Near Field Communication Security concerns & applicable security in Android

Bengtsson, Filip, Madrusan, Matteo

January 2020

Near Field Communication (NFC) is being used more frequent in smart devices, this raises security concerns whether the users information is secure from attackers. The thesis examines the threats that NFC on Android smartphones are exposed to, its countermeasures, as well as existing protocols that ensures the integrity and confidentiality of the users data. The results were achieved by a literature study, a questionnaire sent to companies that create products related to the subject as well as an experiment that was divided into two parts. The first part examined what information can be extracted from a debit card stored on an Android smartphone. The second part included a relay attack in which a purchase would be made with a victim’s debit card by using Android smartphones. The results shows that it is difficult to conduct any attack on the smart devices because of the limited range of NFC as well as the protocols available for making purchases with debit cards stored on smart devices disallows unauthorized applications and hardware to attack cards stored in smart devices.

Near field communication

active NFC

security protocol

security exploit

standard security protocol

NFC attack countermeasures

Computer Sciences

Datavetenskap (datalogi)

Analýza vybraných bezpečnostních protokolů / Analysis of Selected Security Protocols

Malecký, Marek

January 2010

The subject of this thesis is to study available security protocols and tools for their verification. The first part is devoted to briefly describe the concepts related to the area of security protocols and verification logics. The second part directly lists various protocols, along with attacks and errors found in design. Next chapter describes the most important tools for automatic analysis of security protocols in more detail. The main part deals with verification of security protocols selected in the chosen tool called Scyther. In conclusion, examples of multiprotocol attacks along with a summary table are displayed.

Innovative location based scheme for Internet Security Protocol : a proposed location based scheme N-Kerberos Security Protocol using intelligent logic of believes, particularly by modified BAN logic

Abdelmajid, Nabih T.

January 2010

The importance of the data authentication has resulted in the science of the data protection. Interest in this knowledge has been growing due to the increase in privacy of the user's identity, especially after the widespread use of online transactions. Many security techniques are available to maintain the privacy of the user's identity. These include password, smart card or token and face recognition or finger print. But unfortunately, the possibility to duplicate the identity of a user is still possible. Recently, specialists used the user's physical location as a new factor in order to increase the strength of the verification of the user's identity. This thesis focused on the authentication-based user's location. It is based on the idea of using the Global Position System in order to verify the user identity. Improving Kerberos protocol using GPS signal is proposed in order to eliminate the effect of replay attack. This proposal does not expect a high performance from the user during the implementation of the security system. Moreover, to give users more confidence to use security protocol, it has to be evaluated before accepting it. Thus, a measurement tool used to validate protocols called BAN logic was described. In this thesis, a new form of BAN logic which aims to raise the efficiency checking process of the protocol protection strength using the GPS signal is proposed. The proposed form of Kerberos protocol has been analysed using the new form of BAN logic. The new scheme has been tested and compared with the existing techniques to demonstrate its merits and capabilities.

004

A Framework for the Performance Analysis and Tuning of Virtual Private Networks

Perez, Fridrich Shane

01 June 2018

With the rising trend of personal devices like laptops and smartphones being used in businesses and significant enterprises, the concern for preserving security arises. In addition to preserving security measures in outside devices, the network speed and performance capable by these devices need to be balanced with the security aspect to avoid slowing down virtual private network (VPN) activity. Performance tests have been done in the past to evaluate available software, hardware, and network security protocol options that will best benefit an entity according to its specific needs. With a variety of comparable frameworks available currently, it is a matter of pick and choose. This study is dedicated to developing a unique process-testing framework for personal devices by comparing the default security encryptions of different VPN architectures to the Federal Information Processing Standards (FIPS) set of complying encryptions. VPN architectures include a vendor-supplied VPN, Palo Alto Networks, open-sourced OpenVPN application, and a Windows PPTP server to test security protocols and measure network speed through different operating platforms. The results achieved in this research reveal the differences between the default security configurations and the encryption settings enforced by FIPS, shown through the collected averaged bandwidth between multiple network tests under those settings. The results have been given additional analysis and confidence through t-tests and standard deviation. The configurations, including difficulty in establishing, between different VPNs also contribute to discovering OpenVPN under FIPS settings to be favorable over a Palo Alto firewall using FIPS-CC mode due to higher bandwidth rate despite following the same encryption standards.

VPN

FIPS

security protocol

encryption

network security

bandwidth

performance

framework

Science and Technology Studies

Návrh zero-knowledge protokolů / Design of Zero-Knowledge Protocols

Šafář, Jan

January 2010

Thesis introduces automated methods of protocol design and their usability for zero knowledge protocol design or protocols, where ZK protocols are used as subprotocols. Especially composition method is described more in depth. Thesis shows also a sample implementation of this method.

Innovative Location Based Scheme for Internet Security Protocol. A proposed Location Based Scheme N-Kerberos Security Protocol Using Intelligent Logic of Believes, Particularly by Modified BAN Logic.

Abdelmajid, Nabih T.

January 2010

The importance of the data authentication has resulted in the science of the data protection. Interest in this knowledge has been growing due to the increase in privacy of the user's identity, especially after the widespread use of online transactions. Many security techniques are available to maintain the privacy of the user's identity. These include password, smart card or token and face recognition or finger print. But unfortunately, the possibility to duplicate the identity of a user is still possible. Recently, specialists used the user's physical location as a new factor in order to increase the strength of the verification of the user's identity. This thesis focused on the authentication-based user's location. It is based on the idea of using the Global Position System in order to verify the user identity. Improving Kerberos protocol using GPS signal is proposed in order to eliminate the effect of replay attack. This proposal does not expect a high performance from the user during the implementation of the security system. Moreover, to give users more confidence to use security protocol, it has to be evaluated before accepting it. Thus, a measurement tool used to validate protocols called BAN logic was described. In this thesis, a new form of BAN logic which aims to raise the efficiency checking process of the protocol protection strength using the GPS signal is proposed. The proposed form of Kerberos protocol has been analysed using the new form of BAN logic. The new scheme has been tested and compared with the existing techniques to demonstrate its merits and capabilities.

Internet security

; N-Kerberos Security Protocol

; Global Position System; GPS

; BAN logic

Exploring the Evolution of the TLS Certificate Ecosystem

Farhan, Syed Muhammad

01 June 2022

A vast majority of popular communication protocols for the internet employ the use of TLS (Transport Layer Security) to secure communication. As a result, there have been numerous efforts including the introduction of Certificate Transparency logs and Free Automated CAs to improve the SSL certificate ecosystem. Our work highlights the effectiveness of these efforts using the Certificate Transparency dataset as well as certificates collected via full IPv4 scans. We show that a large proportion of invalid certificates still exists and outline reasons why these certificates are invalid and where they are hosted. Moreover, we show that the incorrect use of template certificates has led to incorrect SCTs being embedded in the certificates. Taken together, our results emphasize continued involvement for the research community to improve the web's PKI ecosystem. / Master of Science / Security and Privacy for communication over the internet is increasingly important. TLS (Transport Layer Security) is the most popular protocol used to secure communications over the internet today. This work explores how this protocol has evolved over the past 9 years and how effective the measures undertaken by the community have been to improve the adherence to best practices in the wild. TLS employs the use of certificates to initialize secure communication and make sure the other party is indeed who they say they are. We show that while security has improved over the years, a majority of certificates are invalid and outline reasons why. We also observe the growth of Certificate Transparency logs and show how the use of template certificates cause unexpected issues. Taken together, our results emphasize a continued involvement for the research community to improve the TLS certificate ecosystem.

Security

TLS

Certificates

Network Security

Cryptography

Public Key Cryptography

Web Security Protocol

Measurement

Nástroje a interaktivní prostředí pro simulaci komunikace / Tools for Environment for the Simulation of Communication

Mikuš, Peter

January 2010

Communication between devices should be based on predefined rules. These rules are called communication protocols. In this master thesis I am concerned with communication protocols, specially security protocols. Their design demand specialized tools, that will provide interactive simulations and security testing. I have described each of these tools in detail and mentioned about their properties, their pros and cons. In available tools I have implemented security protocols. The result is set of demonstration tasks that are usable in network courses at FIT VUT

Metody návrhu bezpečnostních protokolů / Methods of the Security Protocols Design

Hranáč, Jakub

January 2010

This project describes several methods suggested for security protocol design. The method named ' A Simple Logic for Authentication Protocol Design' is described in more detail and implemented including custom made addition defining the ownership of messages and rights to re-send those messages.

Aplikační knihovna pro podporu návrhu komunikačních protokolů / Library of Functions for the Support of Communication Protocols Design

Tomášek, Karel

Unknown Date

Security protocols are used for establishing secure communication over insecure network. This document gives a brief introduction into description and formal specification in the area of security protocols design. It also includes description of the aplication library, its functions and methods how to use it.