Date post: | 01-Apr-2015 |
Category: |
Documents |
Upload: | jaylynn-bailiff |
View: | 223 times |
Download: | 5 times |
• Dmitriy Yanin• Kashif Haider• Nnaemeka Akabogu• Shen-Jung Pai• Robert Wambura
IntroductionSecure Portal for Multinational Banking
Problem Definition, Virtual OrganizationOrganization Structure, Business Requirements,
Marketing and Customer SupportIntegrationSecurityMiddlewareInfrastructureConclusionQ & A
Problem Definition
Why VO?Easy way to organize and communicateCost efficient
Teleconferencing, Voice Chat over travellingSaves Time Virtual CapabilityEasy to Switch geographically
Organizational Structure
Business RequirementsTransactional Functions
Transfer (private, individual)Payment (credit card, mobile companies, or
public utility companies)Non- Transactional Functions
View statementChange their information (usernames,
passwords, pin numbers, and email addresses)Other services (ordering card reader, USB
finger print device, and cheque book)
Transaction Procedures
Yes
No
No
Yes
Transfer the Funds
Stop
Ask User to take amount from other account
Enough Funds Available
Login Correct Login Yes
No
•NatWest - customer number, pin, and Password•Lloyds TSB – Online ID, password, memorable data•e-banking portal – user name, password, and Biometrics
Marketing & Customer SupportGoal: all or majority of the national banks
are willing to corporate– the success depends on the number of cooperated banks and users
Main targets: BanksSub-targets: individual customers (achieve
customer satisfaction)Premium services: online assistant and 24-
hour telephone banking service
Integration
Data IntegrationInformation Integration
Increase Organization EfficiencyInformation Integrity maintenance across
multiple SystemsEase of Development and Scalability IssuesElimination of Inefficiencies
Security
Towards Client Side
Towards Bank Databases
Towards own Database
One of the main concerns of our virtual organization is to provide a robust security solution with limited vulnerabilities. To achieve this, the possible areas of attack were categorized in three perimeters:
• Perimeter 1 Protecting the customer and the web servers.• Perimeter 2 Preventing unauthorized access to the storage servers on local VO network.• Perimeter 3 Securing the data exchange between the VO’s DBMS and DBMS of the participating banks.
Securing The Web Portal
• A double factor authentication mechanism incorporating biometrics (fingerprint) and password encryption will be used for user authentication.
• Regular updates related to trend of attacks, their features and how to avoid them will be published on the portal.
• A security system cluster will be installed at the gateway . This cluster will incorporate an intrusion detection system based on artificial immunity and a web application firewall to provide robust security across the OSI layers.
The cluster framework will also provide constant backup/availability of the security system in event of failure of any of the servers.
Securing Perimeter 1
• Security here will be managed by the Extract Transform Load (ETL) tools which oversee the exchange of information between the data warehouse, knowledge base and the network administrators.
• Information exchange will be in an encrypted format and classified information and access control levels will be stored in separate tables in the data warehouse.
Securing Perimeter 2
• The security of the packet exchange between the portal and the bank will be provided by layer 2 tunneling protocol (L2TP) – a Virtual private network option. This will ensure improved confidentiality, integrity, encryption and authentication of data transferred.
Securing Perimeter 3
Middleware Characteristics Existing IT systems at the participating banks should
undergo as little modification as possible. So, the introduced middleware will need to link and work on top of a set of heterogeneous databases across networks.
The participating banks would have:Their own strategies and security policies for handling
customer dataDifferent database management system (DBMS)Different operating systems (OS)
Replacing the above – not possible or requires very high investments and may negate the financial benefits brought by the united e-banking portal.
Middleware Characteristics cont….
Bank
Data
Middleware
Bank
Data
Re
qu
es
ts &
d
ata
Da
ta
Da
ta
Re
qu
es
ts &
d
ata
Bank
Data
Re
qu
es
ts &
d
ata
Da
ta
E-Commerce Software
Da
ta
Re
qu
es
ts
Da
ta
Re
qu
es
ts
Heterogeneous data sources
Net-working
SecurityTransla-tion of
Requests
Customer Support Software
Decision-Support Software
Da
ta
Re
qu
es
ts
Data Integrity
Therefore, there is a need for a set of software tools (middleware) that would:•Access the dispersed data•Access the data across WAN•Be non-intrusive, i.e. not access the data directly but via the local DBMSs, honouring the local security policies •Ensure data integrity•Provide secure transmission of data between the banks and the portal•Work with different (heterogeneous) DBMSs and OS’s
Data Integration ApproachWe decide to use Federated approach to data integration.
Data from dispersed sources is kept at those sources, and not duplicated anywhere else
Middleware virtualises the view of the data and acts as a façade to the dispersed data sources
Applications that need access to the data utilize facilities provided by the middleware
Middleware translates requests from these applications, passes them to the data sources, retrieves the returned data, translates and formats it, and passes it back to the applications
Middleware also handles security and networkingApplications using the middleware see it as a local
database management system
Data Integration Approach cont…..The major advantages of the Federated approach:Access to the remote databases is transparent to users:
Location TransparencyInvocation TransparencyPhysical data independence and fragmentation Replication TransparencyNetwork Transparency
No need for data synchronisationTime-to-market advantage for newly-developed
applications Improved governanceReduced development and maintenance costsReusability
Concepts
Data-federating middleware utilizes five concepts:
WrapperServerCatalogueNicknameUser Mapping
Wrappers Software modules within the federated system
Are used to communicate with remote data sources
Contain characteristics about their corresponding data sources, such as their relational models
Are designed to support query processing by sending sub-queries to the data sources.
Servers and CataloguesServer: the representation of a
collection of data on the remote data source
must be registered on the system
contains appropriate information about it needs to be stored
includes the name of the database, its type and version
All this information is stored in Catalogues
Nickname Is used to access data Is a representation of
a data set, such as a table or a view
When a nickname is registered on the federated system, the name of the corresponding remote table, the names of its columns, their data types, indexes are stored in the catalogues.
User Mapping Controls access to remote data sources
Provides security:Each remote
database has at least one user account with sufficient privileges to access all the data necessary
These user IDs and passwords are stored on the federation system and used for DB transactions
Data IntegrityCases when data integrity is under threat:
Data sources going downData feeds interrupted because of hardware or network
problemsRemote data sources get manipulated or restructured
Identifying potential problems and taking corrective actions early.
Solutions:
Autonomic features - capability to dynamically adapt to changes in structures.
Two-phase SQL commit - all SQL statements in a transaction spread across more than one remote database are either committed or rolled back as an atomic unit.
CommunicationUse connectors:
software agents installed on top of each remote data source and acting as interfaces
Each connector speaks natively to its corresponding database and passes data to and from it.
CommunicationConnectors used to work on proprietary protocols; however,
there has been a shift towards Web Services.
The Web Services:
Application components that communicate using open protocols
Self-contained and self-describing and can be used by other applications.
Simple, interoperable, messaging frameworkUse XML as data exchange format
The main advantages of using the Web Services:
Reduced cost of development and maintenance because of consolidation and standardization of system interfaces
Faster time to market because of the re-usable interface elements
Custom-Built Vs ExistingAgainst a custom-built solution:
No real advantage over existing offers
Very lengthy development time
Likely lack of expertise of developers if the system is to be developed in-house
High probability of lengthy debugging due to the software complexity
Existing solutions are provided by companies with years of experience of developing the heterogeneous distributed database solutions
Major Market Players
Choice: IBM Information Integrator
Advantages over Sybase offer:
Proper metadata management
Data quality functions
Data profiling/analysis
Advantages over Oracle offer:
Company size and worldwide presence
Experience in collaborative software (important for organisations)
Market strategy to promote and support software from other vendors that works with IBM products instead of insisting on using their own software
InfrastructureNetworking Based
Towards Client SideTowards Bank SideTowards own Database of System
Web Portal HostingSingle Sign InApache as a Web Server
Cluster Management
Why Apache?Apache contains Load BalancerAvoidance of Single Point of FailureLoad Balancer vs Round Robin DNS
Load Balancer takes care of Load on server nodes
Session Management in Load BalancerFailure Transparency is practically
implementable in Load Balancer over Round Robin DNS
Cluster ManagementCondor as a Solution
Supports most of platforms like UNIX, Windows, and MAC etc
Best choice for High throughput Computing Supports MPI and PVM“DAGman” which supports the functionality to
highlight job dependencies
ConclusionPurpose of this online e-Banking is to make
transactions Smoother and FasterSecureCommercial Software
References TekPlus Ltd., 2001: The Emergence of Virtual Organisations. A White Paper.
http://www.tekplus.com/TP0033R02V01.pdf: accessed on 23/10/08 McClure, Steve, 2003: Oracle's Solution for Heterogeneous Data Integration.
http://www.oracle.com/technology/products/dataint/pdf/idc_integration_wp.pdf: accessed on 24/10/08
Wikipedia, 2004: Enterprise application integration. http://en.wikipedia.org/wiki/Enterprise_application_integration: accessed on 25/10/08
H. P. Luhn. "A Business Intelligence System." 1958. IBM Journal. 05 Nov. 2008 <www.research.ibm.com/journal/rd/024/ibmrd0204H.pdf>.
Wüeest, C. (2005). Threats to online banking. In: Symantec security response. Curpertino: Symantec.
Stuttard, D. and Pinto, M. (2008). The web application hacker’s handbook. Discovering and exploiting security flaws. 1st edition. Indianapolis: Wiley publishing Inc.
Greensmith, J., Aickelin, U. and Cayzer, S. (2008). Detecting danger: The dendritic cell algorithm. In: Robust intelligent systems. (A. Schuster ed.) New York: Springer.
Rietta, F. S. (2006). Application layer intrusion detection for SQL injection. In: Association for computer machinery. (1st ed). New York: ACM Press.