Fast Forward - August, 2013 - IDRBT


3 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

147 εμφανίσεις

Institute for Development and Research in Banking Technology
(Established by Reserve Bank of India)
Exploring and Exploiting
Common Good
Newsletter, August 2013
Volume 16, No. 2
ISSN 0973 - 2527
Project Trainees Moments...
HE IDRBT Project Trainee Scheme focuses on exposing and encouraging bright youngsters,pursuing their
Graduation and Post Graduation from premier Institutions like the IITs,IIMs,IIITs,etc.,to various aspects of
BankingTechnologysoas toforma‘Networkof YoungMinds’ withaninterest intechnologies relatedtoBanking.
On an average,the Institute now selects about 50 trainees every year,who carry out a project aimed at solving IT-
basedchallenges facedbybanks for about twomonths.Inthelast threetofour years,over 175youngminds havebeen
a part of the IDRBT Project Trainee Scheme.This initiative also contributes to building Brand IDRBT,especially among
In the summer of 2013,the Institute afforded opportunity to 51 young minds,who carried out some very exciting
projects.Herecomes asnapshot of thesetrainees andtheir projects:
Networking Young Minds: Project Trainees 2013
Project Description:
This project aims to develop an
Interest Rate Risk management model that can stabilize
theincreasingvolatility inthedomestic interest rates and
foreign exchange rates.Using the previous data of some
banks along withthecirculars issuedby theReserveBank
of India (RBI) and Bank for International Settlements
(BIS),we have tried analyzing whether the proposed
algorithmto measure and control the Interest Rate Risk
fits well for theIndianBankingSector.
To prepare an algorithmfor computing and managing
theInterest RateRisk
To specify the strategies that helps minimizing the
Interest RateRiskof banks.
An algorithm which will help the bank take proper
decisionfor Interest RateRiskManagement.
Modelling of Interest Rate Risk in Banks
Project Description:The security of mobile devices has
become a cause of concern due to threat of virus attack.
In this project,we have developed an Antivirus
application to detect the infected files.The application is
in two modes.The first mode is a standalone application,
wherein the user can download it fromthe internet and
install it in the mobile device.This application has two
versions:one developed in J2SE and another in J2ME.
Although both the versions have the provision of
scanning the device,J2SE version has more facilities than
The second mode of application is a web-based client-
server application.The application can be used whenthe
device is connected to internet.The user can register
his/her device,can scan file online,can report a file as
thread,and can also download updates for Antivirus
We have also studied various other Antivirus solutions
available in literature and have made an analysis based
on the Operating Systems and detected virus files for
eachAntivirus solution.
Ramveer Singh
Dr. V. N. Sastry
B. Tech.– III Year,
IIT – Indore
Rahul Chaudhury
Dr. V. N. Sastry
M. Tech.-II Year,
Design and Development of Mobile Antivirus
Fast Forward | August 2013
To study various Antivirus solutions available in the
To design and develop an application to detect the
infected files (virus) in a mobile device using J2SE and
Toextendtheapplicationas awebapplicationthat will
provide the facility for user to scan the mobile files
online,other services toreport afileas thread.
Mobile Antivirus application and Client-Server web-
Design and Installation documents to help the user to
install theapplication.
Implementation of Portfolio Optimization Model
on Mobile Device for Stock Investment
Project Description:An investor always wants to
maximizethereturnoninvestment whilekeepingtherisk
low,which can be accomplished by opting for a
diversified portfolio of securities.To calculate the
proportion of investment in each security of an optimal
portfolio,we considered the model proposed by Harry
Markowitz.We implemented his critical line method on
In this method,we determined a series of efficient
portfolio from maximum return to minimum risk
considering a scenario where portfolio contains only one
stock and still yields maximum return.We then
computedthenext efficient scenarioby addingonemore
stock into the previous scenario and repeated this
process until there is no change in the risk.The last
scenario will be the minimum risk scenario of the
Sushil Kumar
Dr. V. N. Sastry
Integrated M. Tech.– III year,
This method takes as input the average return of each
asset andco-variancematrix for assets inportfolio.These
inputs can be calculated fromthe historical data of asset
prices.The implementation uses CLDC configuration of
J2ME and historical data is obtained using http
connection and HTML file parsing.As output,it shows
some of the efficient scenario of portfolio and minimum
risk optimal scenario,which is further used to provide
investment guidancetousers.
To design and develop a mobile application for
investment guidance to users based on portfolio
A mobile application that runs on all J2ME supported
mobiles which helps user to take investment decision
Thedesigndocument of theapplication.
Comparative Analysis of
Near Field Communication (NFC) and other
Short Range Mobile Communication Protocols
Apuroop Kalapala
Dr. V. N. Sastry
B. Tech.– III Year,
IIT – Roorkee
Project Description:Sufficing to the demands of
mobile communications in terms of speed,
availability of access to various services on mobile,
there is an increase in complexity of technology in
terms of hardware and software.Initially,the project
startedoff with basics like workingof GSM,pros/cons
of NFC,Bluetooth,RFIDs,Infrared and GPS,and then
moved onto standards/specifications of Bluetooth
Fast Forward | August 2013
Antennaaspects werestudiedbasedonstandards of NFC
and Bluetooth to find out why NFC comes into existence.
Weexaminedtheworking of mobilephoneandits power
consumption characteristics.We also studied howto use
different modes of NFC given by NFC-forum.Discussion
was done on various alternatives for NFC and different
upcoming radio communication like zig bee,Advanced
Infrared,Bluetooth LE,Induction wireless and Wi-Fi
direct.Some of the interesting NFC/RFID applications
were also identified that are being implemented
worldwide and we tried to assess their security aspects
and scope of marketing NFC in India.Thus,problems
faced by the people using such technologies and its
reasons werealsoexplored.
To study various kinds of short range mobile
communication focussing primarily on Bluetooth and
A report consisting of Application of Short Range
Mobile Technologies in various fields and comparative
analysis of it
Testing of mobile payment application on two mobile
devices usingNFCandBluetoothtechnology.
Mobile Application for Appointment Scheduling
for Banking Services
Project Description:We proposed to develop a mobile
application that will enable a registered customer of a
bank,to schedule appointments with the bank
personnel.In this project,we designed the application
wherein a customer can book appointment with the
branch personnel on a mobile phone.This application
helps ingiving feedback about the services,gives options
for theBranchManager toapproveor reject therequests
Anil Karre
Dr. V. N. Sastry
B. Tech.– III Year,
IIT – Patna
made by a customer and also set the working and
availabilityof thestaff.
We used “Scheduling Algorithms”,in order to solve the
problemof scheduling a large number of requests from
customers for alimitednumber of availabletime-slots,by
defining some priority criteria like customer’s tenure of
relationship with bank,etc.This application is being
developed using Java ME,so that,it can be used on Java-
To design,develop and implement a mobile
To enable a customer of a branch,to schedule a time
slot withthebranchpersonnel for his/her purpose
TofacilitatetheBanker,toknowabout his/her detailed
schedulefor theday andhelpthemplantheir day inan
efficient way.
Java-based mobile application for booking
Source-code and design documents for the
Random Number Generators
Vipin Kumar Singhal
Dr. V. N. Sastry
B. Tech.– III Year,
IIT – Guwahati
Project Description:Random Numbers are very much
needed for security purposes,simulation and games.In
this project,we studied various pseudo randomnumber
generators.Whenweaddsomepurerandomprocess ina
Pseudo Random Number Generator (PRNG) by using
clock or user input,which can be claimed as proper
random,it becomes capable of generating pure random
number up to a great extent.There are some tests which
Fast Forward | August 2013
shouldbefollowedby any sequenceof randomnumbers.
Studyof thesetests is alsoincludedinthis project.
We implemented the algorithms of PRNGs (Linear
Congruential,Lehmer RNG,Lagged Fibonacci,Blum-
Blum-Shub (BBS) on PCs and mobiles by considering
optimization of algorithm so that sequence of random
numbers couldbegeneratedas per theuser requirement
in minimum time and resources.The application
executing the algorithmwould generate perfect random
numbers withuser’s choice.
To study,analyze and compare various types of
RandomNumber Generators (RNGs)
To design RNG algorithm and implement them on
mobiledeviceor PCas per therequirement of user and
Report on various pseudo Random Number
Generators like linear and non-linear congruential
generators,lagged fibonacci,etc.,which are used as
inbuilt RNGs in many computer languages like C,C++,
Optimized algorithm for generating sequence of
randomnumbers on PC.This algorithmis optimized in
terms of timeandresources
AnapplicationwritteninJava language withalgorithm
generating random numbers.The user can choose
fromChoosingrandomnumber generator;Quantityof
random number,Type of random number (numeric,
alphabetic,binary,alphanumeric),Choosing their own
seed,Length of random number up to any extent,
Checking whether a number is prime or not.It will be
able to generate randomnumbers and strings in very
less time which can be used best for cryptographic
purposes andsimulationpurposes.
Detection of Financial Statement Fraud
using Decision Tree Classifiers
Himanshu Sharma
Dr. V. Ravi
Integrated M. Tech.– III Year,
IIT – Delhi
Project Description:
The project focuses on the use of
Decision Tree Learning algorithms to detect frauds in
financial statements.The goal is to create a model that
predicts the value of a target variable based on several
input variables.Decision trees used in Data Mining are of
two types viz.,classification trees and regression trees.
We worked on the following different decision tree
learning algorithms:Naïve Bayes Learner,C-4.5,Random
forest,Ripper,NB Trees,CART,TreeNet,Quantile
Theresults of t-statistics onthedataset is usedfor feature
selection.This is done to remove the redundant features
from the dataset.Another classification algorithm i.e.,
firefly minor is implemented over these results to
The classifiers are to be used for detection of financial
statement frauds especially in the growing Asian
Prediction of financial fraud is extremely important as
it cansave huge amount of money.Hybriddata mining
techniques can be used to increase the accuracy of
classification.Other techniques like text data mining
for sentimental analysis of the textual description of
financial statements can be used together with data
mining algorithms to provide better prediction of
financial statement frauds.
Fast Forward | August 2013
Project Description:
Learning speed of feedforward
neural networks is ingeneral far slower thanrequiredand
it has been a major bottleneck in their applications for
past few decades.Extreme Learning Machine (ELM) is a
learning algorithmfor Single-hidden Layer Feed forward
Networks (SLFNs) which randomly chooses the input
weights and analytically determines the output weights
of SLFNs.
The project modifies ELMas an Auto Associative Neural
Network (AANN) implemented as a single class classifier.
The efficacy of the proposed single class classifier is
evaluated on bankruptcy prediction of datasets namely
Spanish banks,Turkish banks,UK banks,UK credit
datasets and phishing datasets.For evaluation
combinations of Gaussian and Sigmoid activation
functions with uniform,normal and logistic probability
distribution were chosen and ensembling technique was
usedfor result compilation.
ELM-AANN achieved better results at extremely faster
speeds when compared with Particle Swarm
Optimization Auto Associative Neural Network
(PSOAANN) for UK credit and Mayank and Ravi (IEEE,
2012) phishingdatasets.
Structuring ELM as an Auto Associative Neural
For Credit Scoring.
Work would be submitted to a journal titled as:Auto
AssociativeELMas asingleclass classifier.
Extreme Learning Machine
Puneet Singh
Dr. V. Ravi
Integrated M.Sc.– III Year,
IIT – Kanpur
Economic Capital Assessment for
Consumer Credit Risk
Arushi Gupta
Dr. Mahil Carr
Integrated M. Tech.– V Year,
IIT – Delhi
Project Description:
In this project,the focus lies on the
Internal Ratings Based Approach of the Basel II,which
requires internal estimators of the four risk factors,
namely the Probability of Default (PD),the Loss Given
Default (LGD),the Exposure at Default (EAD) and the
EffectiveMaturity(M),for eachfinancial claim.
At first,we implemented Vasicek one-factor model,to
compute the loss distribution of credit risk and
henceforth,the probability of default of an obligor using
Vanilla Monte Carlo Simulations in Matlab.To validate
the model empirically,historical data of retail loans
grantedbyAndhraPradeshGrameenVikas Bank(APGVB)
from2000 to 2013 were collected and scrutinized.Next,
weestimatedtheprobability of default of theobligor and
theloss givendefault tothebank usinglogistic regression
andmultiplelinear regressionbasedmodels respectively.
Thetrends of estimateddefault probabilities andtheloss
given default are examined according to loan-types,
rating classes and year wise.According to the Advanced
Internal Ratings Based Approach (A-IRB) of the Basel II,
the asset correlation parameter for the different retail
exposures is then calculated and employed to determine
the minimum capital requirement for different types of
loans grantedbyAPGVB.
To develop econometric models in order to estimate
the default probabilities of obligors associated with
retail loans and the Loss Given Default for the facility
employing statistical techniques such as logistic
regressionandmultiplelinear regressionrespectively
To determine the adequate buffer capital basis for
credit risk by evaluating the AdvancedInternal Ratings
BasedApproach(A-IRB) of theBasel II.
Fast Forward | August 2013
A minimumcapital requirement assessment for credit
risk management in Andhra Pradesh Grameen Vikas
Bank based on Basel II Internal Ratings Based
Approach using historical loan portfolio data for the
Cash Demand Forecasting for ATMs
Project Description:
Cash management is a crucial
activity for any bank.Banks needtobeabletopredict the
customer demand for cash reasonably and accurately.A
forecasting model is designed to address the multiple
seasonalities and calendar day effects that are prevalent
in the demand for cash.Two-time series models:Holt-
Winters andARIMAwere usedtodetermine the demand
for a particular ATM (using historical data of ATM
transactions) provided by banks.The Holt-Winters
seasonal method comprises the forecast equation and
three smoothing equations —one for the level,one for
trend,and one for the seasonal component denoted by,
with smoothing parameters.ARIMA models have three
parts – the Auto Regression part (AR),the Integration
part (I) and the Moving Average part (MA).AR part
assumes observed value depend on previous values,MA
part assumes random error with some linear
combination of previous random error and integration
part is for making time series stationary.Forecasting
accuracy was measured using the mean absolute
Toforecast the cashdemandinATMrefilling using two
time series models Holt-Winter and ARIMA through
Excel andRcoding.
We have evolved a technique (an operating
procedure/guideline),by using these two-time
Shanu Agrawal
Dr. Mahil Carr
M. Tech.– II Year,
IIT – Kanpur
series analysis methods that a bank official handling
ATMOperations can use to be able manage the flow
of cashefficientlyinthebank’s ATMnetwork.
Static Program Analysis
Manisha Dudi
Dr. Mahil Carr
B. Tech.– III Year,
IIT – Ropar
Project Description:
Static Program analysis can help
detect the area that needs to be refactored and
simplified;find the areas that may need more testing or
deeper review;identify design issues and improve
maintainability by reducing code complexity.We can also
detect errors likememoryleaks,null pointers,etc.
In order to do the data flow analysis,first,we form a
latticeof thegivencode.Thelatticeis definedbyanupper
bound and a lower bound enabling analysis of the code.
As a result,we obtained results for a range of values for a
given set of variables.We prepared a Control FlowGraph
(CFG) for the given code that traverses through the
program during its execution.Using CFG,we tried
detecting the flaws.Then,we defined constraints for
every line of the code as per the criteria of research,
which is useful in finding live variables or available
expressions.The constraints could be resolved by
applying the fix point theorem which will be useful in
removinglines or anunnecessarilydefinedvariable.
To improve the quality of a code by detecting errors,
Reducingerrors means reducingsecurityattacks.Thus,
it provides greater securitytoatool.
Toprovidea tool that canperformdata flowanalysis of
Fast Forward | August 2013
Project Description:
PGP is a strong algorithm that
criminals use to encrypt their data in order to inhibit
others from accessing the illegal material and may also
hide the very fact that it was encrypted by changing file
extensions and make it seem like a normal file.File
headers are very useful in gathering information about
the type of file even if the file extensions are tampered.
The PGP encrypted files usually end with extensions like
.gpg,.asc,etc.As far as PGP encrypted files are
concerned,therearedifferent groups or types of files like
Public-key encrypted files,secret key files,etc.,for which
checkingasinglestaticfilesignaturedoes not apply.
Inthis project,we have performedheader analysis as per
the format specification given in the Open PGP Message
Format (RFC 4880).We have taken a system that is
considered to be the criminal’s system and we have
identified the different groups of PGP encrypted files like
Public-key encrypted files,symmetric key encrypted files
andsecret keyfiles.
Identify the PGP encrypted files through header
analysis evenif their extensions aretampered.
A Java Swing interface that can identify the PGP
encrypted files from a selected drive and display
header information.
Vidya Gopalakrishnan
Dr. B. M. Mehtre
B. Tech.– III Year,
National Academy
of Sciences, Bangalore
Forensic Analysis of Encrypted PGP Files
Hacking Tools and Techniques
Gaurav Patel
Dr. B. M. Mehtre
B. Tech.– III Year,
Indian School of Mines,
Project Description:
Information is the most important
resource in the market which needs to be preserved in
every possible way.Today,one of the major problems
faced by the IT industry is the security of data and its
availability at every point of time.The important and
sensible information of the banks,organizations and
individual users are being stolen using various hacking
tools like Trojan,Poison Ivy,etc.,and techniques such as
Phishing,Pharming,DistributedDenial of Service(DDoS).
Adeeper analysis of various hackingtools andtechniques
is required to detect various attacks and to provide
preventivemeasures against suchattacks.
To study,analyze and understand different
vulnerabilities beingexploitedbycyber attackers
To analyze and understand the whole process of
various hacking methods such as Phishing,Distributed
Denial of Serviceattacks andtolearnvarious measures
todetect andprevent suchattacks
To provide an improved and efficient algorithmbased
on characteristics of Hyperlinks used by phishers to
detect andprevent phishingattacks.
A study report on a cyber fraud (in which 45 million
dollars were stolen froma credit card firm) describing
the whole process of the fraud,various hacking tools
andtechniques involvedandhowthefraudtookplace
An efficient and improved algorithm based on the
characteristics of the hyperlinks used by the phishers
for theonlinedetectionandpreventionof phishing.
Fast Forward | August 2013
Project Description:
Theuseof Static Analysis comes into
play to identify the weakness in the code.Static Analysis
tools help programmers identify the common mistakes
fromthe knowledge database.These analysis tools may
be applied in the early stage of software development,
thus making the enormous job of testing software (i.e.
dynamic analysis) easier.Different forms of static
analysers canbe classifiedas lexical analysers (syntactic),
parse-tree analysers (semantic),AST analysers,CFG
Modern compilers are embedding static analysers.Some
static analysers run on source code after they are built.
But the most applied form of it is tools integrated with
IDE’s that shows errors during coding in the editor and
possible quick fixes or hints to fix.These tools are in an
evolving stage of being fully automatic in most of the
possible cases.These tools are effective in finding
repetitive errors (mostly faulty library functions) but
inapplicable to newvulnerabilities.They also fail to catch
logical errors or architectural errors.
To find vulnerabilities in language development and
buildastaticanalysis tool for anIDE.
Checker Plugin for Eclipse in CDT (C/C++ Development
tools) which has an extendable checker development
For string format error in faulty library functions like
andtheir friends (error );
Wrong input value for n in strncpy (char*dst,const
char*src,int n)) causingbuffer overflow(error);
Static Analysis in Software Security
Krishnendu Saha
B. Tech.– II Year,
IIT – Kharagpur
Guide:Dr. V. Radha
Opening a file to write (fopen (stream,’w’))with
same name with a file already present in the same
Opening a file toread(fopen(stream,’ r’)) whennofile
is present ingivenstream(error).
File or data base that is opened should be closed in all
DFD gives an understanding about data flow through
different entities so that it is possible to build trust
boundaries and that gives the data that should be
checkedor sanitizedwhileflowing.
Software Defined Networks
Sahil Sachdeva
Dr. V. Radha
B. Tech.– II year,
IIT – Hyderabad
Project Description:This project includes a detailed
study on Software Defined Networks to eliminate
securityvulnerabilities likearpspoofing.
Networks are largely the same as years agoandits rate of
change is almost negligible leading to slowswitching and
processing.Software-defined networking model
manages network devices from a centralised controller
which has a global view of the network and pushes
configurations to the relevant devices in a network,
based on policy-level decisions.It thus increases the
efficiency and flexibility of the network.It is an approach
through which we can separate the elements of
networking,namelycontrol planeanddataplane.
Majority of MITM(Man-In-The-Middle) attacks can’t be
prevented by conventional routing protocol,but in turn
needs a host to install third party software to do so.In
SDN,one can programeach and every component of our
network through a remote controller accordingly and
prevent suchattacks.
Fast Forward | August 2013
Toharness capabilities of SDNtosetupanetwork
To make the network secure by preventing arp
Design and develop attack resistant network that can
be employed in various data centres for a wide range
of applications
Improves efficiency of the network and covers the
Project Description:
A biometrics systemis essentially a
pattern recognition system that operates by acquiring
data from user,extract a feature set and compare it
against the template in the database.Examples of
Biometric systemare fingerprint,face,iris scan and palm
print.Oneof themethods usedtomeasurethetextureof
the image is Grey Level Co-occurrence Matrix (GLCM)
method.Haralick's texture features are extracted from
GLCMmatrices and are used as column vector.Standard
Databases of Palm-print which contain thousands of
Grey-Level images of palm of various users are used.
Metrics like False Acceptance Rate (FAR) and Genuine
Acceptance Rate (GAR),calculates the number of fake
users entering as genuine users and the number of
genuineusers beingrejectedas falseusers.
To understand various methods of palm print
identification,its implementation and execution on
various standard databases like PolyU palm print
database,IITDelhi palmprint database
Narender Yadav
Dr. MVNK. Prasad
B. Tech.– III year,
IIT – Ropar
Palm Print Identification System
Digital Watermarking of Colour Image using
Ridgelet Transformation
Kiran Bhargav Balleda
Dr. MVNK. Prasad
B. Tech.– III Year,
IIT – Indore
Project Description:
Digital watermarking canbe applied
to digital signals like images,video,text,and audio.
Adding watermark to image is nothing but image
watermarking which are of three types depending on
their bit representation:1) Binary image,2) Gray scale
image,3) Color image (RGB image).In this,watermark is
gray scale (64*64).Final image after adding watermark is
calledas watermarkedimage.
Ridgelet is a combination of radon and 1-d wavelet
transform.Wavelet transformis goodat processing point
singularities,whereas radon transform processes line
singularities and converts edge singularities into point
singularities.Ridgelet transform can process both the
singularities.First,it removes edge singularities and
converts them into point singularities by radon
transform,and then removes point singularities by
wavelet transform.So,ridgelet transformation can be
usedtoaddwatermarktoget better results.
Themainobjectiveof theproject is toaddandretrieve
the watermark to an image efficiently using the
ridgelet transformation.
Theproposedmethods will betestedonbenchmarked
database images like lenna,cameramen,etc.,and
comparetheresults withexistingmethods.
Areport onPalmprint authentication.
Fast Forward | August 2013
Project Description:
The aimof this study is to assess the
status of IT governance in Indian Banks.This descriptive
study examines howITgovernanceis beingimplemented
through a number of IT governance practices and
assesses the maturity levels of IT governance in Indian
Banks.For this purpose,a survey was conducted among
Indian banks and responses were analyzed.Based on the
research,recommendations were made for effective and
efficient useof ITgovernanceinIndianBanks.
Toevaluatethestateof ITGovernanceinIndianBanks.
A report regarding the status of IT Governance in
IT Governance in Indian Banks
Amrita Kumari
Dr. G. R. Gangadharan
MBA – II Year,
Dept. of Mgmt. Studies,
IIT – Roorkee
address the reduction of capital expenditure,etc.,needs
to be conducted.Each of the cloud providers has their
own set of pricing,billing,support and other important
parameters intheir model of computingtheservice.
This study analyzes comprehensively the cloud
architectures of various cloud service providers,
especially fromthe perspectives of security and services
To gather enough information to make informed
decisions when looking for a cloud provider,fromthe
perspectiveof securityandservices management.
A report highlighting security and services
management aspects of the different cloud service
Strategies for Adopting Cloud Computing by
Indian Banking Industry
V. Sai Raghu Yogendra
Dr. G. R. Gangadharan
MBA – II Year,
School of Mgmt. Studies,
University of Hyderabad
Project Description:
This study provides insight into the
pragmatic factors driving the adoption of cloud in the
bankingsector of India,as well as thoseaspects inhibiting
adoption.We followed research methodologies
including literature reviewand questionnaire survey.We
also tried to find the needs of banks to adopt cloud,and
the required resources and skills to be provided by the
service providers and regulators for successful adoption
of cloudbybankingindustryinIndia.
To have an exhaustive analysis on cloud computing
characteristics,advantages uponadopting,preventive
measures that are needed to be taken in case of
threats hamperingprivacyandsecurityof thedata.
Areport onstrategies for adoptingcloudcomputingby
Project Description:The biggest issue in cloud
computing is its security and privacy which is caused by
the multi-tenancy nature,outsourcing of infrastructure
and sensitive information.To adopt a cloud provider,a
detailed study of the security parameters like network
security,data security,access control,options that
Security and Services Management Aspects of
Cloud Architectures
Chittajallu Sai Meghana
Dr. G. R. Gangadharan
B.E.– IV Year,
Manipal Institute of
Technology, Manipal
Fast Forward | August 2013
Project Description:
Concept of data outsourcing is very
appealing as it reduces costs in storage and maintenance
and offers increased availability of data.The data stored
onathirdpartyserver,raises serious securitythreats.
In this project,we developed a method that helps in
storing the data dynamically in the cloud and verifying
the data without downloading.We have used PDP
(Provable Data Possession) scheme in which the data is
pre-processed by the owner and the metadata used for
verification purposes is produced.Data is stored on the
third party using B+ trees with the concept of composite
To develop a method by which we can verify whether
thedatastoredat anuntrustedserver is intact or not.
Areport onProof of Storage.
Proof of Storage in Cloud
Vipul Maheshwari
Dr. G. R. Gangadharan
MCA – II Year,
School of Computer and
Information Sciences,
University of Hyderabad
for better coverage in a geographical area.The problem
of ATMlocation is complicated as customers of one bank
can use their debit cards at any other bank’s ATMfor the
first few transactions in a cycle.Today,RBI is
contemplating the establishment of white color and
groundlevel ATMs.TheseATMs areinadditiontoabank’s
own ATMand would be run and managed by third party
The purpose of the proposed work is to optimize the
location of an ATM in a given area by using Voronoi
diagrams.The primary purpose of Voronoi diagrams is to
quantizethequalityof public services deliveredinagiven
servicearea.This taskof analysis is further simplifiedwith
the availability of analytics software and GIS software.
This work tries to identify the parameters that impact a
bank ATM location and also identify relative weights of
each of this factor.This information can then be used to
identifybest locations for boththebranchandATM.
To identify the population demographics that
influenceATMusageat agivenlocation.
A statistical model to compare the location of an ATM
versus its actual usage.
A Multithreading based Tool for Generating
Voronoi Diagrams Quickly
Gunda Pravallika
Dr. N. Raghu Kisore
B. Tech.– III year,
National Academy of
Sciences, Bangalore
Project Description:Voronoi diagrams can be used for
Big Data visualization to aid the banks to generate visual
report and understand the effective coverage of their
ATM/Branch service area.Such a visual diagram can be
used to quickly quantize the geographical areas that are
currently underserved.Producing Voronoi diagramfor a
geographical area requires dealing with an extremely
largedatasets that holdpopulationdetails.
Project Description:The primary purpose of establishing
ATMs is toreduceworkloadat thebranches.This purpose
can be better served if the ATMlocations are optimized
Identifying Population Demographics of a
Geographical Area that Influence ATM Usage
Ganga Reddy P
Dr. N. Raghu Kisore
MBA – II Year,
IIT– Kanpur
Fast Forward | August 2013
The aimof the project is to use parallel programming to
speed up the process of Voronoi diagram generation
since Voronoi diagrams are computationally expensive
anddonot scalewell tolargedatasets.
Develop a visualization tool for banks to quickly
understandthe geographical spreadof their bank branch
and ATM service areas.Such a tool can be used to aid
banks inansweringthefollowingbusiness questions:
Givenaset of'N'ATMs,what is thebest possiblewayto
Given a set of QoS metrics,what is the minimum
number of ATMs necessary?
Given the fact that there are already'N'ATMs in a
locality,what is the maximum improvement in QoS
A visualization tool that can be used to study the
impact and spread of various banking services offered
Project Description:The objective of the proposed work
is to build mathematical model that measures the
financial losses caused due to a security attack on a
computer network.A digitalized economy depends on
internet for all its services.One of these services is
maintaining digital currency and transfer of the same
between a creditor and debtor (payments).This involves
building of secure payment protocols based on strong
mathematical proofs.But in reality,the success of such a
systemis limited by trust of the end user.That is,the end
system is only as successful as the security of the
softwarerealizationof thecryptographicprotocols.
Quantitative Model to Measure the Spread of
Security Attacks in Computer Networks
Saurabh Baranwal
Dr. N. Raghu Kisore
Integrated M.Sc.– III Year,
IIT – Kanpur
Incaseof financial services likedeliveryandmanagement
of digital currency and infusion of fake currency into the
network is subject to the security of the system.Further,
it is well understood that in spite of the best efforts to
secureapieceof software,thereis anon-zeroprobability
of a security breach.The impact of a security breach is
further magnifiedinadigital worldduetothehigher level
of interconnections between systems.Hence,the spread
of fake currency in the event of a security or cyber-attack
grows exponentially.
Quantitative model to measure the spread of security
attacks inComputer Networks.
The work will deliver a mathematical model that
can be used to measure the number of nodes that
will be attacked in the event of a cyber-attack.
Designing of Request Tracker for Intranet and
Cloud Resources
Mukul Dilwaria
B. Tech.– III Year,
IIT – Indore
Project Description:Request Tracker is a software/
application through which we can create,revert and
check the tickets (requests or complaints) of users,
customers and agents.Users and customers generate
tickets and agents handle them.The different types of
requests cominginneedtobehandledby different group
of agents.Additionally,each request/complaint has a
different priority.Thus,the tracking application should
Tanmay Jhunjhunwala
Dr. Shakti Mishra
B. Tech.– II Year,
IIT – Delhi
Fast Forward | August 2013
direct the incoming tickets to the relevant agents,allow
themto reply to themand address themin an organised
Todevelopasingleinterfacefor local intranet as well as
cloudpurposeas per therequirements of IDRBT
We chose OTRS software which is a well-developed
To edit and customize this open source code so as to
meet theneeds of IDRBT
Tochangetheinterfacesoas togiveit thelook andfeel
of IDRBT and adding more features like automatic
email/SMS,notifications,weekly statistics,LDAP
integration,etc.,which would make it more user-
The ticket tracking systemwill be up and running on a
server in IDRBT,thus making it accessible to internal
users as well as outside customers.Therefore,all the
requests or complaints regarding cloud resources,
virtualization and all the internal requests will be
handled in an organized way,reach the concerned
person/agent in a regulated manner enabling her to
Design and Development of Social Media
Strategies for Banking
Avinash Singh Bagri
Dr. Shakti Mishra
Integrated M. Tech.– IV Year,
IIT – Delhi
and also look after all sorts of risks and security
features/threats involvedindoingso.
Various Social Media platforms and their relevance in
Initial Framework on Social Media Usage for BFSI
Customer Education&Recruitment
Risk Assessment and Security Analysis for banking in
social media
Reviewof ITAct,66A.
To evolve a comprehensive Social Media Framework
andOperating Guidelines for adoptionof Social Media
intheBankingandFinancial Sectors.
Social Networking Game on Banking
Bonani Hazarika
Dr. Shakti Mishra
B. Tech.– III Year,
IIT – Ropar
Project Description:This project embraces the concept
of social media gamificationtopromotevarious products
offeredby banks.It alsoaims tocreate awareness among
the age group of 13-20 years about the functioning of
financial institutions.
To make it more interactive and user-friendly,the
concepts of social media have been introduced in the
game.The project focuses on
most of the facilities
provided by banks.It includes various investment
strategies like Fixed Deposit,Recurring Deposit,Stock
rates have been made flexible and can be changed from
increasing customer
education and awareness about
Project Description:The project mainly deals with
the scope and obstacles in the use of social media for
banks and financial institutions.The project will
discuss all the essential aspects related to social
media and banking.It will include the guidelines
required to lay the framework for the banks foraying
into social media,recruitment,training,transaction
Fast Forward | August 2013
time-to-time by the administrator.An option for
spending money has also been provided.Timely quizzes
help the user to monitor the knowledge gained on
various aspects of banking.Users/Players can like/share
other user’s information.The game also allows bonus
rewardpoints,referral points andmanymorefeatures.
Theobjectiveof theproject is topopularizethevarious
products and facilities provided by banks among the
age group of 13-20 years with the help of social media
The end result of the project is a game which can be
uploadedinanywebsite.Thegamegives anessenceof
real banking system.This game is helpful for both the
consumers and banks,as the banks can promote their
products throughthe game onone handandthe users
can get accustomed to the various solutions that the
bankinginstitutions provideontheother.
Project Description:Cloud Application Assessment
Toolkit is an agentless,automated,multi-product
planning and assessment tool for banks.The toolkit
provides assessment report on whether a given
application is suitable to be included in cloud.Not every
application can be hosted on cloud platform.Thus,the
toolkit measures the suitability of application on three
parameters i.e.Business Value,Technological Readiness
andOperational Risks.
Thebusiness valuedetermines whether thecloudhosted
application would make any business impact or not.The
second parameter – technology readiness verifies if the
application has been coded/programmed for elasticity
Cloud Application Assessment Toolkit
Naveen Kumar
Dr. Shakti Mishra
B. Tech.– III Year,
IIT – Ropar
and whether technology used in developing the
application is robust or not.The third dimension is to
identifytherisks associatedwithapplication.
Thetool takes all thethreeparameters intoconsideration
before giving out the results.A result is generated in the
form of a radar chart where each application
performance is compared with already set benchmarks.
The tool also allows user to download the report for
application,although it can be generalized to test any
application for cloud environment.The tool has been
designed to assess the banks application for IDRBT
To develop a cloud application assessment toolkit that
measures the business value,technology readiness
and operational risk for bank’s applications,before
hostingit ontheIDRBTCommunityCloud.
Tool contains minimal set of questions that seeks the
business value,technology readiness and operational
riskvalueof theapplication
Users can download the report which contains the
radar chart,benchmark value along with business
value,technology readiness and operational risk
values for application assessment.On the basis of
results,the user can compare its value with the
benchmark values anddecidewhether theapplication
is useful tobehostedoncloudor not.
Virtualization Assessment Toolkit
Anubhav Garg
Dr. Shakti Mishra
B. Tech.– III Year,
IIT – Ropar
Project Description:This project has been designed for
thecost/benefit analysis of post virtualizedenvironment.
In this study,our aim is to calculate ROI and TCO of
organizations in a virtualized environment.Following
Fast Forward | August 2013
factors have been taken into consideration while
calculatingtheROI andTCOof theorganization:
Savings onserver power andcooling
Savings onserver configuration
Cost computationof server consolidationhardware
Cost computationof storage
Virtualizationproduct licensecost
Server provisioningcost
Cost savingonmaintenanceevents.
The calculator follows a simple methodology by
considering the software acquisition and support costs
for a server virtualization solution.The calculator is not
meant to be the end-all-be-all cost analysis or to show
cost estimates exact to the last digit.Our target group is
BFSI sector who are currently deploying Server
Virtualization in their respective data centers.After
evaluating the cost benefit,organizations can compute
theimpact of virtualizationonthebusiness.
To develop Virtualization Assessment toolkit that
measures different parameters (discussed above) and
finally calculates the total savings and Return on
Investment (ROI) and payback over three years in
general and five years for post-virtualized
This tool measures total savings and Return on
Investment (RoI) and payback over three years and
fiveyears for server virtualizationindatacenters.
A Generic Tool for Fuzzy Segmentation Useful in
Banking, Finance and Marketing
Saurav Manchanda
Dr. Rajarshi Pal
B. Tech.– II Year,
IIT – Kharagpur
Project Description:
In databank marketing,the bank
tries to segregate its customers into homogeneous
segments with respect to the needs of the customers in a
given segment.Traditionally,the features of these
segments are defined in crisp intervals.The main
disadvantages of these feature definitions are that there
is no compensation between features,wrong
classification occurs and dynamic changes in customers
cannot be accounted for.If fuzzy analysis,e.g.fuzzy
segmentation is used,marginal customers are better
classified and existing compensation can be considered.
Traditional FCMalgorithms haveconsiderabletroubleina
noisy environment andinaccuracy witha large number of
different sample sized clusters.A good clustering
algorithmshould be robust and be able to tolerate these
situations that often happen in real application systems.
Traditional FCMalgorithms incorporatesamplemeanas a
minimizer whichis highlypronetonoise.Our project aims
todeviseanFCMalgorithmwhichuses arobust minimizer
other than mean that is able to tolerate all such noise in
real applicationsystems.
Building a generic fuzzy segmentation tool useful in
The tool must be able to cope with noise which is
prominent inreal timedata-sets
The tool must be able to segment mixed-type data i.e.
containing bothcategorical andquantitativeattributes
whichis expectedinreal timedatasets.
Fast Forward | August 2013
A Java-based software with an interactive GUI taking
input of a dataset in the formof an excel (.xls) file.The
user can select the quantitative and categorical
attributes and can also assign a weight to each of the
selected attributes.For segmentation,the user can
choose membership tolerance and other parameters
The user can viewsegmentation results in the formof
membership function matrix,cluster centers,
membership plots for each quantitative attribute,2D
scatter plots between each pair of quantitative
The user can also compare segmentation results
obtained from general FCM algorithm with our FCM
Project Description:Visual Saliency is the distinct
subjectivequalitywhichmakes someitemstanddifferent
fromother objects in its vicinity.Our attention is mostly
attracted towards the most salient object in the field of
view.Now-a-days almost every device is capable of
capturing images and focuses on the part to be
highlighted.But it may not stand out to be distinct all the
times due toother factors.This project attempts tofinda
method based on intensity so that the user defined
region in the gray-scale image draws immediate
attention of the viewer which the original image may fail
to do so.Saliency map of an image is computed using the
method of finding the degree centrality in the graph.
Imageis brokendownintoaset of nodes andedgeweight
is computed based on feature difference,Cartesian
Persuading Visual Attention through
Low-Level Image Features
Vikash Kumar
Dr. Rajarshi Pal
B. Tech.– II Year,
IIT – Hyderabad
distance and modulated by positional proximity.Feature
value is taken to be the key point in determining the
saliencyof animage.
Changing the feature value of user-specific part of the
imagesuchthat saliencyof that part is increased.
Algorithmand Matlab implementation for finding the
value by which intensity of user-specified part has to
beincreasedtomakeit salient is made
Code has been tested on many images and desired
result has beenobtained.
Watermarking Technique in
Cheque Truncation System (CTS)
Kumar Saurav
Dr. Rajarshi Pal
B. Tech.– II Year,
IIT – Kharagpur
Project Description:Cheque Truncation System(CTS) or
Image-based Clearing System (ICS) is a project
undertaken by the Reserve Bank of India (RBI) for faster
clearance of cheques.CTS is basically an online image-
based cheque clearing systemwhere cheque images and
Magnetic Ink Character Recognition (MICR) data are
captured at the collecting bank branch and transmitted
electronically.The movement of the physical paper
cheque is truncated at the presenting bank.The physical
cheque is scanned to capture a digital image of the
cheque.The digital image is routed to appropriate payee
bank.At the payee bank,the signature appearing in the
cheque image is verified against the stored signature of
theaccount number mentionedinthechequeimage.It is
also checked whether the account mentioned in the
cheque image has the balance to pay the amount of
money appearing on the cheque image.After getting a
positive result for verification,the payee bank signals the
Fast Forward | August 2013
presenting bank to pay money to the customer.
Therefore,the payee bank should receive an unaltered
image of a genuine cheque,so that,its decision does not
support a case of fraud.In recent years,number of
cheque related fraud cases has been rising.One kind of
fraud is where anyone can manipulate the image of a
genuine cheque.Image watermarking technique-based
solutionwill beprovidedtoidentifysuchkindof fraud.
Utilisation of watermarking technique in Cheque
Restoration of original cheque image using reversible
Algorithms and Matlab codes which first identify
important positions and then insert watermark at
those positions in cheque image and extract
Project Description:Steganographyis anart of conveying
secret messages andsecret images throughcover images
inaway that only thereceiver is awareof theexistenceof
a message.Steganography provides another layer of
protection on the secret message,which will be
embedded in another media such that the transmitted
datais meaningful andinnocuous toeveryone.
By using techniques such as encryption,DWT,DCT and
other transforms,we can increase the embedding
capacity,security and imperceptibility in steganographic
encryption.We’ve implemented three papers on similar
Hiding Secret Images and Messages Using Image
Steganography and its Application in
Banking Technology
Sairam Prasanth
Dr. Rajarshi Pal
B. Tech.– III Year,
IIT – Madras
lines andtriedextractingthedatawithminimumBERand
HighPSNRvalues betweenstegoimageandcover image.
To implement an algorithmwhich would suit banking
purposes by hiding the secret messages and secret
images under cover images
To maximize the imperceptibility,embedding capacity
and security by using techniques such as encryption,
DWT,DCTandother transforms
To ensure high PSNR values for the Stego and Cover
images,also to ensure lowBERvalues while extracting
thesecret messagefromthecover image.
Implementation of three papers and simultaneously
creating the extraction module for each algorithm and
applying them in banking technology to increase the
robustness in conveying secret messages and secret
Digital imagesteganographyusingDWT
Signer Tool
Sujit Kumar Tiwari
Shri. Patrick Kishore
MCA – I Year,
University of Hyderabad
Project Description:This project contains a detailed
study of Digital Signature,its generation,verification and
creation of a tool for signing documents digitally.A valid
digital signature gives recipient a reason to believe that
the message was created by a known sender,such that
the sender cannot deny having sent the message
(authentication and non-repudiation) and that the
message was not altered in transit (integrity).It employs
atypeof asymmetriccryptography.
Digital signatures are probably the most important and
widely used cryptographic primitive enabled by public
Fast Forward | August 2013
key technology.They are the building blocks of many
modern distributed computer applications,software
distribution,financial transactions,electronic contract
signing,certified email,and secure web browsing.And in
other cases,it is useful indetectingforgeryor tampering.
To provide added assurances of the evidence to
provenance,identity,and status of an electronic
document as well as acknowledging informed consent
andapproval byasignatory.
A GUI tool for signing the payment files.This will be
delivered to co-operative banks after its verification
Project Description:DistributedDenial of Service (DDoS)
attacks areoneof themajor cyber security problems that
web servers and users face.We can define denial of
service attack as an attempt by an attacker to prevent
legitimate users from using services offered by hosts.
When this denial of service attack is done from many
systems,it is called Distributed Denial of Service attack.
The aim of the project is to understand the basic
terminology of DDoS attacks,kinds of DDoS attacks,
motivation behind DDoS attacks,implementation of
DDoS attacks,and countermeasures to mitigate DDoS
attacks so that this information can be used for
educational and training purpose to design a better
networkandconfigureservers inamoresecurefashion.
Distributed Denial of Service Attacks
Abhishek Katiyar
Shri. Patrick Kishore
B. Tech.– III Year,
IIT – Ropar
To understand about DDoS attacks and then propose
Research paper on various types of Distributed Denial
of Serviceattacks andmitigationtechniques
Virtual environment simulation of DDoS attacks and
topologyof simulation
Self-made video tutorials of performing DDoS attacks
andmitigationtechniques for educational purpose.
Detecting Intrusion into INFINET
Krishna Kumar
MCA – II Year,
University of Hyderabad
Project Description:The INdian FInancial NETwork
(INFINET) developed by IDRBT is the communication
backbonefor theIndianBanking andFinancial sector.It is
a ClosedUser Group(CUG) Network consisting of various
public and private sector banks and uses MPLS links.The
routers to which banks are connected are not controlled
by INFINET.Any unauthorized access is prevented by
Access Control List (ACL) present on those routers.All
packets sent by other thanCUGmembers aredroppedby
ACL,but runs the risk of intrusion fromexternal parties
andtheir motives.
Therefore,we developed a tool to get the information of
intruders.In this,all packets dropped by ACL will be
Shri. Patrick Kishore
MCA – II Year,
University of Hyderabad
Fast Forward | August 2013
stored in a buffer on the respective routers.As size of the
buffer is limited,packets will be overwritten when the
buffer is full.So,to avoid this situation,all packets will be
transferred and stored in a DROPBOX of a systembefore
the buffer is full.Then,packets will be opened and
analyzed for protecting the INFINET in future as per the
Gatheringinformationabout intruders
Knowingtheir plans andgoals
ProtectingINFINETfromrisks inthefuture.
Areport onDetectingIntrusionintoINFINET
Atool toprotect theINFINET.
Project Description:The Structural Financial Messaging
System (SFMS) is a messaging platform used for
interbank and intra-bank communication among banks.
This platform is provided by IDRBT to enable fast and
secure transmission of formatted messages between RBI
andbanks andalsoinbetweenthebanks.
Thepresent report beinggeneratedby SFMS platformfor
banks is mostly restricted to the data pertaining to a few
days prior tothedateof query.Inthis scenario,whenever
a participating bank wants to refer an old data,it has to
construct theinfrastructureof databaseandquery.
This project is anattempt toprovideasolutiontobanks to
extract information on any particular filter for any given
period.The project is aimed to develop an application
which generates all types of reports in SFMS,so that
banks can access data of all types of transactions.To
develop this application,we used JavaScript and Java
MIS Reports in SFMS
Amit Jain
Shri G. Raghuraj &
Shri. C.K. Sampath Kumar
B. Tech.– III Year,
IIT – Roorkee
LanguageinNetBeans IDEsoftware.
To develop an application that creates all types of
reports of transactionfor banks.
An application which generates all types of reports in
Workflow Management
Varun Goel
Dr. N. P. Dhavale
MBA – II Year,
Dept. of Mgmt. Studies,
IIT Roorkee
Project Description:
The aim of this project is to
incorporate workflow management into the business
processes of INFINET.The various processes involved are
MPLS helpdesk,SLA process,payment & invoice
generation process and monitoring process.The
informationabout theprocesses is gatheredfrompeople
working on it and the higher authorities of INFINET and
depicted in the formof flowcharts.The Key Performance
Indicators (KPIs) are identified for each process.These
KPIs are identified by understanding the similar
processes used in other organizations.Then,suggestions
are given to improve the overall process.Further,
workflow management tools/business process tools are
identified in which these processes could be
Todocument thebusiness processes of INFINET
Finding KPIs and giving suggestions to improve the
qualityof processes
Identifying workflowmanagement tool to incorporate
The report containing business processes of INFINET
(flowcharts anddescription),KPIs andsuggestions and
informationabout workflow/business process tool.
Fast Forward | August 2013
Project Description:
Integrated Complaint Management
System (ICMS) keeps and manages the record of faults
and problems occurring in the network through which
RBI and its member banks are connected.Each of the
occurred problems and the cause(s) behind that along
with other relevant details are recorded in this system
withauniqueidentitytagcalledas ‘Ticket number’.
In this project,we tried to find out a pattern from the
available data to examine if there exists any relationship
between the occurred problems and the cause of the
problems;with the objective that if a problem occurs,
one can predict the underlying cause,for immediate
remedial action.For this purpose,the two fields of the
system records,‘Problems reported’ & ‘Cause of the
problem’ arecategorizedandanalyzed.
To develop a methodology for implementing ICMS
data to extract valuable information that can ease
Report detailing list of problems analyzed using
statistical tools,frequency analysis and categorization
of problems for designingof decisiontree
ABC analysis/80-20 rules applied on the database for
selectionof important problems for remedial action
Fishbone structure is used for root cause analysis of a
Analysis of Integrated
Complaint Management System Data
Sarbojit Roy
Dr. N. P. Dhavale
M. Sc.– I Year,
IIT – Kanpur
Comparison among Four Network
Monitoring Tools
Kaushali Kundu
Dr. N. P. Dhavale
M.Sc. Statistics – I Year,
IIT – Kanpur
Project Description:
This project compares the data
obtained from the four network monitoring tools –
Solarwinds,PRTG,Netflow Analyzer,NNM9i,which are
currently in use in IDRBT.The data is tested for
consistency and steadiness as well as reliability using
statistical tools.A table has been prepared to bring out
the important features of the above tools.Graphs and
Statistical tests are used to find out the discrepancies in
the data gathered from these tools as well as from the
routers.Surprisingly,Solarwinds and PRTG are found to
beconsistent witheachother andwiththerouter values,
but Netflow is observed to give higher values while
NNM9i gives smaller values than the original router and
other tools insomecases.
To compare and analyze the data/reports obtained
fromthe four network monitoring tools – Solarwinds,
To identify/select the most efficient,reliable and user-
friendly monitoring tool for specific and general
Graphs and tests revealing the relationship between
A report on important features of the four monitoring
Suggestions regarding choosing the best among the
four monitoringtools.
Fast Forward | August 2013
Project Description:
Security and reliability are the most
important aspects of banking.IDRBT’s Strategic Business
Unit plays an important role in ensuring secure and
reliable banking operations.This project is related to
testing and enhancing of the security at IDRBT servers.
Three Cyber Security Tools (Nessus,Retina,OpenVAS)
have been compared to test security at four servers at
IDRBT and about 254 client devices.A comparison is
made on the reports generated by these tools on the
basis of severity of vulnerabilities obtained and their
The objective of this project is to find out efficient
user-friendly and consistent Cyber Security Tools
which scans for vulnerabilities in network along with
remediation steps and make a comparative study of
A report showing comparison between three Cyber
Security Tools and recommendation to deploy one of
themfor further testingpurposes.
Evaluation of Tools for Cyber Security
Piyali Basak
Dr. N. P. Dhavale
M.Sc. Statistics – I Year,
IIT – Kanpur
Ipv4 to IPv6 Migration
Nupur Kala
Dr. N. P. Dhavale
B. Tech.– II year,
IIT – Delhi
Project Description:
Currently,the INdian FInancial
NETwork (I NFI NET) uses I Pv4 addresses for
communication,which is on the verge of exhaustion.
Thus,weneedIPv6,thesixthversionof IPaddress,which
is 128-bit long.The aim of this project is to plan out a
migrationstrategyfromIPv4toIPv6for INFINET.
First an easy-to-memorize addressing scheme in IPv6 for
INFINET using Unique Local IPv6 addresses was designed
which is meant for local use and not routable on the
internet.During the migration from IPv4 to IPv6
networks,we used a dual stack strategy.We also
developed a test setup based on a dual stack network to
examine various features of IPv6.We have configured a
DNS server to support dual stack network.As the IPv6
addresses are much longer,manual management of the
address space becomes messy and error-prone.Hence,
we used IP Address Management software (IPAM),
GestioIP which automatically tracks the address space
andmaintains adynamicdatabase.
To design an IPv6 addressing schema for INFINET for
IPv4 to IPv6 migration.Implementation of the schema
on a test bench and management of the dual stack
Design of an IPv6 addressing scheme for INFINET.I
have come up with two different and easily
Developingatest benchsupportingdual stacknetwork
for testingvarious features of IPv6
Usingtools tomanagedual stacknetwork–DNSIPAM.
Fast Forward | August 2013
Project Description:
Public-key cryptography refers to a
cryptographic systemrequiring twoseparatekeys,oneof
which is secret and one of which is public.Although
different,the two parts of the key pair are
mathematically linked.The application mainly
concentrates onthefollowing:
Aims at developing a user-friendly application so that
user can securely transmit data or information with
limitedknowledgeabout cryptographicalgorithms
This applicationwill let themuse OpenSSL functions in
Applicationreduces the effort of executing commands
one after another enabling user to view,control,and
manipulatemultiplethings simultaneously.
A Java-based application which will let the user
perform different cryptographic instruction in GUI
(GraphicUser Interface) mode
The application will ensure security of the keys by
supporting crypto token reducing considerably the
chances of anyof its misuse
Facilitates theuser tocontinuewiththedefault ciphers
and hashing algorithms or to change it to ensure
further securitydependingupontheir requirement
Application will also encourage the use of pass phrase
Building an Easy To Use Application for
Public Key Cryptosystem using OpenSSL Library
Shivashish Kumar
Dr. N. P. Dhavale
Integrated M. Tech.– III Year,
IIT – BHU, Varanasi
Generation of key pair and associated certificates
includingself-signedroot certificate
Signatureandverificationof signature
Combinationof signatureandencryption.
Automation of Process of SLA Calculation
Manish Kumar Jain
Dr. N. P. Dhavale
B. Tech.,
IIT – Jodhpur
Project Description:
Service Level Agreement (SLA)
calculationneeds tobedonefor various serviceproviders
providingInternet connectivityacross various IDRBTlinks
establishedat major data centers and banks across India.
At present,there are two service providers who provide
services at around 44 RBI locations.There are three main
sources of monitoringlinkstatus roundtheclock:
IntegratedCompleteManagement System(ICMS)
MPLSdepartment (Outsourced)
This project aims to automate this process in order to
remove the laborious task of calculating SLA for each
locationusingMicrosoft excel.
To have an effective way of merging important data
receivedfromdifferent monitoringsources
To have a server-based software for calculation of SLA
andPayment amount for various RBI Locations
Tohaveaneffectivesystemfor SLAdatamanagement.
A tool for effective merging of data received fromthe
A software solution for fast SLA and payment
Fast Forward | August 2013
Project Description:
The project focuses on delivery
channel facet of influence of Information Technology on
Banking.By definition,delivery channels are “various
technology based means through which the customer
can transact their business with the bank.” This project
aims to understand the influence of IT on these delivery
To compare and contrast various delivery channels
based on pros and cons,point of viewof banks (prefer
low cost of transaction),point of view of customers
(ease,reliability,privacy),infrastructure required,
capital andrunning costs,security,microfinance
Compareaspects of securityof all deliverychannels
Correlate our survey with facts and figures from RBI
To find out scope for entry of any new delivery
Analyze growth pattern of delivery channels in rural and
A report on influence of IT on Delivery Channels in
A detailed analysis of survey relating to channel
selectionfromconsumer’s perspective.
Influence of IT on Delivery Channels in Banking
Chaitanya Chintakayala
Dr. N. P. Dhavale
B. Tech.– III Year,
IIT – Roorkee
IDRBT’s Intranet Revamp
Sanjay Kumar Ram
Shri. S. Lalit Mohan
B. Tech.– III Year,
IIT – Patna
Project Description:
This project customizes the existing
leave module of OrangeHRMin accordance with IDRBT’s
requirements.The customization of leave module
includes addition of many rules to different leave types
whicharegoingtobeprovidedtotheemployees of IDRBT
as per their employment status i.e.,regular andcontract.
To deploy OrangeHRM’s Personal Information and
LeaveModuleintotheIDRBT’s Intranet.
Report of the changes done in the codes of
IDRBT’s Intranet Revamp
Ranjeet Kumar
Shri. S. Lalit Mohan
MCA – II Year,
University of Hyderabad
Project Description:The aimof this project is to build an
intranet portal that collaborates with each of the
stakeholders of the Institution.Understand the
requirement of stakeholders.Search for an open source
tool to fulfill all requirements.We used open source tool
Joomla,a popular web content manager to build and
This intranet portal contains features like news feeds
widgets,quick links,search module,file uploading
module,content slider for featured articles and links to
other intranet services.
Fast Forward | August 2013
To provide updates and information to the staff and
One-stop-shopfor all employee-relatedapplications
Understanding the requirement of intranet site and
adding,customizing open source tools to achieve our
InstalledIntranet siteontheserver
Project Description:
Nowadays,every bank has its own
model for measuring their respective Risk Rate at each
level.Risk can be measured at channel level,application
level or category level.We,at IDRBT,are trying to
generalize it and create a single Risk Assessment Model
for the banks.Bank as a user will go through certain
criterion and will answer the questions accordingly by
which their risk can be measured at each level which is
shownintheformof Heat Map.
Tounderstandtheworkingof RiskAssessment Model
To setup the project environment and lay out the
process/steps tobefollowedintheproject
Tocreateaprototypeof theModel.
Successfully laid the process/steps to be followed in the
project withthehelpof:
Technology Risk Assessment Model for Banks
Nitish Duggal
Shri. S. Lalit Mohan
B. Tech.– III Year,
IIT – Ropar
Class Diagram
Created a flowchart in HTML to give the overviewof the
project.It helps to understand howthe things have to be
done so that anyone can carry the project in future
without facingmuchproblem.
Learning Management System
R Jayaram Nayak
Shri. S. Lalit Mohan
B. Tech.– III Year,
IIT – Indore
Project Description:
Learning Management System is a
software appl i cati on for the admi ni strati on,
documentation,tracking and reporting of training
programs,classroom and on-line events,e-learning
programs andtrainingcontent.
An open source Learning Management System,Moodle,
is used to build an internal site for creating and
maintaining programoffice functionalities.It runs as an
interactive website with features and activities designed
toengagelearners andpromoteCollaborativeLearning.
Understanding and identifying the requirements of
programofficeandcustomizethemas per our needs in
Installation of Moodle,identifying the requirements
and comparing themwith Moodle and filling the gap.
The UML (Class,Activity) diagrams,modified source
codepackage,document anduser guide.
Fast Forward | August 2013
The Best and the Brightest Trainees of 2013
After about two months of hard work,the project
outcomes were put to test.All the 51 trainees made a
poster presentation on their work to an eminent panel
,School of Computer & Information
Sciences,Universityof Hyderabad.
,Dept.of Computer Science,
,Chief Operating Officer,SBU,
Six trainees made it tothe final round.The parameters of
evaluation included Novelty of the project,candidate’s
understanding of the problem;relevance to banking
sector,completeness of the project,and presentation.
Andthewinners were:
Prof.S.Bapi Raju
Prof.P.Ananth Raj
Prof B.L.Deekshatulu
Shri.Patrick Kishore
First Prize of INR 10,000/-:
,for his project titled
,under the guidance
SecondPrizeof INR8,000/-:-
for theproject titled
,under the guidance of
Third Prize of INR 6,000/-:-
for the project titled
under t he gui dance of
Shri.B.Sambamurthy,Director,IDRBT,gave away prizes
tothewinners onJuly 5 2013duringaget-together of all
theProject Trainees.
Design and Development
of Mobile Antivirus Application
Economic Capital Assessment for
Consumer Credit Risk
Building an Easy To Use
Application for Public Key Cryptosystem using
OpenSSL Li brary
Ramveer Singh of IIT,
Arushi Guptaof IIT,Delhi
Shivashish Kumar of IIT,
Dr.Mahil Carr
Fast Forward | August 2013
The Winners Receiving their Reward
The Best M.Tech. Projects
IDRBT offers an M.Tech.Programme in Information
Technology with specialization in Banking Technology
and Information Security in collaboration with the
Universityof Hyderabad.
This four-semester course includes a year-long project
during the second year.The Institute evaluates the
projects carried out by the students and winners receive
a cash prize and citation.The projects carried out by the
22 students of this batch,was assessed by a panel
,School of Computer and Information
Sciences,Universityof Hyderabad.
,School of Computer and
InformationSciences,Universityof Hyderabad.
,Birla Institute of Technology and
All the 22 students made presentations on their project
work.The projects were evaluated for their theme,
results,deliverables,innovation,and presentation.And
thewinners were:
Two 1 prizes of INR 15,000/- each:for
her project titled
and for his project
Both the projects were guided by
Tripti Gupta
Abhishek Pande
Prof.Atul Negi
Prof.Siba Kumar Udgata
Z Specification for a new Payment
Designof CommunicationProtocol usingModel
Dr.Mahil Carr
B.Lakshmi Devi
Mayank Pande
2 prize of INR 10,000/-:for her
project titled
carried out under the
3 prize of INR 7,500/-:for the project
carried out under the guidance
Design and Implementation of NFC
based Mobile Payment System
Data Mining & Soft Computing Based Fraud
Detection in Banking
The Institute facilitates campus placements for
theM.Tech.(IT) students.Thebatchof 2011-13
has recorded 96% placements,with most
students beingselectedbyreputedbanks.
Recently,three banks visited IDRBT for campus
placements.In the placement process,five
students were selected by
recruited five students and
of Indiatook12students.
Intheplacement process,24out of 25students
Andhra Bank,
Corporation Bank
M. Tech. Placements
Fast Forward | August 2013
- Dr. D. K. Subramanian, Distinguished Fellow, IDRBT
What is Digital Currency?
Euro Gold Cash:
Global Digital Pay:
This is money in an electronic
form,basedeither onounces of goldor onfiat currencies.
A truly global and border-less world currency system,it
allows instant transfers betweenaccounts;payments are
instantaneous andnon-refundable.
The broadest definition of digital currency would be
‘anything which facilitates transactions electronically’
and could include things as disparate as web-based bank
transfers,ATM transactions,wire transfers,electronic
funds transfers,credit card use on web sites and online
bill payments.
Digital Currency is electronic money that acts as
alternative currency.Currently,alternative digital
currencies are not produced by government-endorsed
central banks nor necessarily backed by national
A cryptocurrency is a type of digital
currency that relies on cryptography,usually alongside a
proof-of-work scheme,in order to create and manage
Cryptocurrencies are peer-to-peer and decentralized,
andarecurrently all-basedonthe first cryptocurrency,
Bit coin.
This kind of currency is issued independently by
several companies.Some of the most popular of them
Registered in Panama but having its
headquarters in Europe,it has a void in the market for
private financial transactions in a secure,honest,and
multi-jurisdictional venue.
A private offshore internet payment
system with Digital Trade Network Ltd.,handling the
currencyreserves that backupthecompletesystem.
These digital value units are being used on online
stores,point of servicesales,business-to-business and
person-to-person payments.Some organizations even
pay their employees and charities through this kind of
ADigital GoldCurrency is backedby real goldstoredin
vaults,through unallocated or allocated gold storage.
Its unit is the gold gram or troy ounce.It offers a
payment system independent of exchange rate
variations andpolitical or anykindof manipulations.
One of the most important features of digital value
units is the fact that it isn't refundable.Thanks to that,
the operating cost of the system is greatly reduced,
becauseit neednot resolveapayment dispute.
Digital Currency
Exchangers (DCEs,independent exchangeproviders or e-
currencyexchangers) aremarket makers whichexchange
fiat currency for electronic money,such as Digital Gold
Currency (DGC),and/or convert one type of Digital
Currency (DC) into another,such as Liberty Reserve into
Bitcoin.Exchangers apply either a commission or
bid/offer spread to transactions.There are no specific
financial regulations governing DCEs,so they operate
under self-regulation.
Digital Currency Exchangers:
Fast Forward | August 2013
Money Laundering:
Digital Gold Currencies:
The Global Digital Currency Association (GDCA),
founded in 2002,is a non-profit association of online
currency operators,exchangers,merchants and users.
On their website,they claimtheir goal is to"further the
interests of theindustry as a wholeandhelpwithfighting
fraud and other illegal activities,arbitrate disputes and
act as escrowagent whenandwhererequired.
The United States government has
shut down a digital currency website and jailed its
executives for allegedly operating the largest money
In April 2012,the Federal Bureau of Investigation
released a report that explained howBitcoin was used
tosecretlytransfer moneyacross theglobe.
In March 2013,a similar report was released by the
U.S.Treasury Department by its anti-money
launderingarm,theFinancial Crimes andEnforcement
FinCEN declared that digital currency firms had no
special exceptions regarding money laundering.It said
such businesses needed to follow the same anti-
moneylaunderingrules as other financial institutions.
Some companies are avoiding regulation officials by
removing themselves fromthe country.Both Russia's
WebMoney and Panama's Perfect Money restricted
United States access to their services following the
Some have expressed concern that the smaller
cryptocurrencies are pump and dump schemes.The
non-cryptocurrencies are all centralized,so could be
shut downbyagovernment at anytime.
OS-Gold,Standard Reserve and
Several companies claiming to be Digital Gold
Currencies sprang up and failed between 1999 and
2004,suchas OS-Gold,StandardReserveandINTGold.
All these companies failed because the principals
diverted deposits for other purposes instead of
holding them in the form of gold.In each of these
cases,account holders lost several million dollars
worthof goldwhenthe"institution"failed.
DigiCash Inc.:
EuropeanCentral BankonVirtual Currency:
As of August 2008,JimFayed of e-Bullion is
inUnitedStates Federal custody where he faces felony
charges of conducting unlicensedmoney transactions.
As of January 2010,e-Bullionis closedfor business and
thewebsiteunavailable. was a website that allowed
consumers toearnBeenz,atypeof onlinecurrency,for
performing activities such as visiting a website,
shopping online,or logging on through an Internet
serviceprovider.TheBeenz concept was shelved.
A pioneering electronic currency
corporation founded by David Chaum in 1990.
DigiCash transactions were unique in that they were
anonymous due to a number of cryptographic
protocols developed by its founder.DigiCash declared
bankruptcy in 1998,subsequently sold its assets to
Ecash,another digital currency company,which was
Risks topricestability
Risks tofinancial stability
Risks topayment systemstability
Lackof regulation
Reputational risk
Virtual currencyschemes differ fromelectronic money
schemes insofar as the currency being usedas the unit
of account has no physical counterpart with legal
tender status.The absence of a distinct legal
framework leads to other important differences as
Firstly,traditional financial actors,including central
banks,are not involved.The issuer of the currency and
scheme owner is usually a non-financial private
company.This implies that typical financial sector
regulations and supervision arrangements are not
Secondly,the link between virtual currency and
traditional currency (i.e.currency with a legal tender
status) is not regulated by law,which might be
problematicor costlywhenredeemingfunds.
Fast Forward | August 2013
Lastly,the fact that the currency is denominated
differently (i.e.not euro,US dollar,etc.) means that
complete control of the virtual currency is given to its
issuer,who governs the scheme and manages the
supplyof moneyat will.
Virtual currency schemes do not pose a risk to price
stability,provided that money creation continues to
stay at a lowlevel;tend to be inherently unstable,but
cannot jeopardise financial stability,owing to their
limited connection with the real economy,their low
volume traded and a lack of wide user acceptance;are
currently not regulated and not closely supervised or
overseen by any public authority,even though
participationintheseschemes exposes users tocredit,
liquidity,operational andlegal risks;
Could represent a challenge for public authorities,
given the legal uncertainty surrounding these
schemes,as they can be used by criminals,fraudsters
and money launderers to perform their illegal
Could have a negative impact on the reputation of
central banks,assuming theuseof suchsystems grows
considerably and in the event that an incident attracts
press coverage,since the public may perceive the
incident as being caused,in part,by a central bank not
doingits jobproperly;
Do indeed fall within central banks’ responsibility as a
result of characteristics shared with payment systems,
which give rise to the need for at least an examination
of developments and the provision of an initial
Use for small retail transactions – easy and fast.Risks
Large number of people can use it unlike credit/debit
Cost is low
It can reach places without network connections/
We shouldtake steps topopularise andmake effective
useof it.
Points toConsider
Restrict scope- toonlyrupee
Useauthorizedagencies likebanks or linktobanks.
Define rules of operations,controls,checks and
Put filters
Fast Forward | August 2013
BIS (2001),“Core Principles for Systemically
Important Payment Systems”,CPSS
BIS (2003),“The Role of Central Bank Money
in Payment Cystems”,CPSS Publications,No
BIS (2012),“Innovations in Retail Payments”,
Report of the Working Group on Innovations
inRetail Payments,May.
Institute for Development and Research in Banking Technology
Castle Hills, Road No. 1, Masab Tank, Hyderabad - 57,A.P, INDIA
Ph : +91-040-23534981, Fax : +91-040-23535157
E-mail : Website :