The Forgotten Signature: An Observational Study on Policy of Securing Identity in Prevention of Identity Theft and Credit/Debit Card Fraud at Retail Store POS Terminals

Identity theft and credit and bank card fraud is increasing in America and worldwide. Given the current statistics of its prevalence and practices around the world, many in government are starting to take critical notice due to its impact on a nation’s economy. Limited amounts of research have been conducted regarding the practices of applying the Routine Activities Theory (Cohen & Felson, 1979) to better equip store managers in understanding the critical need for capable and effective point of sale guardianship for in-store prevention of credit or bank card fraud due to identity theft. This research has used qualitative observational studies to investigate the presence of or lack of capable guardianship at point of sales transactions in large department stores where a majority of in-store credit and bank card fraud loss occurs. Findings conclude an overwhelming lack of capable guardianship at retail store POS terminals

A versatile data acquisition system for capturing electromagnetic emissions in VHF band

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This research investigates the occurrence of EM emissions from compressed rock and assesses their value as precursors to earthquakes. It is understood that electromagnetic emissions are accompanied by crack generation in the Earth's crust, and effort has been targeted on the analysis of electromagnetic signals preceding seismic events. There is a need for a robust Data Acquisition System for the reliable collection of such signals. The design and deployment of a novel system form part of this research. The EM data collected by the Data Acquisition System is subsequently analysed and correlations are made with natural phenomena. The design of the Data Acquisition System is presented and meets a specification which includes accuracy, robustness, power consumption, remote configurability achieved by the development of a novel architecture for flash memories which significantly increases the live span of these devices. The measuring of electromagnetic emissions should be performed by reliable systems, using devices that fully correspond to the specifications set by the needs of this research. This type of systems is not fully covered by existing commercial devices. These prototype VHF field stations (ground base - electromagnetic variation monitors in VHF band) are located around the Hellenic Are. This region is one of the most seismically active regions in western Eurasia due to subduction of the oceanic African lithosphere beneath the Eurasian plate. After approximately two years of electromagnetic VHF data collection, the final stage of this project took place. In this stage, possible correlation between naturally occurring electromagnetic emissions in VHF band and seismic events within a predefined radius around the observation location is investigated. Supplementary, effects of alternative electromagnetic sources, such as solar activity, is considered. Whilst EM emissions from compressed rocks can be demonstrated in the laboratory, it was found from a two-year evaluation that no reliable correlation with earthquake events could be established. However, significant patterns of activity were detected in EM spectrum and it was shown that these correlate strongly with other naturally occurring phenomena such as solar flares. The Data Acquisition System as developed in this thesis has related applications in long term and remote sensing operations including meteorology, environmental analysis and surveillance.Funding was obtained from the National Foundation of Scholarships (I. K. Y.), and co-funded by the European Social Fund and National Resources - (EPEAEK II) ARXIMIDIS

Analysing and Improving the Security of Contactless Payment Cards

Europay, MasterCard, and Visa (EMV) is the most used payment protocol around the world with 85.9% of the payment cards in the EU and the UK being EMV based cards in 2019. The EMV payment protocol has made contactless transactions faster and more convenient for cardholders as they only need to place the card next to the Point of Sale (POS) to make a payment. According to the latest report of the UK Finance, the total value of contactless card transactions in 2019 was higher than the cash ones for the first time ever. On the other hand, the introduction of the wireless interface in the EMV contactless transactions opens the door for several attacks to be launched on contactless cards such as skimming, eavesdropping, replay, and relay attacks. Since April 2020, the limit of contactless transactions has increased to £45 as a response to the Covid-19 crisis. This might create an extra motivation for launching more attackers on contactless cards. This thesis is primarily concerned with investigating and analysing the security of contactless card’s payments and uncovering the impact of key vulnerabilities in the EMV contactless card specifications. The two main vulnerable are the one-way authentication methods and the lack of cardholder verification in such transactions. The thesis also proposes the following four practical protocols to improve the security and the privacy of the EMV contactless cards. 1- A new tokenization protocol to replace the actual Primary Account Number (PAN) with a token to prevent the EMV contactless cards from revealing the actual PAN. 2- A mutual authentication protocol to address the vulnerabilities related to the EMV one-way card authentication methods in the EMV payment protocol. 3- A novel gyroscope sensor into EMV contactless cards to be used for activating the cards by perfuming a simple move by the cardholder. 4- A protocol to use cardholders’ NFC enabled smartphones to activate contactless cards. The two main aims of these four proposed protocols are to prevent such cards from being read by unauthorised NFC enabled readers/smartphones and to give cardholders more control of their contactless cards in order to prevent several attacks. Moreover, the thesis also describes a Java framework to mimic a genuine EMV contactless card and validate the four proposed solutions. The thesis argues that the first two proposed solutions require minimal changes to the existing EMV infrastructures and do not have any impact on the user’s experience while the last two proposed solutions require some changes the users’ experience when making contactless card transactions

Mobile application for filing of and payment for Intellectual Property Rights using QR code: case of Kenya industrial property institute

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore UniversityEnsuring secure transmission of sensitive data and payment of transaction fees has been one of the challenges affecting customers and businesses. Intellectual Property (IP) field is one such area that has faced such challenge. Over the years, IP has grown in importance, attracting greater interest and increased need by inventors and other IP rights holders to seek protection of their inventions and other IP rights. To ensure protection of these rights, applicants are required to file their applications at IP offices and remit various fees during the examination process, as well as pay annual maintenance fee for the protection to remain valid. While filing for IP rights, applicants face security challenge, as their IP data can be intercepted while in transit or be exposed to third parties thus compromising their inventions. In addition, while making payment of IP fees, they face challenges such as delayed transactions and platform incompatibility. On the other hand, IP offices are susceptible to loss of revenue as a result of less-than-secure payment methods used. Hence, this study aimed at establishing how proximity/contactless technology could be incorporated into mobile-based devices to support secure mobile filing of and payment systems for IP rights. This research therefore proposed a process to develop a QR code-based mobile application that would facilitate speedy and secure filing and transmission of IP data as well as settlement of payments by IP rights holders to IP offices. Consequently, a functional mobile application that can generate a QR code, post the same to a remote server and make payment by scanning a QR code is presented. Additionally, a simple web page is provided to present the submitted information which has been encoded in QR format. Data collection was achieved by means of questionnaires and review of secondary data sources. The study was conducted in line with ethical practices as specified by the University rules and regulations

A Survey of Practical Formal Methods for Security

In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking, and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared, and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems, and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends, and directions of research within this field

New Card Technologies in Retail Banking: Competition and Collaboration in the 1990s

This thesis examines the alternative bank card technologies being considered for retail banking in the UK in the 1990s. Influential organisations suggest that this technology needs updating, and various new technologies are being developed. The thesis identifies the most influential organisations within four groups considered key for retail banking technology: the technology supply industry, the adopting industry, the market and other key players. The observations and analysis in this thesis are based on information provided by each of these four key groups, through written Surveys, face-to-face and telephone interviews, and from a range of written sources. A selection of past and present bank card trials are also described, with particular focus on the introduction of smart card technology. Results confirm that the innovation process in the retail banking industry accords with a highly interactive model, with feedback loops throughout the innovation process. The adopting industry is seen to follow the innovation process in the opposite direction to that experienced in manufacturing industry. Thus, smaller incremental innovations eventually lead to more radical changes which effect complete systems change on a national basis - a ‘reverse cycle’ model of innovation. The thesis analyses the evolution of competitive and cooperative strategies, particularly between banks and their collective organisations, building societies and retailers. The thesis concludes that the dominant institutions driving card technology innovation and standards globally are the international debit and credit card corporations Mastercard, VISA and Europay, operating through their organisation EMV. In the UK, the major clearing banks, and their ABACS organisation, and the large retailers are also key actors. The thesis suggests that smart card is the most likely to be adopted

A versatile data acquisition system for capturing electromagnetic emissions in VHF band

This research investigates the occurrence of EM emissions from compressed rock and assesses their value as precursors to earthquakes. It is understood that electromagnetic emissions are accompanied by crack generation in the Earth's crust, and effort has been targeted on the analysis of electromagnetic signals preceding seismic events. There is a need for a robust Data Acquisition System for the reliable collection of such signals. The design and deployment of a novel system form part of this research. The EM data collected by the Data Acquisition System is subsequently analysed and correlations are made with natural phenomena. The design of the Data Acquisition System is presented and meets a specification which includes accuracy, robustness, power consumption, remote configurability achieved by the development of a novel architecture for flash memories which significantly increases the live span of these devices. The measuring of electromagnetic emissions should be performed by reliable systems, using devices that fully correspond to the specifications set by the needs of this research. This type of systems is not fully covered by existing commercial devices. These prototype VHF field stations (ground base - electromagnetic variation monitors in VHF band) are located around the Hellenic Are. This region is one of the most seismically active regions in western Eurasia due to subduction of the oceanic African lithosphere beneath the Eurasian plate. After approximately two years of electromagnetic VHF data collection, the final stage of this project took place. In this stage, possible correlation between naturally occurring electromagnetic emissions in VHF band and seismic events within a predefined radius around the observation location is investigated. Supplementary, effects of alternative electromagnetic sources, such as solar activity, is considered. Whilst EM emissions from compressed rocks can be demonstrated in the laboratory, it was found from a two-year evaluation that no reliable correlation with earthquake events could be established. However, significant patterns of activity were detected in EM spectrum and it was shown that these correlate strongly with other naturally occurring phenomena such as solar flares. The Data Acquisition System as developed in this thesis has related applications in long term and remote sensing operations including meteorology, environmental analysis and surveillance.EThOS - Electronic Theses Online ServiceNational Foundation of Scholarships (I.K.Y.)European Social Fund and National Resources - (EPEAEK II) ARXIMIDISGBUnited Kingdo

Design of smart card enabled protocols for micro-payment and rapid application development builder for e-commerce.

by Tsang Hin Chung.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 118-124).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Authentication and Transaction Protocol --- p.2Chapter 1.2 --- E-Commerce Enabler --- p.3Chapter 2 --- Literature Review --- p.4Chapter 2.1 --- Cryptographic Preliminaries --- p.4Chapter 2.1.1 --- One-Way Hash Function --- p.4Chapter 2.1.2 --- Triple DES --- p.5Chapter 2.1.3 --- RSA --- p.7Chapter 2.1.4 --- Elliptic Curve --- p.8Chapter 2.2 --- Smart Cards --- p.8Chapter 2.2.1 --- Smart Card Operating Systems --- p.11Chapter 2.2.2 --- Java Card --- p.12Chapter 2.3 --- Authentication Protocol --- p.14Chapter 2.3.1 --- Properties --- p.15Chapter 2.3.2 --- Survey --- p.16Chapter 2.4 --- Transaction Protocol --- p.19Chapter 2.5 --- BAN Logic --- p.20Chapter 2.5.1 --- Notation --- p.20Chapter 2.5.2 --- Logical Postulates --- p.22Chapter 2.5.3 --- Protocol Analysis --- p.25Chapter 3 --- Authentication Protocol --- p.26Chapter 3.1 --- Formulation of Problem --- p.26Chapter 3.2 --- The New Idea --- p.27Chapter 3.3 --- Assumptions --- p.29Chapter 3.4 --- Trust Model --- p.29Chapter 3.5 --- Protocol --- p.30Chapter 3.5.1 --- Registration --- p.30Chapter 3.5.2 --- Local Authentication --- p.31Chapter 3.5.3 --- Remote Authentication --- p.33Chapter 3.5.4 --- Silent Key Distribution Scheme --- p.35Chapter 3.5.5 --- Advantages --- p.37Chapter 3.6 --- BAN Logic Analysis --- p.38Chapter 3.7 --- Experimental Evaluation --- p.43Chapter 3.7.1 --- Configuration --- p.44Chapter 3.7.2 --- Performance Analysis --- p.45Chapter 4 --- Transaction Protocol --- p.51Chapter 4.1 --- Assumptions --- p.52Chapter 4.2 --- Protocol --- p.55Chapter 4.3 --- Conflict Resolution Policy --- p.58Chapter 4.4 --- Justifications --- p.58Chapter 4.5 --- Experimental Evaluation --- p.59Chapter 4.5.1 --- Configuration --- p.59Chapter 4.5.2 --- Performance Analysis --- p.60Chapter 5 --- E-Commerce Builder --- p.65Chapter 5.1 --- Overview --- p.66Chapter 5.2 --- Design of Smart RAD --- p.68Chapter 5.2.1 --- Mechanism --- p.68Chapter 5.2.2 --- Java Card Layer --- p.69Chapter 5.2.3 --- Host Layer --- p.71Chapter 5.2.4 --- Server Layer --- p.72Chapter 5.3 --- Implementation --- p.73Chapter 5.3.1 --- Implementation Reflection --- p.73Chapter 5.3.2 --- Implementation Issues --- p.76Chapter 5.4 --- Evaluation --- p.77Chapter 5.5 --- An Application Example: Multi-MAX --- p.79Chapter 5.5.1 --- System Model --- p.79Chapter 5.5.2 --- Design Issues --- p.80Chapter 5.5.3 --- Implementation Issues --- p.80Chapter 5.5.4 --- Evaluation --- p.84Chapter 5.6 --- Future Work --- p.89Chapter 6 --- Conclusion --- p.91Chapter A --- Detail Experimental Result --- p.93Chapter A.1 --- Authentication Time Measurement --- p.94Chapter A.2 --- On-Card and Off-Card Computation Time in Authentication --- p.95Chapter A.3 --- Authentication Time with Different Servers --- p.96Chapter A.4 --- Transaction Time Measurement --- p.97Chapter A.5 --- On-card and Off-card Computation Time in Transaction --- p.97Chapter B --- UML Diagram --- p.99Chapter B.1 --- Package cuhk.cse.demo.applet --- p.99Chapter B.2 --- Package cuhk.cse.demo.client --- p.105Chapter B.3 --- Package server --- p.110Chapter C --- Glossary and Abbreviation --- p.115Bibliography --- p.11