Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security
|
|
- Clarence Harmon
- 8 years ago
- Views:
Transcription
1 Information Security Group (ISG) From Smart Cards to NFC Smart Phone Security Information Security Group Activities Prof. Keith and Mayes Research From the Information Security Group ACE-CSR at Royal Holloway University of a London Established Full-time Academics 6 Postdoctoral Research Assistants 40+ PhD Students and 100+ MSc Students Objectives To conduct world class information security research To provide graduates with a broad understanding of all aspects of information security To be a source of information security expertise of industrial relevance To maintain close links with the industry and government 1 2 Core Research Areas Access control Critical infrastructure protection Cryptography Identity management Network security Smartcards, security modules and mobile* System security Socio-technical issues * Carried out within ISG Smart Card Centre (SCC) established 2002 The ISG Smart Card Centre The SCC was set-up in 2002 as an applied industry - academic centre of excellence. Topics include smart cards, RFID, Mobile, NFC, embedded security, secure systems and protocols, current threads are: Transport ticketing system security. Mobile systems and security. Card payment systems and security. RFID/Tagging. Enabling technology and systems including NFC, Biometrics and attacks. Main supporting parties: RHUL, Transport for London, Orange, UK Cards Association, and ITSO. Postgraduates: Each year the SCC typically supervises: 25 Masters Students 10 PhD Students 3 4 1
2 Agenda for Lecture Smart Cards with Contacts Evolution of smart cards/rfids Attacks/countermeasures Near Field Communication (NFC) NFC Security Elements Misuse of NFC devices as attack platforms Chip module interface via metal contacts Card reader makes physical contact [Gemalto Images] Contact-less Smart Cards Smart Card/RFID Trade-offs Chip module interface via antenna The choice of product type has a critical effect on security and is based on threats and assumptions that often change!! 7 Reader uses RF field 7 8 2
3 RFID Tags - Passive/Active At a store near you Near Field Communication There are many different contact-less tag/device formats The main classes are passive and active/powered 9 9 The latest standards for mobile phones support Near Field Communications (NFC) NFC is a equivalent to a phone contact-less interface The phone can behave as a smart card or token The phone can behave as the reader ( 10 Hacking a popular sport Wikipedia on the popular Hacking at Random Conference Hacking at Random was an outdoor hacker conference that took place in The Netherlands in August This conference was the most recent event in a sequence. Galactic Hacker Party in 1989, followed by Hacking at the End of the Universe in 1993, Hacking In Progress in 1997, Hackers At Large in 2001, and What the Hack in A small selection of seminars from HAR RFID sniffer workshop: Assemble your own RFID sniffer and find RFID tags in your wallet Cracking A5 GSM encryption Lock picking Side channel analysis and fault injection Rootkits are awesome. Insider Threat for Fun and Profit Wikileaks. History is the only guidebook civilization has, but who's the publisher? Sniffers/Emulators/Clones A Sniffer can eavesdrop radio transmissions. An Emulator can masquerade as any RFID if data and/or key material can be obtained A Clone is a copy of a particular genuine RFID A number of devices have been demonstrated (and available) Credit: TU Graz, OpenPICC, Intel, Radboud University
4 Passive Relay Devices that Resist Attack We are not only concerned about attacks against the theoretical design of the security protection, but also its implementation and associated policies. Attacks can be classed under generic headings. Logical Physical/Fault Timing/Side-Channel Attacks that target the implementation are often referred to as tampering. Specialist devices including Hardware Security Modules (HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant Physical Attack Countermeasures In hardware security modules chip level measures include: Physical barriers Active shields Circuit scrambling Encrypted busses Encrypted memories Source Gemalto Environment/fault sensors In mobile equipment you have to consider protecting/obscuring sensitive chips and interfaces Making things hard to get at is better than nothing Try to impede the replacement of critical chips Timing/Side Channel Attack Side channel attacks exploit leakage from operations and the principle is simple; An electronic circuit is made up of gates/transistors; switching between logic levels causes a slight variation in power consumption and RF emissions The attacker captures these variations (with low cost kit) and processes them (using published techniques) in order to extract secret/sensitive information The attacks are effective against unprotected hardware and will extract keys from good logical algorithms e.g. AES Specialist security hardware countermeasures include, smoothing, additive noise, random delays, differential logic
5 Trusted NFC Phone platform? Security Applications go here 'Safebot' malware running as 'root' user Malware goes here! Image from Vikas Rajole MSc report 2011 The NFC Secure Element Starting position: Mobile handset is not a trusted platform. Need additional trusted security component. Most well known example is the UICC. SE is security core of NFC applications. Tamper resistance - secure storage and management of applications and keys. Security mechanisms, e.g. encryption of communication. SE facilitates two key services. Secure execution of sensitive applications and their data. Secure management of applications. Multiple form factors. SIM-SE, Phone SE (chip), Memory Card-SE and even Software-SE!! RIM2011 Embedded SE SIM/USIM as SE SE is embedded in handset Smartcard in IC form factor Works when phone off No distinct owner Development opportunities Potential trust and ownership issues Secure personalisation important 19 ifitit Teardown NXP The existing SIM/USIM is the SE. No extra hardware. SIM stable technology. Handset needs to support Single Wire Protocol (SWP). Owned by the MNO. 3 rd party application access? Variations. DIF-SIM: All functionality on SIM with antenna in phone. SIM-Flex: All functionality on SIM with attached antenna 20 NXP2011 Gemalto
6 microsd SE SE added in SD memory slot No NFC capability required in handset Can add to any handset with slot Off when phone is off Flexibly ownership 3 rd party owner open for development SE tied to specific owner/application NXP2011 SDID2011 NFC device as an attack platform! Attacks currently use a lot of custom built kit. Hence, the interest in NFC devices as attack platforms! Skimming - reading genuine cards. Clone card emulation. An open development platform. Anyone can write phone reader applications. Embedded secure elements are unlockable. Existing APIs and developer environments. Multiple communications links. A software downloaded attack application could spread very fast! NFC Device as an Attack Platform! Attacks currently use a lot of custom built kit, hence, the interest in NFC devices as attack platforms! Skimming - reading genuine cards. Clone card emulation. A software downloaded attack application could spread very fast! Card Cloning Relay Attacks Conclusion: Issues for Debate Who has access to embedded NFC functionality (and keys) before personalisation? What triggers personalisation/control of embedded SEs? Can the user opt-in/out? Who personalises the SE and has the keys? How is multi-organisation access and control managed? How is service priority controlled and by whom? How does a user change MNO or bank or other SP? How is an NFC phone cleaned before re-sale? How are lost, broken and stolen phones dealt with? How do you deal with multiple SEs in a phone?
7 Thank you for your attention Questions? ww.scc.rhul.ac.uk 25 7
What is a Smart Card?
An Introduction to Smart Cards and RFIDs Prof. Keith E. Mayes Keith.Mayes@rhul.ac.uk Director of the ISG - Smart Card Centre www.scc.rhul.ac.uk Learning Objectives (MSc MSc) Identify the various types
More informationSecuring the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility
1 An Introduction v2.0 September 2015 Document History 2 Version Date Editor Remarks 1.0 06/04/2011 OMAPI Working Group Public release 2.0 27/09/2015 OMAPI Working Group Public release Copyright 2015 SIMalliance
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More informationMobile MasterCard PayPass Testing and Approval Guide. December 2009 - Version 2.0
Mobile MasterCard PayPass Testing and Approval Guide December 2009 - Version 2.0 Proprietary Rights Trademarks The information contained in this document is proprietary and confidential to MasterCard International
More informationRF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
More information1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis, K.Markantonakis@rhul.ac.uk
Proposed PhD Research Areas I am looking for strong PhD candidates to work on the projects listed below. The ideal candidate would have a mix of theoretical and practical skills, achieved a distinction
More informationTraining. MIFARE4Mobile. Public. MobileKnowledge April 2015
MIFARE4Mobile Public MobileKnowledge April 2015 Agenda Why MIFARE4Mobile? MIFARE in Mobile related technologies MIFARE technology NFC technology MIFARE4Mobile technology High level system architecture
More informationCredit Card Fraud The Contactless Generation Kristin Paget
Credit Card Fraud The Contactless Generation Kristin Paget Chief Hacker, Recursion Ventures kris@recursion.com @KrisPaget WHAT'S COMING UP? Contactless payments What is EMV? How does NFC fit in? Threat
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland University of Applied Sciences Upper Austria,, Austria IWSSISPMU2012 International Workshop on
More informationThreat Modeling for offline NFC Payments
Threat Modeling for offline NFC Payments 1 Fan Jia, 2 Yong Liu, 3 Li Zhang *1,Corresponding Author,2 Key Laboratory of Communication and Information Systems, Beijing Jiaotong University, Beijing, China,
More informationApplying the NFC Secure Element in Mobile Identity Apps. RANDY VANDERHOOF Executive Director Smart Card Alliance
Applying the NFC Secure Element in Mobile Identity Apps RANDY VANDERHOOF Executive Director Smart Card Alliance Session ID: MBS - 403 Session Classification: Mobile Security Agenda Agenda topics NFC basics:
More informationKarsten Nohl University of Virginia. Henryk Plötz HU Berlin
Karsten Nohl University of Virginia Henryk Plötz HU Berlin Radio Frequency IDentification Tiny computer chips Passively Powered Karsten Nohl, Henryk Plötz - RFID Security 2 Constant monitoring is already
More informationContactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
More informationSignificance of Tokenization in Promoting Cloud Based Secure Elements
Significance of Tokenization in Promoting Cloud Based Secure Elements Busra O zdenizci 1, Vedat Coskun 1*, Kerem Ok 1 and Turgay Karlidere 2 1 NFC Lab - Istanbul, Department of Information Technologies,
More informationUsing Contactless Smart Cards for Secure Applications
Using Contactless Smart Cards for Secure Applications Classification: Public (Info Level 1) Document No.: LA-11-005d-en Edition: 2010 www.legic.com LEGIC Identsystems Ltd Binzackerstrasse 41, CH-8620 Wetzikon,
More informationAdversary Modelling 1
Adversary Modelling 1 Evaluating the Feasibility of a Symbolic Adversary Model on Smart Transport Ticketing Systems Authors Arthur Sheung Chi Chan, MSc (Royal Holloway, 2014) Keith Mayes, ISG, Royal Holloway
More informationMore effective protection for your access control system with end-to-end security
More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT
More informationEmbedded Java & Secure Element for high security in IoT systems
Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product
More informationTechnical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate
Technical NFiC: a new, economical way to make a device NFC-compliant Prashant Dekate NFiC: a new, economical way to make a device NFC-compliant Prashant Dekate The installed base of devices with Near Field
More informationEESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.
EESTEL White Paper October 29, 2014 Apple iphone 6, Apple Pay, What else? On 2014, September 9 th, Apple has launched three major products: iphone 6, Apple Watch and Apple Pay. On October 17 th, Apple
More informationSecuring Host Operations with a Dedicated Cryptographic IC - CryptoCompanion
Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion By Kerry Maletsky, Business Unit Director Crypto Products Summary There is a growing need for strong hardware security devices
More informationWireless Network Security
Wireless Network Security Bhavik Doshi Privacy and Security Winter 2008-09 Instructor: Prof. Warren R. Carithers Due on: February 5, 2009 Table of Contents Sr. No. Topic Page No. 1. Introduction 3 2. An
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationWhere Cyber Security fits at RHUL
Cyber Security Research at Royal Holloway Information Security Group Activities and Research An Overview Prof. Keith Martin Where Cyber Security fits at RHUL Information Security Group (ISG) Established
More informationGemalto Mifare 1K Datasheet
Gemalto Mifare 1K Datasheet Contents 1. Overview...3 1.1 User convenience and speed...3 1.2 Security...3 1.3 Anticollision...3 2. Gemalto Mifare Features...4 2.1 Compatibility with norms...4 2.2 Electrical...4
More informationSecure USB Flash Drive. Biometric & Professional Drives
Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE
More informationSecurity in Near Field Communication (NFC)
Security in Near Field Communication (NFC) Strengths and Weaknesses Ernst Haselsteiner and Klemens Breitfuß Philips Semiconductors Mikronweg 1, 8101 Gratkorn, Austria ernst.haselsteiner@philips.com klemens.breitfuss@philips.com
More informationBanking. Extending Value to Customers. KONA Banking product matrix. KONA@I is leading the next generation of payment solutions.
Smart IC Banking Banking Extending Value to Customers KONA Banking product matrix Contact - SDA Product EEPROM Java Card Type KONA Products KONA@I is leading the next generation of payment solutions Banks,
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationOn Security Evaluation Testing
On Security Evaluation Testing Kerstin Lemke-Rust Hochschule Bonn-Rhein-Sieg Workshop: Provable Security against Physical Attacks Lorentz Center, 19 Feb 2010 Kerstin Lemke-Rust (H BRS) On Security Evaluation
More informationCHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS
CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS Prof. Dr.-Ing. Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer Research Institution
More informationInteragency Advisory Board Meeting Agenda, Wednesday, February 22, 2012
Interagency Advisory Board Meeting Agenda, Wednesday, February 22, 2012 1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. Generic Identity Command Set (GICS): Leveraging PIV to Build a Standard Platform
More informationProblems of Security in Ad Hoc Sensor Network
Problems of Security in Ad Hoc Sensor Network Petr Hanáček * hanacek@fit.vutbr.cz Abstract: The paper deals with a problem of secure communication between autonomous agents that form an ad hoc sensor wireless
More informationNFC Hacking: The Easy Way
DEFCON 20 NFC Hacking: The Easy Way Eddie Lee eddie{at}blackwinghq.com About Me! Security Researcher for Blackwing Intelligence (formerly Praetorian Global)! New site live: blackwinghq.com! We re always
More informationProtected Cash Withdrawal in Atm Using Mobile Phone
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 4 April, 2013 Page No. 1346-1350 Protected Cash Withdrawal in Atm Using Mobile Phone M.R.Dineshkumar
More informationReviving smart card analysis
Reviving smart card analysis Christopher Tarnovsky Karsten Nohl chris@flylogic.net nohl@srlabs.de Executive summary Modern smart cards should be analyzed 1. Smart card chips provide the trust base for
More informationAn Example of Mobile Forensics
An Example of Mobile Forensics Kelvin Hilton K319 kchilton@staffsacuk k.c.hilton@staffs.ac.uk www.soc.staffs.ac.uk/kch1 Objectives The sources of evidence The subscriber The mobile station The network
More informationGSM Risks and Countermeasures
GSM Risks and Countermeasures STI Group Discussion and Written Project Authors: Advisor: Johannes Ullrich Accepted: February 1, 2010 Abstract Recent research has shown that GSM encryption can be cracked
More informationNFC Hacking: The Easy Way
DEFCON 20 NFC Hacking: The Easy Way Eddie Lee eddie{at}blackwinghq.com About Me! Security Researcher for Blackwing Intelligence (formerly Praetorian Global)! We re always looking for cool security projects!
More informationMobile Electronic Payments
Chapter 7 Mobile Electronic Payments 7.1 Rationale and Motivation Mobile electronic payments are rapidly becoming a reality. There is no doubt that users of mobile phones are willing and even asking to
More informationSecure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge
Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in
More informationHow To Hack An Rdi Credit Card
RFID Payment Card Vulnerabilities Technical Report Thomas S. Heydt-Benjamin 1, Daniel V. Bailey 2, Kevin Fu 1, Ari Juels 2, and Tom O'Hare 3 Abstract 1: University of Massachusetts at Amherst {tshb, kevinfu}@cs.umass.edu
More informationRFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationThe Role of the Trusted Service Manager in Mobile Commerce
About the GSMA The GSMA represents the interests of mobile operators worldwide. Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators with 250 companies in the broader
More informationGLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1. MasterCard M/Chip Mobile Solution
INTRODUCING M/Chip Mobile SIMPLIFYING THE DEPLOYMENT OF SECURE ELEMENT MOBILE PAYMENTS OCTOBER 2015 GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1 Research into
More informationBringing Security & Interoperability to Mobile Transactions. Critical Considerations
Bringing Security & Interoperability to Mobile Transactions Critical Considerations April 2012 Transactions 2 Table of Contents 1. Introduction... 3 2. Section 1: Facing up the challenges of a connected
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationSecure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft
Application Report Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft Embedded RF ABSTRACT This application report describes
More informationNFC: Enabler for Innovative Mobility and Payment NFC: MOBILIDADE E MEIOS DE PAGAMENTO
NFC: Enabler for Innovative Mobility and Payment Cards Brazil Sao Paulo, April 3rd to 5th 2007 Rodolfo Gomes - 1st Level Customer Application Support NFC&RFID Europe A new Company has reborn Few months
More informationSmart Card: The Computer in Your Wallet
Smart Card: The Computer in Your Wallet MIPS Technologies, Inc. June 2002 Smart cards, credit-card-size pieces of plastic incorporating a silicon chip, comprise the highest volume computing platform. Roughly
More informationMobile Payment Security discussion paper
Mobile Payment Security discussion paper Contents Executive summary 4 1. Introduction 5 2. introduction to security 6 2.1 Different types of security 6 2.2 Security objectives 7 2.3 Types of security measures
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland NFC Research Lab Hagenberg University of Applied Sciences Upper Austria Softwarepark 11, 4232
More informationUsing an NFC-equipped mobile phone as a token in physical access control
University of Twente Faculty of electrical engineering, mathematics and computer science Nedap Securiy Management Using an NFC-equipped mobile phone as a token in physical access control Author: Martijn
More informationNFC. Technical Overview. Release r05
Release r05 Trademarks The Bluetooth word mark and logos are owned by the Bluetooth SIG, Inc. and any use of such marks by Stollmann E+V GmbH is under license. Other trademarks and trade names are those
More informationSecurity in the Age of Nanocomputing. Hacking Devices
Security in the Age of Nanocomputing Matthew Tan Creti Hacking Devices The ESA estimates its total worldwide losses due to piracy at $3 billion annually [2] One million unlocked iphones could cost Apple
More informationSecure Hardware PV018 Masaryk University Faculty of Informatics
Secure Hardware PV018 Masaryk University Faculty of Informatics Jan Krhovják Vašek Matyáš Roadmap Introduction The need of secure HW Basic terminology Architecture Cryptographic coprocessors/accelerators
More informationEMV-TT. Now available on Android. White Paper by
EMV-TT A virtualised payment system with the following benefits: MNO and TSM independence Full EMV terminal and backend compliance Scheme agnostic (MasterCard and VISA supported) Supports transactions
More informationAllwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security
Allwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security Technology Studies Leslie Center Rockefeller Center Tucker
More informationSecurity Levels for Web Authentication using Mobile Phones
Security Levels for Web Authentication using Mobile Phones Anna Vapen and Nahid Shahmehri Department of computer and information science Linköpings universitet, SE-58183 Linköping, Sweden {annva,nahsh}@ida.liu.se
More informationNACCU 2013. Migrating to Contactless: 2013 1
NACCU 2013 Migrating to Contactless: 2013 1 AGENDA The demise of cards has been predicted for many years. When will this really happen? This presentation by two card industry experts will cover the rise
More informationADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015
ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD Olivier THOMAS Blackhat USA 2015 About Texplained Texplained [Technology Explained] refers
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationCHASE Survey on 6 Most Important Topics in Hardware Security
University of Connecticut CHASE Survey on 6 Most Important Topics in Hardware Security Prepared By Prof. M. Tehranipoor Charles H. Knapp Associate Professor in Engineering Innovation Topics! Counterfeit
More informationC23: NFC Mobile Payment Ecosystem & Business Model. Jane Cloninger Director
C23: NFC Mobile Payment Ecosystem & Business Model Jane Cloninger Director The mobile phone is the most successful communication device in history Global mobile subscribers (millions) 5,000 4,500 4,000
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationRecent Developments in Mobile Financial Services Solutions December 12, 2012
Recent Developments in Mobile Financial Services Solutions December 12, 2012 www.schnader.com 1 Introduction Mobile Financial Services Technology Issues Regulatory Issues www.schnader.com 2 Mobile Financial
More informationRelay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Srdjan Čapkun (joint work with Aurélien Francillon, Boris Danev) 1 Agenda 1. Overview of Car Key Systems 2. Previous Attacks: In
More informationadvant advanced contactless smart card system
LA-11-001l-en [08.2012] advant advanced contactless smart card system power Fully scalable fully flexible Key applications & standards 2 1 5 The LEGIC advant product line ideally supports the design and
More informationCredential Management for Cloud Computing
Credential Management for Cloud Computing Workshop Cloud Security, 16.07.2014 Dr. Johannes Luyken Page 1 Security breaches increase in their impact by exploiting online access to confidential data that
More informationUsing RFID Techniques for a Universal Identification Device
Using RFID Techniques for a Universal Identification Device Roman Zharinov, Ulia Trifonova, Alexey Gorin Saint-Petersburg State University of Aerospace Instrumentation Saint-Petersburg, Russia {roman,
More informationDevelopment of a wireless home anti theft asset management system. Project Proposal. P.D. Ehlers 21017914. Study leader: Mr. D.V.
EVALUATION PAGE Format/10 Afrikaans group Revision no: 0 Content/10 Computer Engineering Must revise: Yes No Final mark/20 Must proofread: Yes No Development of a wireless home anti theft asset management
More informationMobile Near-Field Communications (NFC) Payments
Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments
More informationConfidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator
Confidentio Integrated security processing unit Including key management module, encryption engine and random number generator Secure your digital life Confidentio : An integrated security processing unit
More informationNFC APPLICATIONS IN THE TRACKING SYSTEMS
Advanced Logistic Systems, Vol. 7, No. 2 (2013), pp. 41 48. NFC APPLICATIONS IN THE TRACKING SYSTEMS TAMÁS HARTVÁNYI 1 CSABA I. HENCZ 2 Abstract: Radio Frequency Identification (RFID) and a Near Field
More informationHow To Attack A Key Card With A Keycard With A Car Key (For A Car)
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars (NDSS ) Aurélien Francillon, Boris Danev, Srdjan Čapkun (ETHZ) Wednesday System Security April Group 6, 1 Agenda 1. Overview of Car
More informationVarious Attacks and their Countermeasure on all Layers of RFID System
Various Attacks and their Countermeasure on all Layers of RFID System Gursewak Singh, Rajveer Kaur, Himanshu Sharma Abstract RFID (radio frequency identification) system is one of the most widely used
More informationImplementation of biometrics, issues to be solved
ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationRelay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurélien Francillon, Boris Danev, Srdjan Čapkun 1 Modern Cars Evolution Increasing amount of electronics in cars For convenience
More information3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company
3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationRFID Security: Threats, solutions and open challenges
RFID Security: Threats, solutions and open challenges Bruno Crispo Vrije Universiteit Amsterdam crispo@cs.vu.nl 1 Table of Content RFID technology and applications Security Issues Privacy Proposed (partial)
More informationChytré karty opět o rok dál...
Chytré karty opět o rok dál... SmartCardForum 2010 Jan Němec Product expert, Gemalto Květen 2010 Agenda Chytré karty včera, dnes a zítra Úvod do problematiky NFC Integrace NFC do mobilních zařízení Java
More informationSecurity & Chip Card ICs SLE 44R35S / Mifare
Security & Chip Card ICs SLE 44R35S / Mifare Intelligent 1 Kbyte EEPROM with Interface for Contactless Transmission, Security Logic and Anticollision according to the MIFARE -System Short Product Info
More informationToday. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base
Important From Last Time A system is safety critical when its failure may result in injuries or deaths Verification and validation can dominate overall development effort Today Embedded system security
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationMASTER OF SCIENCE LEADERSHIP AND MANAGEMENT IN HEALTH
SCHOOL OF MANAGEMENT ROYAL HOLLOWAY - UNIVERSITY OF LONDON KINGSTON BUSINESS SCHOOL KINGSTON UNIVERSITY MASTER OF SCIENCE LEADERSHIP AND MANAGEMENT IN HEALTH FULL-TIME STUDENT HANDBOOK MODULE 1 ACADEMIC
More informationAbout Sectra Communications
Panthon About Sectra Communications We provide secure communication solutions for European government authorities, defence departments and other critical functions of society. We have a solid core expertise
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationEnabling the secure use of RFID
Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises
More informationRisks of Offline Verify PIN on Contactless Cards
Risks of Offline Verify PIN on Contactless Cards Martin Emms, Budi Arief, Nicholas Little, and Aad van Moorsel School of Computing Science, Newcastle University, Newcastle upon Tyne, UK {martin.emms,budi.arief,n.little,aad.vanmoorsel}@ncl.ac.uk
More informationChanges PN532_Breakout board
Changes PN532_Breakout board Document: Changes PN532_Breakout board Department / Faculty : TechnoCentrum - Radboud University Nijmegen Contact: René Habraken Date: 17 May 2011 Doc. Version: 1.0 Contents
More informationSecurity of Proximity Mobile Payments
Security of Proximity Mobile Payments A Smart Card Alliance Contactless and Mobile Payments Council White Paper Publication Date: May 2009 Publication Number: CPMC-09001 Smart Card Alliance 191 Clarksville
More informationData Protection Technical Guidance Radio Frequency Identification
Data Protection Technical Guidance Radio Frequency Identification This technical guidance note is aimed at those using or contemplating using RFID technology. It gives a brief summary of the technology
More informationMobile System Technologies Certification Program
Mobile System Technologies Certification Program This is the Mobile Computing Promotion Consortium s (MCPC) official certification program for engineers who wish to obtain deeper knowledge of and experience
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More information