Secure contactless mobile financial services with near field communication

Poroye, Adeola Oluwaseyi

January 2011

Masters of Science / This thesis presents the results from work with three prototypes that use Near Field Communication technology to provide secure contactless mobile nancial services on mobile phones. / South Africa

Banks and banking

MobileSouth Africa

Contactless smart card

Mobile banking

Secure contactless mobile financial services with near field communication

Poroye, Adeola Oluwaseyi

January 2011

This thesis presents the results from work with three prototypes that use Near Field Communication technology to provide secure contactless mobile nancial services on mobile phones.

Banks and banking

MobileSouth Africa

Banks and banking

Contactless smart card

Mobile banking.

Secure contactless mobile financial services with near field communication

Poroye, Adeola Oluwaseyi

January 2011

This thesis presents the results from work with three prototypes that use Near Field Communication technology to provide secure contactless mobile nancial services on mobile phones.

Banks and banking

MobileSouth Africa

Banks and banking

Contactless smart card

Mobile banking.

Pokročilé bezpečnostní aplikace pro Android / Advanced security applications for Android

Orgoň, Marek

January 2014

The thesis deals with security of the Android operating system, both general security features and options for storing sensitive data. The suitability of Android KeyStore for storing sensitive data and the possibility of using the secure element for safe application calculations and smart card emulation are discussed. Using Host-based Card Emulation for contactless smart card emulation is discussed. The performance analysis of modular arithmetic operations for numbers with high bit length is examined. Following these analysis, an implementation of application for software contactless smart card emulation of HM12 and HM14 cryptographic protocol is proposed. And an implementation of application for verifying smart cards with these protocols is proposed. Also scheme for secure storage of sensitive data is proposed.

Génération automatique de jeux de tests avec analyse symbolique des données pour les systèmes embarqués / Automatic test set generator with numeric constraints abstraction for embedded reactive systems

Abdelmoula, Mariem

18 December 2014

Un des plus grands défis dans la conception matérielle et logicielle est de s’assurer que le système soit exempt d’erreurs. La moindre erreur dans les systèmes embarqués réactifs peut avoir des conséquences désastreuses et coûteuses pour certains projets critiques, nécessitant parfois de gros investissements pour les corriger, ou même conduire à un échec spectaculaire et inattendu du système. Prévenir de tels phénomènes en identifiant tous les comportements critiques du système est une tâche assez délicate. Les tests en industrie sont globalement non exhaustifs, tandis que la vérification formelle souffre souvent du problème d’explosion combinatoire. Nous présentons dans ce contexte une nouvelle approche de génération exhaustive de jeux de test qui combine les principes du test industriel et de la vérification formelle académique. Notre approche construit un modèle générique du système étudié à partir de l’approche synchrone. Le principe est de se limiter à l’analyse locale des sous-espaces significatifs du modèle. L’objectif de notre approche est d’identifier et extraire les conditions préalables à l’exécution de chaque chemin du sous-espace étudie. Il s’agit ensuite de générer tout les cas de tests possibles à partir de ces pré-conditions. Notre approche présente un algorithme de quasi-aplatissement plus simple et efficace que les techniques existantes ainsi qu’une compilation avantageuse favorisant une réduction considérable du problème de l’explosion de l’espace d’états. Elle présente également une manipulation symbolique des données numériques permettant un test plus expressif et concret du système étudié. / One of the biggest challenges in hardware and software design is to ensure that a system is error-free. Small errors in reactive embedded systems can have disastrous and costly consequences for a project. Preventing such errors by identifying the most probable cases of erratic system behavior is quite challenging. Indeed, tests in industry are overall non-exhaustive, while formal verification in scientific research often suffers from combinatorial explosion problem. We present in this context a new approach for generating exhaustive test sets that combines the underlying principles of the industrial test technique and the academic-based formal verification approach. Our approach builds a generic model of the system under test according to the synchronous approach. The goal is to identify the optimal preconditions for restricting the state space of the model such that test generation can take place on significant subspaces only. So, all the possible test sets are generated from the extracted subspace preconditions. Our approach exhibits a simpler and efficient quasi-flattening algorithm compared with existing techniques and a useful compiled internal description to check security properties and reduce the state space combinatorial explosion problem. It also provides a symbolic processing technique of numeric data that provides a more expressive and concrete test of the system. We have implemented our approach on a tool called GAJE. To illustrate our work, this tool was applied to verify an industrial project on contactless smart cards security.

Jeux de tests

Approche synchrone

Modèle synchrone

Pré-conditions

Couverture de l’espace d’états

Manipulation numérique des données

Backtrack

GAJE

Test sets

Synchronous approach

Synchronous model

Pre-conditions

States space covering

Numeric data processing

Backtrack

GAJE

Contactless smart card