CC BY
14
17. Prikaz FSTEK Rossii ot 20 oktyabrya 2016 g. № 025 [The order of FSTEC of Russia of October 20, 2016 № 025].
18. Kontrol' zashchishchennosti informatsii ot utechki po tekhnicheskim kanalam za schet pobochnykh elektromagnitnykh izlucheniy i navodok. Attestatsionnye ispytaniya po trebovaniyam bezopasnosti informatsii [Control of information security from leakage through technical channels due to side electromagnetic radiation and interference. Qualification tests according to the requirements of information security]. Modcow, 2014, 208 p.
19. Sukharev E.M. Modeli razvitiya tekhnicheskikh razvedok i ugroz bezopasnosti informatsii [Models of development of technical intelligence and threats to information security]. Moscow, 2003, 296 p.
20. Vygodskiy M.Ya. Spravochnik po vysshey matematike [Handbook of higher mathematics]. Moscow: Nauka, 1966.
Статью рекомендовал к опубликованию д.т.н., профессор С.М. Климов.
Василенко Владимир Васильевич - ООО «Центр безопасности информации»; e-mail: bsv@cbi-info.ru; Московская область, г. Королёв, мкр. Юбилейный, ул. Пионерская, д. %; тел.: 84955433060; д.т.н.; профессор; заместитель председателя.
Рыженко Сергей Викторович - e-mail: svr@cbi-info.ru; Московская область, г. Щёлково, ул. Центральная, д. 17, кв. 258; тел.: 84955433060, 89259229721; заместитель директора департамента специальных исследований.
Vasilenko Vladimir Vasil'evich - CLL "Center of Information Security"; e-mail: bsv@cbi-info.ru; Moscow region, Korolev, MD. Jubilee, Pionerskaya street, d. %; phone: +74955433060; dr. of eng. sc.; professor; deputy chairman.
Ryzhenko SergeyViktorovich - e-mail: svr@cbi-info.ru; Moscow region, Shchelkovo, Central street, 17, sq. 258; phones: +74955433060, +79259229721; deputy director of the department of special researches.
УДК 654.024:004.056 DOI 10.23683/2311-3103-2018-2-256-263
Firas Naziyah Mahmood, Hayder Hussein Shakir, K.Ye. Rumyantsev SECURITY OF BANKING REMOTELY SYSTEM
SMS banking allows customers to request and receive banking information from their Bank on their mobile phones. Clients can securely manage their Bank accounts, balances of current account, send cheque requests and account fees. Secured banking channel SMS also acts as the means of the Bank alerting its customers, especially in an emergency situation. The aim of this paper to design and implement the program/ application to send and received a secured SMS for banking works, installing on client's devices by authorized bank employer. This program/Application decrypt the code that send to the client by one of the authorized telecommunication company servers according to contract with services provider company. The code expiration is 15 seconds for increasing the security levels and if the client doesn't send the code, the company send a new SMS to ask him to resend a new code, and we can make a limitation of the money Drawdowns per day according to dealing with the costumer contract with bank for increasing the level of security. IN case of using the card for drawdown more than the money that dealing with bank, the bank preform the locking procedure for that account and stopping the drawdown process and Report this situation from the customer of the bank that is under threat or other similar so. Electronic Markets (E-markets) can be more effective and less expensive way to sell products or provide services without geographical barriers. It changes the relationship of buyer-seller, improves business processes and helps reach new markets or segments through the electronic medium.
Banking Remotely; Security and Threats.
Фирас Назия Махмуд, Хайдер Хуссейн Шакир, К.Е. Румянцев
БЕЗОПАСНОСТЬ БАНКОВСКИХ ДИСТАНЦИОННЫХ СИСТЕМ
Банковское дело SMS позволяет клиентам просить и получать банковскую информацию от их банка на их мобильных телефонах. Клиенты могут надежно управлять счетами в банке, балансами текущего счета, послать запросы чека и счета платы. Обеспеченный канал банковского дела SMS также действует как средства банка приведения в готовность его клиентов, особенно в чрезвычайной ситуации. Представлены результаты разработки и реализации программы/приложения для отправки и получения защищенного SMS-сообщения для банковских работ, установка на клиентские устройства уполномоченным банком-работодателем. Эта программа/приложение дешифрования кода, который отправляет клиенту один из авторизованных серверов телекоммуникационной компании в соответствии с договором с компанией-поставщиком услуг. Срок действия кода составляет 15 секунд для повышения уровня безопасности. Если за это время клиент не отправит код, то компания отправит новое СМС, чтобы попросить его повторно отправить новый код. Возможен ввод ограничения на снятие денег в течение дня согласно заключенному заказчиком договору с банком для повышения уровня безопасности. В случае использования карты для снятия больше денег, банк предварительно оформит процедуру блокировки для этого счета, остановит процесс снятия и сообщит об этой ситуации от клиенту банка, который находится под угрозой или другим аналогичным образом. Электронные Рынки (E-рынки) могут представить более эффективный и менее дорогой способ продать продукты или оказать услуги без географических барьеров. Это изменяет отношения покупателя-продавца, улучшает бизнес-процессы и помогает достигнуть новых рынков или сегментов через электронную среду.
Удаленное банковское обслуживание; безопасность и угрозы.
1. Introduction. In the world of banking, the development in information technology has an enormous effect on development of more flexible payment methods and more-user friendly banking services. Electronic banking services are new, and the development and diffusion of these technologies by financial institutions is expected to result in a more efficient banking system [1]. This technology offers institutions alternative or non-traditional delivery channels through which banking products and services can be delivered to customers more conveniently and economically without diminishing the existing services level. Banking over the Internet has attracted increasing attention since the late 1990s from banks, brokerage houses, and insurance companies, as well as the business press, regulators, and law makers, both in the United States and elsewhere. This attention has been due, in part, to the rapid and significant growth in electronic commerce (e-commerce) and to the notion that electronic banking and payments are likely to advance more or less in tandem with e-commerce. Industry analyses outlining the potential impact of Internet banking on cost savings, revenue growth, and increased customer convenience have generated considerable interest and speculation. Public policy issues emerging with the development of Internet banking are themselves generating increased attention, from banking regulators and other government officials [2-7]. To date, however, because little systematic information on the nature and scope of Internet banking exists, much of the analysis of its benefits and impact has necessarily been based on anecdotal evidence and conjecture. The increase in information access terminals along with the growing use of information sensitive applications such as e-commerce, e-learning, ebanking and e-healthcare have generated a real requirement of reliable, easy to use, and generally acceptable control methods for confidential and vital information [8-10]. The aim of this project to design and implement the program/ application to send and received a secured SMS for banking works, installing on client's devices by authorized bank employer.
2. Banking remotely. To be familiar with the concept of e-commerce and its variants worthy that is the first overview of the trade in the sense that we have. For trade terms in most dictionaries the following definitions is presented: social exchange is the exchange of ideas and opinions. Exchange or buying and selling of goods in large scale involving transportation from one point to another .
As internet continues to expand, the convenience associated with electronic banking will attract more customers. One expectation of e-banking is that it will replace the need for writing checks, or carrying a lot of cash [11].
3. Problem Statement. It is well known that individuals in the Middle East are late adopter of the internet and its applications with regards to Internet banking. many other countries have the same problems. There is no study that identifies and explains factors that affect Internet banking. Customers in all of the country are late adopters of the internet and its applications with regards to Internet baking. It seems that internet banking is facing difficulties. Many developing countries have the same problem [12]:
1. Although many customers perceived Usefulness and Eases of Use as benefits of the internet, they have not transferred this attitude toward the application of the internet to bank operations. May banks customers are reluctant to use online banking. Some customers simply don't like the technology at all ,and others fear their computer will garble their accounts.
2. Lack of banking services through the web due to a limited number of banks using the Internet.
3. Data and network security, in addition privacy problems.
4. Lack of infrastructure and weak telecommunications.
5. Broken and slow internet connections.
6. Customers are afraid to use Internet banking and purchases through the internet because they think that any mistake or error could mean a loss of money.
7. Lack of internet awareness, because this service is still widely unaccepted. It is believed that customers are still not fully confident with using ATM cards, and telephone banking. Greater awareness could show them the benefits of using new systems and could encourage them to adopt Internet banking transactions.
8. Customers are afraid to of attacks and threats in Internet Banking.
4. Electronic commerce (EC). Electronic commerce is the process of buying, selling, or exchanging products, services, or information via computer networks (fig. 1). Electronic Commerce is the sale and procurement of supplies and services using information systems technology [13].
Consumer t □ Costomer t □ Buyer t □ User t
1 Producer □ i Performer □ i Seller/merchant □ 1 Provider
Product D Service □ Supply □ license
Tangble e.g. information e.g. information Soft goods
goods retrieval products e.g.programs
music
Fig. 1. Electronic Commerce Definitions
4.1. The Social Impact of E-commerce. Along with the e-commerce and its unique charm that has appeared gradually, virtual enterprise, virtual bank, network marketing, online shopping, payment and advertising, such this new vocabulary which is unheard-of and now has become as familiar to people. The concept of strategic use E-Commerce through the utilization of Internet software and services [14]. Electronic commerce presents developing countries an opportunity that can potentially enhance economic growth and development [15].
To understand how the e-commerce has affected the society and economy, this article will mention three issues below:
1. The e-commerce has changed the relative importance of time, but as the pillars of indicator of the country's economic state that the importance of time should not be ignored.
2. The e-commerce offers the consumer or enterprise various information they need, making information into total transparency, will force enterprise no longer is able to use the mode of space or advertisement to raise their competitive edge. the prefect ecommerce system can transmit the information of consumer demand directly to the automated production line in order to best meet customer demand [16]. Moreover, impact for e-commerce is to intensify competition and producing benefits to consumers in lower prices and more choices [17].
3. In fact, during the economic activity in the past, large enterprise frequently has advantage of information resource, and thus at the expense of consumers. Nowadays, the transparent and real-time information protects the rights of consumers, because the consumers can use internet to pick out the portfolio to the benefit of themselves. The competitiveness of enterprises will be much more obvious than before, consequently, social welfare would be improved by the development of the e-commerce.
4.2. Electronic Market (E-marketplace). An e-marketplace can be described as a B2B Internet platform providing an Internet-based solution that aims at facilitating new trading relationships between companies, or supporting existing ones. E-marketplaces can represent a more efficient and less expensive way to sell products or provide services globally, without geographical barriers. It reshapes the buyer-seller relationships, improves business processes and helps reach new markets or segments through the electronic medium [18].
SMS Banking Services are Operated Using [19, 20].
1. Push Messages are those that the bank chooses to send out to a customer's mobile phone, without the customer initiating a request for the information. Examples - Mobile marketing messages or messages alerting an event which happens in the customer's bank account, such as a large withdrawal of funds from the ATM & onetime password (OTP) etc.
2. Pull messages are those that are initiated by the customer, using a mobile phone, for obtaining information or performing a transaction in the bank account. Examples -account balance enquiry, new ATM Pin generation blocking/ unblocking of cards or requests for current information like currency exchange rates and deposit interest rates, as published and updated by the bank.
5. Advantages of SMS Banking.
♦ SMS Banking allows customers to request and receive banking information from their bank on their mobile phones.
♦ Customers can manage bank accounts, check account balances, send cheque requests and pay bills.
♦ It is convenient because customer don't have to go to a bank to complete a banking transaction.
♦ It's quite discrete, so customers can view it when they are doing everyday jobs and don't have to set aside time to go to the bank.
♦ The SMS banking channel also acts as the bank's means of alerting its customers, especially in an emergency situation, for example when there is an ATM fraud happening in the region, the bank can push a mass alert (although not subscribed by all customers) or automatically alert on an individual basis when a predefined 'abnormal' transaction happens on a customer's account using the ATM or credit card.
6. Experimental Part (coding). package com. sms. aliabd. sms;
import android. provider. Telephony; importandroid. support. v7. app. AppCompatActivity;
import android. os. Bundle; import android. telephony. SmsManager; import android. view. View;
import android. widget. Button;
import android. widget. EditText;
public class MainActivity extends AppCompatActivity {
Button sendSMS;
EditText msgTxt;
EditText numTxt;
@Override
protected void onCreate(Bundle savedlnstanceState) { super. onCreate(savedlnstanceState); setContentView(R. layout. activitymain);
sendSMS = (Button) findViewById(R. id. sendbtn); msgTxt = (EditText) findViewById(R. id. message); numTxt = (EditText) findViewById(R. id. numbertxt); sendSMS. setOnClickListener(new View. OnClickListener() { @Override public void onClick(View v) {
String myMsg = msgTxt. getText(). toString(); String theNumber = numTxt.
getText(). toString(); sendMsg(theNumber, myMsg); }
}); }
private void sendMsg(String theNumber, String myMsg) {
SmsManager sms = SmsManager. getDefault(); sms.
sendTextMessage(theNumber, null, myMsg, null, null); }
}
6.1. Classification of EC by the Nature of the Transactions or Interactions.
Electronic commerce models are as follows:
Trade B2B. Business to Business (Internet commerce between the two firms)
Trade C2B. Consumer to Business (Between enterprise and consumer ecommerce) retail.
Trade C2C. Consumer to Consumer (Between the consumer and the consumer ecommerce).
Trade A2B. Administration to Business (All financial and commercial transactions between companies and public organizations).
Trade G2G Government to Government.
Trade B2G. Government to Business.
Trade P2P. Peer to Peer.
The application of encrypted messages:
♦ works with any telephone number;
♦ writing in any language required;
♦ encryption using the key;
♦ the key consists of 16 characters and can be changed and determined by agreement between users;
♦ if happened different in the write key will be decryption process not happened;
♦ the program opens automatically while receiving any message. 6.2. Application interfaces and working steps.
Step A (Fig. 2, a). The interface of the application when startup consists of:
♦ field to enter the number;
♦ field to enter the key;
♦ the entry field of the message;
♦ send button;
♦ cancel button.
a be
Fig. 2. Working steps
Step B (Fig. 2, b). Enter the number, enter key, message, and send:
♦ the key consists of 16 symbols;
♦ press send button to send the message.
Step C (Fig. 2, c). Receiving messages consists of:
♦ field to enter key;
♦ decryption button (submit);
♦ sender number;
♦ decryption message.
Step D. Writing the key. The key must be similar to the sender key with the encrypted message.
Step E. Press on button (submit) to decryption message.
7. Conclusions. Banking remotely has become a necessary survival weapon and is fundamentally changing the banking industry worldwide. Today, the click of the mouse offers customers banking services at a much lower cost and also empowers them with unprecedented freedom in choosing vendors for their financial service needs. In this project we concluded that the SMS Banking allows customers to request and receive banking information from their bank on their mobile phones. The Customers can securely manage bank accounts, check account balances, send cheque requests and pay bills, It is convenient because customer don't have to go to a bank to complete a banking transaction, It's quite discrete, so customers can view it when they are doing everyday jobs and don't have to set aside time to go to the bank, Finally The secured SMS banking channel also acts as the bank's means of alerting its customers, especially in an emergency.
REFERENCE
1. Adrian B.-W.; Atkinson P. and Roulet C. Bank Business Models and the Separation Issue. Financial Market Trends. - 2013.
2. Kotenko V.V., Rumyantsev K.E. Theory of Information and Protection of telecommunications: Monograph. - Rostov-on-Don: Publishing house of the SFedU, 2009. - 369 p.
3. Kotenko V.V., Rumjantsev K.Y., Котенко S.V. Methodology of the identification analysis in information systems: Monograph. - Rostov-on-Don: Publishing house of the SFedU, 2014.
- 315 p.
4. Kotenko V.V., Rumjantsev K.Y. Theoretical basis of information counteraction of the terrorism threats: the Monography. - Rostov-on-Don: Publishing house JUFU, 2014. - 228 p.
5. Kotenko V.V. Strategy of optimization of scientific creativity when resolving the problems of research activities in higher educational institutions // International Journal of applied and fundamental research: Executive Editor: Publishing house «Academy of Natural History» (Germany, An der Trift 30, 63263 Neu-Isenburg). - 2017. - No. 3 - URL: www.science-sd.com/471-25322 (05.12.2017).
6. Kotenko V.V., Lukin M.J., Mirgorodsky S. V. Strategy of decision of tasks of defence of information from positions of virtualization of processes of antijamming encryption // Izvestiya SFedU. Engineering sciences. - 2015. - No. 8 (169). - P. 46-57.
7. Kotenko V.V., Kotenko S. V. Analysis of cryptographic identification algorithms with positions virtualisation identifiers // Izvestiya SFedU. Engineering sciences. - 2015. - No. 8 (169).
- P. 32-46.
8. Amtul F. E-banking Security Issues - Is There a Solution in Biometrics? // J. Int. Ban. Com.
- August 2011. - No. 16 (2). - P. 6-13.
9. Kotenko V., Rumjantsev K., Kotenko S. New Approach to Evaluate the Effectiveness of the Audio Information Protection for Determining the Identity of Virtual Speech Images // Proc. of the Second International Conference on Security of Information and Networks. The Association for Computing Machinery (ACM). - New York. Publications Dept., ACM, Inc. 2009.
- P. 235-239.
10. Kotenko V.V., Kotenko S.V., Rumyantsev K.E., Gorbenko I.D. Optimization of information security processes in terms of virtualization relative to conditions of theoretical indecipherabil-ity // Applied Radio Electronics: Sci. Journ. - 2013. - Vol. 12. - No. 2. - P. 265-272.
11. Omariba Z.B.; Masese N.B. and Wanyembi G. Security and Privacy of Electronic Banking // Int. J. Comp. Sci. - 2012. - No. 9, Issue 4.
12. Baragnhai S.N. 2007 MS. C. Thesis. Lulea University of Technology, Sweden, 15.
13. Mirmiran S.F. and Shams A. The Study of Differences between E-commerce Impacts on Developed Countries and Developing Countries, Case Study: USA and Iran // New Marketing Research Journal Special Issue. - 2014. - P. 79-100.
14. Nejadirani F., Behravesh M. andRasouli R. «Developing Countries and Electronic Commerce the Case of SMEs // World Applied Sciences Journal. - 2011- No. 15 (5). - P. 756-764.
15. DehkordiL.F., Shahnazari A. andNoroozi A. A Study of the Factors that Influence the Acceptance of e-Commerce in Developing Countries: A Comparative Survey between Iran and United Arab Emirates // Interdisciplinary Journal of Research in Business. - 2011. - No. 1, Issue 6.
16. Chang Y. 2016. MS. C. Thesis. Southern Illinois University Carbondale, 9.
17. Terzia N. The impact of e-commerce on international trade and employment // Procedia Social and Behavioral Sciences. - 2011. - Vol. 24. - P. 745-753.
18. Nedelea §. And Adriana L. 2010 E-Marketplaces and Their Importance for Logistic Networks // Internal Auditing & Risk Management, (17).
19. Rotimi E., Awodele O. and Ajayi B.O. 2007. SMS Banking Services: A 21st Century Innovation in Banking Technology. Sci. Inf. Tech., 4.
20. Kotenko V.V., S.V. Kotenko, Rumyantsev K.E., Gorbenko Yu.I. Continuous data protection strategy from the standpoint of virtualization of ensemble of keys on a formal relationship of ensembles // Applied Radio Electronics: Sci. Journ. - 2013. - Vol. 12, No. 2. - P. 308-312.
Статью рекомендовал к опубликованию к.т.н. И.Е. Хайров.
Румянцев Константин Евгеньевич - Южный федеральный университет; e-mail: rke2004@
mail.ru; 347928, г. Таганрог, ул. Чехова, 2; тел.: 89281827209; кафедра информационной
безопасности телекоммуникационных систем; зав. кафедрой; д.т.н.; профессор.
Хайдер Хуссейн Шакир - e-mail: hyder.almansoor@yahoo.com; тел.: 89185426223; кафедра
информационной безопасности телекоммуникационных систем; аспирант.
Фирас Назия Махмуд - Министерство науки и технологий Багдад, Ирак; e-mail: firasalmashhadani53@gmail.com; Ирак, Багдад, Ал-Хадраа район 639,11,10; тел.: +9647706304666; магистратура информационной безопасности.
Rumyantsev Konstantin Yevgenievich - Southern Federal University; e-mail: rke2004@mail.ru; 2, Chekhov street, Taganrog, 347928, Russia; phone: +79281827209; the department of information security of telecommunication systems; head of department; dr. of eng. sc.; professor.
Hayder Hussein Shakir - e-mail: hyder.almansoor@yahoo.com; phone: +79185426223; the department of information security of telecommunication systems; postgraduate student.
Firas Naziyah Mahmood - Ministry of Science and Technology, Baghdad, Iraq. e-mail: firasalmashhadani53@gmail.com; Iraq, Baghdad, al-Khadraa district 639,11,10; phone: +9647706304666; master degree in information security.
