Οι ηλεκτρονικές ψηφοφορίες ως εργαλεία λήψης αποφάσεων σε συστήματα ηλεκτρονικής διακυβέρνησης

Κωστόπουλος, Χαράλαμπος

26 February 2009

Η Ηλεκτρονική Διακυβέρνηση (e-government), με τη συνεχή αύξηση της σπουδαιότητας της, απλώνεται σε όλες τις βαθμίδες της δημόσιας διοίκησης, τόσο σε Εθνικό όσο και σε Ευρωπαϊκό επίπεδο. Τα τελευταία χρόνια, η Ευρωπαϊκή Ένωση έχει προσδώσει βαρύνουσα σημασία στην εφαρμογή υποδομών αλλά και εφαρμογών Ηλεκτρονικής Διακυβέρνησης, σαν μέσο αναβάθμισης της ποιότητας των υπηρεσιών που παρέχουν οι δημόσιοι οργανισμοί στον πολίτη και τις επιχειρήσεις. Επιπλέον, η νέα αυτή τάση υπόσχεται μια μοντέρνα, αξιόπιστη και ανοικτή λύση η οποία θα συμβάλει στην γενικότερη αναδιάρθρωση της διοίκησης σε όλα τα επίπεδα. Για τον καθορισμό των κατευθύνσεων και των προδιαγραφών των συστημάτων Ηλεκτρονικής Διακυβέρνησης, διαμορφώθηκε το πλαίσιο eEurope, το οποίο εξειδικεύει τις αποφάσεις της στρατηγικής της Λισσαβόνας για την ανάπτυξη των τεχνολογιών Πληροφορικής και Επικοινωνιών (ΤΠΕ), με σκοπό να καταστεί η Ευρώπη η πιο ανταγωνιστική και βασισμένη στη γνώση οικονομία, στοχεύοντας παράλληλα στην ανάπτυξη και την κοινωνική συνοχή. Στη παρούσα διπλωματική εργασία περιγράφονται οι βασικές αρχές της Ηλεκτρονικής Διακυβέρνησης, το πλαίσιο μέσα από το οποίο εφαρμόζεται μέχρι σήμερα καθώς και ποιες είναι οι νέες τάσεις και προκλήσεις στο χώρο αυτό (Κεφ. 1 και 2). Στη συνέχεια, αναλύεται λεπτομερώς ένας από τους σημαντικότερους χώρους εφαρμογής της Ηλεκτρονικής Διακυβέρνησης, η Ηλεκτρονική Ψηφοφορία. Συγκεκριμένα, προτείνεται ένα μοντέλο ασφαλούς ηλεκτρονικής ψηφοφορίας (evoting) με τη χρήση της τεχνολογίας των έξυπνων καρτών (smart cards). Η τεχνολογία των έξυπνων καρτών διασφαλίζει το απαιτούμενο επίπεδο ασφάλειας που απαιτείται σε τέτοιου είδους συστήματα, στα οποία η διακινούμενη πληροφορία πολλές φορές αφορά ευαίσθητα και προσωπικά δεδομένα (Κεφ. 3). Τέλος, παρουσιάζεται μια πιλοτική εφαρμογή ηλεκτρονικής ψηφοφορίας, η οποία χρησιμοποιείται σε ένα αντιπροσωπευτικό δείγμα «ψηφοφόρων». Οι απαντήσεις της «ψηφοφορίας» αποτελούν τα τελικά δεδομένα – αποτελέσματα τα οποία αναλύονται τόσο ποσοτικά όσο και ποιοτικά (Κεφ. 4). Από τα δεδομένα αυτά, προκύπτουν τα τελικά συμπεράσματα όσον αφορά την εξοικείωση των πολιτών για θέματα Ηλεκτρονικής Διακυβέρνησης (Κεφ. 5). / -

Έξυπνες κάρτες

351.028 546 78

E-government

E-voting

Smart cards

eEurope

The smart card technology in the financial services /

Chan, Wing-yi.

January 1998

Thesis (M.B.A.)--University of Hong Kong, 1998. / Includes bibliographical references.

The impact of the Octopus system on journey-to-work behaviour of bus passengers /

Yu, Chi-ming.

January 1999

Thesis (M.A.)--University of Hong Kong, 1999. / Includes bibliographical references.

The impact of the Octopus system on journey-to-work behaviour of bus passengers

Yu, Chi-ming.

January 1999

Thesis (M.A.)--University of Hong Kong, 1999. / Includes bibliographical references. Also available in print.

Técnicas para o projeto de hardware criptográfico tolerante a falhas

Moratelli, Carlos Roberto

January 2007

Este trabalho tem como foco principal o estudo de um tipo específico de ataque a sistemas criptográficos. A implementação em hardware, de algoritmos criptográficos, apresenta uma série de vulnerabilidades, as quais, não foram previstas no projeto original de tais algoritmos. Os principais alvos destes tipos de ataque são dispositivos portáteis que implementam algoritmos criptográfico em hardware devido as limitações de seus processadores embarcados. Um exemplo deste tipo de dispositivo são os Smart Cards, os quais, são extensamente utilizados nos sistemas GSM de telefonia móvel e estão sendo adotados no ramo bancário. Tais dispositivos podem ser atacados de diferentes maneiras, por exemplo, analisando-se a energia consumida pelo dispositivo, o tempo gasto no processamento ou ainda explorando a suscetibilidade do hardware a ocorrência de falhas transientes. O objetivo de tais ataques é a extração de informações sigilosas armazenadas no cartão como, por exemplo, a chave criptográfica. Ataques por injeção maliciosa de falhas no hardware são comumente chamados de DFA (Differencial Fault Attack) ou simplesmente fault attack. O objetivo deste trabalho foi estudar como ataques por DFA ocorrem em diferentes algoritmos e propor soluções para impedir tais ataques. Os algoritmos criptográficos abordados foram o DES e o AES, por serem amplamente conhecidos e utilizados. São apresentadas diferentes soluções capazes de ajudar a impedir a execução de ataques por DFA. Tais soluções são baseadas em técnicas de tolerância a falhas, as quais, foram incorporadas à implementações em hardware dos algoritmos estudados. As soluções apresentadas são capazes de lidar com múltiplas falhas simultaneamente e, em muitos casos a ocorrência de falhas torna-se transparente ao usuário ou atacante. Isso confere um novo nível de segurança, na qual, o atacante é incapaz de ter certeza a respeito da eficácio de seu método de injeção de falhas. A validação foi realizada através de simulações de injeção de falhas simples e múltiplas. Os resultados mostram uma boa eficácia dos mecanismos propostos, desta forma, elevando o nível de segurança nos sistemas protegidos. Além disso, foram mantidos os compromissos com área e desempenho. / This work focuses on the study of a particular kind of attack against cryptographic systems. The hardware implementation of cryptographic algorithms present a number of vulnerabilities not taken into account in the original design of the algorithms. The main targets of such attacks are portable devices which include cryptographic hardware due to limitations in their embedded processors, like the Smart Cards, which are already largely used in GSM mobile phones and are beginning to spread in banking applications. These devices can be attacked in several ways, e.g., by analysing the power consummed by the device, the time it takes to perform an operation, or even by exploring the susceptibility of the hardware to the occurrence of transient faults. These attacks aim to extract sensitive information stored in the device, such as a cryptographic key. Attacks based on the malicious injection of hardware faults are commonly called Differential Fault Attacks (DFA), or simply fault attacks. The goal of the present work was to study how fault attacks are executed against different algorithms, and to propose solutions to avoid such attacks. The algorithms selected for this study were the DES and the AES, both well known and largely deployed. Different solutions to help avoid fault attacks are presented. The solutions are based on fault tolerance techniques, and were included in hardware implementations of the selected algorithms.The proposed solutions are capable to handle multiple simultaneous faults, and, in many cases, the faults are detected and corrected in a way that is transparent for the user and the attacker. This provides a new level of security, where the attacker is unable to verify the efficiency of the fault injection procedure. Validation was performed through single and multiple fault injection simulations. The results showed the efficiency of the proposed mechanisms, thus providing more security to the protected systems. A performance and area compromise was kept as well.

Eletrônica

Cartao inteligente

Seguranca : Sistemas

Criptografia

Smart cards

Hardware criptográfico

Fault attacks

Tolerância a falhas

Técnicas para o projeto de hardware criptográfico tolerante a falhas

Moratelli, Carlos Roberto

January 2007

Este trabalho tem como foco principal o estudo de um tipo específico de ataque a sistemas criptográficos. A implementação em hardware, de algoritmos criptográficos, apresenta uma série de vulnerabilidades, as quais, não foram previstas no projeto original de tais algoritmos. Os principais alvos destes tipos de ataque são dispositivos portáteis que implementam algoritmos criptográfico em hardware devido as limitações de seus processadores embarcados. Um exemplo deste tipo de dispositivo são os Smart Cards, os quais, são extensamente utilizados nos sistemas GSM de telefonia móvel e estão sendo adotados no ramo bancário. Tais dispositivos podem ser atacados de diferentes maneiras, por exemplo, analisando-se a energia consumida pelo dispositivo, o tempo gasto no processamento ou ainda explorando a suscetibilidade do hardware a ocorrência de falhas transientes. O objetivo de tais ataques é a extração de informações sigilosas armazenadas no cartão como, por exemplo, a chave criptográfica. Ataques por injeção maliciosa de falhas no hardware são comumente chamados de DFA (Differencial Fault Attack) ou simplesmente fault attack. O objetivo deste trabalho foi estudar como ataques por DFA ocorrem em diferentes algoritmos e propor soluções para impedir tais ataques. Os algoritmos criptográficos abordados foram o DES e o AES, por serem amplamente conhecidos e utilizados. São apresentadas diferentes soluções capazes de ajudar a impedir a execução de ataques por DFA. Tais soluções são baseadas em técnicas de tolerância a falhas, as quais, foram incorporadas à implementações em hardware dos algoritmos estudados. As soluções apresentadas são capazes de lidar com múltiplas falhas simultaneamente e, em muitos casos a ocorrência de falhas torna-se transparente ao usuário ou atacante. Isso confere um novo nível de segurança, na qual, o atacante é incapaz de ter certeza a respeito da eficácio de seu método de injeção de falhas. A validação foi realizada através de simulações de injeção de falhas simples e múltiplas. Os resultados mostram uma boa eficácia dos mecanismos propostos, desta forma, elevando o nível de segurança nos sistemas protegidos. Além disso, foram mantidos os compromissos com área e desempenho. / This work focuses on the study of a particular kind of attack against cryptographic systems. The hardware implementation of cryptographic algorithms present a number of vulnerabilities not taken into account in the original design of the algorithms. The main targets of such attacks are portable devices which include cryptographic hardware due to limitations in their embedded processors, like the Smart Cards, which are already largely used in GSM mobile phones and are beginning to spread in banking applications. These devices can be attacked in several ways, e.g., by analysing the power consummed by the device, the time it takes to perform an operation, or even by exploring the susceptibility of the hardware to the occurrence of transient faults. These attacks aim to extract sensitive information stored in the device, such as a cryptographic key. Attacks based on the malicious injection of hardware faults are commonly called Differential Fault Attacks (DFA), or simply fault attacks. The goal of the present work was to study how fault attacks are executed against different algorithms, and to propose solutions to avoid such attacks. The algorithms selected for this study were the DES and the AES, both well known and largely deployed. Different solutions to help avoid fault attacks are presented. The solutions are based on fault tolerance techniques, and were included in hardware implementations of the selected algorithms.The proposed solutions are capable to handle multiple simultaneous faults, and, in many cases, the faults are detected and corrected in a way that is transparent for the user and the attacker. This provides a new level of security, where the attacker is unable to verify the efficiency of the fault injection procedure. Validation was performed through single and multiple fault injection simulations. The results showed the efficiency of the proposed mechanisms, thus providing more security to the protected systems. A performance and area compromise was kept as well.

Eletrônica

Cartao inteligente

Seguranca : Sistemas

Criptografia

Smart cards

Hardware criptográfico

Fault attacks

Tolerância a falhas

Técnicas para o projeto de hardware criptográfico tolerante a falhas

Moratelli, Carlos Roberto

January 2007

Este trabalho tem como foco principal o estudo de um tipo específico de ataque a sistemas criptográficos. A implementação em hardware, de algoritmos criptográficos, apresenta uma série de vulnerabilidades, as quais, não foram previstas no projeto original de tais algoritmos. Os principais alvos destes tipos de ataque são dispositivos portáteis que implementam algoritmos criptográfico em hardware devido as limitações de seus processadores embarcados. Um exemplo deste tipo de dispositivo são os Smart Cards, os quais, são extensamente utilizados nos sistemas GSM de telefonia móvel e estão sendo adotados no ramo bancário. Tais dispositivos podem ser atacados de diferentes maneiras, por exemplo, analisando-se a energia consumida pelo dispositivo, o tempo gasto no processamento ou ainda explorando a suscetibilidade do hardware a ocorrência de falhas transientes. O objetivo de tais ataques é a extração de informações sigilosas armazenadas no cartão como, por exemplo, a chave criptográfica. Ataques por injeção maliciosa de falhas no hardware são comumente chamados de DFA (Differencial Fault Attack) ou simplesmente fault attack. O objetivo deste trabalho foi estudar como ataques por DFA ocorrem em diferentes algoritmos e propor soluções para impedir tais ataques. Os algoritmos criptográficos abordados foram o DES e o AES, por serem amplamente conhecidos e utilizados. São apresentadas diferentes soluções capazes de ajudar a impedir a execução de ataques por DFA. Tais soluções são baseadas em técnicas de tolerância a falhas, as quais, foram incorporadas à implementações em hardware dos algoritmos estudados. As soluções apresentadas são capazes de lidar com múltiplas falhas simultaneamente e, em muitos casos a ocorrência de falhas torna-se transparente ao usuário ou atacante. Isso confere um novo nível de segurança, na qual, o atacante é incapaz de ter certeza a respeito da eficácio de seu método de injeção de falhas. A validação foi realizada através de simulações de injeção de falhas simples e múltiplas. Os resultados mostram uma boa eficácia dos mecanismos propostos, desta forma, elevando o nível de segurança nos sistemas protegidos. Além disso, foram mantidos os compromissos com área e desempenho. / This work focuses on the study of a particular kind of attack against cryptographic systems. The hardware implementation of cryptographic algorithms present a number of vulnerabilities not taken into account in the original design of the algorithms. The main targets of such attacks are portable devices which include cryptographic hardware due to limitations in their embedded processors, like the Smart Cards, which are already largely used in GSM mobile phones and are beginning to spread in banking applications. These devices can be attacked in several ways, e.g., by analysing the power consummed by the device, the time it takes to perform an operation, or even by exploring the susceptibility of the hardware to the occurrence of transient faults. These attacks aim to extract sensitive information stored in the device, such as a cryptographic key. Attacks based on the malicious injection of hardware faults are commonly called Differential Fault Attacks (DFA), or simply fault attacks. The goal of the present work was to study how fault attacks are executed against different algorithms, and to propose solutions to avoid such attacks. The algorithms selected for this study were the DES and the AES, both well known and largely deployed. Different solutions to help avoid fault attacks are presented. The solutions are based on fault tolerance techniques, and were included in hardware implementations of the selected algorithms.The proposed solutions are capable to handle multiple simultaneous faults, and, in many cases, the faults are detected and corrected in a way that is transparent for the user and the attacker. This provides a new level of security, where the attacker is unable to verify the efficiency of the fault injection procedure. Validation was performed through single and multiple fault injection simulations. The results showed the efficiency of the proposed mechanisms, thus providing more security to the protected systems. A performance and area compromise was kept as well.

Eletrônica

Cartao inteligente

Seguranca : Sistemas

Criptografia

Smart cards

Hardware criptográfico

Fault attacks

Tolerância a falhas

En studie av zero knowledge-identifikationsprotokoll för smarta kort / A study of zero knowledge identification protocols for smart cards

Mellström, Björn

January 2004

Zero knowledge protocols is a lesser known type of protocol that can be used for identification. These protocols are especially designed not to reveal any information during an identification process that can be misused later on, neither by the one who should be convinced of the identity of the user, nor by anyone else that is eavesdropping. Many of these protocols are also especially designed for implementation in smart cards. The more common type of card with a magnetic stripe has during the last few years become more susceptible to attacks since they are easily copied. Smart cards combined with a secure identification protocol has been predicted to be the solution to this problem. Zero knowledge protocols are one of several types of protocols that can be used for this purpose. In this thesis a number of zero knowledge protocols are examined that have been presented since the introduction of the concept in the 1980's. In addition to the protocol descriptions information is also given about how to choose parameter values, and what progress and discoveries have been made concerning the security of the protocols. Some assumptions that are easy to overlook in an implementation are also highlighted, and an evaluation of the protocol performances is made. The conclusion is that zero knowledge protocols are both efficient and adaptable, while they at the same time provide high security. Because of this it may not be necessary to compromise between these properties even for simpler types of smart cards.

Informationsteknik

Zero knowledge

identification

protocols

smart cards.

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

The impact of smart cards on South African rural pensioners' lives

Nyoka, Zanele

January 2004

E-commerce technologies have many possible applications both in commercial and non-commercial operations. The development and implementation of these applications is on the increase especially by government and its agencies, for the delivery of services. Specific to this study is the distribution of old age pension benefits to recipients that reside in the rural areas of South Africa. Of importance to this study are the factors that promote and impinge on the development, implementation and acceptance of these applications. A specific project, the Pension Biometric Project was implemented by the South African Post Office in line with the government's initiatives of improving service delivery, and in response to the encroaching digital economy. The research problem is to investigate the pensioners' perception and their experience of three areas of this project, its implementation, its acceptance and its uses and impact. The research was conducted in the constructivist paradigm, using the case study research method. Three data collection methods were used, i.e. a document study of SAPO project documentation, on-site observations and interviews with pensioners. It was found that despite problems in implementation, the pensioners were accepting of the new system, although they were ignorant of the functionalities of the smart card. Consequently, few pensioners were making use of the banking facilities of the card, or had changed their economic behaviour. The study has also found that two themes are overriding all findings of the study. These two themes are ignorance and dignity. Ignorance has had a causal effect on adoption of the smart cards and dignity has been found to be a result of the project. The overriding implication of this study is that pensioners' ignorance around issues of service delivery by government and its agencies needs to be eradicated, otherwise there is no reliable way of measuring efforts against actual delivery. Also, the fact that dignity has emerged as an overriding theme needs to be deliberately strengthened, and maybe even driven as a specified objective of the Pension Biometric Project. Recommendations in this regard are provided as well as ideas for further research.

Smart cards

South African Post Office

Emulace karet MIFARE Classic na NFC-A periferii / MIFARE Classic Emulation on NFC-A Tag Peripheral

Lužný, Jakub

January 2021

Cílem této práce bylo implementovat emulaci tagu MIFARE Classic na NFC-A periferii vestavěné v mikrokontroléru. K implementaci řešení byl použit mikrokontrolér nRF52832 vyráběný firmou Nordic Semiconductor. Byla implementována základní sada příkazů MIFARE Classic (autentizace, čtení, zápis). Implementace byla otestována s několika čtečkami, za pomoci různých aplikací. Výsledné řešení bylo porovnáno s existujícími, jako je Proxmark a Chameleon Mini.