You are on page 1of 5

Software Engineering 4C03 Winter 2005

The Encryption Technology of Automatic Teller Machine Networks
Researcher: Shun Wong Last revised: April 2nd, 2005

a leading cryptography researcher. OS/2 and Windows 98 bundled with Java. There have also been a number of incidents of fraud where criminals have used fake machines or have attached fake keypads or card readers to existing machines. Ross Anderson. This report focuses on Data Encryption Standard and Advanced Encryption Standard.1 Hardware and Software ATMs contain secure crypto-processors. In addition. cost-effectiveness to the bank and most importantly it is an extremely secure banking method. These 1 . Other platforms include RMX 86. In-store ATMs typically connect directly to their ATM Transaction Processor via a modem over a dedicated telephone line. although the move towards Internet connections is under way. ATMs rely on authorization of a transaction by the bank via a secure communications network. and has been responsible for exposing several errors in bank security. generally within an IBM PC compatible host computer in a secure enclosure. There are also many "phantom withdrawals" from ATMs. which banks often claim are the result of fraud by customers. Many experts ascribe phantom withdrawals to the criminal activity of dishonest insiders. The newest ATMs with Microsoft technology use Windows XP or Windows XP embedded. ATMs are moving away from custom circuit boards (most of which are based on Intel 8086 architecture) and into fullfledged PCs with commodity operating systems such as Windows 2000 and Linux. has been involved in investigating many cases of phantom withdrawals.1 Introduction ATM also known as Automatic Teller Machine is a simple and yet security banking service. The basic concept is that an ATM allows an authorized cardholder to conduct banking transaction without visiting a branch. these are the encryption standards presently adopted by banks across the globe. 1. [Lockergnome Encyclopedia 2004] 2 ATM Encryption Methods ATM transactions are usually encrypted with DES (please refer to the next section) but most transaction processors will require the use of the more secure Triple DES by 2005. They are well known for its convenience to the customers. Encryption methods are built into the communication network to prevent unauthorized transactions that could result in loses. The security of the machine relies mostly on the integrity of the secure crypto-processor: the host software often runs on a commodity operating system.

which is a new Federal Information Processing Standard (FIPS) publication that describes an encryption method. The National Institute of Standards and Technology (NIST) has created AES. while ensuring that the only known approach to decrypt a message is for an intruder to try every possible key. the Cipher Block Chaining (CBC) mode. DES Modes of Operation. OFB does not chain the cipher. CFB uses previously generated cipher text as input to the DES to generate pseudorandom outputs which are combined with the plaintext to produce cipher. to IP Security (IPSec). [Federal Information Processing Standards Publication 46-2 1993] 2. AES is a privacy transform for IPSec and Internet Key Exchange (IKE) and has been developed to replace the Data Encryption Standard (DES). [William Stallings 2003]. and the Output Feedback (OFB) mode. AES has a variable key 2 .1 Data Encryption Standard The Data Encryption Standard (DES) is an approved cryptographic algorithm selected as an official Federal Information Processing Standard (FIPS) for the United States. please refer to Cryptography And Network Security. thereby chaining together the resulting cipher. the Cipher Feedback (CFB) mode. For further details of DES encryption and decryption. ECB is a direct application of the DES algorithm to encrypt and decrypt data. AES is designed to be more secure than DES: AES offers a larger key size. These four modes are called the Electronic Codebook (ECB) mode. The most recent solution is to adopt a new encryption standard known as the Advanced Encryption Standard. [Lockergnome Encyclopedia 2004] 2. CBC is an enhanced mode of ECB which chains together blocks of cipher text. The Advanced Encryption Standard (AES) feature adds support for the new encryption standard AES. with Cipher Block Chaining (CBC) mode.2 Advanced Encryption Standard There are cases where ATMs using DES has been breached within 24 hours. Principle and Practice 3rd ed. OFB is identical to CFB except that the previous output of the DES is used as input in OFB while the previous cipher is used as input in CFB. [Lockergnome Encyclopedia 2004] In DES. data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. describes four different modes for using the algorithm described in this standard. FIPS PUB 81.have then been used to record customers' PINs and bank account details in order to gain unauthorized access to their accounts. by William Stallings.

ATM security requires progressively improving methods to keep up with smart intruders. [Cisco Systems. cost-effective and secure banking method provided to customers today. a new method will be adopted to protect ATMs from intruders with better technologies. Inc. 3 . In the near future. they are actually protected by some of the most advanced encryption technologies. a 192-bit key. ATMs are still a very convenient. 2004] 3 Conclusion Behind the friendly appearance of the Automatic Teller Machines.length—the algorithm can specify a 128-bit key (the default). A clear example is the upgrade from the Data Encryption Standard to the Advanced Encryption Standard. which is almost three times as powerful. or a 256-bit key. Although. However. this is a constant battle between intruders and the bank.

Inc.htm 4. Principle and Practice 3rd ed.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/ 122t13/ft_aes.gov/fipspubs/fip46-2. Data Encryption Standard (DES).nist.com/ 2.lockergnome..itl. Advanced Encryption Standard (AES).htm 4 . Federal Information Processing Standards Publication 46-2 1993 [Retrieved from web March 25th. 2005] 3. Cisco Systems. William Stallings 2003 [Retrieved from text March 20th. 2005] http://encyclopedia. 2005] http://www. Lockergnome Encyclopedia 2004 [Retrieved from web March 25th. Automatic Teller Machine. 2005] http://www.cisco.References 1. Cryptography And Network Security. 2004 [Retrieved from web March 25th.