Abu Dharr al Ghafari أبو ذر الغفاري d. 32 H. in Rabdha, near Madina radiya Allah anhu Tab links: English | Türkçe | عربي | Maqams | Refs He lived in Damascus. Abu-Dhar al-Ghafari Mosque (2 F) Rebeze Ebu Zer el-Gıfari hazretlerinin cami ve türbesine ait × ; 37 KB. تخطيط اسم. Detailed Analytics for Ebu Zer El Gfari: “#SnCumhurbaşkanına Bir memleketi ” – Tweet.
|Published (Last):||2 March 2008|
|PDF File Size:||14.85 Mb|
|ePub File Size:||15.75 Mb|
|Price:||Free* [*Free Regsitration Required]|
Skip to main content. Log In Sign Up. However, multicast protocols do not fit the point-to-point model of most network security protocols which were designed with unicast communications in mind. Many banks are extending their activity and increasing transactions by using ATMs. ATM will allow them to reach more customers in a cost effective way and to make their transactions fast and efficient. However, communicating in the network must satisfy integrity, privacy, confidentiality, authentication and non-repudiation.
Many frameworks have been implemented to provide security in communication and transactions. In this paper, we analyze ATM communication protocol and propose a novel framework for ATM systems that allows entities communicate in a secure way without using a lot of storage. Our framework is implemented with Java and the software architecture, and its components are studied in detailed.
Abu Dhar al-Ghifari
ATM networks are one of the typical networks that need a high level of security to prevent the attacker doing malicious activity. ATM communication consists of several phases, such as authentication and authorization.
So, establishing a comprehensive security in ATM infrastructure needs a lot of concerns. Lack of security even in one of the phases can lead to massive security breach. In order to solve this problem, we propose a new framework that includes several entities same as ATM, customer, and bank.
To achieve security in wbu ATM networks each entity should consider zet security as an important factor. There are some studies on designing a new protocol and their attacks on ATM. In our previous paper  we presented two security protocols for ATM communication.
In this paper, our motivation is to introduce a new framework that includes registration, authentication, and authorization. Firstly, the user and ATM register for bank’s services. The bank generates authentication information and distributes it among them.
Bank also assigns some privileges to users, such as the amount of money he could transfer by means of ATM. It is possible that a user be authenticated by the bank; however, he is not authorized for a particular service. We implement our framework by using Java programming DOI: Secret sharing schemes SSS are perfect for storing information that is highly confidential and critical.
SFAMSS:A SECURE FRAMEWORK FOR ATM MACHINES VIA SECRET SHARING | Zeinab Ghafari –
For instance encryption keys, missile launch codes, and bank account information are critical information that should maintain in a secure way. This information must be protected highly confidential, as their exposure could be harmful. Traditional methods for encryption are not suited for achieving high levels of confidentiality.
Secret sharing aims at efficiently sharing a secret among a number of entities, and the secret can be recovered by entities gfarii. Hence, there are gafri applications of secret sharing in computer science such as , in cloud and , in data outsourcing. The rest of the paper is organized as follows: Section 2 analyzes related work and Section 3 describes the framework in particular, highlighting its main architecture and protocol details.
Then, Section 4 illustrates the implementation, and a case study in detail. Section 5 reports the protocol analysis. Finally, Section 6 concludes the paper. Few studies have hfari published on banking systems. In  the authors proposed a framework based on a smart card that allows entities to realize secure transactions.
The proposed solution uses smart cards to store keys and perform cryptographic algorithms in e- business transactions. The paper describes the implementation of a deterministic and fair non-repudiation protocol. Authors in  presented a new framework intended to extract FSA Finite State Automaton specifications of network protocol implementations and test it for implementation flaws. They constructed the framework using Java. Mittra  developed a novel framework for scalable secure multicasting this protocol can be used to achieve a variety of security objectives in communications.
In  the authors investigated a new framework for network management protocol. They proposed an architecture composed of mobile agents. They applied secret sharing scheme to prevent unauthorized access to cloud data. They provide a secure analysis for their protocol by using zero-knowledge proof.
Since the computer system at the bank is connected through an insecure communication channels to the ATM, applying secure mechanisms in the communication is essential.
The insecure communication channels are subjected to attacks by active and passive malicious attacker. Messages may not be removed by an attacker. However, confidentiality of messages might be breached, and new message might be generated by the attacker. Thus, the authorship and content of messages that transit in the insecure communication link should be considered suspect.
Gfadi use ATMs to make queries such as withdrawals and balance inquiries involving their accounts. Attackers must be prevented from interfering with these actions. Communications between user, ATM and bank consists of the following steps: The user inserts his smart card into the ATM. The ATM informed the customer for a password. So, to protec tect interacts among parties, communication should be confidential and reputable. Confidentiality is the property that a message cannot be accessed ebk unauthorized entities.
Non-repudiation is the pproperty that an entity cannot repudiate the message ge that he send before. In this section, we present p a new protocol that guarantees non-repu epudiation and confidentiality. Using SSS helps entities to authenticat ate each other without trusted third party existen tence.
Protocol details We have a certificate authority y that issues certificates to all entities, yfari, before th the registration phase all of the entities have the heir certificate and private key. Epu, Epr are referre rred to entity E public key and private key.
KS is a session key which is established between user aand bank. The ATM communicates with the ban ank by means of a protocol that meets the following re requirements: ATM authenticates the user. Gfri sends authentication infonformation to the bank. It preserves the integrity and confidentiality co of communications between the bankk and ATM. Messages that are sent by the AT TM to the bank provide evidence that every ATM-in initiated action was, in fact, initiated by the use user.
The bank server responses to user by ATM. It also records information in an audit log for la later use in justifying its past actions to the user.
Ebu Zer el-Gıfârî
Thee audit log that is stored in bank servers is vuln lnerable to network attacks. So data written to the llog should be encrypted to prevent a confidendentiality breach. Since entities sign their messages, s, they cannot repudiate it.
Banks public key bankpr: Banks private key K u1; bank: Session key between een bank and u1 u1pb: Users private key The private key of the user is stored securely in the credit card ATMpb: Figure 2-Message Exchange in the selected scenario Our scenario is illustrated in Figure and we will investigate it step by step. DE K Bank decrypts D?
We implememented protocol role with Java language, in the ecli clipse platform. The UML diagram is illustrated d in i this hyperlink. Second, he stores them in the bank database. User sends password number to ATM with his smartcard. ATM checks if the password is correct.
ATM extracts the Duser and Datm. Confidentiality Confidentially means guaranteeing data and important user information not to be accessed by unauthorized users and aliens that usually is performed using cryptography techniques.
Thus, dues to the shares that we have considered exclusively for each entity, to access the main secret data, it is required that all the entities must be present, which results in establishing the confidentiality.
Abu Dhar al-Ghifari – Wikipedia
Also the bank and ATM key pair areused to encrypt messages. This keypair used between the bank and the user prevents the ATM from accessing the information shared between these two entities, which in turn gfarii in the confidentiality. Confidentiality of our algorithm depends on the number of key bits and encryption algorithm. We use RSA as a robust encryption algorithm. There is a trade-off between number of key bits and performance of the algorithm. If the number of key bits is ehu, protocol security is higher but encryption and decryption process may take longer.
Zet Integrity is needed to prevent and discover redundancy, modification, and deletion of data. While registering an ATM and a user in a bank, two independent certificates are issued for these two entities. Both certificates are signed by the user. To establish integrity, we used digital signature in the protocol communication. In Gcari, if an attacker tries to change part of the message, receiver can detect the changes by verifying the signature of the message. Non-Repudiation Non-repudiation prevents the sender from denying the transmission of her message.