Mini Project on Secure E-Banking

Wednesday, February 23 2011 @ 02:26 PM UTC

Contributed by: Sarad

Functionality E-Banking is vulnerable to numerous attacks as it deals with online digital cash transactions. It is hence important to use publicly acclaimed cryptographic algorithms that have been under scrutiny and cryptanalysis for numerous years. We choose a symmetric key cryptosystem such as Blowfish for our implementation. Though encrypted, the transactions between the two banks are still vulnerable to block replay attacks by a man in the middle. To thwart this attack we use a suitable chaining mode such as Cipher Block Chain with checksum (CBCC). A separate Initialization Vector (IV) is generated for chaining each transaction, using a fast Pseudo Random Number Generator (PRNG) with a large period. We use one such PRNG known as Mersenne Twister (MT19937). The public keys of Bank A and Bank B are authenticated by a Certifying Authority (CA). The application is implemented by writing a client and server program using Berkley Sockets. This application assumes the existence of a CA and doesn't implement any Public Key cryptosystem.

Comments (0)