MudraChain: Blockchain-based framework for automated cheque clearance in financial institutions

https://doi.org/10.1016/j.future.2019.08.035Get rights and content

Highlights

  • A novel secure authentication scheme to provide security in permissioned and consortium-based environments.

  • A QR based authentication Algorithm to perform digital signing of the cheque.

  • A time-based OTP Algorithm named as TOTPS to allow automatic clearance settlement of payments.

Abstract

Currently, the burden on the cheque clearing houses in financial institutions is increasing day-by-day, which necessitates the upgrading of the existing cheque truncation system (CTS). It is a manual process which uses Magnetic Ink Character Recognition (MICR), where cheques have been scanned and sent to the clearing house for further processing. The limitations of existing CTS are — illegal duplication of cheque images, invisible ink usage, visibility issues in beneficiary name, and amount on the cheque. To handle the aforementioned issues of the existing CTS, blockchain has emerged as a new technology which is a distributed ledger that is timestamped and immutable. Being immutable, forgeries related to images of cheques during clearance cycles are not allowed. This provides trust and consensus among all participating entities in the network. Motivated by the above discussion, in this paper, we propose a framework named MudraChain for automated cheque clearance, where clearance operations are handled by the blockchain network, instead of existing CTS. It includes: (i) A multi-level authentication scheme to make the blockchain-based framework secure and tamper-proof among participating financial stakeholders, (ii) A quick-response (QR) code generation algorithm which performs digital signing of a cheque, and (iii) A novel two-factor authentication protocol to generate a time based one-time password (TOTP) for secure funds transfer. The obtained results are examined against state-of-the-art approaches to indicate the supremacy of the proposed framework. Thus, MudraChain allows a seamless flow of clearance operation via blockchain for the payer and the payee without any intermediaries. Finally, it addresses the requirements of building a secure application for cheque clearance in view of decentralized blockchain 4.0 applications.

Introduction

With the advent of information technology, traditional cash payment systems were replaced by the cheque system presented to the bank as a physical instrument. However, the cheque clearance system is a manual handshake process between the presenter and the clearing bank with settlement through a third party clearance house. It leads to loss of physical instrument as the cheque is moved manually between involved banks. Thus, CTS was introduced which allows inter-bank payment settlements via a scanned copy of the manual cheque presented to the clearing houses. The traditional CTS systems use MICR technology which focuses on the features of watermarks, ultraviolet light (UV) rays, pantographic images and various microscopic features on the scanned copy of the cheque. But, the traditional CTS has a limited functionality which only checks the gray-scale image of the cheque which reduces the visibility of all above-mentioned features. Thus, irregularities in beneficiary name and amount, duplication of features using a photo editing software, invisible ink usage, and damaged images may lead to security violations and subsequently, a forged cheque could be created. This fraudulent cheque bypasses the image authentication processing system at the clearing house, which leads to wrong payment by bank to the malicious user.

Apart from the aforementioned limitations, bank databases are distributed in nature with servers employing fault-tolerance techniques like mirroring, redundant array of inexpensive disks (RAID) levels, and system checkpoints. Fig. 1 shows the traditional cheque clearance framework, which involves the following steps — (i) The user presents the cheque to the presenting bank, (ii) the cheque is sent to a central bank for validation process, (iii) post validation, it is further passed to the issuing bank, (iv) the issuing bank, on checking the status can approve or reject the transaction, and (v) finally, the subsequent clearance notification is sent to the user. At each phase, where two entities are involved, commonly known as Point of Contact (PoC), there is a possibility of a security attack. The transactions whose states are inconsistent may lead to security issues, which can be exploited by a malicious user to perform malicious security attacks. Majority of the security attacks take place at the last PoC, hence it is the most vulnerable. Hence, the dependencies to store the data can be resolved with a distributed ledger system which is immutable and consistent. Moreover, owing to the distributed nature, databases can be edited by participating stakeholders and maybe tampered by an adversary. Thus, a notion of trust and interoperability is required among participating users. Thus, blockchain can become an integral part of the banking system to support current limitations in clearance frameworks. The integration of blockchain can leads to transparency for the user and increase the efficiency of banking operations.

Since the inception of bitcoin [26], the principal technology, blockchain gained prominence which revolutionized many sectors like medicine [20], Internet-of-Things (IoT) [27], academics [28], and many more. Although banks and financial intermediaries remained wary of bitcoin, the benefits of decentralization, coupled with trust in a financial scenario began to attract the attention of financial institutions [29] to provide payment mechanisms via digital cryptocurrencies. This paradigm shift revolutionized the traditional financial markets. Blockchain eliminates the need for a central authority to manage financial transactions. It involves entities to add transactions in a distributed ledger which can be digitally signed using public/private key pairs to create proof of ownership. The validation of the transactions is performed by entities called miners who work on various distributed consensus algorithms. Miners verify the transactions and add them to the existing block of transactions.

To register a block to the chain, miners solve a cryptographically difficult mathematical puzzle, unique to each block, known as a nonce, requiring heavy computational power. Then, logical chaining is performed by the process of hashing of data blocks, where any block Bi stores the hash of its previous block Bi1. The hash of any ith block is computed as follows. Hi=f(inputi,IDi,Timestamp,Hi1)where inputi is the input document, IDi is the digital identifier associated with the document, Timestamp is the current time-stamp value, and Hi and Hi1 are the hashes of current and previous blocks, respectively. The data stored on the chain remains as agreed truth for all involved parties, which is permanent and immutable. It also allows consensus in the network as new copies of the block are added to all nodes in the network. The blocks in the chain are linked together by hashes which form a trace back to the genesis block in the chain, known as the merkle root as shown in Fig. 2. Merkle root value is stored in every block which makes the blockchain tamper-proof and secure. The rule of the longest chaining provides security in the network as an adversary has to create a chain of the same length in a short span of time, which requires a lot of computational power and resources. Thus, even if nodes do not trust each other, or behave in a Byzantine manner [30], where the behavior of a particular node is different at different instances, then also at any instant, the longest chain state is considered as valid. Here, blockchain solves the current limitations of database systems and achieves consistency in a shared and distributed platform.

Nowadays, financial institutions shifted towards digital wallets and payments, hence apart from confidentiality, integrity, and availability limitations, there is limitation of centralized dependency on the clearing house for verification of cheque. Any transaction in a blockchain employs a two-phase locking commit protocol as classic concurrency control techniques to ensure the Atomicity, Consistency, Isolation, and Durability (ACID) properties. A blockchain network can be public or permissioned and financial transactions in the blockchain involve various cryptocurrencies. Some real-world applications of cryptocurrencies are highlighted in Table 1. Recently, a blockchain-enabled cheque clearance System [31] was proposed by the Emirates NBD bank which is ‘partly private’ in nature, as it operates in an organizational collaboration rather than a single entity. This mode of operation in the blockchain is called a consortium mode and it provides easy and anonymous encrypted transactions. Thus, motivated from the above discussions, in this paper, we provide a comprehensive framework on clearance of cheques in financial transactions from ‘end-to-end’, i.e., from the issuer (payer) to the beneficiary (payee). Storing the transactions as a block helps in automation of cheque process, and also minimize the data duplication which mitigates the bank frauds. The immutability nature of the blockchain leads to document the whole clearance process, thus, it provides support at any instant of point during the process. The novelty of the work is that till now, various techniques were proposed to provide security to financial institutions, but none of them addresses a dual-layered approach of blockchain layers to provide security in permissioned and consortium-based environments. In this paper, we comprehensively discuss a dual authentication algorithm to allow seamless operations between participating entities. This allows extra security while guaranteeing the required privacy and anonymity of users in a financial environment.

In this paper, we propose MudraChain to provide trust in a distributed environment for secure clearance of cheques. Following are the main contributions of this paper.

  • A novel secure authentication scheme to provide security in permissioned and consortium-based environments.

  • A QR based authentication algorithm to perform digital signing of the cheque.

  • A time-based OTP algorithm named as TOTPS to allow automatic clearance settlement of payments.

The paper is organized into five sections. Section 2 describes the related work in the same domain. Section 3 presents the overview of the Blockchain Cheque and payment channel considerations of MudraChain. Section 4 focuses on signing schemes using the QR generation Algorithm in MudraChain along-with the TOTPS Algorithm for automated secure funds transfer. Section 5 elaborates the performance evaluation with state-of-the-art approaches and finally, Section 6 conclude the paper.

Section snippets

Related work

Due to the attractive nature to provide transactional privacy, auditability, integrity, and transparency, blockchain has numerous applications in various sectors beyond cryptocurrencies. In the financial sector, Meiklejohn et al. [10] discussed the privacy leakage problem. This problem was addressed in hyperledger fabric by forming a private blockchain and multiple channel setup. Tariq et al. [8], [12] presented confidentiality and authentication in broker-less publish/subscribe service by

MudraChain: Payment model

This section describes the blockchain cheque and payment model of MudraChain. Each user Ui={U1,U2,,Un} has an associated public key PUi and private key PRi signed with a known message. These keys are generated when the account data of the users are uploaded on the blockchain network.

MudraChain: The proposed framework

This section proposes the process flow and sequence of operations performed in the blockchain network when an issuer signs a blockchain cheque subject to the constraints mentioned in Section 3. The keys are linked with a QR code generated using the proposed QR generation Algorithm. The QR is presented as a hologram embedding in the cheque. The wallet consists of a set of payment options given as O={O1,O2,,On} with an exchange supported by the cryptocurrency server E. The scanned image of the

Performance evaluation of MudraChain

The simulation setup consists of the deployment of a permissioned blockchain running Hyperledger fabric v1.2 with a docker container running version 2.0.5. The simulation is carried out on a virtual machine running Ubuntu Linux v16.04 LTS with 1 virtual CPU core. The internal memory is 2 GB and 20 GB of external storage to meet the minimum requirements for running Hyperledger fabric. We have installed Node.js v8.9.1 to perform multi-node testing with npm version of 6.8.0. The systems are

Conclusion

This paper presents a novel approach to build a secure and automated framework where financial transactions like cheque clearance in banks are done in an automated manner. The use of blockchain-enabled cheque makes the cheque tamper-proof as well as avoids duplication of cheques. Also, the distributed ledger technology creates a chronology of events recorded as transactions as immutable transactions in the chain. We proposed a novel Algorithm of generation of QR code and added an extra layer of

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Naman Kabra is a graduate student of Nirma University, Ahmedabad, India. His research interest includes Blockchain technology.

References (48)

  • GatteschiV. et al.

    Blockchain and smart contracts for insurance: Is the technology mature enough?

    Future Internet

    (2018)
  • BhardwajG.N. et al.

    FinTech and the Younger generation

    IUP J. Inform. Technol.

    (2019)
  • NexoEUR.G.N.

    Instant crypto credit line

    (2019)
  • TariqM.A. et al.

    Securing broker-less publish/subscribe systems using identity-based encryption

    IEEE Trans. Parallel Distrib. Syst.

    (2013)
  • MeiklejohnS. et al.

    A fistful of bitcoins: characterizing payments among men with no names

  • LeeM.Z. et al.

    Anon-pass: Practical anonymous subscriptions

  • TariqM.A. et al.

    Providing basic security mechanisms in broker-less publish/subscribe systems

  • KhouryJ. et al.

    Efficient private publish-subscribe systems

  • YuenT.H. et al.

    Towards a cryptographic treatment of publish/subscribe systems

  • MalpureV.D. et al.

    Provide security for broker-less content based publish system using pairing based cryptography

    Int. J. Eng. Dev. Res.

    (2016)
  • KosbaA. et al.

    Hawk: The blockchain model of cryptography and privacy-preserving smart contracts

  • SinghS.K. et al.

    Smart contract-based pool hopping attack prevention for blockchain networks

    Symmetry

    (2019)
  • MalavoltaG. et al.

    Concurrency and privacy with payment-channel networks

  • VoraJ. et al.

    BHEEM: A blockchain-based framework for securing electronic health records

  • Cited by (105)

    • Economics of blockchain-based securities settlement

      2023, Research in International Business and Finance
      Citation Excerpt :

      Sunyaev et al. (2021) showed the drawbacks of trusted third parties and analyzed the key concepts of decentralization. Kabra et al. (2020), Khani et al. (2020), Li et al. (2021), and Zhong et al. (2019) proposed a blockchain-based payment system without a third party for various markets such as financial institutions’ check clearance, energy trading, and big data exchange markets. In the case of the video game industry, Carvalho (2021) proposed a blockchain-based system to solve the trust problem that occurs over a loot box and explained its effect using decision theory.

    • Cheque truncation mechanism using blockchain

      2023, Cases on Uncovering Corporate Governance Challenges in Asian Markets
    View all citing articles on Scopus

    Naman Kabra is a graduate student of Nirma University, Ahmedabad, India. His research interest includes Blockchain technology.

    Pronaya Bhattacharya is an Assistant Professor in Computer Science and Engineering Department at Institute of Technology, Nirma University, Ahmedabad, Gujarat, India. He is pursuing his Ph.D. in Optical Networks from Dr. A.P.J Abdul Kalam Technical University, Lucknow, Uttar Pradesh, India. He has authored or coauthored more than 15 research papers published in leading journals and conferences of Springer, ACM, and IEEE. His current research interests include Optical Networks, Computational aspects in Wireless Networks, and Blockchain Technology. He is reviewver for the board of international journals-Journal of Engineering Research, Kuwait University, Journal of Optical communications, DeGruyter, and Security and Privacy journal, Wiley. He is a lifetime member of professional organizations like ISTE and IAENG. One of his works has been awarded the best research paper award in Springer ICRIC-2019.

    Sudeep Tanwar is an Associate Professor in the Computer Science and Engineering Department at Institute of Technology, Nirma University, Ahmedabad, Gujarat, India. He is visiting Professor in Jan Wyzykowski University in Polkowice, Poland and University of Pitesti in Pitesti, Romania. He received B.Tech in 2002 from Kurukshetra University, India, M.Tech (Honor‘s) in 2009 from Guru Gobind Singh Indraprastha University, Delhi, India and Ph.D. in 2016 from Mewar University, Chittorgarh, Rajasthan, India with specialization in Wireless Sensor Network. He has authored or coauthored more than 100 technical research papers published in leading journals and conferences from the IEEE, Elsevier, Springer, Wiley, etc. Some of his research findings are published in top cited journals such as IEEE Transactions on TVT, IEEE Transactions on Industrial Informatics, Applied Soft Computing, Journal of Network and Computer Application, Pervasive and Mobile Computing, International Journal of Communication System, Telecommunication System, Computer and Electrical Engineering and IEEE Systems Journal. He has also published three edited/authored books with International/National Publishers. He has guided many students leading to M.E./M.Tech and guiding students leading to Ph.D. He is Associate Editor of IJCE, Wiley and Security and Privacy Journal, Wiley. His current interest includes Wireless Sensor Networks, Fog Computing, Smart Grid, IoT, and Blockchain Technology. He was invited as Guest Editors/Editorial Board Members of many International Journals, invited for keynote Speaker in many International Conferences held in Asia and invited as Program Chair, Publications Chair, Publicity Chair, and Session Chair in many International Conferences held in North America, Europe, Asia and Africa. He has been awarded best research paper awards from IEEE GLOBECOM 2018, IEEE ICC 2019, and Springer ICRIC-2019.

    Sudhanshu Tyagi is an Assistant Professor in Department of Electronics and Communication Engineering, Thapar Institute of Engineering and Technology, Deemed University, Patiala, Pb., India. He is visiting Professor in Jan Wyzykowski University in Polkowice, Poland. He received his Bachelor in Engineering in Electronics and Tele-Communication in 2000 from North Maharashtra University, Jalgaon, Maharashtra (India). He achieved second rank in the university at under graduation level. He received his Masters in Technology with Honor’s in Electronics and Communication Engineering in 2005 from National Institute of Technology, Kurukshetra, Haryana (India). He received Ph.D. in 2016 from Mewar University, Chittorgarh, Rajasthan (India). He has 50 research publications in peer reviewed journal and conferences from leading publishers like Elsevier, Springer, Wiley etc. He is reviewer for the board of international journal from leading publisher like International Journal of Ad-Hoc and Ubiquitous Computing, Inderscience and Journal of the Franklin Institute, Elsevier. His research area includes lifetime enhancement of homogeneous and and heterogeneous WSNs. He is a member of IEEE and IAENG.

    View full text