM & ITS LIMITATIONS In any ATM, the customer can insert their ATM cards given by their banks and they are authenticated by giving the Personal Identification Number (PIN). If they are authenticated they can access their accounts and perform variety of transactions like cash withdrawals, check balance etc. Authentication is provided by the Personal Identification Number (PIN). If a hacker or any other person other than the account holder gives the correct PIN, then he can perform transactions and withdraw money. This system is not so secure. Added to this, in the real-time scenario, when a person finds an ATM location and reaches there and comes to know that the machine is not in working condition. His search goes in vain; the proposed system overcomes this disadvantage.
PROBLEM STATEMENT Security is not guaranteed when any others use the card and PIN to access the account and perform transactions. There is no surety to get required amount from the ATM.
SCOPE OF THE PROJECT This project has its scope and application in banking sector where many ATM’s are installed and operated for money transactions.
PROPOSED SYSTEM We propose a new system of cloud ATM which authenticates user by their unique PIN generated using Secure Hash Algorithm (SHA) and allows accessing their bank account details. When users register to our application, they provide their personal details like name, bank details, account details, etc. These details will be sent to admin (server) for verification. If the bank account is blocked, then user is rejected from using the application. Otherwise, he will be
approved and included as a member. All the users’ details will be stored in cloud. SHA uses information of mobile number, 4 digit card number and IMEI number to generate a unique PIN. This unique PIN is given to the user to perform secure operations with the app and ATM. Only on entering this PIN, the user is authenticated. This process happens in android mobile and the authentication is examined and intimated from the cloud service to ATM and for security reason, ATM will perform twice authentication before proceeding further. We use computers in a network to illustrate this working procedure. Networking is used as the communication between server and ATM with socket programming. One computer will be considered as admin (Server), which contains all the banking details like account, account details, user details etc. Each node will be used as ATM- computers. The customers have to provide their PIN (unique number) for authentication. If it matches with the one stored in database, then customer is allowed to access his account details. The user can perform operation like balance enquiry, locate nearby ATM, Amount required, change PIN, and History. The user can locate for a nearby ATM which is in a working condition. As far as challenge of finding a working ATM is considered, this is ensured by sending the UDP hello messages to the server by the ATM to ensure it is in working condition. User can enter the required amount and find out whether which ATM has so much balance in ATM and our app will suggest that ATM.
PROCESS MODEL SELECTION AND JUSTIFICATION According to Software Engineering the approach adopted to develop this project is the Iterative waterfall Model. The iterative waterfall Model is a systematic approach that begins at the feasibility study phase and progress through analysis, design, coding, testing, integration and maintenance. Feedback paths are there in each phase to its preceding phase as show in the fig to allow the correction of the errors committed during a phase that are detected in later phase.
Fig: Waterfall model
Feasibility study: The main aim of this phase is to determine whether it would be financially and technically feasible to develop the product. The feasibility study activity involves the analysis of the problem and collection of all the relevant information relating to the product such as different data items which would be input to the system, processing required to be carried out on these data, the output data required to be produced by the system, as well as constraints on the behavior of the system. Requirement Analysis and Specification: The main aim of this phase is to understand the exact requirements of the customer and to document them properly. Design:
The goal of design phase is to transform the requirements specified in the SRS document into a structure that is suitable for implementation in some programming language. In technical terms, during the design phase the software architecture is derived from SRS document. Two distinctly different design approaches are available: the traditional approach and the object oriented approach. We have adopted traditional design to develop the product. Coding: Once design is complete, goal of the coding phase is to translate the design of the system into code in a given programming language. For a given design, the aim in this phase is to implement the design in the best possible manner. We have coded the design using C# language to develop the product. Testing: Testing is the major quality control measure employed during software development. Its basic function is to detect errors in the software. Maintenance: Maintenance is not a part of software development. It is an extremely important activity in the life of software product. Maintenance involves performing any one or more of the following kinds of activities: Correcting errors that were not discovered during the product phase. This is called corrective maintenance. Improving the implementation of the system, and enhancing the functionalities of the system according to the customer’s requirements. This is called perfective maintenance. Porting the software in a new environment. This is called adaptive maintenance.
SURVEY FINDINGS Secure Hash Algorithm
The term secure hash algorithm (short SHA) refers to a group of standardized cryptologic hash functions . These are used to calculate a unique check value for any digital data (messages) and are the basis for creating a digital signature. The test value is used to ensure the integrity of a message. If two messages give the same test value, to the equality of messages after normal discretion be guaranteed, without prejudice targeted Attempts to manipulate the news. Therefore it requires a cryptologic hash function, the property of collision safety : it should be virtually impossible to create two different messages with the same test value.
The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS), including:
SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
SHA-2: A family of two similar hash functions, with different block sizes, known as SHA256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA512 uses 64-bit words. There are also truncated versions of each standard, known as SHA224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA.
SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.
NCR launches Kalpana, an Android, cloud ATM By Larry Dignan April 15, 2015 NCR rolled out Kalpana, an Android and cloud platform that aims to rewrite the way ATMs operate. ATMs, which run on a bevy of platforms but largely Windows, typically operate as glorified PCs. NCR estimates that 75 percent of the globe's ATMs run on Windows
XP or older platforms. But these ATMs can be vulnerable to various attacks. Skimming-related fraud was more than $2 billion in 2014, according to ATM Industry Association. NCR's approach is to run ATM operations remotely through a thin client initially using Android. NCR's pitch is that the cloud/Android approach will be more secure, enable banks to rapidly deploy new services and cut costs. NCR's new ATMs can also adopt new versions of Android. If the thin-client pitch doesn't work, NCR is courting financial institutions with cost savings. NCR argues that Kalpana can cut the total cost of ownership by up to 40 percent because administration costs will be lower. NCR said that Kalpana can cut total cost of ownership to $540,000 from $800,000 per each 100 ATMs. NCR said customers will run the ATM operations on their computing infrastructure, but can easily deploy security updates and remotely manage everything from support to power management. All requirements and updates are handled at the server level. The main savings via Kalpana is that financial institutions won't have to send people out to service and manage ATMs individually. Meanwhile, Kalpana is serving as part of NCR's software-based strategy. The company said Kalpana can deliver services to thin clients or Windows-based ATMs whether they are NCR-branded or not. The end game for NCR is to create an environment where ATMs are as nimble as mobile devices when it comes to delivering new services and features.
ATMs are about to get a cloud makeover By Katherine Noyes Automated teller machines have been around for decades, but surprisingly few changes have been made to the technologies that run them. That's about to change. NCR on Wednesday rolled out new software that will transform ATMs to use the cloud with Android and a thinclient model of computing. The result, it says, will be a big boost in security as well as dramatically lower costs. Most of the world's 2.2 million or so ATMs today are essentially thick-client PCs, and the vast majority of them -- as much as 75 percent -- run Windows XP, NCR says. It's perhaps no wonder that security is an issue, yet banks typically must still administer updates manually to each ATM in their network.
Enter Kalpana, NCR's new enterprise software platform. Kalpana moves ATM software and operations to the cloud so that the machines can be run remotely, including all software updates at the server level.
SEPIA: Secure-PIN-Authentication-as-a-Service for ATM Using Mobile and Wearable Devices By Rasib Khan ; Dept. of Comput. & Inf. Sci., Univ. of Alabama at Birmingham, Birmingham, AL, USA ; Ragib Hasan ; Jinfang Xu Credit card fraud is a common problem in today's world. Financial institutions have registered major loses till today due to users being exposed of their credit card information. Shoulder-surfing or observation attacks, including card skimming and video recording with hidden cameras while users perform PIN-based authentication at ATM terminals is one of the common threats for common users. Researchers have struggled to come up with secure solutions for secure PIN authentication. However, modern day ubiquitous wearable devices, such as the Google Glass have presented us with newer opportunities in this research area. In this paper, we propose Secure-PIN-Authentication-as-a-Service (SEPIA), a secure obfuscated PIN authentication protocol for ATM and other point-of-service terminals using cloudconnected personal mobile and wearable devices. Our approach protects the user from shoulder-surfers and partial observation attacks, and is also resistant to relay, replay, and intermediate transaction attacks. A SEPIA user utilizes a Google Glass or a mobile device for scanning a QR code on the terminal screen to prove co-location to the cloud-based server and obtain a secure PIN template for point-of-service authentication. SEPIA ensures minimal task overhead on the user's device with maximal computation offloaded to the cloud. We have implemented a proof-of-concept prototype to perform experimental analysis and a usability study for the SEPIA architecture.
Location based ATM locator system using OpenStreetMap By Rajib Chandra Das ; Dept. of Comput. Sci. & Eng., Chittagong Univ. of Eng. & Technol. (CUET), Raozan, Bangladesh ; Parijat Prashun Purohit ; Tauhidul Alam ;Mahfuzulhoq Chowdhury
Money transaction through ATM machine wherever we go has become phenomenon in our day-to-days activities as it is safe to keep a ATM card rather than keeping cash. When we need cash in any unknown area or during any emergency situation, we need to know about nearest ATM booth from where we can avail this opportunity. In addition, a tourist or new comer may face difficulty in having ATM help without this information. Hence, we have proposed a location based ATM locator system (LBALS) using OpenStreetMap, a growing open source digital map where ATM booths and fast tracks are mapped. Database contains detail information about all available ATM booths and fast tracks of different banks. It requires GPS supported android device with application installed on it for the user. Textual information are provided of nearest ATM booths or fast tracks from user's current position when he requires the information. Some Markers indicate ATM booths or fast tracks on the map. Dijkstra's algorithm has been applied to show the possible shortest path between user and an ATM booth. Haversine formula is also used to calculate perpendicular distance. Implemented LBALS is tested for some random locations in a specific region of our country.
CHAPTER 3 SYSTEM DESIGN
Systems design is the process of defining the architecture, components, modules, interfaces, and data for a system to satisfy specified requirements. Systems design could be seen as the application of systems theory to product development. There is some overlap with the disciplines of systems analysis, systems architecture and systems engineering. The architectural design of a system emphasizes on the design of the systems architecture which describes the structure, behavior, and more views of that system. System design is the process of defining the elements of a system such as the architecture, modules and components, the different interfaces of those components and the data that goes through that system. It is meant to satisfy specific needs and requirements of a business or organization through the engineering of a coherent and well-running system. Software architecture is the high level structure of a software system, the discipline of creating such structures, and the documentation of these structures. It is the set of structures needed to reason about the software system, and comprises the software elements, the relations between them, and the properties of both elements and relations. The architecture of a software system is a metaphor, analogous to the architecture of a building
DATA FLOW DIAGRAM A DFD shows what kind of information will be input to and output from the system, where the data will come from and go to, and where the data will be stored. It does not show information about the timing of process or information about whether processes will operate in sequence or in parallel. A Data Flow Diagram (DFD) is a graphical representation of the "flow" of data through an information system, modeling its process aspects. A DFD is often used as a preliminary step to create an overview of the system, which can later be elaborated. DFDs can also be used for the visualization of data processing.
External Entity An external entity can represent a human, system or subsystem. It is where certain data comes from or goes to. It is external to the system we study, in terms of the business process. For this reason, people used to draw external entities on the edge of a diagram.
Process A process is a business activity or function where the manipulation and transformation of data takes place. A process can be decomposed to finer level of details, for representing how data is being processed within the process. Data Store A data store represents the storage of persistent data required and/or produced by the process. Here are some examples of data stores: membership forms, database table, etc. Data Flow A data flow represents the flow of information, with its direction represented by an arrow head that shows at the end(s) of flow connector.
Context Data Flow Diagram: (Level 0) We usually begin by drawing a context diagram, a simple representation of the whole system. Context level DFD, also known as level 0 DFD, sees the whole system as a single process and emphasis the interaction between the system and external entities.
Fig: Data Flow Diagram- Level 0
Data Flow Diagram: (Level 1)
To elaborate further from that, we drill down to a level 1 diagram with additional information about the major functions of the system. This could continue to evolve to become a level 2 diagram when further analysis is required. The Level 1 DFD shows how the system is divided into sub-systems (processes), each of which deals with one or more of the data flows to or from an external agent, and which together provide all of the functionality of the system as a whole. It also identifies internal data stores that must be present in order for the system to do its job, and shows the flow of data between the various parts of the system. Software Requirement Specification is the starting point of the software development activity. It includes an introduction that gives the purpose, scope and an overview of the system. This needs requirement by talking to the people and understanding their needs. It also includes a general description of the product perspective, product function and certain user characteristics of the system. It also specifies the overall functional requirements, performance requirements and design constraints. The SRS is a means of translating the idea in the mind of the clients (the input), into a formal document (the output of the requirement phase). The Software Requirement Specification document is organized in such a manner it aids validation and system design.
Fig: Data flow diagram – Level 1
USE CASE DIAGRAMS: Use case diagrams are considered for high level requirement analysis of a system. Use case diagrams are used to gather the requirements of a system including internal and external influences. These requirements are mostly design requirements. So when a system is analyzed to gather its functionalities use cases are prepared and actors are identified. Now when the initial task is complete use case diagrams are modeled to present the outside view. Use case: Use case diagrams are considered for high level requirement analysis of a system. So when the requirements of a system are analyzed the functionalities are captured in use cases. So we can say that uses cases are nothing but the system functionalities written in an organized manner. Actor: Now the second things which are relevant to the use cases are the actors. Actors can be defined as something that interacts with the system. The actors can be human user, some internal applications or may be some external applications. Relationship: Relationships exist among the use cases and actors. Show relationships and dependencies
clearly in the diagram. Do not try to include all types of relationships. Because the main purpose of the diagram is to identify requirements.
Fig: Use case diagram SEQUENCE DIAGRAM: The Sequence Diagram models the collaboration of objects based on a time sequence. It shows how the objects interact with others in a particular scenario of a use case. With the advanced visual modeling capability, you can create complex sequence diagram in few clicks. Besides, Visual Paradigm can generate sequence diagram from the flow of events which you have defined in the use case description. The sequence diagram models the collaboration of objects based on a time sequence. It shows how the objects interact with others in a particular scenario of a use case. It depicts the objects and classes involved in the scenario and the sequence of messages exchanged between the objects needed to carry out the functionality of the scenario. Lifelines: A sequence diagram shows, as parallel vertical lines (lifelines), which indicates different processes or objects that live simultaneously. Message:
Messages, written with horizontal arrows with the message name written above them, display interaction. The messages are written in the order in which they occur. This allows the specification of simple runtime scenarios in a graphical manner. Object/Activation Box/Process: Activation boxes, or method-call boxes, are opaque rectangles drawn on top of lifelines to represent that processes are being performed in response to the message.
Fig: Sequence Diagram
CHAPTER 4 SOFTWARE REQUIREMENT SPECIFICATION
Requirements analysis, also called requirements engineering, is the process of determining user expectations for a new or modified product. These features, called requirements, must be quantifiable, relevant and detailed. In software engineering, such requirements are often called functional specifications. Requirements analysis is an important aspect of project management. Requirements analysis involves frequent communication with system users to determine specific feature expectations, resolution of conflict or ambiguity in requirements as demanded by the various users or groups of users, avoidance of feature creep and documentation of all aspects of the project development process from start to finish. Energy should be directed towards ensuring that the final system or product conforms to client needs rather than attempting to mold user expectations to fit the requirements. Requirements analysis is a team effort that demands a combination of hardware, software and human factors engineering expertise as well as skills in dealing with people.
FUNCTIONAL REQUIREMENTS Functional requirements capture the intended behavior of the system. This behavior may be expressed as services, tasks or functions the system is required to perform. It is a description of the facility or feature required. Functional requirements deal with what the system should do or provide for users. They include description of the required
functions, outlines of associated reports or online queries, and details of data to be held in the system. In software engineering, a functional requirement defines a function of a software system or its component. A function is described as a set of inputs, the behavior, and outputs. Functional requirements may be calculations, technical details, data manipulation and processing and other specific functionality that define what a system is supposed to accomplish. Here, the main functional requirement is automation of devices. The project contains the following functionalities/modules.
Registration When users register to our application, they provide their personal details like name,
bank details, account details, etc. These details will be sent to admin (server) for verification. If the bank account is blocked, then user is rejected, else he will be approved.
File management All the users’ details will be stored in cloud like name, bank details, account details,
mobile number, PIN etc.
SHA algorithm SHA uses information of mobile number, 4 digit card number and IMEI number to
generate a unique PIN. These details will be in an encrypted format to provide security. Only on entering this PIN, the user is authenticated.
GPS The user can be at different cities, by the help of GPS, user location and nearby ATM
location is found. The user can locate for a nearby ATM which is in a working condition using Global Positioning System (GPS).
Balance Enquiry User can enter the required amount and the application finds out whether which ATM
has so much balance in ATM and can suggest that ATM. NON FUNCTIONAL REQUIREMENTS Non-functional requirements detail constraints, targets or control mechanisms for the new system. They describe how, how well or to what standard a function should be provided. Example: levels of required service such as response times; security and access requirements; technical constraints; required interfacing with users' and other systems; and project constraints such as implementation on the organization’s hardware/software platform. Service level requirements are measures of the quality of service required, and is crucial to capacity planning and physical design. Identify realistic, measurable target values for each service level. These include service hours, service availability, responsiveness, throughput and reliability. Security includes defining priority and frequency of backup of data, recovery, fallback and contingency planning and access restrictions. Access restrictions should deal with what data needs protected; what data should be restricted to a particular user role; and level of restriction required, eg physical, password, view only. Non-functional requirements may cover the system as a whole or relate to specific functional requirements. Non Functional Requirements includes aspects like:
Efficiency Efficiency in general describes the extent to which time or effort is well used for the intended task or purpose. It is often used with the specific purpose of relaying the capability of a specific application of effort to produce a specific outcome effectively with a minimum amount or quantity of waste, expense, or unnecessary effort. "Efficiency" has widely varying meanings in different disciplines. Our project is efficient in locating nearest ATM and also in finding the required amount successfully in nearby ATM with the help of GPS according to the requirement and giving the notifications effectively with minimum expense and unnecessary effort.
Scalability Scalability, as a property of systems, is generally difficult to define and in any particular case it is necessary to define the specific requirements for scalability on those dimensions that are deemed important. It is a highly significant issue in electronics systems, databases, routers, and networking. Our system, whose performance improves after connecting many ATMs in a network,
is
said
to
be
a
scalable
system.
Interoperability Interoperability is a property referring to the ability of diverse systems and organizations to work together (inter-operate). The term is often used in a technical systems engineering sense, or alternatively in a broad sense, taking into account social, political, and organizational factors that impact system to system performance. This is interoperable, as many ATM are connected with server, it is important to work together.
Reliability Reliability is the ability of a person or system to perform and maintain its functions in routine circumstances, as well as hostile or unexpected circumstances. Our project is reliable in its operations for both expected and unexpected conditions. Banking applications also have to expect high reliability in their ATMs, which provides incentives to ATM providers to minimize machine and network failures. Financial consequences of incorrect machine operation also provide high degrees of incentive to minimize malfunctions. Cash machine and the supporting electronic financial networks are generally very reliable, with industry benchmarks and up to 99.999% availability for host systems that manage the networks of cash machines.
Usability "The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use." The word "usability" here refers to ease-of-use during the entire process. As all the steps involved in this
project is simple and easy to use, and user will be operating each and every step of this project very easily, we can tell this is very user friendly. SYSTEM REQUIREMENTS HARDWARE REQUIREMENTS Processor
:
Pentium 4 +
RAM
:
2GB
Hard Disk
:
500MB free space
Speed
:
1.2 GHz+
Machine
:
with internet connection
Android mobile
SOFTWARE REQUIREMENTS Operating System
:
Windows XP or Higher,
IDE
:
Visual Studio, Eclipse
Language
:
C#, Java
Java Software
:
JDK 1.6 or above
Tool
:
Eclipse ADT
Database
:
MySQL
Framework
:
ASP.NET
Cloud Server
ATM System Bio metric Authentication
User