How vulnerable are the Indian banks: A cryptographers' view

04/11/2018
by   Anirban Pathak, et al.
0

With the advent of e-commerce and online banking it has become extremely important that the websites of the financial institutes (especially, banks) implement up-to-date measures of cyber security (in accordance with the recommendations of the regulatory authority) and thus circumvent the possibilities of financial frauds that may occur due to vulnerabilities of the website. Here, we systematically investigate whether Indian banks are following the above requirement. To perform the investigation, recommendations of Reserve Bank of India (RBI), National Institute of Standards and Technology (NIST), European Union Agency for Network and Information Security (ENISA) and Internet Engineering Task Force (IETF) are considered as the benchmarks. Further, the validity and quality of the security certificates of various Indian banks have been tested with the help of a set of tools (e.g., SSL Certificate Checker provided by Digicert and SSL server test provided by SSL Labs). The analysis performed by using these tools and a comparison with the benchmarks, have revealed that the security measures taken by a set of Indian banks are not up-to-date and are vulnerable under some known attacks.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/27/2019

A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities

The recent emergence of new vulnerabilities is an epoch-making problem i...
research
08/25/2022

XDRI Attacks - and - How to Enhance Resilience of Residential Routers

We explore the security of residential routers and find a range of criti...
research
12/16/2020

Investigating the Ecosystem of Offensive Information Security Tools

The internet landscape is growing and at the same time becoming more het...
research
07/28/2020

Coding Practices and Recommendations of Spring Security for Enterprise Applications

Spring security is tremendously popular among practitioners for its ease...
research
06/26/2020

Analysis of Trending Topics and Text-based Channels of Information Delivery in Cybersecurity

Computer users are generally faced with difficulties in making correct s...
research
03/11/2020

Passlab: A Password Security Tool for the Blue Team

If we wish to compromise some password-protected system as an attacker (...

Please sign up or login with your details

Forgot password? Click here to reset