CS35L Presentation On The S'W'I'F'T' Network

1
CS35L Presentation On The S.W.I.F.T. Network

• Presented by
• Justin Walters

2
Presentation Question

• Describe the SWIFT network. How is its security
  control implemented? What security threats might
  be successful on this network?

3
What is S.W.I.F.T.?

• The acronym stands for Society for Worldwide
  Interbank Financial Telecommunication (a
  cooperative society).
• Its headquarters are situated in La Hulpe, on the
  outskirts of Brussels
• S.W.I.F.T. was formed when seven Major
  International Banks met in 1974 to discuss the
  limitations of Telex as a means of secure
  delivery of payment and confirmation information

4
Limitations of TELEX

• Telex suffered from a number of limitations due
  to its speed (50 Baud or approximately 8 bytes
  per second), its free format, and the lack of
  security, with Test keys only being calculated on
  a subset of the message content.

5
Progression of SWIFT

• The original network was superseded by an X.25
  based network in 1990 to cope with the increasing
  message volumes which now stand at around
  3,000,000 per day.

6
A Brief Look at X.25 Networks

• X.25 Packet Switched networks allow remote
  devices to communicate with each other over
  private digital links without the expense of
  individual leased lines.
• X.25 consists of a network of interconnected
  nodes to which user equipment can connect. The
  user end of the network is known as Data Terminal
  Equipment (DTE) and the carrier's equipment is
  Data Circuit-terminating Equipment (DCE)

7
Who uses SWIFT?

• Currently the following categories of
  organisation can access the service
• Banks
• Trading Institutions
• Money Brokers
• Securities Broker Dealers
• Investment Management Institutions
• Clearing Systems and Central Depositories
• Recognised Exchanges
• Trust and Fiduciary Service Companies
• Subsidiary Providers of Custody and Nominees
• Treasury Counterparties
• Treasury ETC Service Providers

8
SWIFT services

• S.W.I.F.T. operates a number of services,
  primarily
• GPA
• General Purpose Application, which only allows
  system messages, i.e.. messages from a user to
  S.W.I.F.T. and vice versa, not from one user to
  another
• FIN
• Financial Application, which is the user to user
  service comprising, System Messages, User to User
  Messages and Service Messages such as
  Acknowledgements

9
How does SWIFT work?

• The S.W.I.F.T. network has an architecture that
  supports the requirements for a fully redundant
  24 x 7 secure operation that is also highly
  scalable.
• There are a number of components to this X.25
  protocol based packet switched network.

10
The System Control Processors

• These are responsible for the operation of the
  entire system. This includes
• Session Management
• Software and database distribution
• Monitoring all S.W.I.F.T. hardware and software
• Failure diagnostics and recovery
• Dynamic allocation of system resources.
• These are located at Operating Centres, 2 in the
  US centre and 2 at the centre in the Netherlands.

11
The Slice Processors

• These are responsible for
• routing and safe storage of messages history
• safestore Acknowledgements to Regional Processors
  
• generation of reports
• delivery and non delivery messages
• processing retrievals and system messages
• archiving, billing and statistics.
• All messages are safestored on two media. The
  SP's are located in the operating centres

12
The Regional Processors

• The Regional Processors are the entry and exit
  point to S.W.I.F.T. and they support Leased line,
  Dial up or Public Data Network connection. The
  most common method is primary leased line with
  dial-up backup.

13
SWIFT Interface

• A Computer Based Terminal (CBT) (a.k.a.
  S.W.I.F.T. interface) is then located at each
  user site. These terminals support the
  connectivity to the local regional processor and
  facilitate both manual entry of messages and the
  bridge to originating applications.

14
Access to the Network

• Access to the network is via the CBT and Smart
  Card technology is used to access secure
  functions. Many functions require dual user and
  password input.

15
SWIFT addresses

• S.W.I.F.T. addresses are used to not only
  indicate the final destination of the message but
  to also indicate parties within the individual
  message.
• The term "S.W.I.F.T. address" actually only
  relates to a subset of Bank Identifier Codes
  (BICs)

16
SWIFT messages

• S.W.I.F.T. messages are identified in a
  consistent manner. They all start with the
  literal "MT" which denotes Message Type. This is
  then followed by a 3 digit number. For example
• MT0nn - which relates to System Messages

17
What are the integration issues?

• The main challenge for organisations is how best
  to automate the process.
• This involves two main areas
• How do you physically gain access to the
  transactional data that underlies the message
• How best to format the data.

18
Security used in SWIFT

• SWIFT uses IPsec (an abbreviation of IP security)
  which provides security services at the IP layer
  by enabling a system to select required security
  protocols, determine the algorithm(s) to use for
  the service(s), and put in place any
  cryptographic keys required to provide the
  requested services.

19
Security (contd)

• Security was a key feature of the SWIFT design.
  SWIFT members were supplied with security control
  processes for the input, approval, and
  verification of messages.

20
Threats to the SWIFT Network
21
Threats to the SWIFT Network

• The threats most likely to affect the SWIFT
  Network are money laundering and other forms of
  electronics fraud.

22
End of Presentation

• Thank you very much