Global ETD Search

1	Säkerhet och integritet i närfältskommunikation / Security and privacy in near field communication Jilkén, Oskar January 2014 (has links) Context. In today’s society we use smart cards in many areas, NFC is a smart card technology that allows contactless interaction between a reader and the tag, the tag is often in the form of a card. NFC can be used for various payment methods or as access card to a building which makes life easier. In previous studies, the technique has proven to be weak to attacks using an NFC reader connected to a computer. Among today’s smartphones, there are phones that have built-in read and write support for NFC tags. Objectives. In this study, I examine the NFC tags that are frequently used in our society, entry cards and debit cards to determine the security against the increasing use of smartphones as a potential attack tool. If there is a threat I will try to remedy the found lack. Methods. My approach was to select a number of test items and analyze the objects using only a smartphone with NFC support to determine the risk for each of the items. The test conducted was the modification, cloning and unique copy. Results. Through this investigation, I concluded that four of the non-empty items was at risk of being intimidated. All four are used in public transport and the objects were vulnerable to unique copy. Conclusions. In order to remedy this vulnerability should be the management of the tag’s data is handled in a different way, perhaps by storing the data in a internal system or to replace the tags for a safer tag alternative. / I dagens samhälle används smartcards i många områden, NFC som är en smartcard teknik som tillåter kontaktlös interaktion mellan en läsare och taggen, taggen är ofta i form av ett kort. NFC kan användas till olika betalnings metoder eller som inpasseringskort vilket gör vardagen enklare. I tidigare studier har tekniken visat sig svag för attacker med hjälp av en NFC-läsare kopplad till en dator. Bland dagens smartphones finns det telefoner som har inbyggt läs- och skriv-stöd till NFC taggar. I den här studien ska jag undersöka de NFC taggar som används flitigast i vårt samhälle, inpasseringskort och betalkort för att fastställa säkerheten mot den ökade användningen av smartphones som ett potentiellt attackverktyg, om det finns en hotbild ska jag försöka avhjälpa den funna bristen. Mitt tillväga gångsätt var att välja ut ett antal testobjekt och analysera de objekten med hjälp av endast en smartphone med NFC-stöd som verktyg. För att fastställa risken för vart och ett av objekten, de test som utfördes var modifiering, kloning och unik kopiering. Genom denna undersökning kom jag fram till att fyra av de icke tomma objekten löper risk att bli utsatta för hot alla fyra används i kollektivtrafiken och objekten var sårbara för unik kopiering, för att avhjälpa denna sårbarhet bör hanteringen av taggens data hanteras på ett annat vis, kanske genom att lagra data i ett inre system eller att byta ut taggarna till ett säkrare alternativ. NFC Mifare smartcard security Computer Sciences Datavetenskap (datalogi)
2	Side Channels in the Frequency Domain / Méthodes d'attaques avancées de systèmes cryptographiques par analyse des émissions EM Tiran, Sébastien 11 December 2013 (has links) De nos jours, l'emploi de la cryptographie est largement répandu et les circuits intègrent des primitives cryptographiques pour répondre à des besoins d'identification, de confidentialité, ... dans de nombreux domaines comme la communication, la PayTV, ...La sécurisation de ces circuits est donc un enjeu majeur. Les attaques par canaux cachés consistent à espionner ces circuits par différents biais comme le temps de calcul, la consommation en courant ou les émanations électromagnétiques pour obtenir des informations sur les calculs effectués et retrouver des secrets comme les clefs de chiffrement. Ces attaques ont l'avantage d'être indétectables, peu couteuses et ont fait l'objet des nombreuses études. Dans le cadre des attaques par analyse de la consommation en courant ou des émanations électromagnétiques l'acquisition de bonnes courbes est un point crucial. Malgré la forte utilisation de techniques de prétraitement dans la littérature, personne n'a tenté d'établir un modèle de fuite dans le domaine fréquentiel. Les travaux effectués durant cette thèse se concentrent donc sur cet aspect avec pour intérêt d'améliorer l'efficacité des attaques. De plus, de nouvelles attaques dans le domaine fréquentiel sont proposées, sujet peu étudié malgré l'intérêt de pouvoir exploiter plus efficacement la fuite éparpillée dans le temps. / Nowadays, the use of cryptography is widely spread, and a lot of devices provide cryptographic functions to satisfy needs such as identification, confidentiality, ... in several fields like communication, PayTV, ...Security of these devices is thus a major issue.Side Channel Attacks consist in spying a circuit through different means like the computation time, power consumption or electromagnetic emissions to get information on the performed calculus and discover secrets such as the cipher keys.These attacks have the advantage to be cheap and undetectable, and have been studied a lot.In the context of attacks analysing the power consumption or the electromagnetic emissions, the acquisition of good traces is a crucial point.Despite the high use of preprocessing techniques in the literature, nobody has attempted to model the leakage in the frequency domain.The works performed during this thesis are focusing on this topic with the motivation of improving the efficiency of attacks.What's more, new frequency domain attacks are proposed, subject poorly studied despite the advantage of better exploiting the leakage spread in time. Cryptographie Em Canaux cachés Carte à puce Cryptography Em Side channel Attack Smartcard
3	Säkerhetsutvärdering certifikatserver i stället för aktiva kort / Security evaluation certificate server instead of smartcard Jensen, Jonas January 2005 (has links) <p>Business and organizations use computer network in a greater extension than ever before, especially for business-critical use. That increase the demand of security for all systems, both against internal and external threats. The demand on the authentication method used today increases. Today they normally uses password or some kind of smart card. </p><p>I will performa literature study that will investigate the possibility to increase the security in authentication of users without the use of extra hardware. The method uses a server that stores all cryptographic keys for the user centrally to achieve stronger security. This report is based on a previous report which tested to implement this solution, in this report I will question the security of this system. I will then give an architecture proposal where this method is used to authenticate and allow cryptographic recourses for the user. </p><p>The conclusions you can get from this report is that the possibilities with comparable ease increase the security without investing in new hardware. But the solution will not be comparable by a ``smart card solution''in security levels. That means that the method described in this thesis is suitable for organizations that either do not need that strong security as smart card give or want a good solution without being forced to use some external hardware.</p> Informationsteknik Authentication securityserver certificate server reverse turing test cryptographic smartcard Informationsteknik Information technology Informationsteknik
4	Recent Developments of Digital Cash Projects in Japan Yamori, Nobuyoshi, Nishigaki, Narunto 04 1900 (has links) No description available. Digital Cash Electronic Payment Settlement Systems Hybrid Smartcard Strategy and Policy Japan
5	Development of a Small Envelope Precision Milling Machine. Kirk, Dean Frederick January 2006 (has links) The credit card industry is huge with over two and a half billion cards shipped annually. A local card manufacturer, with a production volume in excess of forty million cards annually, approached the University of Canterbury to design and develop advanced card manufacturing technology. The motivation behind this development was the desire of the sponsoring company to keep abreast of new technologies and to have the ability to manufacture and supply cards with this new and emerging technology into a highly competitive world market. This thesis reports the research surrounding the development of a dedicated new machine tool explicitly designed to implement the emerging technologies found in the international credit card industry. The machine tool, a dedicated milling machine, was not developed in its entirety within these pages; however, three major constituents of the machine were researched and developed to a point where they could be implemented or become the subject of further research. The three areas of interest were; • A machine table system that avoided the increased zonal wear to which linear bearings are subject, typically due to short high frequency traversals, and also the high friction and mass generally found in dovetail slides. • Design requirements demanded the use of a single commercially available carbide cutter to produce 1500 components per hour. Therefore, a purpose built high (revs per minute) rpm spindle and drive system specifically for use with polymeric materials, (R-PVC in particular) was deemed necessary. • Tracking the cutter depth in relation to an RFID aerial track embedded within the credit card core. The aerial tracking was to be dynamic and occur during the machining process with the machine “remembering” the depth of cut at contact with the aerial. Each of the three areas was researched via an in-depth literature review to determine what and if any material had been published in these fields. For the development of the machine table a novel flexure hinge idea was considered. Considerable material was discovered about flexures, but very little was found to be relevant to the application of high displacement metal flexures necessary to meet the required levels of table movement. In effect the proposed machine table system and research in this field would be novel. The high performance spindle investigation became directed into a much narrower focus as it progressed; that of determining the power consumption required to machine the integrated circuit pockets in an R-PVC work piece. This was due to the lack of information pertaining to the physical properties of polymeric materials, in particular the specific cutting pressure. The depth following sensor array was configured using capacitance detection methods to determine the distance between the cutter?s end and the aerial tracks. Capacitance sensing methods, whilst not new, were developed into a novel arrangement to meet the specific cutter tracking requirements of the proposed new machine tool. Each of the respective development areas had concept designs completed and were prototyped before being tested to determine the effectiveness of the respective designs. The outcomes from the testing are reported herein, and show each constituent part to be basically feasible, in the application. The results were sufficient to indicate that each development showed distinct potential but further development and integration into the machine tool should ensue. flexures milling machine machine tool smartcard cutter tracking machining plastic precision machining
6	Veilige indentifikasietegnieke vir gebruikers van rekenaarstelsels Rensleigh, Christopher William 07 October 2014 (has links) M.Com. (Informatics) / Please refer to full text to view abstract Computer networks - Security measures Computer security Smartcard technology Magnetic stipe card
7	Säkerhetsutvärdering certifikatserver i stället för aktiva kort / Security evaluation certificate server instead of smartcard Jensen, Jonas January 2005 (has links) Business and organizations use computer network in a greater extension than ever before, especially for business-critical use. That increase the demand of security for all systems, both against internal and external threats. The demand on the authentication method used today increases. Today they normally uses password or some kind of smart card. I will performa literature study that will investigate the possibility to increase the security in authentication of users without the use of extra hardware. The method uses a server that stores all cryptographic keys for the user centrally to achieve stronger security. This report is based on a previous report which tested to implement this solution, in this report I will question the security of this system. I will then give an architecture proposal where this method is used to authenticate and allow cryptographic recourses for the user. The conclusions you can get from this report is that the possibilities with comparable ease increase the security without investing in new hardware. But the solution will not be comparable by a ``smart card solution''in security levels. That means that the method described in this thesis is suitable for organizations that either do not need that strong security as smart card give or want a good solution without being forced to use some external hardware. Informationsteknik Authentication securityserver certificate server reverse turing test cryptographic smartcard Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
8	Smartcard based heart-beat service for M2M communication Erlandsson, Marcus January 1984 (has links) This study concerns machine-to-machine (M2M) applications that use smartcards. More specifically,The Subscriber Identity Module (SIM) smart card is used for the purpose of monitoring a continuousnetwork connection between a host device and a server. Multicom Security is a security company thatoffers several secure communication connection services (e.g. payment transactions, alarm signals). Themonitoring of these connections is carried out with continuous heart-beat messages sent from thedevice to a server. Today they provide this heart-beat service through logic in their own manufactureddevices, but they have a desire to place the logic on a SIM card in order to be able to move such serviceswith this card and not with a device. Such services can then also be offered on devices not necessarilymanufactured by Multicom Security.The work consisted of investigation of current telecommunication standards, papers regardingsmartcard applications and the current monitoring service, in order to consider possible solutions toimplement a proof of concept of such solution and evaluate it. One aspect of the study was to checkwhether the implemented solution was general and would work in different mobile equipments and alsoto determine the limitations of such smartcard applications.Three solutions were considered for implementation of which one was successfully implemented andtested. The successful heart-beat application was developed using a network subscription enabled JavaCard smart card and using SMS as bearer for the heart-beat messages. By evaluating the solution withbasic tests of functionality, robustness, performance and compatibility the solution was considered to begeneral and compliant with most new mobile equipments. The evaluation was performed in realenvironment with the application running on an actual SIM card with network subscription tested indifferent mobile devices such as cell phones, built-in communication modules and alarm control panels.An alternative solution based on GRPS instead of SMS was also realized but the tests could not becarried out completely due to lack of access to the SIM card implementation by the card provider. SIM Toolkit Smartcard Java Card GPRS SMS heart-beat Computer Engineering Datorteknik
9	Analyse de code et processus d'évaluation des composants sécurisés contre l'injection de faute / Code analysis and evaluation process for vulnerability detection against fault injection on secure hardware Dureuil, Louis 12 October 2016 (has links) Dans le domaine des cartes à puce, les analyses de vulnérabilité demandent d’être à la pointe de l’art en termes d’attaques et de techniques de protection. Une attaque classique est l’injection de fautes, réalisée au niveau matériel notamment par des techniques laser. Pour anticiper les impacts possibles de ce type d'attaque, certaines analyses sont menées au niveau logiciel. Il est donc fortement d’actualité de pouvoir définir des critères et proposer des outils automatiques permettant d’évaluer la robustesse d’une application à ce type d’attaque, d’autant plus que les techniques d’attaques matérielles permettent maintenant d’enchaîner plusieurs attaques (spatiales ou temporelles) au cours d’une exécution. En effet, des travaux de recherche récents évaluent l'impact des contre-mesures face à ce type d'attaque[1], ou tentent de modéliser les injections de faute au niveau C[2]. Le sujet de thèse proposé s'inscrit dans cette problématique, avec néanmoins la particularité novatrice de s'intéresser au couplage des analyses statique et dynamique dans le cas des injections de fautes effectuées au niveau binaire. Un des objectifs de la thèse est d'offrir un cadre paramétrable permettant de simuler des attaques par faute telles qu'elles peuvent être réalisées par le laboratoire CESTI-LETI au niveau matériel. Il faudra donc proposer un modèle intermédiaire générique permettant de spécifier des contraintes réelles comme par exemple les différents types de mémoires (RAM, EEPROM, ROM), qui peuvent induire des fautes permanentes ou volatiles. Concilier les analyses statiques du code et l'injection de fautes dynamiques devra permettre de maîtriser la combinatoire des exécutions et de guider l'analyse à l'aide de patterns d'attaques. À ce titre, on sera amené à proposer une taxonomie des attaques et de nouvelles modélisations d'attaques. Il faudra également adapter les outils d'analyse statique aux conséquences de l'injection dynamique de fautes, qui peut modifier profondément le code en changeant l'interprétation des instructions, ce qui a un effet similaire à la génération de code à l'exécution. Ce sujet de thèse s'inscrit dans la stratégie d'innovation du CESTI-LETI et pourra aboutir à un vérificateur automatique de code utilisable par les évaluateurs du CESTI-LETI. [1] A. Séré, J-L. Lanet et J. Iguchi-Cartigny. « Evaluation of Countermeasures Against Fault Attacks on Smart Cards ». en. In : International Journal of Security and Its Applications 5.2 (2011). [2] Xavier Kauffmann-Tourkestansky. « Analyses sécuritaires de code de carte à puce sous attaques physiques simulées ». Français. THESE. Université d’Orléans, nov. 2012. url : http://tel.archives-ouvertes.fr/tel-00771273. / Vulnerability detections for smart cards require state of the art methods both to attack and to protect the secure device. A typical type of attack is fault injection, most notably performed by means of laser techniques. To prevent some of the consequences of this kind of attacks, several analyses are conducted at the software level. Being able to define criteria and to propose automated tools that can survey the robustness of an application to fault injection is thus nowadays a hot topic, even more so since the hardware attack techniques allow today an attacker to perform several attacks in a single software execution. Indeed, recent research works evaluate the effectiveness of counter-measures against fault injection[1], or attempt to develop models of fault injection at the C level[2]. This thesis project addresses the issue of multiple faults injection, albeit by adding the distinctive aspect of static and dynamic analysis interaction in a context of binary-level fault injection. An objective of the thesis is to achieve a configurable framework to simulate fault injections in the way they are currently performed by the CESTI-LETI laboratory on the actual hardware. To do so we will develop a generic intermediate model that will allow us to specify hardware constraints, such as the various kinds of memories (RAM, EEPROM, ROM), whose different properties can induce either permanent or volatile faults. Combining the static code analysis with dynamic fault injections should prevent the combinatory explosion of the executiions while attack patterns will guide the analysis. A taxonomy of attacks and new attack modelisations could emerge from this work. An adaption of the tools for static analysis is also required, because dynamic fault injection can deeply change the code by modifying the interpretation of the instructions, in a similar manner to dynamic compilation. This thesis project falls within the CESTI-LETI's innovation strategy, et could lead to an automated code verifier that could be used by the CESTI-LETI evaluation specialists. [1] A. Séré, J-L. Lanet et J. Iguchi-Cartigny. « Evaluation of Countermeasures Against Fault Attacks on Smart Cards ». en. In : International Journal of Security and Its Applications 5.2 (2011). [2] Xavier Kauffmann-Tourkestansky. « Analyses sécuritaires de code de carte à puce sous attaques physiques simulées ». Français. THESE. Université d’Orléans, nov. 2012. url : http://tel.archives-ouvertes.fr/tel-00771273. Vulnérabilités Sécurité Modèle de faute Analyse dynamique Carte à puce Injection de fautes Vulnerabilities Security Fault model Dynamic analysis Smartcard Fault injection 004
10	Using public transport tap-in data to improve a travel demand model: A Norrköping case study Drageryd, Lars January 2018 (has links) With reliable models to forecast travel demand, traffic planners and decision-makers can be assisted in choosing the best solutions to obtain traffic performance goals. Practitioners have traditionally been relying on infrequent, costly and respondent pressurized travel surveys as their main source of data for these models. The drawbacks of the data collection method highlight a need to search for alternative sources of data used for the purpose. One such source is public transport tap-in data. This thesis executed a case study with the target of improving the travel demand model of Norrköping via public transport data. An algorithm that estimates the alighting station of travellers was applied to a data set provided by the public transport operator of the city. By allocating the OD-demand from stations to the traffic analysis zones used in the model a straightforward integration method using the tap-in estimate as a reference matrix could be used. The target with the method was to redistribute the demand in such a way that the public transport demand approached the tap-in estimate but that the total demand for all modes for the OD-pair remained unchanged. The results gave some indication that the integration of tap-in data improved the model performance from the perspective of public transports. In a regression analysis comparing the number of entries per station the integration of tap-in data increased the correlation coefficient from 0,845 to 0,864. Further was the performance for other transport modes seemingly not worsened by the integration of tap-in data. Finding an allocation procedure that was generic but still accurate proved complex. Further were drawbacks with the integration procedure highlighted where the method executed affected the results of the model, not its behaviour. The consequence of this is that, though the model might be an accurate representation of the current state of traffic, it is difficult to execute the same procedure when investigating future states. Still, the thesis stressed some of the potential for public transport data in modelling contexts, where the role of the data, given the procedure executed, still is of complementary character to travel surveys. four step model public transport data tap-in data smartcard data travel demand modelling Transport Systems and Logistics Transportteknik och logistik

Search results