Multiaplikační čipové karty / Multiaplication smart cards

Meluzín, Ivo

January 2011

The goal of the first part of the thesis is to describe the options of wide usage of chip cards in different segments of our life. Consequently it is necessary to mention hardware and software equipment of smart card, its communication with terminal and data security. In this thesis we focus on Java Card environment in which we will try to create two applications, one for electronic purse and the second for user identification. Basically, we need to mention multiapplicational rules of sharing data and objects. At the end of the thesis we are focusing on the possibility of mutual interference between the applications and on protection against attacks. Also future applications of this technology are described.

Bezpečnostní rizika autentizačních metod / The security risks of authentication methods

Dzurenda, Petr

January 2013

Master's thesis deals with the security risks of current authentication methods. There are described methods which are based on user's knowledge and ownership of authentication object and biometric authentication method. The practical part of this Master's thesis deals with a specific design of authentication system based on protocol ACP, when the user proves his identity by smart card on provider assets, which is represented by ACP portal on the user's computer.

Webová aplikace využívající vícefaktorovou autentizaci / Web application utilizing multi-factor authentication

Humpolík, Jan

January 2013

In the thesis are described and implemented 5 methods (some with their own proposal) of multifactor authentication in web application environment. The results of the work is the web application and individual authentication methods (which are attached separately) for use in your own web application.

Kryptoanalýza moderních kryptografických modulů / Cryptanalysis of modern cryptographic devices

Fördős, András

January 2015

The thesis focuses on power analysis of modern cryptographic modules. The first part contains a brief introduction to the topic of the power side channel and basic methods of analyzes. The text describes the process of comparison of modules and a short description of devices found. In the practical part two modules has been selected for the implementation of the encryption algorithm AES-128. The first module was the chip card Gemalto .NET v2 and the second one was the Raspberry Pi. A workplace has been created for these modules which allowed to measure the power consumption of the algorithm AES. Differential Power Analysis has been made using the captured results. In its conclusion the work presents the results in tables and samples of source codes. Graphs were made from the results captured on the Raspberry Pi and from the results of the Differential Power Analysis.

Pokročilé bezpečnostní aplikace pro Android / Advanced security applications for Android

Orgoň, Marek

January 2014

The thesis deals with security of the Android operating system, both general security features and options for storing sensitive data. The suitability of Android KeyStore for storing sensitive data and the possibility of using the secure element for safe application calculations and smart card emulation are discussed. Using Host-based Card Emulation for contactless smart card emulation is discussed. The performance analysis of modular arithmetic operations for numbers with high bit length is examined. Following these analysis, an implementation of application for software contactless smart card emulation of HM12 and HM14 cryptographic protocol is proposed. And an implementation of application for verifying smart cards with these protocols is proposed. Also scheme for secure storage of sensitive data is proposed.

Moderní přístupový systém / Modern access control system

Vomáčka, Martin

January 2016

The thesis describes the design of scheme for access system with user authentication via smart cards. The first chapter explains various types of identification items used for authentication of users and different types of readers and terminals, followed by chapter 2 with a deeper insight on smart cards with focus on their types, what internal structure and principle of communication with card readers are used, etc. with primary focus on Java cards. The third chapter describes Java Card cryptography - especially elliptic curve cryptography used on this platform. The fourth part focuses on PACE protocol with subsections dedicated to the individual parts of the protocol and its applicability to smart cards environment. Chapter 5 explains the proposed design of the authentication scheme elaborated in the thesis, including a detailed description of specific parts, their funcionality and exemplary usage in the created applications.

Marketing strategies: a case study of smart card.

January 1997

by Chan Tak-Wai, Woo Wai-Chung. / Thesis (M.B.A.)--Chinese University of Hong Kong, 1997. / Includes bibliographical references (leaves 89-91). / ABSTRACT --- p.ii / TABLE OF CONTENTS --- p.iv / ACKNOWLEDGMENTS --- p.vi / Chapter / Chapter I. --- INTRODUCTION --- p.1 / Definition of Smart Card --- p.2 / Smart Card --- p.2 / Electronic Money --- p.4 / Objective of Project --- p.5 / Chapter II. --- METHODOLOGY --- p.8 / Primary Data --- p.8 / Secondary Data --- p.9 / Literature Review --- p.10 / Chapter III. --- CARD PRODUCTS --- p.13 / Development of Credit Card and Smart Card --- p.13 / Scope of Usage of Smart Card --- p.15 / Commercial Areas --- p.15 / Medical Aspects --- p.16 / Telecommunications Industry --- p.17 / Banking System --- p.17 / Chapter IV. --- CITICORP --- p.20 / Citibank --- p.20 / Citibank H.K --- p.22 / Chapter V. --- CITIBANK H.K. CREDIT CARD PROFILE --- p.23 / Competitive Environment --- p.24 / Marketing Strategies --- p.25 / Chapter VI. --- SMART CARD PROFILE --- p.27 / Product --- p.27 / Market --- p.30 / Customer --- p.31 / Competitive --- p.33 / Company --- p.35 / Chapter VII. --- SURVEY RESULT --- p.38 / Chapter VIII. --- RECOMMENDATIONS --- p.39 / Characteristics of Target Market --- p.39 / Establishing Marketing Objective --- p.40 / Proposing Marketing Strategies --- p.40 / Product --- p.40 / Place --- p.43 / Price --- p.46 / Promotion --- p.47 / Physical Facilities --- p.50 / Personnel --- p.50 / Process Management --- p.50 / Chapter IX. --- CONCLUSION --- p.52 / APPENDIX --- p.55 / BIBLIOGRAPHY --- p.89

Citibank (Hong Kong, China)

Smart card industry

Smart cards--Marketing

Electronic funds transfers

Consumer behavior

Etude de la vulnérabilité des circuits cryptographiques l'injection de fautes par laser. / Study of the vulnerability of cryptographic circuits by laser fault injection.

Mirbaha, Amir-Pasha

20 December 2011

Les circuits cryptographiques peuvent etre victimes d'attaques en fautes visant leur implementation materielle. elles consistent a creer des fautes intentionnelles lors des calculs cryptographiques afin d'en deduire des informations confidentielles. dans le contexte de la caracterisation securitaire des circuits, nous avons ete amenes a nous interroger sur la faisabilite experimentale de certains modeles theoriques d'attaques. nous avons utilise un banc laser comme moyen d'injection de fautes.dans un premier temps, nous avons effectue des attaques en fautes dfa par laser sur un microcontroleur implementant un algorithme de cryptographie aes. nous avons reussi a exclure l'effet logique des fautes ne correspondants pas aux modeles d’attaque par un jeu precis sur l'instant et le lieu d'injection. en outre, nous avons identifie de nouvelles attaques dfa plus elargies.ensuite, nous avons etendu nos recherches a la decouverte et la mise en place de nouveaux modeles d'attaques en fautes. grace a la precision obtenue lors de nos premiers travaux, nous avons developpe ces nouvelles attaques de modification de rondes.en conclusion, les travaux precedents constituent un avertissement sur la faisabilite averee des attaques par laser decrites dans la litterature scientifique. nos essais ont temoigne de la faisabilite toujours actuelle de la mise en place des attaques mono-octets ou mono-bits avec un faisceau de laser qui rencontre plusieurs octets ; et egalement reveler de nouvelles possibilites d’attaque. cela nous a amenes a etudier des contre-mesures adaptees. / Cryptographic circuits may be victims of fault attacks on their hardware implementations. fault attacks consist of creating intentional faults during cryptographic calculations in order to infer secrets. in the context of security characterization of circuits, we have examined practical feasibility of some theoretical models of fault attacks. we used a laser bench as a means of the fault injection.at the beginning, we performed laser fault injections on a microcontroller implementing an aes cryptographic algorithm. we succeeded to exclude the logical effect of mismatched faults by temporal and spatial accuracy in fault injection. moreover, we identified extended new dfa attacks.then, we extended our research to identify and to implement new fault attack models. with the precision obtained in our earlier work, we developed new round modification analysis (rma) attacks.in conclusion, the experiments give a warning for the feasibility of described attacks in the literature by laser. our tests have demonstrated that single-byte or single-bit attacks are still feasible with a laser beam that hits additional bytes on the circuit when the laser emission is accurate and associated with other techniques. they also revealed new attack possibilities. therefore, it conducted us to study of appropriate countermeasures.

Attaque En Faute

Attaque Materielle

Injection De Fautes Par Laser

Cryptographie

Carte A Puce

Advanced Encryption Standard

Analyse Differentielle De Fautes

Analyse De Modification De Rondes

Fault attack

Physical attack

Laser fault injection

Cryptography

Smart card

Advanced encryption standard

Differential fault annalysis

Round modification analysis

健保IC卡多功能用途之可行方案研究

何禔

Unknown Date

我國施行健保IC卡建置計畫至今已近十年，這段時間中，IC智慧卡之各種技術與應用蓬勃發展，在醫療、金融、交通等應用領域都已有長足進步。除健保卡外，舉凡悠遊卡、金融卡、門禁卡、學生證等，IC智慧卡的應用比比皆是，客觀環境有利於健保IC卡之功能再作提升。 　　本研究以文獻探討及專家訪談的方式，研究整合過程中可能面臨的各種技術、整合方式、未來運作模式與可能遭遇之困難，以及相關的因應措施，作為未來產業界之合作基礎。 　　研究期間共訪談學界與業界人士八次、訪談行政單位五次，並舉辦專家業者焦點座談會一場。從醫療、金融、交通及其他服務等角度，分析目前健保卡尚需改善或新增之功能；也探討發展健保IC卡多功能用途，在晶片卡之規格、介面及儲位規劃等關鍵成功因素。 　　而在可能營運方案上，健保IC卡多功能用途的實施將對社會帶來極大影響，本研究以現行法令之鬆綁與否區分為短期建議及長期建議，短期內可能之營運方案有：(1)健保局獨立運作發卡(2)健保局與相關單位成立聯合發卡小組以及(3)由健保局訂定卡片標準格式與儲位空間，由各發卡公司預留空間提供使用者至健保局寫入健保相關資料；倘在未來修法後，健保卡可在健保局核可情況下委由他人發行，那麼(4)訂定需求規範以標案方式委託外包廠商營運及(5)訂定標準後由各發卡單位申請核准後營運，此兩種方案亦可納入考量。 　　預期效益除多卡合一、方便攜帶外，IC智慧卡結合憑證帶來的高安全性與保密性也能降低卡片盜刷、資料外洩等情事發生。若有更多的公民營企業願意將現有各自獨立發放的卡片整合進來，對後台系統的整合將有革命性的進步，電子憑證的功能也將對系統安全的提升帶來極大幫助，多功能卡的高發行量也將為合作對象帶來商機，達成政府、產業界與民眾多贏的局面。

健保IC卡

多功能IC卡

多卡合一

IC智慧卡

經營模式

憑證

電子票證

IC卡整合

IC Card

Smart Card

Health Card

Enhancing security in distributed systems with trusted computing hardware

Reid, Jason Frederick

January 2007

The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.

trusted computing

trusted computing hardware

trusted systems

operating system security

distributed systems security

smart card

security evaluation

tamper resistance

distance bounding protocol

side channel leakage

electronic cash

electronic health records

role-based access control