Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Goal: The student must enumerate the threats of the ATM system using STRIDE.It is an individual activity.Direction: 1 Apply STRIDE for the ATM case using
Goal: The student must enumerate the threats of the ATM system using STRIDE.It is an individual activity.Direction:Apply STRIDE for the ATM case using the DFD provided by the instructorReport the threats using the taxonomy explained in slides and class notes Threat EnumerationUse support material to better understand the impact and how the threat works in the specific domain. Attached below is the atm case: ATM SystemDescription based on What is ATM Definition & UsesAn ATM Automated Teller Machine system is a computerized telecommunications device that provides customers of financial institutions with access to financial transactions in a public space without needing a cashier, human clerk, or bank teller.Automated Teller Machines have revolutionized the banking sector by providing easy access to customers and loading off the burden from bank officials. Some of the uses of an ATM are Most commonly, users can withdraw money and check their account balance at an ATM. Bank account holders can also transfer money or change their PIN Personal Identification Number Newer and advanced ATMs also provide options to openwithdraw a Fixed Deposit FD or to apply for a personal loan. You can also book railway tickets, pay the insurance premiums, income tax & utility bills, recharge your mobile, and deposit cash. Some of these facilities may require you to register at the bank branch Customers can perform direct transactions at their convenience. Banks have installed their ATMs today in public spaces, highways, malls, marketplaces, railwayairport stations, hospitals, etc. Automated Teller Machines provide times access anywhere and at any time ATMs help to avoid the hassle of standing in long queues at the bank, even for more straightforward transactions like withdrawing money. It has also helped in reducing the workload of the bank officials.The main components of an ATM Automated Teller Machine system are: ATM machine: a crucial component of the system and contains these subcomponents:o Card Reader: This component reads the data encoded on a bank card's magnetic stripe or chip. It authenticates the card by communicating with the bank's database.o Keypad: The keypad is used by customers to input their Personal Identification Number PIN and other transaction details, such as the amount of money they wish to withdraw or deposit.o ScreenDisplay: The screen provides a user interface, displaying instructions, options, and information about the transaction. It can be a touch or standard screen paired with physical buttons.o Cash Dispenser: This mechanism dispenses cash to the user. It is equipped with sensors to dispense the correct amount of money.o Security Cameras: These are installed for surveillance to ensure the user's safety and deter fraudulent activities. Bank Central System: The bank's backend system is responsible for inventorying the ATM system and checking its availability. It also manages and authorizes transactions, maintains user account information, and ensures the ATM operates correctly. Its main functions are:o Authentication: The customer inserts their card, and the ATM reads the card details. The customer enters their PIN, which is encrypted and sent to the banks central system for verification.o Processing: The ATM communicates with the banks central system to process the transaction. For example, if the customer requests a cash withdrawal, the system checks the account balance and authorizes the transaction if funds are available.o Logging: The ATM logs the transaction details for audit and tracking purposes.o Completion: Once the transaction is authorized, the ATM dispenses cash, prints a receipt if requested, and updates the customer's account balance.o Fraud Detection: Software algorithms and monitoring systems detect and prevent fraudulent activities such as card skimming and unauthorized access.Given the domain's importance, the system must have a robust security scheme to prevent criminals from capturing the user's personal information password username, card data, etc. during transactions, preventing criminals from stealing money from the users account. The system must also provide protection against recording and disclosing the bank channels, preventing replays and other types of maninthemiddle attacks. Finally, the system must have advanced anomalous detection algorithms to detect several frauds against the bank system.Evil User Stories:As a malicious user, I want to capture the user's credentials during ATM use to enable them to steal money from the users.As a malicious user, I want to monitor the messages received and sent from the ATM system to launch reply attacks and commit other types of fraud against itSecurity Stories:As a bank client, I want to prevent my credentials from beingstolen so that we do not suffer spoofing and have my money stolen while using the ATM.As a Bank Security Officer, I want to have a fraud transaction prevent system to avoid that criminals launch successful attacks against the ATM system.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started