Design, Development, and Implementation of a Public Key Crytosystem for Automated Teller Machines: The Toronto Dominion Bank Case Study

Author

Tamer Aboualy, Nova Southeastern University

Date of Award

2006

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Computing Technology in Education (DCTE)

Department

Graduate School of Computer and Information Sciences

Advisor

Marlyn Kemper Littman

Committee Member

Easwar Nyshadham

Committee Member

Sumitra Mukherjee

Abstract

The current method of distributing Automated Teller Machine (ATM) Data Encryption Standard (DES) keys involves manual distribution of the same DES key in component form to all A TMs in a banks network. The components are entered into the ATM keyboard and combined to form the ATM Terminal Master Key (TMK) used for all ATM transactions. Public key cryptosystems can be used to distribute and manage A TM TMKs.

However, existing cryptosystem implementations have numerous problems. Moreover, little research has targeted cryptosystem implementations that use tamper-resistant security modules (TRSMs). Almost all security attacks of cryptosystems utilizing security processors and cryptography are the result of weak implementation and deployment.

This case study describes how a public key cryptosystem for distribution and management of A TM Triple Data Encryption Standard (3DES) TMKs may be successfully implemented. This case study was developed to offer a repeatable approach, design, and implementation for a public key cryptosystem for A TM 3DES TMK distribution and management. The study's design was based on a single case, using multiple sources of evidence and propositions. Using Toronto Dominion (TD) Bank as the unit of analysis, the study focuses on four main propositions relating to (a) system development processes (SDPs), (b) electronic data assurances, (c) key and certificate life cycle management, and (d) ATM key hierarchies.

Results of the study show that SDPs provided a general framework for system development and were not tailored to specific needs of an A TM cryptosystem. Evidence shows that the ATM public key cryptosystem met all CAIN digital assurance and ATM key hierarchy requirements but did not meet all key and certificate life cycle requirements.

The author recommends a modified SDP framework for A TM public key cryptosystems called cryptosystem SDPs. These consist of SDPs, an integration of A TM cryptosystem requirements, and software security best practices. This framework utilizes existing SDPs but adds four new phases to take into account ATM public key cryptosystem requirements.

NSUWorks Citation

Tamer Aboualy. 2006. Design, Development, and Implementation of a Public Key Crytosystem for Automated Teller Machines: The Toronto Dominion Bank Case Study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (376)
https://nsuworks.nova.edu/gscis_etd/376.