Biometric authentication system as securyty enhancement for automatted teller machine: ATM security analysis - Binus e-Thesis
BINUS INTERNATIONAL
UNIVERSITAS BINA NUSANTARA
Major Information System Sarjana Komputer Thesis
Semester [Even] year 2007
BIOMETRIC AUTHENTICATION SYSTEM AS
SECURITY ENHANCEMENT FOR AUTOMATED TELLER
MACHINE
Willy (0700676554)
Abstract
ATM nowadays has only ATM card and PIN (Personal Identification Number) as the security. To some people, the security of ATM is not secure enough. The objective of our thesis is to enhance the security of the ATM through the usage of biometric authentication system. With the enhancement of biometric authentication, it will be secure to do transaction within the ATM. One of the considerations of using biometric authentication is because every people have unique traits.
First, we are doing analysis to the current system. We have analyzed how the ATM works including the movement of data from the ATM to the bank server. We also analyze how the touch screen works including multiple point reading. With the information from the previous analysis, we develop the touch screen program which inherits the multiple points reading as the security for doing transaction in the ATM. The procedure compares a biometric reading against a corresponding reading stored in that person’s user record. If the two reading match closely, then the system will authenticate the person. By enhancing biometric authentication system in ATM, the system will become more secure and more reliable.
Key words
Biometric, touch screen, ATM, PIN
Preface
First we want to praise God because without his kindness and blessing, we could not complete this thesis titled “Biometric Authentication System as Security Enhancement for Automated Teller Machine” in time.
- Thank you to Mr. Lukas as our supervisor that brought the idea for creating this thesis, giving us guidance and supports for completing this thesis. >Thanks to my thesis group project, Hendy and Monica, without them this thesis would not be finis
- Mr Huibert Andi Wenas as Head Division School of Information System, we could never thank you enough.
- Thank you for all the teachers that have share their knowledge and guidance to author that cannot be mentioned one by one, all of the students who help in giving support and advice during completing this thesis.
- Thank you to our friends from NCR who give us valuable information about the ATM and bank server.
Beside all the names mentioned above, there are still many names but of course we can not mention the name one by one. In the end, we still think that we can not thank them enough because without them, this thesis would not be finished in time. We hope that this thesis can be useful for ATM manufacturers, readers and other student in the future who have similar topic.
TABLE OF CONTENT
Title Page ................................................................................................i
Certificate of Approval........................................................................ ii
Statement of Examiners ..................................................................... iii
Abstract .................................................................................................iv
Preface....................................................................................................v
List of Tables..................................................................................... viii
List of Figures ......................................................................................ix
CHAPTER 1 ..........................................................................................1
INTRODUCTION ................................................................................11.1 Background ............................................................................................................... 1
1.2 Scope......................................................................................................................... 2
1.3 Aim and Benefit ........................................................................................................ 3
1.4 Structure .................................................................................................................... 4
CHAPTER 2 ..........................................................................................6 THEORETICAL FOUNDATION ......................................................6
2.1 Theoretical Foundation............................................................................................. 6
2.1.1 Security .............................................................................................................. 6
2.1.2 ATM................................................................................................................... 8
2.1.3 Biometrics ........................................................................................................ 10
2.1.4 Interaction Design ............................................................................................ 20
2.2 Theoretical Framework ........................................................................................... 21
2.2.1 Waterfall Lifecycle Model............................................................................... 21
2.2.2 Requirement Analysis ...................................................................................... 22
2.2.3 Data Gathering Techniques.............................................................................. 24
2.2.4 Prototype .......................................................................................................... 25
2.2.5 Diagram............................................................................................................ 25
2.2.5.1 Data Flow Diagram (DFD) ........................................................................... 26
2.2.5.2 Context Diagram........................................................................................... 27
2.2.5.3 Use Case Diagram......................................................................................... 27
2.2.5.4 Statechart Diagram........................................................................................ 29
CHAPTER 3 ....................................................................................... 31 SYSTEM DESIGN............................................................................ 31
3.1 How ATM is working ............................................................................................. 31
3.2 Design of the Features (Current Menu) .................................................................. 32
3.2.1 Inserting Card................................................................................................... 32
3.2.2 Inserting PIN .................................................................................................... 33
3.2.3 After Login....................................................................................................... 34
3.2.4 Other Transaction............................................................................................. 35
3.2.5 Withdrawal....................................................................................................... 36
3.2.6 Payment ............................................................................................................ 37
3.2.7 Transfer ............................................................................................................ 38
3.3 SWOT Analysis ...................................................................................................... 39
3.4 Requirements Statement ......................................................................................... 40
3.5 ATM Hardware ....................................................................................................... 42
CHAPTER 4 ....................................................................................... 44 SOLUTION DESIGN ....................................................................... 44
4.1 Narrative of the Proposed System........................................................................... 44
4.2 Policy and Procedures ............................................................................................. 45
4.3 Software Used ......................................................................................................... 45
4.4 System Design ........................................................................................................ 46
4.4.1 Context Diagram.............................................................................................. 46
4.4.2 Business Process Narrative for DFD & DFD Level 0 ..................................... 47
4.4.3 Process Diagram .............................................................................................. 53
4.4.4 Use Case........................................................................................................... 56
4.5 User Interface Design.............................................................................................. 69
4.5.1 ATM Main Window ........................................................................................ 70
4.5.2 HAT Description Window............................................................................... 71
4.5.3 HAT Enter PIN Window ................................................................................. 74
4.5.4 HAT Main Window......................................................................................... 79
4.5.5 HAT Image Capture Window.......................................................................... 85
4.5.6 HAT Transaction Limit Window..................................................................... 97
4.5.7 HAT Summary Window ................................................................................ 103
4.5.8 HAT Authentication Window........................................................................ 106
4.6 Cost Benefit Analysis ........................................................................................... 111
4.7 Implementation Procedure .................................................................................... 111
4.7.1 Hardware Requirement .................................................................................. 111
4.7.2 Software Requirement .................................................................................... 112
4.7.3 Personnel Requirement .................................................................................. 112
Chapter 5 ........................................................................................... 113
Conclusion and Recommendation.................................................. 1135.1 Conclusion ............................................................................................................ 113
5.2 Recommendation .................................................................................................. 114
REFERENCES..................................................................................cxv
CURRICULUM VITAE .............................................................. cxviii
List of Tables
Table 1. Software used...................................................................................................... 45 Table 2. Fully Developed Description for Log In............................................................. 57 Table 3. Fully Developed Description for Enroll HAT .................................................... 59 Table 4. Fully Developed Description for Update HAT Transaction Limit ..................... 63 Table 5. Fully Developed Description for Update All HAT Data .................................... 65 Table 6. Fully Developed Description for Authenticate Customer .................................. 67 Table 7. Event Action for HAT Description Window...................................................... 73 Table 8. Event Action for HAT Enter PIN Window ........................................................ 77 Table 9. Event Action for HAT Main Window................................................................ 83 Table 10. Event Action for HAT Image Capture Window............................................... 94 Table 11. Event Action for HAT Transaction Limit Window........................................ 101 Table 12. Event Action for HAT Summary Window ..................................................... 105 Table 13. Event Action for HAT Authentication Window............................................. 110 Table 14. Intangible Cost List......................................................................................... 111 Table 15. Intangible Benefit List .................................................................................... 111 Table 16. Hardware Requirement ................................................................................... 112
List of Figures
Figure 1.ATM hardware ..................................................................................................... 9 Figure 2. Waterfall Lifecycle Model................................................................................. 22 Figure 3. Elements of a DFD............................................................................................ 26 Figure 4. Elements of a use case diagram......................................................................... 28 Figure 5. Elements of a statechart diagram....................................................................... 29 Figure 6. ATM Network ................................................................................................... 31 Figure 7. Inserting Card Page ........................................................................................... 32 Figure 8. Inserting PIN Page ............................................................................................. 33 Figure 9. After Login Page ............................................................................................... 34 Figure 10. Other transaction Page..................................................................................... 35 Figure 11. Other transaction Page..................................................................................... 36 Figure 12. Payment Page .................................................................................................. 37 Figure 13. Transfer Page ................................................................................................... 38 Figure 14. Internal View of an ATM ................................................................................ 42 Figure 15. Context Diagram of HAT System ................................................................... 46 Figure 16. DFD level 0 for Log In.................................................................................... 47 Figure 17. DFD level 0 for Enroll..................................................................................... 48 Figure 18. DFD level 0 for Update HAT Transaction Limit ............................................ 49 Figure 19. DFD level 0 for Update HAT Image Capture ................................................. 50 Figure 20. DFD level 0 for Update All ............................................................................. 51 Figure 21. DFD level 0 for Authenticate Customer.......................................................... 52 Figure 22. Process model for doing Transfer to the same bank account .......................... 53 Figure 23. Process model for doing Withdraw money from the ATM............................. 54 Figure 24. Process model for enrollment of HAT ............................................................ 54 Figure 25. Process model for updating image of HAT..................................................... 54 Figure 26. Process model for updating limit of HAT ....................................................... 55 Figure 27. Process model for updating all (updating both the image and limit) .............. 55 Figure 28. Use Case Diagram of HAT System................................................................. 56 Figure 29. ATM Transaction Window.............................................................................. 70 Figure 30. ATM Other Transaction Window ................................................................... 70 Figure 31. HAT Description Window .............................................................................. 71 Figure 32. HAT Description Window with Instruction message ..................................... 71 Figure 33. Statechart Diagram of HAT Description Window.......................................... 73 Figure 34. HAT Enter PIN Window ................................................................................. 74 Figure 35. HAT Enter PIN Window with Incorrect PIN enter message .......................... 75 Figure 36. Statechart Diagram of HAT Enter PIN Window............................................. 77 Figure 37. ATM Main Window 1 ..................................................................................... 79 Figure 38. ATM Main Window 2 ..................................................................................... 80 Figure 39. Statechart Diagram of HAT Main Window .................................................... 82 Figure 40. HAT Image Capture Window 1 ...................................................................... 85 Figure 41. HAT Image Capture Window 2 ...................................................................... 86 Figure 42. HAT Image Capture Window 3 ...................................................................... 86 Figure 43. HAT Image Capture Window 4 ...................................................................... 87
Figure 44. HAT Image Capture Window 5 ...................................................................... 87 Figure 45. HAT Image Capture Window 6 ...................................................................... 88 Figure 46. HAT Image Capture Window 7 ...................................................................... 89 Figure 47. Statechart Diagram of HAT Image Capture Window..................................... 93 Figure 48. Statechart Diagram of HAT Image Capture Window..................................... 97 Figure 49. Statechart Diagram of HAT Transaction Limit Window .............................. 100 Figure 50. HAT Summary Window................................................................................ 103 Figure 51. Statechart Diagram of HAT Summary Window ........................................... 105 Figure 52. Confirmation Transfer Window .................................................................... 106 Figure 53. HAT Authentication Window ....................................................................... 107 Figure 54. Access Granted Window............................................................................... 107 Figure 55. Access Rejected Window .............................................................................. 108 Figure 56.Statechart Diagram of HAT Authentication Window .................................... 110