Analyse forensique de la mémoire des cartes à puce / Memory carving of smart cards memories

Gougeon, Thomas

04 October 2017

Dans notre monde toujours plus connecté, les cartes à puce sont impliquées quotidiennementdans nos activités, que ce soit pour le paiement, le transport, le contrôle d’accès ou encore la santé.Ces cartes contiennent des informations personnelles liées aux faits et gestes de leur possesseur.Le besoin d’interpréter les données contenues dans les mémoires de ces cartes n’a jamais été aussiimportant. Cependant, sans les spécifications de l’application, il est difficile de connaître quellesinformations sont stockées dans la carte, leur emplacement précis, ou encore l’encodage utilisé.L’objectif de cette thèse est de proposer une méthode qui retrouve les informations stockéesdans les mémoires non volatile des cartes à puce. Ces informations peuvent être des dates (e.g.,date de naissance, date d’un événement) ou des informations textuelles (e.g., nom, adresse). Pourretrouver ces informations, un décodage exhaustif des données à l’aide de différentes fonctions dedécodage est possible. Malheureusement, cette technique génère de nombreux faux positifs. Unfaux positif apparaı̂t lorsqu’une fonction de décodage est appliquée sur des données qui ont étéencodées avec une fonction différente. Cette thèse s’appuie alors sur trois contributions exploitantles spécificités des cartes à puce pour éliminer ces faux positifs. La première contribution identifie lesobjets cryptographiques dans les mémoires non volatiles des cartes à puce afin de ne pas effectuer ledécodage sur ces données. Les deux autres contributions retrouvent respectivement des informationstextuelles et des dates dans ces mémoires. Afin de valider ces méthodes, elles sont chacune appliquéessur 371 mémoires de cartes à puce de la vie réelle. / In our increasingly connected world, smart cards are involved in any everyday activity, and theygather and record plenty of personal data. The need to interpret the raw data of smart card memoryhas never been stronger. However, without the knowledge of the specifications, it is difficult toretrieve what are the information stored, their location, and the encoding used to store them.The objective of this thesis is to propose a method retrieving the stored information in thenon-volatile memory of smart cards. This information include dates (e.g., birth date or event date)and textual information (e.g., name, address). In order to retrieve these information, it is possibleto perform an exhaustive decoding of the data with several decoding functions. Unfortunately,this technique generates a lot of false positives. Indeed, a false positive occurs when a decodingfunction is applied to data that have been encoded with another function. This thesis proposesthree contributions exploiting smart cards specificities to eliminate the false positives. The firstcontribution identifies cryptographic material in these non-volatile memories in order to preventthe false positives generated by the decoding of these cryptographic objects. The two otherscontributions retrieve respectively textual information and dates in these memories. In order tovalidate these methods, they are applied on 371 memory dumps of real-life smart cards.

Forensique informatique

Cartes à puce

Vie privée

Digital forensics

Smart cards

Privacy

Outsmarting Passwords : An Analysis on the use of Smart Cards for Single Sign-On in Legacy Applications / Singelinloggning i Legacysystem : En Studie i Användandet av Smarta Kort för Singelinloggning i Legacysystem

Tingström, Alexander

January 2017

By leveraging smart-cards as a bearer of user credentials for legacy applications the security of these systems can be greatly increased. In this thesis a solution to the problem of legacy applications only allowing username-password authentication is proposed. Storing user-data encrypted on the card and automatically serving it to the required application allows for automatically generated passwords to be used. The backbone of this system is developed. This solution is then analyzed and found to result in a significantly increased level of security. / Genom att använda smartakort som bärare av användarnamn och lösenord för gamla "legacyapplikationer" så kan man drastiskt öka säkerheten i dessa system. I detta examensarbete så läggs ett förslag på lösning till problemet att äldre applikationer enbart tillåter autentisering genom användarnamn.lösenord. Genom att lagra användardata på ett enkrypterat utrymme i ett smartkort för att sedan automatiskt mata in detta i den berörda applikationen så tillåts starkare, ej användarvänliga, lösenord att användas. Grunden till detta system utvecklas och en säkerhetsanalys utförs. Detta visar på en kraftig förbättring av säkerheten gentemot dessa system.

Smart Cards

Security

Single Sign On

Legacy Systems

Computer Sciences

Datavetenskap (datalogi)

Moving towards a cashless era in 2000: design a marketing strategy for Mondex, an electronic cash, in Hong Kong.

January 1996

by Li Chun-Kit Patrick. / Thesis (M.B.A.)--Chinese University of Hong Kong, 1996. / Includes bibliographical references (leaves [87-90]). / ACKNOWLEDGEMENT --- p.ii / ABSTRACT --- p.iii / TABLE OF CONTENTS --- p.vi / LIST OF TABLES --- p.viii / INTRODUCTION --- p.1 / LITERATURE REVIEW - DEVELOPMENT OF SMART CARD --- p.4 / Terminology --- p.4 / General Application of Smart Card --- p.6 / DESCRIPTION OF MONDEX --- p.14 / History of Mondex --- p.14 / Description of Mondex and Its Accessories --- p.16 / Advantages of Mondex --- p.20 / Disadvantages of Mondex --- p.22 / COMPETITOR ANALYSIS --- p.24 / Maestro --- p.25 / Credit Card --- p.27 / Electronic Payment System (EPS) --- p.29 / RESEARCH METHODOLOGY --- p.35 / Research Objective --- p.35 / Research Design and Method --- p.36 / RESEARCH FINDINGS --- p.39 / Data analysis on the Whole Sample Basis --- p.39 / Data Analysis by Type of Adopter --- p.50 / RECOMMENDATION --- p.58 / Characteristics of Potential Adopters --- p.58 / Product --- p.59 / Promotion --- p.63 / LIMITATION --- p.70 / APPENDIX 1: DIAGRAMS / APPENDIX 2: CHINESE QUESTIONNAIRE / APPENDIX 3: ENGLISH QUESTIONNAIRE / APPENDIX 4: FIGURES / APPENDIX 5: TABLES / BIBLIOGRAPHY

Stored-value cards--Marketing

Electronic funds transfers--Marketing

Smart cards--Marketing

Smart cards--China--Hong Kong--Marketing

An empirical evaluation of the effectiveness of Octopus implementation.

January 1998

by Tse Kwong Keung. / Pages 52-56 and 74 in clear holder. / Thesis (M.B.A.)--Chinese University of Hong Kong, 1998. / Includes bibliographical references (leaf 99). / Questionnaries in English and Chinese. / ABSTRACT --- p.ii / TABLE OF CONTENTS --- p.ii / LIST OF ABBREVIATIONS --- p.v / LIST OF APPENDICES --- p.vi / LIST OF TABLES --- p.vii / LIST OF EXHIBITS --- p.ix / PREFACE --- p.x / Chapter / Chapter I. --- INTRODUCTION --- p.1 / Title of the Project --- p.1 / Terms of Reference --- p.1 / Objective --- p.2 / Chapter II. --- BACKGROUND --- p.4 / Overview of the Octopus System --- p.4 / Overview of the Octopus System Bus Equipment --- p.6 / Fare collection system on LRT Feeder and Auxiliary Bus Routes --- p.9 / Pre-Octopus Fare Collection System --- p.9 / New Fare Collection System with the Introduction of Octopus System --- p.10 / Implementation Measures --- p.11 / Implementation Measures to Prepare Passengers to Use Octopus System on Buses --- p.11 / Implementation measures - CSL --- p.11 / Implementation measures - LRT --- p.13 / Implementation Measures to Prepare Staff to Launch Octopus System on Buses --- p.14 / Chapter III. --- METHODOLOGY --- p.16 / Sources of Information --- p.16 / The Questionnaire Surveys --- p.17 / Questionnaire Survey for LRT Bus Passengers --- p.17 / Questionnaire Survey for LRT Bus Traffic Staff --- p.18 / Data Analysis Tools --- p.19 / Chapter IV. --- FINDINGS --- p.20 / Literature Review --- p.20 / The Systems Development Cycle --- p.20 / The Systems Development Cycle of Octopus System in LRT Buses --- p.24 / Systems Implementation Measures Getting People Ready to Use the New System --- p.25 / Measures of gaining acceptance by passengers and staff --- p.26 / Measures of obtaining passengers and staff performance --- p.29 / Education and training --- p.30 / Performance aids --- p.32 / Findings from Questionnaire Survey for LRT Bus Passengers --- p.33 / Demographic Profile --- p.33 / Effectiveness of Promotion Channels on Octopus Card to Passengers --- p.33 / Number of Trips on LRT Buses Per Week by Respondents --- p.34 / Fare Paying Methods of Respondents --- p.34 / Competence of Respondents in Using Octopus Card on Buses --- p.35 / Most Effective Methods to Educate Passengers on Octopus Card Usage --- p.36 / Findings from Questionnaire Survey for LRT Bus Traffic Staff --- p.36 / Demographic Profile --- p.36 / Personal Computer Experience Prior to Octopus Bus Equipment Training --- p.37 / Evaluation of DDU Operations Training Course --- p.37 / Staff Perceived Level of Competence to Operate the DDU During Octopus System Launching --- p.38 / Measures Proposed by Staff to Enhance Competence to Operate the DDU --- p.39 / Evaluation of BDC Operations Training Course --- p.39 / Staff Perceived Level of Competence to Operate the BDC During Octopus System Launching --- p.40 / Measures Proposed by Staff to Enhance Competence to Operate the BDC --- p.41 / Chapter V. --- CONCLUSIONS AND RECOMMENDATIONS --- p.42 / Strengths of Implementation Measures on Passengers --- p.42 / Weaknesses of Implementation Measures on Passengers --- p.43 / Recommendations of Implementation Measures on Customers --- p.44 / Strengths of Implementation Measures on Staff --- p.46 / Weaknesses of Implementation Measures on Staff --- p.47 / Recommendations of Implementation Measures on Staff --- p.48 / APPENDICES 1-11 --- p.50 / TABLES 1-18 --- p.75 / EXHIBITS 1-6 --- p.93 / BIBLIOGRAPHY --- p.99

Smart cards

Smart cards--China--Hong Kong

Stored-value cards

Stored-value cards--China--Hong Kong

Local transit--Fares

Local transit--Fares--China--Hong Kong

Consumer satisfaction--Evaluation

Desenvolvimento formal de aplica??es para smartcards

Gomes, Bruno Emerson Gurgel

01 June 2012

Made available in DSpace on 2014-12-17T15:46:59Z (GMT). No. of bitstreams: 1 BrunoEGG_TESE.pdf: 2215931 bytes, checksum: 5d86c012a04f884e6dec73c92c1d88ef (MD5) Previous issue date: 2012-06-01 / Coordena??o de Aperfei?oamento de Pessoal de N?vel Superior / Smart card applications represent a growing market. Usually this kind of application manipulate and store critical information that requires some level of security, such as financial or confidential information. The quality and trustworthiness of smart card software can be improved through a rigorous development process that embraces formal techniques of software engineering. In this work we propose the BSmart method, a specialization of the B formal method dedicated to the development of smart card Java Card applications. The method describes how a Java Card application can be generated from a B refinement process of its formal abstract specification. The development is supported by a set of tools, which automates the generation of some required refinements and the translation to Java Card client (host) and server (applet) applications. With respect to verification, the method development process was formalized and verified in the B method, using the Atelier B tool [Cle12a]. We emphasize that the Java Card application is translated from the last stage of refinement, named implementation. This translation process was specified in ASF+SDF [BKV08], describing the grammar of both languages (SDF) and the code transformations through rewrite rules (ASF). This specification was an important support during the translator development and contributes to the tool documentation. We also emphasize the KitSmart library [Dut06, San12], an essential component of BSmart, containing models of all 93 classes/interfaces of Java Card API 2:2:2, of Java/Java Card data types and machines that can be useful for the specifier, but are not part of the standard Java Card library. In other to validate the method, its tool support and the KitSmart, we developed an electronic passport application following the BSmart method. We believe that the results reached in this work contribute to Java Card development, allowing the generation of complete (client and server components), and less subject to errors, Java Card applications. / As aplica??es para smart cards representam um mercado que cresce a cada ano. Normalmente, essas aplica??es manipulam e armazenam informa??es que requerem garantias de seguran?a, tais como valores monet?rios ou informa??es confidenciais. A qualidade e a seguran?a do software para cart?es inteligentes pode ser aprimorada atrav?s de um processo de desenvolvimento rigoroso que empregue t?cnicas formais da engenharia de software. Neste trabalho propomos o m?todo BSmart, uma especializa??o do m?todo formal B dedicada ao desenvolvimento de aplica??es para smart cards na linguagem Java Card. O m?todo descreve, em um conjunto de etapas, como uma aplica??o smart card pode ser gerada a partir de refinamentos em sua especifica??o formal. O desenvolvimento ? suportado por um conjunto de ferramentas, automatizando a gera??o de parte dos refinamentos e a tradu??o para as aplica??es Java Card cliente (host) e servidora (applet). Ressalta-se que o processo de especifica??o e refinamento descrito no m?todo foi formalizado e verificado utilizando o pr?prio m?todo B, com o aux?lio da ferramenta Atelier B [Cle12a]. Destaca-se que a aplica??o Java Card ? traduzida a partir do ?ltimo passo de refinamento, denominado de implementa??o. A especifica??o dessa tradu??o foi feita na linguagem ASF+SDF [BKV08]. Inicialmente, descreveu-se as gram?ticas das linguagens B e Java (SDF) e, em uma etapa posterior, especificou-se as transforma??es de B para Java Card atrav?s de regras de reescrita de termos (ASF). Essa abordagem foi um importante aux?lio durante o processo de tradu??o, al?m de servir ao prop?sito de document?lo. Cumpre destacar a biblioteca KitSmart [Dut06, San12], componente essencial ao m?todo BSmart, que inclui modelos em B de todas as 93 classes/interfaces da API Java Card na vers?o 2:2:2, dos tipos de dados Java e Java Card e de m?quinas que podem ser ?teis ao especificador, mas que n?o est?o presentes na API padr?o. Tendo em vista validar o m?todo, seu conjunto de ferramentas e a biblioteca KitSmart, procedeu-se com o desenvolvimento, seguindo o m?todo BSmart, de uma aplica??o de passaporte eletr?nico. Os resultados alcan?ados neste trabalho contribuem para o desenvolvimento smart card, na medida em que possibilitam a gera??o de aplica??es Java Card completas (cliente e servidor) e menos sujeitas a falhas.

Smart cards

Java card

M?todo formal B

Refinamento

Desenvolvimento formal

Gera??o de c?digo.

Smart cards

Java card

B formal method

Refinement

Formal development

Code generation.

CNPQ::OUTROS

Creative star: the strategic alliance of major transportation operators in Hong Kong

Lo, Chun-chung, Johnny., 盧振忠.

January 1996

published_or_final_version / Business Administration / Master / Master of Business Administration

Smart cards - China - Hong Kong.

Smarta Kort : En del av en intelligent IT-lösning i hälso- och sjukvården?

Isaksson, Johanna, Sanne, Therése

January 2006

<p>Background: IT-security is included in the concept of information security, which considers all the security of handling information within an organisation. Good IT-security is about finding the right level of measurement, however, it is hard to implemement new IT-solutions in an organisation, particularly within the health care field, where sensitive information are handled daily. Lately the Swedish government, together with county- and city council, understand the importance of IT and health care. Carelink, an organisation of interest, is working actively for the presumption of benefit by using IT within the health care field. During spring 2006 the Swedish government introduced a national IT-strategy. SITHS, Säker IT inom Hälso- och sjukvården, is a project running by Carelink and is based upon using Smart Cards as an identification. Smart Cards can be used as accesscards for logging on to a computersystem in an organsiation in order to secure an indentity.</p><p>Purpose: The purpose with this thesis is to investigate the assumptions for how Smart Cards, as a part of a total security solution, can increase the ITsecurity within the Healt Care field.</p><p>Method: The study was initiated with literature and suitable references to informationssecurity, Smart Cards and Healthcareinformatic. Our empirical study was carried out at Ryhov Hospital in Jönköping, one of Sweden’s newest hospitals. Both qualitative and quantitative studies were conducted, because we chose to do interviews and surveys. The interviews were conducted in order to get a deeper understanding for the organisation and the survey was made in order to investigate the attitudes among the nurses and doctors about the security of computer use.</p><p>Result: Smart Cards can, according to our studie, increase the IT-security within the Health Care field by creating a safer identification with the use of ITsupport. Smart Cards can also make the process of logging on and off to a computer system easier, which leads to better logging and mobilisation. The study also demonstrates that users are not afraid of the changes a smart card will represent within their organization.</p> / <p>Bakgrund: IT-säkerhet ingår i begreppet informationssäkerhet som avser all säkerhet vid hantering av information inom en organisation. God IT-säkerhet handlar om att hitta rätt nivå med tillhörande åtgärder och nya IT lösningar, men detta är inte enkelt att införa i organisationer och speciellt inte i vården som dagligen hanterar känslig information. Under senare år har regeringen tillsammans med landsting och kommuner fått upp ögonen för vilken nytta IT kan utgöra inom vården. Intresseorganisationen Carelink arbetar aktivt för att skapa förutsättningar att använda IT inom vården, och under våren 2006 har även regeringen presenterat en Nationell IT-strategi. Projektet SITHS, Säker IT inom Hälso- och Sjukvården, drivs av Carelink och bygger på att använda smarta kort som säker identifikation. Korten kan bland annat användas som passerkort och vid inloggning till ett datasystem för att säkerhetsställa en identitet.</p><p>Syfte: Syftet med denna uppsats är att undersöka förutsättningarna för hur smarta kort, som en del av en total säkerhetslösning, kan förbättra IT-säkerheten inom hälso- och sjukvården.</p><p>Metod: Studien påbörjades med en genomgång av lämplig litteratur om informationssäkerhet, smarta kort samt vårdinformatik. Den empiriska studien utfördes sedan på Länssjukhuset Ryhov i Jönköping, som är ett av Sveriges nyaste sjukhus. Här genomfördes både kvalitativa och kvantitativa studier, då vi valde att göra ett antal intervjuer samt en enkätundersökning bland vårdgivarna. Intervjuerna gjordes för att få en djupare förståelse för organisationen, och enkätundersökningen för att undersöka attityderna till dagens datoranvändning samt hur säkerheten kring datoriseringen upplevs bland de anställda.</p><p>Resultat: Enligt studien kan smarta kort förbättra IT-säkerheten inom hälso- och sjukvården genom att skapa en säker identifiering vid användning av ITstöd. Smarta kort kan även bidra till en förenklad in- och utloggningsprocess i ett datorsystem, vilket i sin tur leder till bättre spårbarhet samt ökad mobilitet bland användarna. Undersökningen visar att majoriteten av användarna inte är emot den förändring ett smart kort kan bidra till, utan snarare tvärt om.</p>

Smart Cards

Information security

IT-security

IT-strategy

Smarta kort

Aktiva kort

Informationssäkerhet

Nationell IT-strategi

Informatics

Informatik

Programų apsaugos, naudojant lustines korteles, metodo sudarymas ir tyrimas / Development and research of software protection method using smart cards

Kreickamas, Tomas

21 August 2013

Taikomųjų programų piratavimas – procesas, kurio metu nelegaliai atkuriama ir neturint tam teisės platinama taikomoji programa. Ši problema nėra nauja, tačiau efektyvių apsaugos priemonių nuo jos šiandien dar nesukurta. Dėl šios priežasties 2011 m. nelegalios programinės įrangos buvo parsisiųsta už daugiau nei 60 mlrd. JAV dolerių ir ši suma kasmet auga. Atlikus taikomųjų programų grėsminių analizę išsiaiškinome, kad didžiausia problema – atvirkštinė inžinerija. Šią problemą padedančias išspręsti apsaugos priemones suskirstėme į programines ir aparatūrines. Atlikus programinių apsaugos priemonių analizę išsiaiškinome, kad geriausiai nuo atvirkštinės inžinerijos padeda apsisaugoti kodo šifravimas arba glaudinimas. Atlikus aparatūrinių apsaugos priemonių analizę išsiaiškinome, kad apsaugai nuo piratavimo dažniausiai naudojami apsaugos raktai. Išanalizavus programinių ir aparatūrinių apsaugos priemonių privalumus ir trūkumus sukūrėme kompleksinį apsaugos metodą. Šis metodas remiasi kritinių (vertingiausių) programos modulių šifravimu ir vykdymu saugiame įrenginyje. Šiame darbe kaip saugų įrenginį naudojame lustines korteles. Šie įrenginiai buvo pasirinkti dėl jų nedidelės kainos ir teikiamo didelio saugumo lygio. Atlikę sumodeliuoto metodo programinę realizaciją jį ištyrėme greitaveikos aspektu ir nustatėme, kad modulio užimančio 6KB iššifravimas lustinėje kortelėje trunka tik 2% viso programos vykdymo laiko, todėl didelės įtakos programos vykdymo laiko išaugimui neturi... [toliau žr. visą tekstą] / Software piracy is copying and distributing of software illegally and without permission. This problem is not new but effective protective measures against it until today are not developed. Therefore, in 2011 illegal software has been downloaded for more than 60 billion USA dollars and that amount is growing every year. After software threats’ analysis we found out that the biggest problem is reverse engineering. Measures which can help to solve this problem we divided into software-based and hardware-based protection. After software-based protection analysis we found out that one of best measures against reverse engineering is code encryption or packaging and one of the best hardware-based protection tools is using of dongle keys. After analysis of advantages and disadvantages of software-based and hardware-based protection we developed method against software piracy. This method relies on the encryption of critical (most valuable) program modules and its safe execution in a safe device. In this paper, as a safe device we will use smart cards. These devices were chosen for their low cost and high level of safety. After implementation of simulated method we found out that decryption of module, which size is ~6KB, in smart card takes only 2% of the total program execution time, so this task does not have significant impact on program execution time. The biggest impact on increasing of protected program execution time have the module performance (59,37% of the total time)... [to full text]

Informatics

Programinės įrangos piratavimas

Programinės įrangos apsauga

Lustinės kortelės

Kriptografija

Software piracy

Software protection

Smart cards

Cryptography

Implementação de verificações biométricas processadas em cartões inteligentes a multi-aplicações. / Implementation of biometric verifications on multi-application smart cards.

Rafael Soares Wyant

28 November 2013

Conselho Nacional de Desenvolvimento Científico e Tecnológico / As biometrias vêm sendo utilizadas como solução de controle de acesso a diversos sistemas há anos, mas o simples uso da biometria não pode ser considerado como solução final e perfeita. Muitos riscos existem e não devem ser ignorados. A maioria dos problemas está relacionada ao caminho de transmissão entre o local onde os usuários requerem seus acessos e os servidores onde são guardados os dados biométricos capturados em seu cadastro. Vários tipos de ataques podem ser efetuados por impostores que desejam usar o sistema indevidamente. Além dos aspectos técnicos, existe o aspecto social. É crescente a preocupação do usuário tanto com o armazenamento quanto o uso indevido de suas biometrias, pois é um identificador único e, por ser invariável no tempo, pode ser perdido para sempre caso seja comprometido. O fato de que várias empresas com seus diferentes servidores guardarem as biometrias está causando incomodo aos usuários, pois as torna mais suscetíveis à ataques. Nesta dissertação, o uso de cartões inteligentes é adotado como possível solução para os problemas supracitados. Os cartões inteligentes preparados para multi-aplicações são usados para realizar as comparações biométricas internamente. Dessa forma, não seria mais necessário utilizar diversos servidores, pois as características biométricas estarão sempre em um único cartão em posse do dono. Foram desenvolvidas e implementadas três diferentes algoritmos de identificação biométrica utilizando diferentes características: impressão digital, impressão da palma da mão e íris. Considerando a memória utilizada, tempo médio de execução e acurácia, a biometria da impressão da palma da mão obteve os melhores resultados, alcançando taxas de erro mínimas e tempos de execução inferiores a meio segundo. / The biometrics have been used as a solution for access control systems for many years, but the simple use of biometrics can not be considered as final and perfect solution. There are many risks that should not be ignored. Most problems are related to the transmission path between the system where the users require access and the servers where the captured biometric data is stored. Various types of attacks can be made by impostors who want to use the system improperly. Besides the technical aspects, there is the social aspect. There is a growing concern of users about both data storage and the misuse of their biometrics, which is an unique identifier and, being invariant in time, may be lost forever if compromised. The fact that several companies keep their biometric data in different servers is causing discomfort to users because it makes their biometric data more susceptible to attacks. In this dissertation, the use of smart cards is adopted as a possible solution to the above problems. Smart cards prepared for multi-applications are used to perform biometric comparisons internally. Thus, it would not be necessary to use different servers as the biometric features will always be kept on a single card in the possession of the owner. In this work, three different algorithms using different biometric identification characteristics are developed and implemented: fingerprint, palmprint and iris. Considering the used memory, average execution time and accuracy, the implementation of palmprint verification achieved the best results, allowing minimum error rates and processing time of at most 0.5s.

Engenharia Eletrônica

Biometria

Cartões inteligentes

Minúcias

PalmCode

IrisCode

Electronic Engineering

Biometrics

Smart cards

Minutiae

PalmCode

IrisCode

ENGENHARIAS

Implementação de verificações biométricas processadas em cartões inteligentes a multi-aplicações. / Implementation of biometric verifications on multi-application smart cards.

Rafael Soares Wyant

28 November 2013

Conselho Nacional de Desenvolvimento Científico e Tecnológico / As biometrias vêm sendo utilizadas como solução de controle de acesso a diversos sistemas há anos, mas o simples uso da biometria não pode ser considerado como solução final e perfeita. Muitos riscos existem e não devem ser ignorados. A maioria dos problemas está relacionada ao caminho de transmissão entre o local onde os usuários requerem seus acessos e os servidores onde são guardados os dados biométricos capturados em seu cadastro. Vários tipos de ataques podem ser efetuados por impostores que desejam usar o sistema indevidamente. Além dos aspectos técnicos, existe o aspecto social. É crescente a preocupação do usuário tanto com o armazenamento quanto o uso indevido de suas biometrias, pois é um identificador único e, por ser invariável no tempo, pode ser perdido para sempre caso seja comprometido. O fato de que várias empresas com seus diferentes servidores guardarem as biometrias está causando incomodo aos usuários, pois as torna mais suscetíveis à ataques. Nesta dissertação, o uso de cartões inteligentes é adotado como possível solução para os problemas supracitados. Os cartões inteligentes preparados para multi-aplicações são usados para realizar as comparações biométricas internamente. Dessa forma, não seria mais necessário utilizar diversos servidores, pois as características biométricas estarão sempre em um único cartão em posse do dono. Foram desenvolvidas e implementadas três diferentes algoritmos de identificação biométrica utilizando diferentes características: impressão digital, impressão da palma da mão e íris. Considerando a memória utilizada, tempo médio de execução e acurácia, a biometria da impressão da palma da mão obteve os melhores resultados, alcançando taxas de erro mínimas e tempos de execução inferiores a meio segundo. / The biometrics have been used as a solution for access control systems for many years, but the simple use of biometrics can not be considered as final and perfect solution. There are many risks that should not be ignored. Most problems are related to the transmission path between the system where the users require access and the servers where the captured biometric data is stored. Various types of attacks can be made by impostors who want to use the system improperly. Besides the technical aspects, there is the social aspect. There is a growing concern of users about both data storage and the misuse of their biometrics, which is an unique identifier and, being invariant in time, may be lost forever if compromised. The fact that several companies keep their biometric data in different servers is causing discomfort to users because it makes their biometric data more susceptible to attacks. In this dissertation, the use of smart cards is adopted as a possible solution to the above problems. Smart cards prepared for multi-applications are used to perform biometric comparisons internally. Thus, it would not be necessary to use different servers as the biometric features will always be kept on a single card in the possession of the owner. In this work, three different algorithms using different biometric identification characteristics are developed and implemented: fingerprint, palmprint and iris. Considering the used memory, average execution time and accuracy, the implementation of palmprint verification achieved the best results, allowing minimum error rates and processing time of at most 0.5s.

Engenharia Eletrônica

Biometria

Cartões inteligentes

Minúcias

PalmCode

IrisCode

Electronic Engineering

Biometrics

Smart cards

Minutiae

PalmCode

IrisCode

ENGENHARIAS