Global ETD Search

31	Desenvolvimento de um leitor de cartões inteligentes para dispositivos móveis com comunicação Bluetooth Caldas Neto, Carlos Castelo Branco 21 June 2011 (has links) Submitted by Diogo Barreiros (diogo.barreiros@ufba.br) on 2017-02-09T18:53:31Z No. of bitstreams: 1 Carlos Castelo Branco Caldas Neto.pdf: 3406573 bytes, checksum: 989e2168ab7188877e29843add45876b (MD5) / Approved for entry into archive by Vanessa Reis (vanessa.jamile@ufba.br) on 2017-02-10T11:24:33Z (GMT) No. of bitstreams: 1 Carlos Castelo Branco Caldas Neto.pdf: 3406573 bytes, checksum: 989e2168ab7188877e29843add45876b (MD5) / Made available in DSpace on 2017-02-10T11:24:33Z (GMT). No. of bitstreams: 1 Carlos Castelo Branco Caldas Neto.pdf: 3406573 bytes, checksum: 989e2168ab7188877e29843add45876b (MD5) / Atualmente, diversas transações que envolvem utilização de serviços governamentais, bancários ou comerciais são realizados eletronicamente e assinados de forma digital. No Brasil, desde 2001, documentos assinados com certificados digitais ICP-Brasil têm validade legal e, recentemente, têm se difundido muito devido a ações de fomento realizadas pelo governo que são visíveis em leis, normas e na utilização de documentos como e-CPF, e-CNPJ e doravante o Registro Único de Identidade Civil (RIC). Os documentos supracitados são cartões inteligentes (ou smart cards) que armazenam certificados digitais e, consequentemente, podem ser usados para realizar assinatura digital. Embora leitores de smart cards (também conhecidos como CAD – Card Acceptance Device) estejam populares e venham sendo utilizados, como é possível constatar, por exemplo, na Receita Federal e na Justiça Superior, a grande maioria os leitores de cartões inteligentes atualmente disponíveis funcionam apenas ligados a computadores pessoais. A grande popularização de tablets e telefones celulares inteligentes (ou smart phones) tem gerado uma forte tendência de utilização destes dispositivos móveis para a realização de transações eletrônicas como compras, transferências bancárias, envio de e-mails e outros. Dessa forma, é desejável assinar documentos digitalmente, através de um certificado digital armazenado em um cartão inteligente, a partir de um dispositivo móvel, como por exemplo, um celular. Este trabalho apresenta o projeto e implementação de um dispositivo leitor e escritor portátil de cartões inteligentes, denominado SCREADMOD (Smart Card Reader for Mobile Devices). Ele foi desenvolvido para ser acoplado e/ou utilizado de forma integrada com objetos inteligentes (celulares, computadores pessoais, tablets PC?s, etc.), que possam se comunicar utilizando a tecnologia de comunicação sem fios Bluetooth. Para demonstrar a viabilidade técnica do protótipo, um exemplo de aplicativo que executa sobre o sistema operacional móvel Android foi desenvolvido. Sistemas mecatrônicos Smart Card Bluetooth Android Smart Phone ICP-Brasil Assinatura Digital
32	Secure Software and Communication on Handheld Devices / Säker programvara och kommunikation med handdatorer Hussain, Musharrif, Mahmood, Sulman January 2007 (has links) Some applications on mobile handheld devices are involved in exchanging critical information e. g. sending positioning data of heavy-good vehicles as a basis for road toll. This information must not be accessed or modified illegitimately; however, there is the risk that can be accessed or modified by modifying the application or during communication of the handheld device with its counterpart. This thesis report investigates concepts to shelter software from modification and how the communication of these applications running on a handheld device over public mobile network can be made more secure. This work was performed by carefully identifying relevant literature and developing the concept that how a smart card can enhance the security of the software running on it particularly for handheld devices. It also discusses the issues and threats to smart cards. Furthermore it proposes a solution based on the specified scenario. The security of the software comprises on two layers; one layer is for analysis prevention, making it hard to understand the behaviour of the program both at static and dynamic levels. The other layer is responsible for verifying the integrity of the software to ensure that it is not modified. The software is installed on smart card which acts as an extra security layer. The communication relies on the security features of the public mobile network with some enhancement. In order to shelter the communication via public Internet, a border based VPN solution is deployed between the public mobile network and the remote server using the network assisted approach. This thesis will serve as basis for designing a secure communication path for Swedish road toll system. / Some applications on mobile handheld devices are involved in exchanging critical information e. g. sending positioning data of heavy-good vehicles as a basis for road toll. This information must not be accessed or modified illegitimately; however, there is the risk that can be accessed or modified by modifying the application or during communication of the handheld device with its counterpart. This thesis report investigates concepts to shelter software from modification and how the communication of these applications running on a handheld device over public mobile network can be made more secure. This work was performed by carefully identifying relevant literature and developing the concept that how a smart card can enhance the security of the software running on it particularly for handheld devices. It also discusses the issues and threats to smart cards. Furthermore it proposes a solution based on the specified scenario. The security of the software comprises on two layers; one layer is for analysis prevention, making it hard to understand the behaviour of the program both at static and dynamic levels. The other layer is responsible for verifying the integrity of the software to ensure that it is not modified. The software is installed on smart card which acts as an extra security layer. The communication relies on the security features of the public mobile network with some enhancement. In order to shelter the communication via public Internet, a border based VPN solution is deployed between the public mobile network and the remote server using the network assisted approach. This thesis will serve as basis for designing a secure communication path for Swedish road toll system. / +46 762733374 +46 737038932 handheld devices smart card public mobile network Computer Sciences Datavetenskap (datalogi) Telecommunications Telekommunikation
33	Elektroniska signaturer : hur upplevs dess påstådda brister? Franzen, Jonas January 2002 (has links) För att informationsöverföring över publika nät ska kunna utföras på ett säkert sätt krävs identifiering, signering och kryptering, vilka är grundstenarna i en elektronisk signatur. Dessa delar i kombination ger oss bl.a. säker e-handel. Som plattform för detta ligger PKI (Public Key Infrastructure), vilket är samlingsnamnet för lösningar där man med hjälp av en speciell krypteringsteknologi skapar system för identifiering, kryptering och integritetskontroll (Halvarsson & Morin, 2000). Systemen kan användas för att till exempel skapa elektroniska signaturer för olika typer av avtal, säkra elektroniska transaktioner, identifiering av användare, säker e-post, och olika typer av säker kommunikation över publika nätverk. Tekniken lovordas till stor del, men även dess brister förs fram av kritikerna. Det gäller exempelvis rutiner för utgivande av certifikat, vem ett certifikat verkligen tillhör etc. Detta arbete syftar till att ta reda på huruvida de påstådda bristerna upplevs hos sakkunniga i ämnet genom litteraturstudier och intervjuer. Resultatet pekar på att brister föreligger, men att de inte upplevs vara i den omfattning som kritikerna menar. PKI digitala signaturer elektroniska signaturer smart card certifikat Information Systems
34	A Generic Approach for Protecting Java Card™ Smart Card Against Software Attacks / Une approche générique pour protéger les cartes à puce Java Card ™ contre les attaques logicielles Bouffard, Guillaume 10 October 2014 (has links) De nos jours, la carte à puce est la pierre angulaire de nos usages quotidiens. En effet, elle est indispensable pour retirer de l'argent, voyager, téléphoner, ... Pour améliorer la sécurité tout en bénéficiant d'un environnement de développement facilité, la technologie Java a été adaptée pour être embarquée dans les cartes à puce. Présentée durant le milieu des années 90, cette technologie est devenue la plate-forme principale d'exécution d'applications sécurisées. De part leurs usages, ces applications contiennent des informations sensibles pouvant intéresser des personnes mal intentionnées.Dans le monde de la carte à puce, les concepteurs d'attaques et de contre-mesures se livrent une guerre sans fin. Afin d'avoir une vue générique de toutes les attaques possibles, nous proposons d'utiliser les arbres de fautes. Cette approche, inspirée de l'analyse de sûreté, aide à comprendre et à implémenter tous les événements désirables et non désirables existants. Nous appliquons cette méthode pour l'analyse de vulnérabilité Java Card. Pour cela, nous définissons des propriétés qui devront être garanties: l'intégrité et la confidentialité des données et du code contenus dans la carte à puce. Dans cette thèse, nous nous sommes focalisés sur l'intégrité du code des applications. En effet, une perturbation de cet élément peut corrompre les autres propriétés. En modélisant les conditions, nous avons découvert de nouveaux chemins d'attaques permettant d'accéder au contenu de la carte. Pour empêcher ces nouvelles attaques, nous présentons de nouvelles contre-mesures pour prévenir les éléments indésirables définis dans les arbres de fautes. / Smart cards are the keystone of various applications which we daily use: pay money for travel, phone, etc. To improve the security of this device with a friendly development environment, the Java technology has been designed to be embedded in a smart card. Introduce in the mid-nineties, this technology becomes nowadays the leading application platform in the world. As a smart card embeds critical information, evil-minded people are interested to attack this device. In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use the Fault Tree Analysis. This method used in safety analysis helps to understand and implement all the desirable and undesirable events existing in this domain. We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code. During this thesis, we focused on the integrity property, especially on the code integrity. Indeed, a perturbation on this element can break each other properties. By modelling the conditions, we discovered new attack paths to get access to the smart card contents. We introduce new countermeasures to mitigate the undesirable events defined in the tree models. Smart Card Java Card Software Security Carte à puce Java Card Sécurité logicielle 621.381
35	The Smart Card as an Electronic Identifier in the Czech Republic and EU / Čipová karta jako elektronický identifikátor pojištěnce v ČR a EU. Němcová, Eva January 2010 (has links) This diploma work analytically examines data resources and conditions for the implementation of an electronic identifier for an insured person in the Czech Republic with relation to the Europian Union. It describes the concept of a single electronic identification method and the possibilities for the utilization of different technologies and extreme situations that may arise in connection with the deficiencies of the judicial code, that would clearly work manipulation with the personal data, its security and access to it. Here compared in this work are the merits and disadvantages of the implementation or adversely the non-implementation of the electronic identifier via a cost-benetfit analysis that gives an answer to the economic question about the implementation of the project, and also describes the benefits for each group of beneficiaries.
36	Analysing the behaviour of a smart card based model for secure communication with remote computers over the internet Bhatt, Deep Vardhan 12 July 2011 (has links) This dissertation presents the findings of a generic model aimed at providing secure communication with remote computers via the Internet, based on smart cards. The results and findings are analysed and presented in great detail, in particular the behaviour and performance of smart cards when used to provide the cryptographic functionality. Two implemented models are presented. The first model uses SSL to secure the communication channel over the Internet while using smart cards for user authentication and storage of cryptographic keys. The second model presents the SSH for channel security and smart cards for user authentication, key storage and actual encryption and decryption of data. The model presented is modular and generic by nature, meaning that it can easily be modified to accept the newer protocol by simply including the protocols in a library and with a minor or no modification to both server and client application software. For example, any new algorithm for encryption, key exchange, signature, or message digest, can be easily accommodated into the system, which proves that the model is generic and can easily be integrated into newer technologies. Similarly, smart cards are used for cryptography. Two options are presented: first the smart cards only store the algorithm keys and user authentication, and secondly, smart cards are used for storing the algorithm keys, user authentication, and actual data encryption or decryption, as the requirement may dictate. This is very useful, for example, if data to be transferred is limited to a few bytes, then actual data encryption and decryption is performed using smart cards. On the other hand, if a great deal of data is to be transferred, then only authentication and key storage are performed with smart cards. The model currently uses 3DES with smart card encryption and decryption, because this is faster and consumes fewer resources when compared to RSA. Once again, the model design is flexible to accommodate new algorithms such as AES or IDEA. Important aspects of the dissertation are the study and analysis of the security attacks on smart card use. Several smart card attack scenarios are presented in CHAPTER 3, and their possible prevention is also discussed in detail. AFRIKAANS : Hierdie verhandeling bied die bevindinge van 'n generiese model wat daarop gemik is om veilige kommunikasie te voorsien met 'n afstandsrekenaar via die Internet en op slimkaarte gebaseer. Die resultate en bevindings word ontleed en breedvoerig aangebied, veral die gedrag en werkverrigting van slimkaarte wanneer hulle gebruik word om die kriptografiese funksionaliteit te voorsien. Daar word twee geïmplementeerde modelle aangebied. Die eerste model gebruik SSL om die kommunikasiekanaal oor die Internet te beveilig terwyl slimkaarte vir gebruikerbekragtiging en stoor van kriptografiese sleutels gebruik word. Die tweede model bied die SSH vir kanaalsekuriteit en slimkaarte vir gebruikergeldigheidvasstelling, sleutelstoor en werklike kodering en dekodering van data. Die model wat aangebied word, is modulêr en generies van aard, wat beteken dat dit maklik gewysig kan word om die jongste protokolle te aanvaar deur bloot die protokolle by 'n programbiblioteek met geringe of geen wysiging van beide die bediener- en kliënttoepassingsagteware in te sluit. Byvoorbeeld, enige nuwe algoritme vir kodering, sleuteluitruiling, handtekening of boodskapbondeling kan maklik in die stelsel gehuisves word, wat bewys dat die model generies is en maklik in jonger tegnologieë geïntegreer kan word. Slimkaarte word op soortgelyke wyse vir kriptografie gebruik. Daar word twee keuses aangebied: eerstens stoor die slimkaarte slegs die algoritmesleutels en gebruikergeldigheidvasstelling en tweedens word slimkaarte gebruik om die algoritmesleutels, gebruikergeldigheidvasstelling en werklike datakodering en –dekodering te stoor na gelang van wat vereis word. Dit is baie nuttig, byvoorbeeld, wanneer data wat oorgedra moet word, tot 'n paar grepe beperk is, word die eintlike datakodering en – dekodering uitgevoer deur slimkaarte te gebruik. Andersyds, indien 'n groot hoeveelheid data oorgedra moet word, word slegs geldigheidvasstelling en stoor met slimkaarte uitgevoer. Die model gebruik tans 3DES met slimkaartkodering en –dekodering omdat dit vinniger is en minder hulpbronne gebruik vergeleke met RSA. Die modelontwerp is weer eens buigsaam om nuwe algoritmes soos AES of IDEA te huisves. Nog 'n belangrike aspek van die verhandeling is om die sekuriteitaanvalle op slimkaartgebruik te ondersoek en te ontleed. Verskeie slimkaartaanvalscenario's word in Hoofstuk 3 aangebied en die moontlike voorkoming daarvan word ook breedvoerig bespreek. / Dissertation (MEng)--University of Pretoria, 2011. / Electrical, Electronic and Computer Engineering / unrestricted Cryptography Security Pki Des Ssl Sim kaart Ssh Kriptografie Des Sekuriteit Iso7816 Smart card UCTD
37	Implementace moderních hašovacích funkcí / Implementation of modern hash functions Trbušek, Pavel January 2010 (has links) Master's thesis analyses modern hash functions. The requirements for these features and briefly outlined some of the types of attacks are given in the first part. The second part focuses on the specication Skein hash function, which is among the candidates for the new SHA-3 standard, and a description of the JCOP platform, which is a function implemented. In the last part of the work there are discussed implementation problematic parts and evaluation of the selected solution.
38	Analyzátor protokolu čipových karet / Smartcard Protocol Analyzer Dzurňák, Tomáš January 2011 (has links) The goal of this project is to develop a analyzer of communication between a smart card and reader terminal. The analyzer should be able to diagnose and control correlations of standards. The thesis include description of standards to be familiar with and a detail description of standard ISO/IEC 7816-3, that introduce monitored protocol. The thesis also involves development kit features and a design of application.
39	Strong Authentication Protocol using PIV Card with Mobile Devices Kunning, Mao January 2013 (has links) Nowadays weak single-factor authentication mechanisms like passwords or passphrases are commonly used. Static passwords are easy to use, just remember them in mind. However it has many security weaknesses and even strong passwords are not strong enough. For example, strong secrets are difficult to remember, and people tend to share authentication credentials across systems, which reduce the overall security tremendously. Thus, for security sensitive environment we need strong multi-factors authentication. Smart card based certificate strong authentication solution can be used as a replacement for standard password-based schemes. And also a large existing base of deployed smart cards used to provide authentication in other areas can be reused to reduce costs significantly. This master thesis presents a study of how to implement certificate-based strong authentication on mobile devices using PIV smart card. It proposes a strong authentication protocol based on FIPS 201 Personal Identity verification standard, and FIPS 196 entity strong authentication protocol scheme, and describes the implementation of a mobile security application developed on iOS system using a smart card reader. Our solution can provide high level of security services for mobile applications, and can easily protect their confidentiality, integrity and authenticity. Mobile Applications Security Strong Authentication Smart Card Engineering and Technology Teknik och teknologier
40	La mesure de performance dans les cartes à puce Cordry, Julien 30 November 2009 (has links) La mesure de performance est utilisée dans tous les systèmes informatiques pour garantir la meilleure performance pour le plus faible coût possible. L'établissement d'outils de mesures et de métriques a permis d'établir des bases de comparaison entre ordinateurs. Bien que le monde de la carte à puce ne fasse pas exception, les questions de sécurité occupent le devant de la scène pour celles-ci. Les efforts allant vers une plus grande ouverture des tests et de la mesure de performance restent discrets. Les travaux présentés ici ont pour objectif de proposer une méthode de mesure de la performance dans les plates-formes Java Card qui occupent une part considérable du marché de la carte à puce dans le monde d’aujourd’hui. Nous étudions en détails les efforts fournis par d'autres auteurs sur le sujet de la mesure de performance et en particulier la mesure de performance sur les cartes à puce. Un grand nombre de ces travaux restent embryonnaires ou ignorent certains aspects des mesures. Un des principaux défauts de ces travaux est le manque de rapport entre les mesures effectuées et les applications généralement utilisées dans les cartes à puce. Les cartes à puce ont par ailleurs des besoins importants en termes de sécurité. Ces besoins rendent les cartes difficiles à analyser. L'approche logique consiste à considérer les cartes à puce comme des boites noires. Après l'introduction de méthodologies de mesures de performance pour les cartes à puce, nous choisirons les outils et les caractéristiques des tests que nous voulons faire subir aux cartes, et nous analyserons la confiance à accorder aux données ainsi récoltées. Enfin une application originale des cartes à puce est proposée et permet de valider certains résultats obtenus. / Performance measurements are used in computer systems to guaranty the best performance at the lowest cost. Establishing measurement tools and metrics has helped build comparison scales between computers. Smart cards are no exception. But the centred stage of the smart card industry is mostly busy with security issues. Efforts towards a better integration of performance tests are still modest. Our work focused on a better approach in estimating the execution time within Java Card platforms. Those platforms constitute a big part of the modern smart card market share especially with regards to multi-applicative environments. After introducing some methodologies to better measure the performance of Java Cards, we detail the tools and the tests that we mean to use on smart cards. We will thereafter analyze the data obtained in this way. Finally, an original application for smart cards is proposed. We used it to validate some points about the results. Java Card Carte à puce Mesure de performance Test Java Card Benchmark Smart card Performance measurement Test

Search results