Global ETD Search

161	RFID security in door locks Samuel, David January 2008 (has links) Radio frequency identification, RFID is a technology that is used in many fields including locks. The unlimited access to the reader and the transponder has resulted in severe security weaknesses and made it possible to apply different attacks. To classify door locks as secure they must at least fulfil two main criteria: the first is the use of a challenge-response authentication protocol and the second is to deploy sophisticated and secure algorithms. MiFare classic and KeeLoq are two widely applied technologies that are still in use in many security critical applications and are considered to be secure but which have been broken by cryptanalysis and with modest efforts and cost. How secure a certain solution is depends on how expensive it is to buy the equipment that can break the system and reveal the secret key and how secure a lock should be depends on the value of what it is protecting. The dropping price of powerful computers and the availability of security related information on the web will lead to an increase of the number of attacks on different systems. By the time this thesis is published those locks evaluated are not secure enough, to overcome the security shortage some improvements have to be made such as: the use of sophisticated algorithms, the use of longer key of at least 128-bit, the use of non-deterministic random number generators and the use of pure hardware solutions both in the receiver and the transmitter to reduce leakage. RFID challenge-response encryption decryption authentication Computer Sciences Datavetenskap (datalogi)
162	SharkNet : Cooperation with service providers outside the secure infrastructure / SharkNet : Samarbete med partners utanför den säkra infrastrukturen Normark, Vendela January 2003 (has links) This master thesis presents how the authentication is handled in two frequently used protocols. It is a study of the authentication procedure in IPsec and TLS where the techniques have been compared based on facts from literature and practical tests. The results in this thesis are to be used as part arguments for continuous development of cooperation between operators using Ericsson´s charging system and content providers. / I detta magisterarbete beskrivs hur autentisering går till i två vanligt förekommande protokoll. Det är en undersökning av autentiseringen i IPsec och TLS där teknikerna har jämförts utifrån litterära studier och praktiska tester. Resultaten i arbetet ska användas som delargument i den fortsatta utvecklingen av samarbeten mellan mobiltelefonoperatörer som använder Ericssons betalningssystem och externa leverantörer. Security authentication IPsec TLS Computer Sciences Datavetenskap (datalogi)
163	Examining young users’ security perceptions of mobile banking : A qualitative study on users’ insights about mobile banking. Du, Tiantian, Agami, Amro January 2017 (has links) The advancement of mobile technology and banking services enabled users to use the mobile banking for a variety of tasks with their smartphones, bringing increased flexibility and value-added services to the customers. However, users still have still concerns regarding the security of mobile banking services. The lack of knowledge of the user about different security threats and mechanisms to improve their security represent a major opportunity for hackers and cyberattacks. Despite the fact that the younger students are more knowledgeable about technologies yet awareness is still a concern. Perceived security in the context of young users has not been examined before, although it is considered important in building customer trust. Therefore, this thesis aims to form a good understanding of this topic. On analyzing prior research, the subjects of trust and perceived security in mobile banking is approached by the literature review and an exploratory study that was conducted through qualitative semi-structured interviews. The information collected was carefully analyzed with proper tools. After analyzing the information an analysis of the literature findings and study finds was presented. This thesis examined and revealed that perceived security in mobile banking is important for young users. However, it was noticed that users would not leave the service due to their reliance on the bank assurances to cover their security losses, which means that most of the mobile banking young users trust their bank and technology given the security threats. In addition, this study revealed that the majority of users are unaware of security threats surrounding the mobile banking environment. It was found also that the most important mechanism for the user is authentication mechanisms. This thesis provides a general understanding of the security in mobile banking. It highlights that perceived security is a complex concept and is affected by various factors such as device, information quality, user experience and type of network connections. These factors should be carefully considered by users when using the technology. In conclusion, this thesis also implies banks to communicate effectively security information to users in order to avoid mobile banking users’ errors. Perceived security Mobile banking User awareness Authentication Business Administration Företagsekonomi
164	Chaos Based RFID Authentication Protocol Chung, Harold January 2013 (has links) Chaotic systems have been studied for the past few decades because of its complex behaviour given simple governing ordinary differential equations. In the field of cryptology, several methods have been proposed for the use of chaos in cryptosystems. In this work, a method for harnessing the beneficial behaviour of chaos was proposed for use in RFID authentication and encryption. In order to make an accurate estimation of necessary hardware resources required, a complete hardware implementation was designed using a Xilinx Virtex 6 FPGA. The results showed that only 470 Xilinx Virtex slices were required, which is significantly less than other RFID authentication methods based on AES block cipher. The total number of clock cycles required per encryption of a 288-bit plaintext was 57 clock cycles. This efficiency level is many times higher than other AES methods for RFID application. Based on a carrier frequency of 13.56Mhz, which is the standard frequency of common encryption enabled passive RFID tags such as ISO-15693, a data throughput of 5.538Kb/s was achieved. As the strength of the proposed RFID authentication and encryption scheme is based on the problem of predicting chaotic systems, it was important to ensure that chaotic behaviour is maintained in this discretized version of Lorenz dynamical system. As a result, key boundaries and fourth order Runge Kutta approximation time step values that are unique for this new mean of chaos utilization were discovered. The result is a computationally efficient and cryptographically complex new RFID authentication scheme that can be readily adopted in current RFID standards such as ISO-14443 and ISO-15693. A proof of security by the analysis of time series data obtained from the hardware FPGA design is also presented. This is to ensure that my proposed method does not exhibit short periodic cycles, has an even probabilistic distribution and builds on the beneficial chaotic properties of the continuous version of Lorenz dynamical system. RFID Chaos ISO-14443 ISO-15693 Authentication Cryptology
165	Efficient Simulation for Quantum Message Authentication Wainewright, Evelyn January 2016 (has links) A mix of physics, mathematics, and computer science, the study of quantum information seeks to understand and utilize the information that can be held in the state of a quantum system. Quantum cryptography is then the study of various cryptographic protocols on the information in a quantum system. One of the goals we may have is to verify the integrity of quantum data, a process called quantum message authentication. In this thesis, we consider two quantum message authentication schemes, the Clifford code and the trap code. While both of these codes have been previously proven secure, they have not been proven secure in the simulator model, with an efficient simulation. We offer a new class of simulator that is efficient, so long as the adversary is efficient, and show that both of these codes can be proven secure using the efficient simulator. The efficiency of the simulator is typically a crucial requirement for a composable notion of security. The main results of this thesis have been accepted to appear in the Proceedings of the 9th International Conference on Information Theoretic Security (ICITS 2016). quantum cryptography message authentication quantum information trap code Clifford code
166	Protocolos criptográficos de identificação baseados em reticulados / Lattice-based identification schemes Oniki Chiquito, Izumi, 1985- 22 August 2018 (has links) Orientador: Ricardo Dahab / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-22T11:38:01Z (GMT). No. of bitstreams: 1 OnikiChiquito_Izumi_M.pdf: 3419663 bytes, checksum: 5f621e251ebc62429a85ff141091f7f5 (MD5) Previous issue date: 2012 / Resumo: Na área de Segurança da Informação, controle de acesso diz respeito á habilidade de permitir ou negar a utilização de determinados recursos, sejam eles informações, dispositivos, serviços etc., por parte de um indivíduo. Protocolos de identificação correspondem a algoritmos criptográficos que permitem verificar, com certo grau de confiança, se a alegação de um indivíduo a respeito de sua identidade é verdadeira. Dessa forma, pode-se prover acesso controlado e conceder privilégios de utilização de recursos somente a entidades ou indivíduos cuja identidade tenha sido comprovada. Algoritmos baseados em reticulados, de uma forma geral, têm despertado particular interesse em aplicações criptográficas, devido à sua provável resistência a ataques empregando computadores quânticos, ao contrário dos criptossistemas baseados em problemas da Teoria dos Números. Por esse motivo, nos _últimos anos, tem-se buscado desenvolver protocolos de identificação cuja segurança esteja relacionada a problemas envolvendo reticulados. Neste trabalho, foram abordadas as principais propostas recentes de protocolos de identificação baseados em reticulados. Além da apresentação dos algoritmos, é feita uma análise comparativa entre protocolos selecionados, incorporando dados experimentais de execução. A etapa de implementação aqui apresentada tem também como finalidade suprir a ausência de resultados experimentais para essa categoria de protocolos, no sentido de iniciar um processo de validação para uso dos algoritmos em aplicações práticas. Questões como possibilidades de otimização e expectativas para o futuro da área também são discutidas / Abstract: One of the main concerns of the field of Information Security is access control, which refers to the restriction of access to several kinds of resources, such as data, places, devices, services and others. Identification schemes are cryptographic algorithms that allow verifying with some level of certainty if an identity claim is legitimate. Therefore, such schemes make possible to provide access control and grant privileges only to authorized individuals whose identities have been previously verified. Lattice-based algorithms are particularly interesting as the cryptography community believes them to remain secure even to quantum computers attacks, as opposite to some cryptosystems used today based on Number Theory problems. For this reason, identification schemes based on lattices have received growing attention lately. In this work, we address the main recent developments of lattice-based identification schemes. After introducing the algorithms, we make a comparative analysis of the selected schemes, using experimental data collected from our own implementation of the algorithms. The implementation phase also aims to help validating these schemes for practical use, since to this date there were practically no experimental results available. Other issues, like optimization possibilities and the future of the area, are also addressed in this work / Mestrado / Ciência da Computação / Mestra em Ciência da Computação Criptografia Autenticação Criptografia pós-quântica Cryptography Authentication Post-quantum cryptography
167	Towards an Accurate ECG Biometric Authentication System with Low Acquisition Time Arteaga Falconi, Juan Sebastian 31 January 2020 (has links) Biometrics is the study of physical or behavioral traits that establishes the identity of a person. Forensics, physical security and cyber security are some of the main fields that use biometrics. Unlike traditional authentication systems—such as password based—biometrics cannot be lost, forgotten or shared. This is possible because biometrics establishes the identity of a person based on a physiological/behavioural characteristic rather than what the person possess or remembers. Biometrics has two modes of operation: identification and authentication. Identification finds the identity of a person among a group of persons. Authentication determines if the claimed identity of a person is truthful. Biometric person authentication is an alternative to passwords or graphical patterns. It prevents shoulder surfing attacks, i.e., people watching from a short distance. Nevertheless, biometric traits of conventional authentication techniques like fingerprints, face—and to some extend iris—are easy to capture and duplicate. This denotes a security risk for modern and future applications such as digital twins, where an attacker can copy and duplicate a biometric trait in order to spoof a biometric system. Researchers have proposed ECG as biometric authentication to solve this problem. ECG authentication conceals the biometric traits and reduces the risk of an attack by duplication of the biometric trait. However, current ECG authentication solutions require 10 or more seconds of an ECG signal in order to have accurate results. The accuracy is directly proportional to the ECG signal time-length for authentication. This is inconvenient to implement ECG authentication in an end-user product because a user cannot wait 10 or more seconds to gain access in a secure manner to their device. This thesis addresses the problem of spoofing by proposing an accurate and secure ECG biometric authentication system with relatively short ECG signal length for authentication. The system consists of an ECG acquisition from lead I (two electrodes), signal processing approaches for filtration and R-peak detection, a feature extractor and an authentication process. To evaluate this system, we developed a method to calculate the Equal Error Rate—EER—with non-normal distributed data. In the authentication process, we propose an approach based on Support Vector Machine—SVM—and achieve 4.5% EER with 4 seconds of ECG signal length for authentication. This approach opens the door for a deeper understanding of the signal and hence we enhanced it by applying a hybrid approach of Convolutional Neural Networks—CNN—combined with SVM. The purpose of this hybrid approach is to improve accuracy by automatically detect and extract features with Deep Learning—in this case CNN—and then take the output into a one-class SVM classifier—Authentication; which proved to outperform accuracy for one-class ECG classification. This hybrid approach reduces the EER to 2.84% with 4 seconds of ECG signal length for authentication. Furthermore, we investigated the combination of two different biometrics techniques and we improved the accuracy to 0.46% EER, while maintaining a short ECG signal length for authentication of 4 seconds. We fuse Fingerprint with ECG at the decision level. Decision level fusion requires information that is available from any biometric technique. Fusion at different levels—such as feature level fusion—requires information about features that are incompatible or hidden. Fingerprint minutiae are composed of information that differs from ECG peaks and valleys. Therefore fusion at the feature level is not possible unless the fusion algorithm provides a compatible conversion scheme. Proprietary biometric hardware does not provide information about the features or the algorithms; therefore, features are hidden and not accessible for feature level fusion; however, the result is always available for a decision level fusion. ECG Authentication CNN SVM Deep Learning Machine Learning Biometrics Cybersecurity
168	A Robust Authentication Methodology Using Physically Unclonable Functions in DRAM Arrays Hashemian, MaryamSadat 07 September 2020 (has links) No description available. Computer Engineering
169	Moderní metody ověření identity uživatelů / Modern methods for user authentication Sýkora, Daniel January 2009 (has links) The main focus of Master’s thesis is modern methods for user authentication. In the first part are briefly described currently used protocols and pointed out thein advantages and disadvantages. The theoretical introduction analyzes the principles of zero-knowledge authentication, password-based protocols and describes the concept of a new generation hash function. The practical part describes the specific implementation of authentication protocols - Ohta-Okamoto protocol as a representative of the zero knowledge protocols and SRP (Secure Remote Password), which represents password-based protocols. In both cases, the installation procedure is described following the analysis of their implementation (at the source code level) and then compared with the transmitted data captured by Wireshark. The SRP protocol is verified by AVISPA tool. There is summary of both protocols security analysis in the conclusion.
170	Testovací implementace protokolu ACP / Test implementation of the ACP protocol Ležák, Petr January 2012 (has links) In general this master’s thesis deals with access control methods and their individual modules and in particular with authentication of supplicants. There are listed authentication methods useful in the implementation of the ACP protocol. ACP protocol is also discussed including possibilities and uses. ACP message format is described in detail with AVP format and types. The transaction mechanism is also mentioned here. The main part of the thesis is focused on software design for protocol testing. Possibilities of the testing are discussed and test scenarios are suggested. Consequently, requirements for test software are listed and its implementation is designed. Furthermore, there is technical documentation of the program. The main ideas used in the program are explained in it. The purpose of each part of the program is written including links between them. Finally, there is a manual for the program. It also contains an illustrative example describing how to make and test a simple scenario of the authentication.

Search results