Question

1 Approved Answer

Posted on Sep 25, 2024

Question 3. (30 points) A bank B allows its customers to withdraw cash from its network of automated teller machines (ATMs). The ATMs operate in

image text in transcribed

Question 3. (30 points) A bank B allows its customers to withdraw cash from its network of automated teller machines (ATMs). The ATMs operate in the following way. The bank asks each customer A to select a secret number called a pin and denoted by Pin(A). Then the bank issues each customer A a special magnetized card that contains the following two pieces of information (on separate portions of the magnetized strip on the card): The customer's account number at the bank (call it Account(A)). Enco(Pin(A)) where Encs refers to deterministic encryption with the bank's secret key in a private-key cryptosystem. Each ATM of that bank contains, in secure tamper-resistant hardware, the bank's secret key, and can therefore perform Encb() computations. When a customer A wants to withdraw cash from an ATM, A inserts the card in the machine and the following happens: 1. The ATM reads the information on the card, and then asks A to type Pin(A) on the keypad. The customer complies. 2. The ATM encrypts (i.e., does an Encb()) what A just typed on the keypad and verifies that the result equals the Enco(Pin(A)) that was read from the card in Step 1. If they do not match then the transaction is rejected, if they match then the ATM asks A to choose, using the keypad, the amount of cash that A wishes to withdraw. 3. The ATM communicates with the bank's server to verify that the Account(A) that it read from the card is a valid account number and has enough money for the requested cash withdrawal. If so then the ATM provides the requested cash to A, and the bank's server simultaneously decreases the account balance of A by the corresponding amount, and stores for that account the relevant transaction information (i.e., the time and place at which it occurred, and the amount of cash withdrawn). Note that, if the card is stolen from the customer A, the thief cannot obtain Pin(A) from the card because it is encrypted (this is why it is Enco(Pin(A)) rather than Pin(A) that is stored on the magnetic strip of the card the latter would be insecure because it is easy to read and modify the information on the magnetic strip of a card (or to simply create a counterfeit new card with the modified information). 1. (20 points) Show how a dishonest bank customer X who knows Account(A) (e.g., because X once received a paper check from A) can steal money from A by using the ATM to withdraw cash from the account of A. 2. (10 points) Suppose the theft occurs as in your answer to the above part 1. When A checks the account balance, A realizes something bad happened and complains to the bank. Can the bank tell whether the theft really occurred, i.e., that A is not lying