Global ETD Search

21	Secure contactless mobile financial services with near field communication Poroye, Adeola Oluwaseyi January 2011 (has links) This thesis presents the results from work with three prototypes that use Near Field Communication technology to provide secure contactless mobile nancial services on mobile phones. Banks and banking MobileSouth Africa Banks and banking Contactless smart card Mobile banking.
22	Side-Channel Monitoring of Contactless Java Cards Berkes, Jem 21 January 2008 (has links) Smart cards are small, portable, tamper-resistant computers used in security-sensitive applications ranging from identification and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer ``contactless'' cards communicate using radio frequency (RF), without physical contact. These contactless smart cards are sometimes grouped with radio frequency identification (RFID) devices in popular usage of the term. This thesis investigates devices that use the ISO 14443 (proximity card) protocol, a large class of contactless/RFID devices. Although contactless smart cards are increasingly common, very few reproducible practical attacks have been published. Presently, there are no known documented side-channel attacks against contactless Java Cards (open standard multi-application cards) using generic unmodified hardware. This thesis develops a research-friendly platform for investigating side-channel attacks on ISO 14443 contactless smart cards. New techniques for measurement and analysis, as well as the first fully documented EM side-channel monitoring procedure, are presented for a contactless Java Card. These techniques use unmodified, commercial off-the-shelf hardware and are both practical and broadly applicable to a wide range of ISO 14443 devices, including many payment cards and electronic passports. smart card contactless RFID side channel Java Card attack Electrical and Computer Engineering
23	Side-Channel Monitoring of Contactless Java Cards Berkes, Jem 21 January 2008 (has links) Smart cards are small, portable, tamper-resistant computers used in security-sensitive applications ranging from identification and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer ``contactless'' cards communicate using radio frequency (RF), without physical contact. These contactless smart cards are sometimes grouped with radio frequency identification (RFID) devices in popular usage of the term. This thesis investigates devices that use the ISO 14443 (proximity card) protocol, a large class of contactless/RFID devices. Although contactless smart cards are increasingly common, very few reproducible practical attacks have been published. Presently, there are no known documented side-channel attacks against contactless Java Cards (open standard multi-application cards) using generic unmodified hardware. This thesis develops a research-friendly platform for investigating side-channel attacks on ISO 14443 contactless smart cards. New techniques for measurement and analysis, as well as the first fully documented EM side-channel monitoring procedure, are presented for a contactless Java Card. These techniques use unmodified, commercial off-the-shelf hardware and are both practical and broadly applicable to a wide range of ISO 14443 devices, including many payment cards and electronic passports. smart card contactless RFID side channel Java Card attack Electrical and Computer Engineering
24	Identifying Factors That Facilitate The Use Of Multi-purpose Smart Cards By University Students: An Empirical Investigation Teker, Mahmut 01 February 2011 (has links) (PDF) The aim of this thesis is to identify factors that affect the university students&rsquo / acceptance of multi-purpose Smart Cards. The findings of this study will be beneficial to facilitate the use of Smart-Card enabled system both n universities and in other institutions which either have these systems in use or plan to invest on these systems in the future. The research methodology employed within this study is based on quantitative methods. A survey instrument comprising 51 5-point Likert-type questions has been developed and applied to 207 university Middle East Technical University students. The data collected has been analyzed using Exploratory Factor Analysis to categorize factors having items. According to analysis results, the data classified under 5 factors / Perceived Usefulness, Perceived Ease of Use, Behavioral Intention, Anxiety, and Technological Complexity. Then, the relations between these 5 factors identified and a measurement model was created. For assessing the proposed model Discriminant and Convergent Validity scores were calculated by Confirmatory Factor Analysis. Then, Structural Equation Modeling was conducted with Partial Least Squares for validating the model&rsquo / s estimated influence. The study has shown that the main Technology Acceptance Model constructs fit for determining the university students&rsquo / intention of Smart Card usage except for Perceived Ease of Use over Behavioral Intention. Moreover, study showed that Anxiety and Technological Complexity were the external factors that have effect on willingness of using multi-purpose Smart Cards. If students have Anxiety, this affects their perception of easiness of the system and it has negative indirect effect on the perceived usefulness and direct effect on intention. Technological Complexity is another factor which has direct affect on the perception of easiness and usefulness and intention. QA General Works 36-39
25	Elektroniska signaturer : hur upplevs dess påstådda brister? Franzen, Jonas January 2002 (has links) <p>För att informationsöverföring över publika nät ska kunna utföras på ett säkert sätt krävs identifiering, signering och kryptering, vilka är grundstenarna i en elektronisk signatur. Dessa delar i kombination ger oss bl.a. säker e-handel. Som plattform för detta ligger PKI (Public Key Infrastructure), vilket är samlingsnamnet för lösningar där man med hjälp av en speciell krypteringsteknologi skapar system för identifiering, kryptering och integritetskontroll (Halvarsson & Morin, 2000). Systemen kan användas för att till exempel skapa elektroniska signaturer för olika typer av avtal, säkra elektroniska transaktioner, identifiering av användare, säker e-post, och olika typer av säker kommunikation över publika nätverk.</p><p>Tekniken lovordas till stor del, men även dess brister förs fram av kritikerna. Det gäller exempelvis rutiner för utgivande av certifikat, vem ett certifikat verkligen tillhör etc. Detta arbete syftar till att ta reda på huruvida de påstådda bristerna upplevs hos sakkunniga i ämnet genom litteraturstudier och intervjuer. Resultatet pekar på att brister föreligger, men att de inte upplevs vara i den omfattning som kritikerna menar.</p> PKI digitala signaturer elektroniska signaturer smart card certifikat Computer and systems science Data- och systemvetenskap
26	La mesure de performance dans les cartes à puce Cordry, Julien 30 November 2009 (has links) La mesure de performance est utilisée dans tous les systèmes informatiques pour garantir la meilleure performance pour le plus faible coût possible. L'établissement d'outils de mesures et de métriques a permis d'établir des bases de comparaison entre ordinateurs. Bien que le monde de la carte à puce ne fasse pas exception, les questions de sécurité occupent le devant de la scène pour celles-ci. Les efforts allant vers une plus grande ouverture des tests et de la mesure de performance restent discrets. Les travaux présentés ici ont pour objectif de proposer une méthode de mesure de la performance dans les plates-formes Java Card qui occupent une part considérable du marché de la carte à puce dans le monde d’aujourd’hui. Nous étudions en détails les efforts fournis par d'autres auteurs sur le sujet de la mesure de performance et en particulier la mesure de performance sur les cartes à puce. Un grand nombre de ces travaux restent embryonnaires ou ignorent certains aspects des mesures. Un des principaux défauts de ces travaux est le manque de rapport entre les mesures effectuées et les applications généralement utilisées dans les cartes à puce. Les cartes à puce ont par ailleurs des besoins importants en termes de sécurité. Ces besoins rendent les cartes difficiles à analyser. L'approche logique consiste à considérer les cartes à puce comme des boites noires. Après l'introduction de méthodologies de mesures de performance pour les cartes à puce, nous choisirons les outils et les caractéristiques des tests que nous voulons faire subir aux cartes, et nous analyserons la confiance à accorder aux données ainsi récoltées. Enfin une application originale des cartes à puce est proposée et permet de valider certains résultats obtenus. / Performance measurements are used in computer systems to guaranty the best performance at the lowest cost. Establishing measurement tools and metrics has helped build comparison scales between computers. Smart cards are no exception. But the centred stage of the smart card industry is mostly busy with security issues. Efforts towards a better integration of performance tests are still modest. Our work focused on a better approach in estimating the execution time within Java Card platforms. Those platforms constitute a big part of the modern smart card market share especially with regards to multi-applicative environments. After introducing some methodologies to better measure the performance of Java Cards, we detail the tools and the tests that we mean to use on smart cards. We will thereafter analyze the data obtained in this way. Finally, an original application for smart cards is proposed. We used it to validate some points about the results. Java Card Carte à puce Mesure de performance Test Java Card Benchmark Smart card Performance measurement Test
27	A user centric security model for tamper-resistant devices Akram, Raja January 2012 (has links) In this thesis, we propose a ubiquitous and interoperable device based on the smart card architecture to meet the challenges of privacy, trust, and security for traditional and emerging technologies like personal computers, smart phones and tablets. Such a device is referred as User Centric Tamper-Resistant Device (UCTD). To support the smart card architecture for the UCTD initiative, we propose the delegation of smart card ownership from a stringent centralised authority (i.e. the card issuer) to users. This delegation mandated the review of existing smart card mechanisms and their adequate modifications/improvements. Since the inception of smart card technology, the most prevalent ownership model in the smart card industry has been the Issuer Centric Smart Card Ownership Model (ICOM). The ICOM has no doubt played a pivotal role in the proliferation of the technology into various segments of modern life. However, it has been a barrier to the convergence of different services on a smart card. In addition, it might be considered as a hurdle to the adaption of smart card technology into a general-purpose security device. To avoid these issues, we propose citizen ownership of smart cards, referred as the User Centric Smart Card Ownership Model (UCOM). Contrary to the ICOM, it gives the power of decision to install or delete an application on a smart card to its user. The ownership of corresponding applications remains with their respective application providers along with the choice to lease their application to a card or not. In addition, based on the UCOM framework, we also proposed the Coopetitive Architecture for Smart Cards (CASC) that merges the centralised control of card issuers with the provision of application choice to the card user. In the core of the thesis, we analyse the suitability of the existing smart card architectures for the UCOM. This leads to the proposal of three major contributions spanning the smart card architecture, the application management framework, and the execution environment. Furthermore, we propose protocols for the application installation mechanism and the application sharing mechanism (i.e. smart card firewall). In addition to this, we propose a framework for backing-up, migrating, and restoring the smart card contents. Finally, we provide the test implementation results of the proposed protocols along with their performance measures. The protocols are then compared in terms of features and performance with existing smart cards and internet protocols. In order to provide a more detailed analysis of proposed protocols and for the sake of completeness, we performed mechanical formal analysis using the CasperFDR. 006.246
28	Vartotojo prieigos duomenų saugojimo lustinėse kortelėse metodo sukūrimas ir tyrimas / Development and research of method for storage user access data in smart card Matačiūnas, Jonas 31 August 2011 (has links) Darbe nagrinėjama galimybė panaudoti lustinę kortelę saugoti vartotojo prieigos duomenis. Analizuojami raktų apsikeitimo protokolai DH-EKE, SRP. Taip pat nagrinėjama saugaus ryšio technologija TLS. Pasiūlomas konkretus autentifikavimo protokolas skirtas naudoti su lustinėmis kortelėmis. Atliekamas protokolo saugumo, greitaveikos tyrimas. / In this paper we research the possibility to use smart card as a secure storage to store user access data. We study such key exchange algorithms as SRP, DH-EKE. Also TLS technology is studied in order to gain better understanding how to establish secure connection between two communication points. Then we propose an authentication protocol which was specifically designed to be used with smart cards. Performance and other properties of the protocol are analysed in the last chapters of this paper. Informatics Lustinės kortelės Autentifikavimas Raktų apsikeitimo protokolai Smart card Authentication Key agreement protocols
29	Secure contactless mobile financial services with near field communication Poroye, Adeola Oluwaseyi January 2011 (has links) This thesis presents the results from work with three prototypes that use Near Field Communication technology to provide secure contactless mobile nancial services on mobile phones. Banks and banking MobileSouth Africa Banks and banking Contactless smart card Mobile banking.
30	Analysis of low-level implementations of cryptographic protocols Gkaniatsou, Andriana Evgenia January 2018 (has links) This thesis examines the vulnerabilities due to low-level implementation deficiencies of otherwise secure communication protocols in smart-cards. Smart-cards are considered to be one of the most secure, tamper-resistant, and trusted devices for implementing confidential operations, such as authentication, key management, encryption and decryption for financial, communication, security and data management purposes. The self-containment of smart-cards makes them resistant to attacks as they do not depend on potentially vulnerable external resources. As such, smart-cards are often incorporated in formally-verified protocols that require strong security of the cryptographic computations. Such a setting consists of a smart-card which is responsible for the execution of sensitive operations, and an Application Programming Interface (API) which implements a particular protocol. For the smart-card to execute any kind of operation there exists a confidential low-level communication with the API, responsible for carrying out the protocol specifications and requests. This communication is kept secret on purpose by some vendors, under the assumption that hiding implementation details enhances the system’s security. The work presented in this thesis analyses such low-level protocol implementations in smart-cards, especially those whose implementation details are deliberately kept secret. In particular, the thesis consists of a thorough analysis of the implementation of PKCS#11 and Bitcoin smart-cards with respect to the low-level communication layer. Our hypothesis is that by focusing on reverse-engineering the low-level implementation of the communication protocols in a disciplined and generic way, one can discover new vulnerabilities and open new attack vectors that are not possible when looking at the highest levels of implementation, thereby compromising the security guarantees of the smart-cards. We present REPROVE, a system that automatically reverse-engineers the low-level communication of PKCS#11 smart-cards, deduces the card’s functionalities and translates PKCS#11 cryptographic functions into communication steps. REPROVE deals with both standard-conforming and proprietary implementations, and does not require access to the card. We use REPROVE to reverse-engineer seven commercially available smart-cards. Moreover, we conduct a security analysis of the obtained models and expose a set of vulnerabilities which would have otherwise been unknown. To the best of our knowledge, REPROVE is the first system to address proprietary implementations and the only system that maps cryptographic functions to communication steps and on-card operations. To that end, we showcase REPROVE’s usefulness to a security ecosystem by integrating it with an existing tool to extract meaningful state-machines of the card’s implementations. To conduct a security analysis of the results we obtained, we define a threat model that addresses low-level PKCS#11 implementations. Our analysis indicates a series of implementation errors that leave the cards vulnerable to attacks. To that end, we showcase how the discovered vulnerabilities can be exploited by presenting practical attacks. The results we obtained from the PKCS#11 smart-card analysis showed that proprietary implementations commonly hide erroneous behaviours. To test the assumption that the same practice is also adopted by other protocols, we further examine the low-level implementation of the only available smart-card based Bitcoin wallets, LEDGER. We extract the different protocols that the LEDGER wallets implement and conduct a through analysis. Our results indicate a set of vulnerabilities that expose the wallets as well as the processed transactions to multiple threats. To that end, we present how we successfully mounted attacks on the LEDGER wallets that lead to the loss of the wallet’s ownership and consequently loss of the funds. We address the lack of well-defined security properties that Bitcoin wallets should conform to by introducing a general threat model. We further use that threat model to propose a lightweight fix that can be adopted by other, not necessarily smart-card-based, wallets.

Search results