Secure-Banking-System :)
Overview
Common security mechanisms that have been implemented in this project are:
- Cryptography
- Access Control
- Authentication
- Audit
Requirements
-
- In Linux Distros
- Debian | Ubunto :
sudo apt install mysql
- Arch :
sudo pacman -S mariadb
- Fedora :
sudo dnf install mysql-community-server
- Debian | Ubunto :
- In Linux Distros
-
Python 3.x
-
Install libraries
python3 -m pip install mysql-connector
pip3 install cryptography
pip3 install scrypt
pip3 install pycryptodome
pip3 install scrypt
pip3 install registry
How to Run
First of all:
-
MySQL configuration
-
Create a user
- Create User
> CREATE USER 'user'@'localhost' IDENTIFIED BY 'password'; > GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost'; > FLUSH PRIVILEGES; > exit
- Rwstart service
sudo systemctl restart mysql.service
-
-
Create database and import tables
- Create database and use it
CREATE DATABSE db_name; USE db_name;
- Import sql files
SOURCE <path_to_sql_file>/secure_banking_system.sql SOURCE <path_to_sql_file>/log.sql
Then run python files:
python3 Public_Private_Keys.py # This command is not necessary
Python3 Server.py
Python3 Client.py
Signup:
Signup class features:
- Checking the strength of the input password for
Authentication
- Adding Salt and hash the input password for
Authentication
Login:
Login class features:
- Backoff mechanism for
Authentication
- Changing the state of the system after a user logs in for more security.
- Implementing Salting link
Cryptography:
Cryptography class features:
- Symmetric cryptography
- Session key -> It will be expired after 5 minutes.
- Asymmetric cryptography
Access Control:
AccessControl class features:
- DAC
- MAC
- BLP
- BIBA
Banking Operationl:
BankingOperation class features:
- Create [account_type] [amount] [conf_label] [integrity_label]
- Join [account_no]
- Accept [username] [conf_label] [integrity_label]
- Show_MyAccount
- Show_Account [account_no]
- Deposit [to_account_no] [amount]
- Withdraw [from_account_no] [to_account_no] [amount]
HoneyPot:
BankingOperationHoneyPot class features:
- Generally, a honeypot consists of data that appears to be a legitimate part of the site and contains information or resources of value to attackers. It is actually isolated, monitored, and capable of blocking or analyzing the attackers. link
- In this project, the attacker will access fake banking operations after entering the wrong passwords 6 times.
- Everything is logged in this section to identify the attacker's motive.
logging:
- The purpose of logging is to track error reporting and related data in a centralized way.
Support
Reach out to us at: