Pokročilé bezpečnostní aplikace pro Android / Advanced security applications for Android

Orgoň, Marek

January 2014

The thesis deals with security of the Android operating system, both general security features and options for storing sensitive data. The suitability of Android KeyStore for storing sensitive data and the possibility of using the secure element for safe application calculations and smart card emulation are discussed. Using Host-based Card Emulation for contactless smart card emulation is discussed. The performance analysis of modular arithmetic operations for numbers with high bit length is examined. Following these analysis, an implementation of application for software contactless smart card emulation of HM12 and HM14 cryptographic protocol is proposed. And an implementation of application for verifying smart cards with these protocols is proposed. Also scheme for secure storage of sensitive data is proposed.

Autentizace pomocí mobilních telefonů / Authentication using mobile phones

Fusek, Zdeněk

January 2015

This thesis deals with authentication by mobile phone. The mobile phone with operating system Android was chosen as authentication device. The Eclipse development environment was used for the implementation of applications. The aim of the thesis was to study and practically implement access system for mobile phones, where the Bluetooth LE and NFC interface are used for data transmission between the mobile device and reader. Firstly, the thesis deals with the client application, which is installed on the authenticated device, and then is focused on the characteristics of the application which is running on the reader. Both client and reader applications describe the design of graphical user interface, process of authentication via Bluetooth LE and NFC, analyse packages and classes, and eventually perform security analysis. The thesis also presents schema of authentication protocol HM14.

Security of NFC applications

Pham, Thi Van Anh

January 2013

Near Field Communication (NFC) refers to a communication technology that enables an effortless connection and data transfers between two devices by putting them in a close proximity. Besides contactless payment and ticketing applications, which were the original key drivers of this technology, a large number of novel use cases can benefit from this rapidly developing technology, as has been illustrated in various NFC-enabled application proposals and pilot trials. Typical NFC-enabled systems combine NFC tags, NFC-enabled mobile phones, and online servers. This thesis explores the trust relationships, security requirements, and security protocol design in these complex systems. We study how to apply the security features of different types of NFC tags to secure NFC applications. We first examine potential weaknesses and problems in some novel use cases where NFC can be employed. Thereafter, we analyze the requirements and propose our system design to secure each use case. In addition, we developed proof-of-concept implementations for two of our proposed protocols: an NFCenabled security-guard monitoring system and an NFC-enabled restaurant menu. For the former use case, we also formally verified our proposed security protocol.  Our analysis shows that among the discussed tags, the NFC tags based on secure memory cards have the least capability and flexibility. Their built-in three-pass mutual authentication can be used to prove the freshness of the event when the tag is tapped. The programmable contactless smart cards are more flexible because they can be programmed to implement new security protocols. In addition, they are able to keep track of a sequence number and can be used in systems that do not require application-specific software on the mobile phone. The sequence number enforces the order of events, thus providing a certain level of replay prevention. The most powerful type of tag is the emulated card since it provides a clock, greater computational capacity, and possibly its own Internet connection, naturally at higher cost of deployment. / Near Field Communication (NFC) hänvisar till en kommunikationsteknik som möjliggör en enkel anslutning och dataöverföring mellan två enheter genom att sätta dem i en närhet. Förutom kontaktlös betalning och biljetthantering ansökningar, vilket var den ursprungliga viktiga drivkrafter för denna teknik, kan ett stort antal nya användningsfall dra nytta av denna snabbt växande teknik, som har visats i olika NFC-aktiverade program förslag och pilotförsök. Typiska NFC-applikationer kombinerar NFC-taggar, NFC-kompatibla mobiltelefoner och online-servrar. Denna avhandling utforskar förtroenderelationer, säkerhetskrav och säkerhetsprotokoll utformning i dessa komplexa system. Vi studerar hur man kan tillämpa de säkerhetsfunktioner för olika typer av NFC-taggar för att säkra NFC-applikationer. Vi undersöker först potentiella svagheter och problem i vissa nya användningsfall där NFC kan användas.  Därefter analyserar vi de krav och föreslå vårt system design för att säkra varje användningsfall. Dessutom utvecklade vi proof-of-concept implementationer för två av våra föreslagna protokoll: en NFC-aktiverad säkerhet-guard övervakningssystem och en NFC-aktiverad restaurang meny. Dessutom, för fd bruk fallet, kontrollerade vi formellt vår föreslagna säkerhetsprotokoll. Vår analys visar att bland de diskuterade taggar, NFC taggar som baseras på säkra minneskort har minst kapacitet och dlexibilitet. Deras inbyggda trepass ömsesidig autentisering kan användas för att bevisa färskhet av händelsen när taggen tappas. De programmerbara beröringsfria smarta kort är mer flexibla eftersom de kan programmeras för att genomföra nya säkerhetsprotokoll.  Dessutom kan de hålla reda på ett löpnummer och kan användas i system som inte kräver ansökan-specik mjukvara på mobiltelefonen. Sekvensnumret framtvingar ordning av händelser, vilket ger en viss nivå av replay förebyggande. Den mest kraftfulla typen av taggen är den emulerade kortet eftersom det ger en klocka, större beräkningskapacitet, och möjligen sin egen Internet-anslutning, naturligtvis till högre kostnad för utplacering.

NFC

security protocol

DESFire

Java card

card emulation

restaurant

vending machine

class attendance

security guard

NFC

säkerhetsprotokoll

DESFire

Java kort

kort emulering

restaurang

varuautomat

säkerhetsvakt

Communication Systems

Kommunikationssystem