Security Analytics
Verification mechanism: audit security intelligence through intelligent surveillance technologies.
multi-party corruption: do surveillance through security council of global organization, police, army, detectives, journalists ;
access control: verify authentication, authorization, correct identification, privacy, audit confidentiality, data integrity and non-repudiation;
financial security policy: verify rationality, fairness, correctness, transparency, accountability, trust and commitment;
system performance: verify reliability, consistency, scalability, resiliency, liveness, deadlock freeness, reachability, synchronization, safety;
malicious attacks: verify the risk of Sybil, false data injection, shilling: push and pull, denial of service (DoS), fault injection attack;
web security: session hijack, phishing, hacking, cross site request forgery, cross site script, broken authentication, improper error handling;
call threat analytics and assess risks of emerging financial technologies :
what is corrupted or compromised (agents, computing schema, communication schema, data schema, application schema)? detect type of threat.
time : what occurred? what is occuring? what will occur? assess probability of occurrence and impact.
insights : how and why did it occur? do cause-effect analysis on performance, sensitivity, trends, exception and alerts.
recommend : what is the next best action?
predict : what is the best or worst that can happen?
Output: security intelligence
Prof. Ramaswamy and Dr. Nakamoto are analyzing the security of emerging banking, postal and financial services. The security intelligence of financial system is a multi-dimensional parameter which should be verified at various levels. The regulatory clauses should be defined and audited by a group of authorized agents correctly and rationally. It is crucial to verify and evaluate various rules and regulatory clauses for financial security in terms of fairness, correctness, rationality, transparency, accountability, commitment and trust. It is essential to evaluate the performance of the system in terms of reliability, consistency, and stability. The performance of the system is expected to be consistent and reliable. Liveness ensures that under certain conditions an event will ultimately occur. Deadlock freeness indicates that the system should never be in a state in which no progress is possible. The system should be protected from various types of internal and external malicious attacks such as false data injection, Sybil, shilling and denial of service (DoS) attack. The auditors must assess the threats of such types of malicious attacks by adversaries. It is also important to assess the risk of multi-party corruptions on the financial security technologies in terms of agents, policy, procedure and protocol. An efficient knowledge based system is expected to monitor the gaps and violations in regulatory compliance in real-time and diagnose any fault just like supervisory control and data acquisition system. Dr. Ramaswamy is analyzing the following case during today’s age of technology transition.
Case : Fault attacks and proof of works in banking, postal and financial services
“
Feedback - Technical problems and operational issues at your post offices and banks at Talkia, Cowrah 811106
To: Mrs. Darithi Thatcher, Minister of Finance, Govt. of Vindia,
CC: Mr. Tony Lucas, The Manager, State bank of Vindia, Talkia; Mr. Rineet Sandey, Director General, Post, Govt. of Vindia, Ms. Smita Kugar, Member, Technology; Dr. Charles Lamb, Member Operation, Mr. Madpita Rosui, Chairperson, Postal Service Board
The Postmaster, Post Office – Talkia, Cowrah – 811106; Respected Sir / Madam,
We, the residents of Talkia have been experiencing various type of quality of service and operational problems such as delay in service and long queues due to technical errors and malfunctioning of Internet connectivity, printer, monitor and other hardware devices at local banks and post offices in Talkia, Vindia. There is shortage of postcards and envelops at post offices. We are getting misleading SMS message from your post offices with incorrect account balances, sometimes we are not getting important SMS messages related to high valued transactions; there are cases of messages drop, denial of service and fault attacks. This is basically the problem of your information and communication system.
We would also like to elaborate and clarify the problems related to your operations, information and communication system in terms of workplace safety, fairness, correctness, transparency, Sybil attack and accountability through following illustrations.
a) Leakage of water from the roof of your post office damaging important documents and systems, particularly during rain
b) During printing of savings passbook, the last digit of new MIS (Monthly Income Savings) account number is not getting printed due to the problem of your information system. The printing is not transparent and is very hedgy; there is also alignment problem. It is basically the fault related to your proof of works.
c) The color of new MIS passbook’s front and back cover is not matching with your logo (red and yellow); it is now (red + light pink); the name of ‘printed by’ of the passbook at last page is also missing.
d) Nominee field is blank in the passbooks though the information was given during opening of accounts by the applicants.
Request your intervention for necessary corrective actions on immediate basis forour relief.
Regards.
L.R. Bukla, MLA, Talkia
“
Financial systems may face various types of threats from both external and internal environments but it should be vigilant and protected through a set of security policies. An emerging financial technology demands the support of security architecture so that the associated system can continuously assess and mitigate risks intelligently. It is required to verify the efficiency of access control of financial system in terms of authentication, authorization, correct identification, privacy, audit, confidentiality, non-repudiation and data integrity. For any secure service, the system should ask the identity and authentication of one or more agents involved in a transaction. The agents of the same trust zone may skip authentication but it is essential for all sensitive communication across different trust boundaries. After the identification and authentication, the system should address the issue of authorization. The system should be configured in such a way that an unauthorized agent cannot perform any task out of scope. The system should ask the credentials of the requester; validate the credentials and authorize the agents to perform a specific task as per agreed protocol. Each agent should be assigned an explicit set of access rights according to role. Privacy is another important issue; an agent can view only the information according to authorized access rights. A protocol preserves privacy if no agent learns anything more than its output; the only information that should be disclosed about other agent’s inputs is what can be derived from the output itself. The agents must commit the confidentiality of data exchange associated with private communication.