موضوع‌ها
۰
فورک‌ها
۱
ستاره‌ها
۱۱
تاریخ ایجاد
۷ مرداد ۱۴۰۰
آخرین بروزرسانی
حدود ۱ سال قبل
لایسنس
MIT License

Secure-Banking-System :)

Overview

Common security mechanisms that have been implemented in this project are:

  1. Cryptography
  2. Access Control
  3. Authentication
  4. Audit

Requirements

  • MySQL

    • In Linux Distros
      • Debian | Ubunto : sudo apt install mysql
      • Arch : sudo pacman -S mariadb
      • Fedora : sudo dnf install mysql-community-server
  • Python 3.x

  • Install libraries

    python3 -m pip install mysql-connector
    pip3 install cryptography
    pip3 install scrypt
    pip3 install pycryptodome
    pip3 install scrypt
    pip3 install registry
    

How to Run

First of all:

  • MySQL configuration

    • Create a user

      • Create User
      > CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
      > GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost';
      > FLUSH PRIVILEGES;
      > exit
      
      • Rwstart service

      sudo systemctl restart mysql.service

  • Create database and import tables

    • Create database and use it
    CREATE DATABSE db_name;
    USE db_name;
    
    • Import sql files
    SOURCE <path_to_sql_file>/secure_banking_system.sql
    SOURCE <path_to_sql_file>/log.sql
    

Then run python files:

python3 Public_Private_Keys.py # This command is not necessary
Python3 Server.py
Python3 Client.py

Signup:

Signup class features:

  • Checking the strength of the input password for Authentication
  • Adding Salt and hash the input password for Authentication

Login:

Login class features:

  • Backoff mechanism for Authentication
  • Changing the state of the system after a user logs in for more security.
  • Implementing Salting link

Cryptography:

Cryptography class features:

  • Symmetric cryptography
    • Session key -> It will be expired after 5 minutes.
  • Asymmetric cryptography

Access Control:

AccessControl class features:

  • DAC
  • MAC
    • BLP
    • BIBA

Banking Operationl:

BankingOperation class features:

  • Create [account_type] [amount] [conf_label] [integrity_label]
  • Join [account_no]
  • Accept [username] [conf_label] [integrity_label]
  • Show_MyAccount
  • Show_Account [account_no]
  • Deposit [to_account_no] [amount]
  • Withdraw [from_account_no] [to_account_no] [amount]

HoneyPot:

BankingOperationHoneyPot class features:

  • Generally, a honeypot consists of data that appears to be a legitimate part of the site and contains information or resources of value to attackers. It is actually isolated, monitored, and capable of blocking or analyzing the attackers. link
  • In this project, the attacker will access fake banking operations after entering the wrong passwords 6 times.
  • Everything is logged in this section to identify the attacker's motive.

logging:

  • The purpose of logging is to track error reporting and related data in a centralized way.
Screen Shot 2021-07-16 at 10 47 23 PM

Support

Reach out to us at: