Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Java Programming

Progress Report

advertisement 
Final Year Project Progress Report – Paul Killoran
Final Year Project Progress Report
Name:
Paul Killoran (01369806)
Course:
4BP1 – Electronic and
Computer Engineering
Supervisor:
Fearghal Morgan
10/1/2005
1
Final Year Project Progress Report – Paul Killoran
Abstract
“A secure wireless payment system to prevent credit card fraud.”
The object of the project is to build a working prototype of a more secure credit card
transaction processing system. The system will make fraud more difficult for thieves
to crack the system. The user will have their own personal device that they will keep
on their person at all times. The retail outlet will have a unit similar to what they
already have on which they will credit customers accounts with.
The project was conceived from the growing trend of credit card and ATM card fraud.
It aims to provide an alternative approach to the current system and present many
improvements on the new “Chip and Pin” card system being rolled out at the moment.
2
Final Year Project Progress Report – Paul Killoran
1 Table of Contents
1
Table of Contents ................................................................................................... 3
2
Project Outline ....................................................................................................... 4
2.1
Introduction .................................................................................................... 4
2.2
Hardware ........................................................................................................ 5
2.2.1
E-Card .................................................................................................... 5
2.2.2
Kiosk ...................................................................................................... 5
2.2.3
Bank Server ............................................................................................ 5
2.3
Software ......................................................................................................... 5
3
Proposals for Tackling Project ............................................................................... 6
4
Progress to Date ..................................................................................................... 7
4.1
4.1.1
PDA................................................................................................................ 7
Java Programming ................................................................................. 7
4.2
SSH (Secure Shell) and VNC (Virtual Network Computing) ....................... 7
4.3
Encryption ...................................................................................................... 8
4.3.1
WEP (Wired Equivalent Privacy) Key Protection ................................. 8
4.3.2
RSA (Rivest, Shamir, Adleman) Algorithm .......................................... 9
4.3.3
MD5 Algorithm ................................................................................... 11
4.4
GUI (Graphical User Interface) ................................................................... 12
4.5
Communication ............................................................................................ 13
4.5.1
Sockets ................................................................................................. 13
4.5.2
RMI (Remote Method Invocation) ...................................................... 13
4.6
Analog Device AduC7020 ARM7TDMI..................................................... 13
4.7
Ethernet Module........................................................................................... 14
5
System Diagram ................................................................................................... 15
6
Task List............................................................................................................... 18
7
Links .................................................................................................................... 19
3
Final Year Project Progress Report – Paul Killoran
2 Project Outline
2.1 Introduction
The system is designed to improve the security and simplicity of current credit card
transactions. There are three main units that model the proposed system and they are
namely: the E-Card, Retail Kiosk and Bank Server.
Security becomes compromised when private data is given away to a 3rd party and the
practice of “good faith” is adopted. By challenging this perception and “trusting
nobody” security breaches become far more difficult. Consumers freely exchange
their credit card numbers, expiry dates and signatures with retailers or retailer’s agents
every day. Fraud in this area has significantly increased in this area in recent years
and the trend is set to continue.
Visa and Mastercard have begun to introduce a new “Chip and Pin” system, which it
is hoped will hinder the criminal groups engaging in this fraudulent activity. The new
system can be cracked by simply viewing what the customer enters on the key pad or
by tampering with the key pad itself to record the number sequences entered. The
major credit card companies fail to recognise that by releasing customer details
openly in an untrustworthy environment, the possibilities of credit card fraud
increases. The only real solution is to restrict providing protected information to
trusted parties alone.
The proposed new system gives the customer a terminal to communicate with their
bank while on the move over a secure wireless network. As retailers are generally
stationary their unit will be connected over a wired banking network to their own
bank. The customers unit (E-Card) and the retailers unit (Kiosk) will only
communicate directly to initialise a transaction and to pass confirmation codes to
complete a transaction. We must assume that the parties can trust their own banks and
that’s the banks communicate with each other in a secure manner.
4
Final Year Project Progress Report – Paul Killoran
2.2 Hardware
The three units of the project will be constructed using the following hardware:
2.2.1 E-Card
The Sharp Zaurus SL-5600 provides the platform for building the customers terminal
to the bank. It is an attractive PDA running an embedded distribution of Linux with a
colour touch screen and many expansion ports. The PDA supports Java, C and Python
programming languages. A Linksys CompactFlash Wireless card provides the PDA
with Wifi (802.11b) enabling it to communicate with the bank over a wireless
network.
2.2.2 Kiosk
An Analog Devices AduC7020 ARM7TDMI microcontroller board is the main
building block of retailer unit. A LCD screen and keypad will be attached to the GPIO
of the board to provide the retailer with a user interface for processing transactions.
The system is provide with Ethernet functionality by a Polish built Propox MMlan1
which allows a microcontroller to read and write data using its GPIO pins over an
10Base-T Ethernet network. Lukasz Nosul sourced this module.
2.2.3 Bank Server
The server will be built on a standard computer with Ethernet and Wifi access.
2.3 Software
The three units will each require a basic operating system to process the financial
transactions. The retailer’s Kiosk will be written in C and cross-compiled into
assembly language. It will be required to observe inputs received on the keypad and
the Ethernet module and update the display on the LCD screen as required. The
operating system will probably have some encryption facility.
The E-card will be written in an embedded subset of Java called PersonalJava, which
is optimised for embedded device programming. It will communicate with the bank
5
Final Year Project Progress Report – Paul Killoran
using sockets and RMI (Remote Method Invocation) and provide encryption facilities
to secure the data prior to transfer.
Java will once again be used to write the Bank Server, as this will allow some reuse of
code and easier interoperability between the server and PDA. Like the PDA the bank
will also use sockets and RMI to communicate with its clients. Encryption will also be
provided in the bank server operating system. Customer details will be stored in a
MySQL database that will be accessed by this piece of software.
3 Proposals for Tackling Project
The project can be logically spilt into three main tasks by building each unit
independently and then combining them towards the end of the project building cycle.
Work packages have been defined to further break down the individual steps involved
in completing each of the three units. The work packages can be found at the end of
this report.
I will be required to understand the concepts, algorithms and practicalities of various
Encryption algorithms and security measures to ensure the system is adequately
secure. I have been in contact with Dr. Michael Schukat several times regarding the
security issues of my project.
The logbook is vital to my successful completion of the project. I record my thoughts,
ideas and test results in it so that it helps with my understanding and progression of
the project. This will be a valuable resource when compiling my thesis once the
project is completed.
It is extremely important that I hold regular meetings with my supervisor so that he
can best advise me on how best to advance with my project and help with whatever
problems I may encounter. An open dialog and active communication is the key to
success.
6
Final Year Project Progress Report – Paul Killoran
4 Progress to Date
4.1 PDA
4.1.1 Java Programming
I have successfully programmed Java on the Sharp Zaurus. I initially had to
understand how to use the PDA’s Java Virtual Machine. This required me to write a
simple program and then download it to the PDA. Unfortunately I was unable to
execute the program by clicking on an icon that I had created on the desktop of the
GUI. I believe that the problem is due to permissions and I hope to solve the problem
soon. It is not a major concern of mine as I intend that the final program will be
executed automatically as the PDA boots. The time being I must execute all my
programs from the command line.
The PDA comes will a JVM (Java Virtual Machine) built into the kernel. It is an early
version of Java called PersonalJava that was later extended to create the now popular
Java Micro Edition used in Embedded Device Programming. This condensed version
of Java has a limited set of libraries or classes and as a result some of the toolkits are
not provided. Most notably the “swing” graphics toolkit is not provided in this edition
so creating GUI’s must be done using the more basic AWT (Abstract Window
Toolkit).
4.2 SSH (Secure Shell) and VNC (Virtual Network Computing)
SSH and VNC have proved to be useful tools in the development of the PDA. As the
screen size and keypad of the PDA is relatively small compared to those of a standard
computer it is quite difficult and slow to rely on them to use the command line for
example. By installing an SSH server on the PDA I can now connect to it easily using
a simple SSH terminal program that allows me direct access to the command line
from my laptop over a wired or wireless link.
SSH enables me to perform file operations, set preferences, download and execute my
java programs all from my laptop instead of having to work with a miniature keypad.
VNC allows be to view the screen and interact directly with it again from my laptop
or another remote point. Both these tools have helped greatly in my development of
the system.
7
Final Year Project Progress Report – Paul Killoran
4.3 Encryption
As the system under development is designed to be a secure system it is imperative
that it would contain encryption prevent “packet sniffing” attempts to be successful.
As the aim of the overall project is to safeguard the customers information we must
ensure that, that information is not revealed to a fraudster. This area has received the
most significant amount of attention and research in my project development to date.
It is intended to provide three levels of encryption to protect the information.
4.3.1 WEP (Wired Equivalent Privacy) Key Protection
This is a very basic level security built into the Wifi (802.11b) specification to prevent
unauthorised access to network to unknown nodes and to hide the information being
transmitted. 128-bit encryption is employed on this system. The encryption works on
the principle of a shared key. Each registered node shares the same key and uses this
key to interrogate and gain access to the network via an access point. If a node does
not have the correct key they cannot gain access to the network and so it prevents
unauthorised access to a foreign node that’s intent may be to pose as the bank server
and fool nodes into surrendering their information. The same key is used to hide
sensitive data being transferred between nodes and access points from illegitimate
nodes that may be sniffing the packets.
Although in theory it sounds like an adequate form of security, in practice it is not. If
this new system being proposed in the project was to be adopted on a national basis
then every access point and node would need to share the same key. In the event that
the key is stolen or a fraudster learns the key value then every node in the country
would be at serious risk of leaking vital information about their owner. The banks
would then have to freeze all transactions and recall all the devices to be updated with
a new key. It would prove to be quite embarrassing for the banking industry and
customer faith in the new system would not hold.
A foreign node cannot gain access to the network nor can it transmit valid data but it
can listen to packets being transmitted by other nodes. This is referred to as “packet
sniffing” and is the biggest threat to the entire security of the system. Over time a
packet sniffer can deduce the key by comparing valid packets sent. The user sniffing
8
Final Year Project Progress Report – Paul Killoran
the packets they can then gain access to the network. This is type of security hack is
not difficult to do.
As outlined the WEP protection does not contribute significantly to the overall
security of the system. WEP protection will be used in this system only because it is
included as part of the 802.11b wireless specification and not on the merits of the
security it provides.
4.3.2 RSA (Rivest, Shamir, Adleman) Algorithm
This is a public-key cryptography algorithm. This algorithm works by having a public
and a private key that are inversely related. The public key as the name suggests is
available to any party that requests but the private key is never disclosed. Lets
consider two nodes A and B.
Node A has a public and private key. Node B requests the public key of node A. Node
B then encrypts the data using node A’s public key. Node B can transmit ciphertext
over the network to every node and be confident that only Node A will be able to
decipher the original message using to corresponding private key. This shows how
data can be concealed from the network, but Node A has no guarantee that the data
came from Node B. Node A requires some sort of authentication from B.
Lets suppose that both Node A and B have independent public and private keys. Node
B wishes to transmit some sensitive information to A, so it first of all encrypts the
data using its own private key. It then requests node A’s public key and encrypts the
previously encrypted data. The ciphertext is now doubly encrypted using B’s private
key and A’s public key. The ciphertext with node B’s public key is then transmitted to
A over the network. Node A must decipher the message using its own private key, so
node B is confident only A can read its message. Node A must use node B’s public
key to decipher the message further to original state. In this way node A can be
confident that the message originated from node B. Both parties are now satisfied that
the transaction has taken place in a secure manner.
The algorithm for key generation, encryption and decryption is as follows:
9
Final Year Project Progress Report – Paul Killoran
I have written the above algorithm in Java and it is fully functional. One of the main
problems with this algorithm is that it is computationally expensive and the
performance of the processor directly affects to the time required to generate the keys,
encrypt and decrypt the data. I tested my algorithm on the Zaurus, which runs at
400Mhz, and my results are outlined below.
Time (mm:ss)
Bit Size (n)
Characters
0:57
512
50
6:03
1024
50
After a discussion with Dr. Michael Schukat he advised me that 1024 was the
minimum that a banking industry used and that using anything less would seriously
compromise its security. It can be estimated that trying to crack a 1024 bit message by
factoring would take approximately 40 years. As you can see from the above table the
Zaurus does not have sufficient power to encrypt and decrypt a message that would
satisfy the user’s time limit tolerance.
10
Final Year Project Progress Report – Paul Killoran
Instead, I am to using a highly optimised version of this algorithm provided by
BouncyCastle (www.bouncycastle.org), which is an online encryption project
community. After studying this new algorithm I realised that the flaw that my
algorithm had was that I encrypted each character separately instead encrypting
characters in blocks. As a result I had 127 extra encryption iterations. The results of
the new algorithm on the Zaurus are as follows:
Time (mm:ss)
Bit Size (n)
Characters
0:01.5
1024
50
0:21.8
2048
50
0:18.6
2048
50
0:09.7
2048
50
As you can see from the table above, there is a huge improvement in performance
times. Higher bit sizes can be used, increasing the strength of the system. The
fluctuations in time represent the varying time it takes to compute each key pair. It
only takes about 3 seconds to encrypt and decrypt the 50 characters the remaining
time is spent generating each key. Using this knowledge I can compute keys while the
device is idle and store them in memory until the user wishes to make a transaction.
This will make the system highly optimised, fast and secure.
4.3.3 MD5 Algorithm
This type of an algorithm is described as irreversible. This means that we can generate
a ciphertext from an original message but it is computationally very difficult to
generate the original message from the ciphertext. This is commonly used in
authentication purposes such as password protection. In the same way I hope to use it
to protect the pin number of the customer.
This algorithm is not a priority but if time permits me I will include this third level of
security to the system. I intend to hash (encrypt) the pin number keyed by the
customer using the MD5 algorithm. The hashed value would then be encrypted by the
in the usual way by the RSA algorithm. When the bank receives the result it will read
the PIN number of the corresponding account holder from its database. That value is
then also hashed using MD5 algorithm and this value is compared to the hashed value
11
Final Year Project Progress Report – Paul Killoran
received from the PDA. If they both match then the transaction is authenticated.
Using this algorithm will further protect the customer’s details.
It is my intention to incorporate the three levels of encryption outlined above: WEP,
RSA and MD5 to protect the customers valuable information. This will make it
virtually impossible for any unauthorised person to gain access to the customer’s
details and PIN number.
4.4 GUI (Graphical User Interface)
As mentioned previously the GUI is written using Java’s AWT package. It is intended
that this GUI will be simple and straightforward to use, providing large touchable
buttons on screen so the user can navigate easily.
I have written a sample GUI to mimic how the final E-Card operating system will
appear to the user. As the system boots the user is presented with a welcome screen
while the unit authenticates itself with the banking network. The user is then
presented with all the retail units in the immediate locality so that they can choose
which one they wish to deal with. On selection of the retail outlet, the user is
prompted with a screen while the unit waits for a response from the retailer’s kiosk.
The user is then asked for his/her PIN number. At this point security could be
compromised as your pin number could be viewed as you enter it. For this reason the
numbers on the buttons will be displayed randomly as shown so as to prevent this.
6
0
2
1
4
7
3
5
8
ok
9
cancel
The user is then presented a thank you message once the transaction is completed.
The system returns to a screen presenting them with all the shops in the locality to
enable further purchases.
12
Final Year Project Progress Report – Paul Killoran
4.5 Communication
This describes the method of communication between the units over the network.
4.5.1 Sockets
All communication done with the retailers Kiosk (ARM Board) will communicate
over sockets. Sockets are the lowest level type of communication available in Java
and will be necessary as both the Bank Server and the E-Card will be written in Java,
which is a high level language. Interoperability issues will be kept to a minimum by
using this procedure.
4.5.2 RMI (Remote Method Invocation)
RMI will be used on all communication done between the E-Card and the Bank
Server. This will allow easy and flexible communication between both without
worrying about the connection in between. RMI deals with the connection and the
communication across it.
RMI allows the a program to call a dummy local function on the PDA which invokes
the RMI engine to call a corresponding function on the server and return the results
from the server to the RMI engine on the PDA. The RMI engine passes the results to
the dummy local function that in turn returns the results that the program that
originally called it.
I need to investigate the security implications of RMI to ensure that this will not
compromise the security of the system. If my investigation leads me to believe that it
will compromise security I will be forced to disband this idea and uses sockets for this
link instead.
4.6 Analog Device AduC7020 ARM7TDMI
This board is on order at the moment and once I receive it I will begin programming it
using C code cross-compiled to assembly. I read the specification and a possible issue
I can foresee is there may not be sufficient GPIO pins to support an LCD Screen,
Keypad and Ethernet Module. If this is the case I will need to mux certain pins.
13
Final Year Project Progress Report – Paul Killoran
Another final year student Rory Malone is also working with this particular board and
he has informed me that he had issues getting text to display on the screen. According
to him there is no ASCII interpreter on the board and the ASCII hex values must be
outputted to the LCD screen to generate valid output. If this is the case I will be
required populate a lookup table for the particular character value.
Encryption may be difficult on this particular board as the processor runs at 45 MIPS
and I fear that this may not be powerful enough to encrypt at a satisfactory bit level.
4.7 Ethernet Module
I have received a Propox MMlan1 Ethernet module that will connect with the ARM
board over GPIO from Lukasz Nosol, a student completing his Masters in the Dept. of
Electronic Engineering. I have not been able to work this yet until I receive the ARM
board.
14
Final Year Project Progress Report – Paul Killoran
5 System Diagram
Bank
Java
MySQL Database
Ethernet
Ethernet
Ethernet Hub
Ethernet
Wireless Access Point
WiFi
Kiosk
Analog Devices
ADuC702x
Ethernet Module
LCD Screen
Keypad
E-Card
Sharp Zaurus PDA
WiFi
C/Java Programming
15
Final Year Project Progress Report – Paul Killoran
E-Card Diagram
Sharp Zaurus SL-5600
Encryption
CF Wireless Module
E-Card
Security
WiFi (802.11b)
C/Java Programming
Touch Screen Interaction
Kiosk Diagram
Analog Devices ADuC 7020
Ethernet Module
LCD Screen
Keypad
Kiosk
Encryption
Security
C Programming
Operating System
Cross Compilation
16
Final Year Project Progress Report – Paul Killoran
Server Diagram
Ethernet Module
Standard PC
Web Server
Security
Bank Server
Encryption
Authentication
Java Programming
Transaction Handler
MySQL Database
17
Final Year Project Progress Report – Paul Killoran
6 Task List
Sharp Zaurus SL-5600
Work Package 1 Research PDA and gain basic understanding of it
Learn how to interface with its hardware.
Refresh C/Java
Write simple program to work with the touch screen.
Write simple program to communicate with the Wireless Access Point
Work Package 2 Establish a link between the Server program and PDA
Establish a link between the ARM and the PDA
Develop basic OS to run on PDA responding to touch screen and the wireless networking
Analog Devices AduC 7020
Work Package 3 Research the boards capabilities
Write Initial Code and become familiar with the board
Basic I/O
Write data to the LCD screen
Acquire data from the Keypad
Work Package 4 Commission Ethernet Module
Transmit data via serial/Ethernet connection
Work Package 5 Build basic OS running on the LCD, keypad, wireless data and serial/ethernet
Bank Server
Work Package 6 Refresh my current Java knowledge
General planning of software architecture
Do some simple network communication over TCP
Work Package 7 Establish com link between ARM and Java Program
Work Package 8 Set up the server with the wireless access point.
Establish com link between server and laptop with wireless card
Work Package 9 Connect to the MySQL database and do some reads and writes to it
Work Package 10 Develop the banking transaction handler.
18
Final Year Project Progress Report – Paul Killoran
Encryption
Learn about encryption algorithms and how they work
Work Package 11 Establish encryption over the Server - PDA link.
Work Package 12 Encrypt the data over the ARM - PDA link.
Work Package 13 Encrypt the data over the ARM - Server link
Website
Work Package 14 Build up a simple website showing the transactions
Password protect this site and give user accounts.
7 Links
www.zaurus.com/dev/
www.wi-fi.org
www.analog.com
http://java.sun.com
www.java.com
http://world.std.com/~franl/crypto.html
http://en.wikipedia.org/wiki/Wifi
http://www.openssh.com/
http://aurach.ewu.edu/ield/ield_course/lectures/ield_appB/files/LaptopToZ.html
http://zaurus.kruss.com/software_sharp.php
http://www.linuxgazette.com/issue90/forsberg.html
http://doc.trolltech.com/3.0/tutorial1-09.html
http://www.cs.cityu.edu.hk/~cs4286/
http://pajhome.org.uk/crypt/rsa/implementation.html
http://www.cs.princeton.edu/introcs/79crypto/RSA.java.html
http://www.bouncycastle.org
19
Related documents
Test 3 Study Guide
Test 3 Study Guide
WORDij_Installation_for_Windows
WORDij_Installation_for_Windows
Homework on Trees
Homework on Trees
FPDA request
FPDA request
Description
Description
Download
advertisement