ATMs, easily available financial service outlets are vulnerable to various attacks such as jackpotting, data skimming, fake machines, etc which incase gets easy for attackers to attack. In the present state, there are no machines available to verify the genuineness of these financial service outlets.
Securing ATM Communications is an important aspect of ATM security in India and over the world in which TLS help secure the communications between the device and switch. Hence, by using SSL or TLS will encrypt the transmission of sensitive data across networks leading to secure ATMs.
Table of Contents
What is TLS Protocol ?
TLS (Transport Layer Security) is a widely-used protocol for establishing secure communications over the internet. It is the successor to SSL (Secure Sockets Layer), which was the predecessor to TLS.
TLS works by establishing a secure channel between two parties (typically a client and a server) that allows them to exchange data in a private and authenticated manner. This is accomplished by using a combination of public key cryptography, symmetric key cryptography, and hashing.
When a client wants to establish a secure connection to a server, the client and server perform a “handshake” that results in the creation of a secure session. The handshake involves several steps, including:
The client sends a “ClientHello” message to the server, which includes a list of supported cipher suites and a random number (referred to as a “client nonce”).
The server responds with a “ServerHello” message, which includes the chosen cipher suite and a random number (referred to as a “server nonce”).
The server sends its certificate to the client, which the client verifies.
The client generates a pre-master secret, encrypts it with the server’s public key and sends it to the server.
The server decrypts the pre-master secret with its private key and both client and server use the pre-master secret and a set of other values to generate a master secret.
Both the client and server use the master secret to generate session keys, which are used to encrypt and decrypt the data exchanged during the session.
Once the secure session is established, the client and server can exchange data securely using the session keys. The data is typically encrypted using symmetric key cryptography (such as AES), and the authenticity of the data is ensured using a message authentication code (MAC) calculated using a hashing algorithm (such as SHA-256).
TLS is widely used to secure web traffic (HTTPS) and other internet protocols. It is supported by most web browsers, servers and operating systems, and it is an important tool for protecting online privacy and security.
TLS version 1.3 is the latest version of the standard, the changes from 1.2 includes reduction of the number of roundtrips, encrypts the handshake more securely, and encrypts the client server communication end to end.
Is TLS necessary for Bank ATMs?
The short answer is Yes!
TLS (Transport Layer Security) certificates can be used to secure communication between an ATM (Automated Teller Machine) and a remote server, such as the server of a financial institution. This can help to protect sensitive information, such as account balances and transaction details, from being intercepted by malicious actors during transmission over the internet.
For example, when a customer uses an ATM to check their account balance or perform a transaction, the ATM establishes a secure connection with the bank’s server using TLS. The ATM’s TLS certificate acts as a kind of “identity card” that authenticates the ATM to the bank’s server and vice versa. The server can verify that the connection is coming from a legitimate ATM and not a rogue device, The bank’s server can also encrypts the information before sending to the ATM and ATM can decrypt it.
To establish this secure connection, the ATM would typically be provisioned with a TLS certificate that is issued by a trusted certificate authority (CA). The certificate would contain information such as the ATM’s hostname, the name of the organization that operates the ATM, and a public key that can be used to encrypt data.
When a customer uses the ATM, their web browser checks the ATM’s certificate against a list of trusted CAs to ensure that the certificate was issued by a trusted entity and that it has not expired or been revoked. If the certificate checks out, the browser proceeds to establish a secure connection with the ATM.
It is important to note that in order to establish a secure connection, the certificate must be valid and it should be renewed on a regular basis before expiration. Also, the certificate should not be vulnerable to any known vulnerabilities, either in the protocol or the implementation to ensure security of the communication.
Functions of TLS Certificate for ATM's
TLS certificates for AMT play an important role in securing communication between ATMs (Automated Teller Machines) and remote servers, such as the servers of financial institutions. The main functions of a TLS certificate for an ATM include:
Authentication: The TLS certificate serves as an “identity card” that authenticates the ATM to the remote server, and vice versa. This ensures that the connection is coming from a legitimate ATM and not a rogue device.
Encryption: The certificate enables the use of public key cryptography to encrypt data being sent between the ATM and the remote server. This helps to protect sensitive information, such as account balances and transaction details, from being intercepted by malicious actors.
Non-Repudiation: the certificate can be used to ensure that the ATM and the remote server cannot deny having sent or received a message respectively.
Integrity protection: The certificate allows to use a message authentication code (MAC) to ensure the integrity of the data being sent between the ATM and the remote server.
Secure Key Management: The certificate enables secure management of keys used for encryption and decryption of the messages between ATM and the remote server.
Secure Clock Synchronization: The certificate enables ATM to synchronize its clock with the remote server.
Remote Management: The certificate enables the remote server to manage the ATM, such as to check the status, receive software updates and perform troubleshooting.
It is important to note that the certificate must be provisioned and maintained properly, for example by renewing it on a regular basis before expiration, and not be vulnerable to any known vulnerabilities, either in the protocol or the implementation to ensure security of the communication.
ATM which support TLS certificate
- Minimum of TLS 1.1 (recommended 1.2),
- Verify certificates of the server,
- Minimum 2048 bit public key length,
- Creation of new sessions when a renegotiation is needed.
Many modern ATMs (Automated Teller Machines) support the use of TLS certificates to secure communication with remote servers, such as the servers of financial institutions. Some examples of ATM manufacturers that support the use of TLS certificates include:
Diebold Nixdorf: Diebold Nixdorf is one of the largest ATM manufacturers in the world. Their ATMs are used by many financial institutions and are known to support the use of TLS certificates.
NCR Corporation: NCR Corporation is another major ATM manufacturer. Their ATMs are used by many financial institutions and also support the use of TLS certificates.
Fujitsu: Fujitsu is a japanese ATM manufacturer who’s ATMs are widely used in Japan, Europe and Asia, their ATMs also support the use of TLS certificates.
GRG Banking: GRG Banking is a chinese ATM manufacturer with a wide range of ATMs, they also support the use of TLS certificate.
Wincor Nixdorf: This is a German manufacturer, who’s ATMs are also used by many financial institutions, they also support the use of TLS certificate.
Please keep in mind that this list is not exhaustive and there are more ATM manufacturers out there that support the use of TLS certificate. Some ATMs may also be able to be upgraded to support TLS certificates if they were not originally designed to do so. It’s important to check with the ATM manufacturer or provider to determine if a particular ATM model supports the use of TLS certificates, or if an upgrade is possible.
How to buy TLS certificate for ATM?
Netpace™ India acts as a CA (Certificate Authority) for ATM TLS between ATMs and Switch and provides the certificate for ATM switches and ATM Machines which can work on private/public IP’s.
You can easily have a TLS certificate with Netspace for:
- TLS Certificate for 1 year.
- TLS Certificate for 3 years.
- TLS Certificate for 10 years.
For more information, Contact us.
Buy TLS Certificate for ATM's
Get a quote for your TLS certificate for ATMs and switches.
Get in touch
Shashi kant Pandidhar
Leave a Comment
Get the latest news and deals
Sign up for email updates covering blogs, offers, and lots more.
Subscribe: Trusted By 1M+ Readers
Get the weekly Tech Update straight to your inbox.
