Security Services for Mobile Applications

Mumtaz, Majid

January 2012

In today's era of technology, information can revolve the whole world within seconds via Internet. Devices such as smartphones, tablets and smart applications running on them enable users to access information anytime and anywhere over the air network. Ubiquitous nature of smartphones stimulates the growth of applications development, especially for small scale devices. Protection and security of sensitive mobile applications and their resources against threats are new emerging challenges for mobile application developers. Even competitive enterprise application development organizations lack comprehensive security services for small scale devices. Ultimately unpredictable threats become active anytime and can easily hamper the whole infrastructure within short time frame. In future enterprise applications, to protect entities and overall access of back-end secure infrastructure and services secure and easy to deploy strong authentication and authorization services will play a key role. Complexity of security risks in wireless networks is changing the ways of protection mechanisms for mobile applications. Achieving security balance with convenience becomes a challenging task for application developers. Due to complex blurred picture of an attack in an enterprise applications development, usually the developers don't pay attention against the mitigation of such threats at the initial phase of application development. Due to this, weaknesses appear in latter stages that make an application system vulnerable. Conventionally it is a common practice by application developers to rely on username/password authentication mechanism, and even more secure way that is considered to be a One Time Password (OTP) or complex passphrase schemes. These schemes have a number of limitations and drawbacks regarding today’s diverse wireless environments. In this research we used Public Key Infrastructure (PKI) certificate-based strong authentication scheme for small scale devices which is a significant step-up from simple username/password, OTP and location-based authentication schemes. Leading standards which we followed FIPS 201 Personal Identity Verification standard and FIPS 196 Strong Authentication Protocol scheme. Our solution is based on secure smart microSD card that can be used for providing high level of security for mobile enterprise applications. Also other considerable security services included confidentiality of exchanged transaction messages between applications and back-end application provider server, integrity of transaction messages, and non-repudiation services.

Mobile Applications Security

Authentication

microSD

Secure Element

Engineering and Technology

Teknik och teknologier

Mobilní aplikace pro šifrované volání / Mobile Application for Encrypted Calls

Jonáš, Jiří

January 2017

The thesis is focused on implementation of aplication for secure telephone communication on data network. Application is developed for operating system Android. For call management is responsible signaling protocol SIP and for transfer of voice data is used protocol RTP. For security of call is first created cryptografic key for symetric cryptography. After generating key is established call, which is encrypted by symetric cipher AES. Encrypting between communicating sides is provided in application or on microSD card. Part of solution is measurement of speed of cryptographic primitives, which are used for secure call.

Contributions à l'évaluation de systèmes biométriques embarqués / Contributions to the evaluation of embedded biometric systems

Vibert, Benoît

04 May 2017

La biométrie suscite de plus en plus d’intérêt de la part des industriels car nous avons besoin de nouvelles méthodes d’authentification d’un individu : pour du contrôle d’accès physique, du contrôle aux frontières ou pour du paiement. Ces données non révocables et sensibles sont très souvent stockées sur des systèmes embarqués de type élément sécurisé (SE), comme par exemple une carte à puce. Ces SE embarquent aussi un module de comparaison nommé On-Card-Comparison (OCC), permettant de déterminer si le template présenté correspond bien à celui stocké sur l’élément sécurisé. Dans cette thèse, nous nous intéressons particulièrement aux empreintes digitales car c’est une modalité biométrique bien perçue par les usagers. Nous proposons dans cette thèse différentes contributions permettant d’évaluer des systèmes biométriques embarqués. La première est une plateforme d’évaluation de systèmes biométriques nommée EVABIO. La seconde contribution, permet d’évaluer l’incidence sur les performances lors de la réduction de templates biométriques lorsqu’ils doivent être stockés sur un SE. Nous proposons des méthodes permettant de réduire la taille du template biométrique tout en gardant un taux de reconnaissance élevé, garantissant ainsi un bon niveau de performance du système biométrique complet. La dernière contribution étudie les attaques d’un système biométrique embarqué sur SE. Nous regardons quels a priori sont importants pour un imposteur : nous avons montré que le type de l’empreinte digitale est une information importante pour un attaquant. Nous avons également proposé une contre-mesure pour les systèmes embarqués. / Biometrics is sparking the interest of manufacturers and industrial compagniesbecause we are in need of new methods of authenticating individuals: for physicalaccess control, border control or for payments. Non-revocable and sensitive data isvery often stored on embedded systems of the secure element type (SE), such as asmart card. SEs include a comparison module called On-Card-Comparison (OCC),which determines whether the template presented corresponds to the template storedwithin it. In this thesis, we are particularly interested in fingerprints because it is abiometric modality that is very well perceived by the population.We propose in this thesis different contributions to evaluate embedded biometricsystems. The first is a biometric evaluation platform called EVABIO. The secondcontribution evaluates the impact on performance when reducing biometric templatesthat are to be stored on an SE. We propose methods to reduce the size of biometrictemplates while maintaining a high recognition rate thus, guaranteeing a good level ofperformance of the global biometric system. The last contribution studies attacks ona biometric system that is embedded on a SE. We look at what a priori are importantfor an impostor: we have shown that the type of fingerprint is an important a prioriand the reason why we have also proposed a countermeasure for embedded systems.

Element sécurisé

Reconnaissance du type d'empreinte

Réduction template biométrique

Attaque (informatique)

Secure Element

Fingerprint type recognition

Ingerprint size reduction

Attack

Pokročilé bezpečnostní aplikace pro Android / Advanced security applications for Android

Orgoň, Marek

January 2014

The thesis deals with security of the Android operating system, both general security features and options for storing sensitive data. The suitability of Android KeyStore for storing sensitive data and the possibility of using the secure element for safe application calculations and smart card emulation are discussed. Using Host-based Card Emulation for contactless smart card emulation is discussed. The performance analysis of modular arithmetic operations for numbers with high bit length is examined. Following these analysis, an implementation of application for software contactless smart card emulation of HM12 and HM14 cryptographic protocol is proposed. And an implementation of application for verifying smart cards with these protocols is proposed. Also scheme for secure storage of sensitive data is proposed.