Open Access  Subscription or Fee Access

Automated Teller Machines (ATMs), serve the easiest way for the bank and the users to transact money in the fastest way. It also brings more security threats by the hackers and the fraudulent. Shoulder-surfing using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may acquire the user’s password credentials. In this paper, we discuss how to prevent shoulder-surfers and other fraudulent by hacking the passwords using various forms. We propose generating random passwords during each transaction with the original password as the reference. Thus the users’ password serves as a black hole. By the results that we have obtained, this modified traditional system provides a better security than any other existing system.

ATM, Black Hole, Hacking, Random Password, Shoulder- Surfing.

Miklos Santha, Umesh V. Vazirani (1984-10-24). "Generating quasi-random sequences from slightly-random sources". Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. University of California. pp. 434–440. ISBN 0-8186-0591-X.

John von Neumann (1963-03-01). "Various techniques for use in connection with random digits". The Collected Works of John von Neumann. Pergamon Press. pp. 768–770. ISBN 0-08-009566-6.

Adam Young, Moti Yung (2004-02-01). Malicious Cryptography: Exposing Crypto virology. sect 3.2: John_Wiley_&_Sons. pp. 416. ISBN 978-0-7645-4975-5.

http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0764549758.html.

Handbook of Applied Cryptography, Alfred Menezes, Paul van Oorschot, and Scott Vanstone, CRC Press, 1996, Chapter 5 Pseudorandom Bits and Sequences (PDF).

B. Ross, C. Jackson, N. Miyake, D. Boneh, J. Mitchell, “Stronger Password Authentication Using Browser Extensions,” Proceedings of 14th USENIX Security Symposium.

E. Gaber, P. Gobbons, Y. Mattias, and A. Mayer, “How to make personalized web browsing simple, secure, and anonymous,” Proceedings of Financial Crypto ’97, volume 1318 of LNCS.Springer-Verlag, 1997.

E. Gabber, P. Gibbons, D. Kristol, Y. Matias, and A. Mayer, “On secure and pseudonymous user-relationships with multiple servers,” ACM Transactions on Information and System Security, 2(4):390–415, 1999.

S. Wiedenbeck, J. Waters, L. Sobrado, and J. Birget, “Design and evaluation of a shoulder-surfing resistant graphical password scheme,” Proc. of the working conference on Advanced visual interfaces,Venezia, Italy.

V. Roth, K. Richter, and R. Freidinger, “A PIN-entry method resilient against shoulder-surfing,” Proc. of the 11th ACM Conference on Computer and Communications Security, 2004,236-245.IETF. MTA Authorization Records in DNS (MARID),June 2004.

http://www.ietf.org/html.charters/OLD/marid-charter.html.

G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage,” Proceedings of the 12th Annual Network and Distributed System Security Symposium,2005.

G. T. Wilfong, “Method and apparatus for secure PIN entry,” US Patent #5,940,511, United States Patent and Trademark Office, May 1997. Assignee: Lucent Technologies, Inc. (Murray Hill, NJ).

http://www.pctools.com/guides/password/

http://www.randpass.com/cgi-bin/randpass

http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c14557/Cryptographically-Random-Password-Generator.htm

Ming Lei, Yang Xiao, Susan V. Vrbsky, Chung-Chih Li, “Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing”.

http://www.diebold.com/atmsecurity/security/Multi-Layered%20Approach%20to%20ATM%20Security%20Position%20Paper%20FINAL.pdf

T Matsumoto. H Matsumotot, K Yamada, and S Hoshino, Impact of artificial 'Gummy' Fingers on Fingerprint Systems. Proc SPIE, vol 4677, Optical Security and Counterfeit Deterrence Techniques IV or itu.int/itudoc/itut/workshop/security/resent/s5p4.pdf pg 356

Kenneth Allendoerfer, NAS Human Factors Group, ATO-P Shantanu Pai, L-3 Communications, Titan Corporation, “Human Factors Considerations for Passwords and Other User Identification Techniques”.

Michel Abdalla, Xavier Boyen, Céline Chevalier, and David Pointcheval, “Distributed Public-Key Cryptography from Weak Secrets”.

Michel Abdalla, Dario Catalano, Céline Chevalier, and David Pointcheval, “Password-Authenticated Group Key Agreement with Adaptive Security and Contributiveness”.

M. Abdalla, B. Bresson, O. Chevassut and D. Pointcheval, “Password-based Group Key Exchange in a Constant Number of Rounds”.

Michel Abdalla, Emmanuel Bresson, Olivier Chevassut, Bodo Möller and David Pointcheval, “Provably Secure Password-Based Authentication in TLS”.

M. Abdalla, P.-A. Fouque and D. Pointcheval, “Password-Based Authenticated Key Exchange in the Three-Party Setting”.

http://cryptome.info/0001/atm/atm-passwords.htm

http://www.mydigitallife.info/atm-hacking-and-cracking-to-steal-money-with-atm-backdoor-default-master-password/

http://hackedgadgets.com/2006/12/01/atm-pin-numbers-hacked/

http://www.cs.berkeley.edu/~vazirani/pubs/quasi.pdf. Retrieved 2006-11-29