Security of NFC applications

Pham, Thi Van Anh

January 2013

Near Field Communication (NFC) refers to a communication technology that enables an effortless connection and data transfers between two devices by putting them in a close proximity. Besides contactless payment and ticketing applications, which were the original key drivers of this technology, a large number of novel use cases can benefit from this rapidly developing technology, as has been illustrated in various NFC-enabled application proposals and pilot trials. Typical NFC-enabled systems combine NFC tags, NFC-enabled mobile phones, and online servers. This thesis explores the trust relationships, security requirements, and security protocol design in these complex systems. We study how to apply the security features of different types of NFC tags to secure NFC applications. We first examine potential weaknesses and problems in some novel use cases where NFC can be employed. Thereafter, we analyze the requirements and propose our system design to secure each use case. In addition, we developed proof-of-concept implementations for two of our proposed protocols: an NFCenabled security-guard monitoring system and an NFC-enabled restaurant menu. For the former use case, we also formally verified our proposed security protocol.  Our analysis shows that among the discussed tags, the NFC tags based on secure memory cards have the least capability and flexibility. Their built-in three-pass mutual authentication can be used to prove the freshness of the event when the tag is tapped. The programmable contactless smart cards are more flexible because they can be programmed to implement new security protocols. In addition, they are able to keep track of a sequence number and can be used in systems that do not require application-specific software on the mobile phone. The sequence number enforces the order of events, thus providing a certain level of replay prevention. The most powerful type of tag is the emulated card since it provides a clock, greater computational capacity, and possibly its own Internet connection, naturally at higher cost of deployment. / Near Field Communication (NFC) hänvisar till en kommunikationsteknik som möjliggör en enkel anslutning och dataöverföring mellan två enheter genom att sätta dem i en närhet. Förutom kontaktlös betalning och biljetthantering ansökningar, vilket var den ursprungliga viktiga drivkrafter för denna teknik, kan ett stort antal nya användningsfall dra nytta av denna snabbt växande teknik, som har visats i olika NFC-aktiverade program förslag och pilotförsök. Typiska NFC-applikationer kombinerar NFC-taggar, NFC-kompatibla mobiltelefoner och online-servrar. Denna avhandling utforskar förtroenderelationer, säkerhetskrav och säkerhetsprotokoll utformning i dessa komplexa system. Vi studerar hur man kan tillämpa de säkerhetsfunktioner för olika typer av NFC-taggar för att säkra NFC-applikationer. Vi undersöker först potentiella svagheter och problem i vissa nya användningsfall där NFC kan användas.  Därefter analyserar vi de krav och föreslå vårt system design för att säkra varje användningsfall. Dessutom utvecklade vi proof-of-concept implementationer för två av våra föreslagna protokoll: en NFC-aktiverad säkerhet-guard övervakningssystem och en NFC-aktiverad restaurang meny. Dessutom, för fd bruk fallet, kontrollerade vi formellt vår föreslagna säkerhetsprotokoll. Vår analys visar att bland de diskuterade taggar, NFC taggar som baseras på säkra minneskort har minst kapacitet och dlexibilitet. Deras inbyggda trepass ömsesidig autentisering kan användas för att bevisa färskhet av händelsen när taggen tappas. De programmerbara beröringsfria smarta kort är mer flexibla eftersom de kan programmeras för att genomföra nya säkerhetsprotokoll.  Dessutom kan de hålla reda på ett löpnummer och kan användas i system som inte kräver ansökan-specik mjukvara på mobiltelefonen. Sekvensnumret framtvingar ordning av händelser, vilket ger en viss nivå av replay förebyggande. Den mest kraftfulla typen av taggen är den emulerade kortet eftersom det ger en klocka, större beräkningskapacitet, och möjligen sin egen Internet-anslutning, naturligtvis till högre kostnad för utplacering.

NFC

security protocol

DESFire

Java card

card emulation

restaurant

vending machine

class attendance

security guard

NFC

säkerhetsprotokoll

DESFire

Java kort

kort emulering

restaurang

varuautomat

säkerhetsvakt

Communication Systems

Kommunikationssystem

Does card loyalty increase customer loyalty? : Evidence from a Swedish context with a regional focus.

Lundberg, Jacob, Svensson, Emil

January 2022

Purpose: The aim of the study is to investigate if card loyalty increases attitudinal and behavioral loyalty of the customers, with a loyalty program (LP) membership.   Theoretical approach: The thesis is based on previous literature on loyalty programs and customer loyalty. The conceptual model proposed in the study ties card loyalty to the two loyalty dimensions of customer loyalty: attitudinal and behavioral loyalty.    Design/methodology: The study is conducted through a quantitative research design where data is collected through a survey. The self-reported questionnaires are sampled from social media users with active loyalty program membership with Coop. Findings: The empirical data from the 93 qualified questionnaires and the data analysis, indicate a significantly positive influence between both card loyalty and attitudinal respectively behavioral loyalty. Furthermore, the findings indicate that composite loyalty is present in the researched setting, since a strong correlation between attitudinal and behavioral loyalty was found. Although, the two-tailed correlation led to a revisiting of the conceptual model, since behavioral and attitudinal loyalty could also influence card loyalty.   Practical implications: The findings of the study provide academic implications by showcasing LP effectiveness and create a methodology for regional LP research. The results also provide managerial implications for managers who contemplate updating or implementing a LP. Originality/value: The study adds to loyalty program literature by investigating how card loyalty influences customer loyalty, within a sparsely researched nation with a regional focus.

Loyalty programs

customer loyalty

loyalty schemes

card loyalty

loyalty card

attitudinal loyalty

behavioral loyalty

composite loyalty

brand loyalty.

Business Administration

Företagsekonomi

Differential evolution technique on weighted voting stacking ensemble method for credit card fraud detection

Dolo, Kgaugelo Moses

12 1900

Differential Evolution is an optimization technique of stochastic search for a population-based vector, which is powerful and efficient over a continuous space for solving differentiable and non-linear optimization problems. Weighted voting stacking ensemble method is an important technique that combines various classifier models. However, selecting the appropriate weights of classifier models for the correct classification of transactions is a problem. This research study is therefore aimed at exploring whether the Differential Evolution optimization method is a good approach for defining the weighting function. Manual and random selection of weights for voting credit card transactions has previously been carried out. However, a large number of fraudulent transactions were not detected by the classifier models. Which means that a technique to overcome the weaknesses of the classifier models is required. Thus, the problem of selecting the appropriate weights was viewed as the problem of weights optimization in this study. The dataset was downloaded from the Kaggle competition data repository. Various machine learning algorithms were used to weight vote a class of transaction. The differential evolution optimization techniques was used as a weighting function. In addition, the Synthetic Minority Oversampling Technique (SMOTE) and Safe Level Synthetic Minority Oversampling Technique (SL-SMOTE) oversampling algorithms were modified to preserve the definition of SMOTE while improving the performance. Result generated from this research study showed that the Differential Evolution Optimization method is a good weighting function, which can be adopted as a systematic weight function for weight voting stacking ensemble method of various classification methods. / School of Computing / M. Sc. (Computing)

Differentia evolution

Weighted voting

Stacking ensemble method

Class distribution

Data distribution

SMOTE

Machine learning

Bid data

Credit card fraud

364.163

Credit Card Fraud

Doing the dishes was never fun abroad! : Experiences of migrant dishwashers in tourism and hospitality sector

Bhatt, Ritesh

January 2022

This thesis is at the intersection of migration and labour in tourism and the hospitality sector. Empirically, this study explores the experiences of well-trained migrant dishwashing employees (DE) in restaurants in Copenhagen, Denmark and aims to understand their motivation for migration. They, while acquiring hospitality sector experience, struggle beyond the workplace to fulfill their intentions of long term settlement. The study explores how they face resistance to labour market access and participation based on their skills and experience. The focus of this qualitative study is on the highly skilled Green card Holders (GCH) of Denmark, majority of who are stuck as DE in the restaurant industry. This master thesis argues about the challenges of employability, underutilization of foreign education credentials and work-life struggle. A sizable proportion of GCH have managed to find jobs and are working as DE. Qualified professionals like IT specialists, teachers, accountants, and engineers face unanticipated challenges that are explained through open-ended unstructured interviews with GCH. These professionals are still working as DE or have left the Danish labour market. Further, this thesis explores how these DE are struggling to lead the routine life of an expat. I have discussed the significance of job satisfaction as blue- collar employees in the host country and compared it with white-collar job experience from their respective home countries. GCH migrants from Asian countries in Denmark have come under the spotlight during this study. This study provides unique insights from their experience as a DE, exploitation of human capital flight, feelings of humiliation and discrimination of GCH despite being well trained employed back home. Highlighting some of the challenges as a migrant DE, it makes a strong case for reviewing national policy towards them. / <p>2022-01-22</p>

Green card holder

Green card scheme (GCS)

Dishwashing employee

Tourism Labour

Dishwashing employee

Restaurants

highly skilled migrants

Immigrants

Övrig annan samhällsvetenskap

Development of the Punched Card Registration System at North Texas State College

Harvey, Laurence Edwin

01 1900

This study presents a history of the development and implementation of a punched card registration system in North Texas State College. The study also covers planning stages of registration materials, and a description of the various stages and processes involved in a typical semester from pre-registration preparations through posting the student's grades to the permanent record. To help fill the need for ready reference to methods used in various institutions across the nation, this study will present a history of the development and implementation of a punched card registration system in North Texas State College, with emphasis placed upon those areas of probable major interest to other colleges faced with a similar problem. The study will cover planning stages of registration materials, and will then present a a description of the various stages and processes involved in a typical semester from pre-registration preparations through posting the student's grades to the permanent record.

North Texas State College

Punched card systems

registration systems

North Texas State College -- History.

University of North Texas -- History.

Punched card systems -- Education.

Deriving pilots’ knowledge structures for weather information: an evaluation of elicitation techniques

Raddatz, Kimberly R.

January 1900

Doctor of Philosophy / Department of Psychology / Richard J. Harris / Systems that support or require human interaction are generally easier to learn, use, and remember when their organization is consistent with the user’s knowledge and experiences (Norman, 1983; Roske-Hofstrand & Paap, 1986). Thus, in order for interface designers to truly design for the user, they must first have a way of deriving a representation of what the user knows about the domain of interest. The current study evaluated three techniques for eliciting knowledge structures for how General Aviation pilots think about weather information. Weather was chosen because of its varying implications for pilots of different levels of experience. Two elicitation techniques (Relationship Judgment and Card Sort) asked pilots to explicitly consider the relationship between 15 weather-related information concepts. The third technique, Prime Recognition Task, used response times and priming to implicitly reflect the strength of relationship between concepts in semantic memory. Techniques were evaluated in terms of pilot performance, conceptual structure validity, and required resources for employment. Validity was assessed in terms of the extent to which each technique identified differences in organization of weather information among pilots of different experience levels. Multidimensional scaling was used to transform proximity data collected by each technique into conceptual structures representing the relationship between concepts. Results indicated that Card Sort was the technique that most consistently tapped into knowledge structure affected by experience. Only conceptual structures based on Card Sort data were able to be used to both discriminate between pilots of different experience levels and accurately classify experienced pilots as “experienced”. Additionally, Card Sort was the most efficient and effective technique to employ in terms of preparation time, time on task, flexibility, and face validity. The Card Sort provided opportunities for deliberation, revision, and visual feedback that allowed the pilots to engage in a deeper level of processing at which experience may play a stronger role. Relationship Judgment and Prime Recognition Task characteristics (e.g., time pressure, independent judgments) may have motivated pilots to rely on a more shallow or text-based level of processing (i.e., general semantic meaning) that is less affected by experience. Implications for menu structure design and assessment are discussed.

Knowledge Elicitation Techniques

Card Sort

Similarity Ratings

General Aviation

Weather

Knowledge Structures

Psychology (0621)

Génération de tests de vulnérabilité pour la structure des fichiers cap en Java Card

Lassale, Mathieu

January 2016

Les cartes à puce Java comportent plusieurs mécanismes de sécurité, dont le vérifieur de code intermédiaire (\emph{$ \ll $Java Card bytecode verifier$ \gg $}), qui est composé de deux parties, la vérification de structure et la vérification de type. Ce mémoire porte sur la génération de tests de vulnérabilité pour la vérification de structure. Il s'inspire des travaux sur la vérification de type de l'outil \textsc{VTG} (\emph{$ \ll $Vulnerability Tests Generator$ \gg $}) développé par Aymerick Savary. Notre approche consiste à modéliser formellement la spécification de la structure des fichiers \textsf{CAP} avec le langage \textsf{Event-B}, en utilisant des contextes. Cette modélisation permet de donner une définition formelle d'un fichier \textsf{CAP} valide. Nous utilisons ensuite la mutation de spécification pour insérer des fautes dans cette définition dans le but de générer des fichiers \textsf{CAP} (\emph{$ \ll $Converted APplet$ \gg $}) invalides. Nous utilisons \textsc{ProB}, un explorateur de modèles \textsf{Event-B}, pour générer des tests abstraits de fichiers CAP invalides. La spécification formelle étant d'une taille importante qui entraîne une forte explosion combinatoire (plus de 250 constantes, 450 axiomes, 100 contextes), nous guidons \textsc{ProB} dans sa recherche de modèles en utilisant des valeurs prédéterminées pour un sous-ensemble de symboles de la spécification. Ce mémoire propose un ensemble de patrons de spécification pour représenter les structures des fichiers CAP. Ces patrons limitent aussi l'explosion combinatoire, tout en facilitant la tâche de spécification. Notre spécification \textsf{Event-B} comprend toute la définition des structures des fichiers CAP et une partie des contraintes. Des tests abstraits sont générés pour une partie du modèle, à titre illustratif. Ces tests ont permis de mettre en lumière des imprécisions dans la spécification \textsf{Java Card}. Ces travaux ont permis d'étendre la méthode de génération de test de vulnérabilité aux contextes \textsf{Event-B}. De plus, le modèle proposé permet de tester, à l'aide du \textsc{VTG}, une partie plus importante de la vérification de structure du vérifieur de code intermédiaire.

Event-B

Vérifieur de byte code

Vérification de structure

Tests de vulnérabilité

Java Card

ProB

THE DESIGN OF A SINGLE CARD TELEMETRY MODULE FOR SMART MUNITION TESTING

Oder, Stephen, Dearstine, Christina, Webb, Amy, Muir, John, Bahl, Inder, Burke, Larry, Stone, Weyant

10 1900

International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, California / M/A-COM, Inc. has developed a miniature Tactical Telemetry Module (TTM) for medium power (500 mW and 1 W) telemetry applications. The TTM demonstrates system integration of a multi-channel PCM encoder, lower S-band transmitter, and power regulation onto a single printed wiring board (PWB). The module is smaller than a standard business card and utilizes both COTS and M/A-COM proprietary technologies. The PCM encoder is designed for eight (8) analog inputs, eight (8) discrete inputs, and one (1) synchronous RS-422 serial interface. Data rates of 300 kbps to 6 Mbps are supported. The module incorporates a frequency programmable, phase-locked FM S-band transmitter. The transmitter utilizes M/A-COM’s new dual port VCO and high efficiency 500 mW and 1 W power amplifier MMIC’s. Additionally, switching power regulation circuits were implemented within the module to provide maximum operating efficiency. This paper reviews the design and manufacturing of the Tactical Telemetry Module (TTM) and its major components, and presents system performance data.

Single Card Telemetry Module

Transmitter

Power Amplifier

PCM Encoder

Voltage Controlled Oscillator

Power Regulation

Neuropsychological sequelae of Transient Ischaemic attacks

Lazarus, Theophilus

11 1900

The present study aimed at investigating the neuropsychological sequelae of transient ischaemic attacks. Transient ischaemic attacks are defined as those neurological disorders in which there is complete resolution of neurological symptoms within twenty·four hours. Transient ischaemic attacks may or may not reveal evidence of brain infarcts on imaging studies. In the present study, the neuropsychological sequelae of transient ischaemic attacks in the carotid circulation were investigated since, within the perspective of cognitive neuropsychology, it was assumed that localized changes in cognitive functions could be demonstrated.Since several psychological, medical and neurological factors are known to influence scores·on neuropsychological tests, regression analyses were performed to determine which factors contributed significantly to the variance of scores on neuropsychological tests in the transient ischaemic attack and control groups. Two transient ischaemic attack groups, each comprising forty left and forty right hemisphere involvement patients, were then compared with each other and with a control group of forty general medical patients. Stenosis of the carotid artery formed a significant predictor of test scores in the combined transient ischaemic attack group. When the groups were·analyzed independently, in the left transient ischaemic attack group stenosis predicted performance on the same tests reaching significance for the combined group, and for the Wisconsin Card Sorting Test (Perseverative Score). In the right transient ischaemic attack group, stenosis significantly predicted performance on Digits Forward, Backward and Total, the PASAT (2.4 seconds) and Trails B. On the other hand, education formed a significant predictor of performance on Digits Forward, Digits Backward and Digits Total and the PASAT (all levels) in the control group. Multivariate comparisons revealed that the left and right transient ischaemic attack groups performed worse than the controls on tests of attention, concentration and conceptual flexibi1ity. The left transient ischaemic attack group performed worse than the right transient ischaemic attack group on all tests of attention and concentration, but there was a significantly better performance of the former group on the Rey Auditory Verbal Learning Test (Trial 1), Block Designs and Verbal Fluency. The findings on the PASAT that left transient ischaemic attack patients performed significantly worse than the right hemisphere group ·were considered to be relatively unreported previously in the literature on transient ischaemic attacks. The findings obtained are discussed from a neurocognitive perspective of neuropsychological functioning in transient ischaemic attacks. / Psychology / Ph. D. (Psychology)

616.8

Neuropsychiatry

Central nervous system

Brain damage.

Clinical neuropsychology

Cerebral ischemia

Wisconsin Card Sorting Test

A UNIQUE "CARD-BASED" FM/PM/BPSK IF RECEIVE FOR SATELLITE DATA RECEPTION

Lam, Daniel-Hung, Moyes, Robert

10 1900

International Telemetering Conference Proceedings / October 17-20, 1994 / Town & Country Hotel and Conference Center, San Diego, California / This paper discusses the design and performance of the FM/PM/BPSK "personal computer card-based" receiver. In PSK, a carrier recovery technique must be used for signal demodulation. Costas loop is a well known method and is the basis in the design of the BPSK demodulation. A new design approach employing digital Box Car arm filters is used to improve receiver performance and flexibility. Detail design and performance of the digital Costas loop will be explored in a later section. A classical technique is employed for Phase demodulation with the use of tracking Phase Lock Loop. Frequency demodulation is designed around a simple, single FM discriminator IC.

Card-based receiver

Demodulation

FM

PM

BPSK

Costas loop

Box Car filter

Digital PLL