Secure Method Invocation in JASON

We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arbitrary number of smart cards, terminals and back-office systems over the Internet

The role of IT/IS in combating fraud in the payment card industry

The vast growth of the payment card industry (PCI) in the last 50 years has placed the industry in the centre of attention, not only because of this growth, but also because of the increase of fraudulent transactions. The conducted research in this domain has produced statistical reports on detection of fraud, and ways of protection. On the other hand, the relevant body of research is quite partial and covers only specific topics. For instance, the provided reports related to losses due to fraudulent usage of cards usually do not present the measures taken to combat fraud nor do they explain the way fraud happens. This can turn out to be confusing and makes one believe that card usage can be more negative than positive. This paper is intended to provide accumulative and organized information of the efforts made to protect businesses from fraud. We try to reveal the effectiveness and efficiency of the current fraud combating techniques and show that organized worldwide efforts are needed to take care of the larger part of the problem. The research questions that will be addressed in the paper are: 1) how can IT/IS help in combating fraud in the PCI?, and 2) is the implemented IT/IS effective and efficient enough to bring progress in combating fraud? Our research methodology is based on a case study conducted in a Macedonian bank. The research is explorative and will be mostly qualitative in nature; however some quantitative aspects will be included. The findings indicate that fraud can take up many forms. A classification of the different forms of data theft into different fraudulent appearances was made. We showed that the benefits from implementing the fraud reduction efforts are multiple. Results show that a bank has to be very small to experience losses from fixed expenditures coming from the implementation of the fraud reduction IT/IS. Medium-sized and large banks should not even see any problems arising from those expenditures. Based on the empirical data and the presented facts we can conclude that the fraud reduction IT/IS do have a positive effect on all sides of the payment process and fulfills the expectations of all stakeholders

Denial of Service in Voice Over IP Networks

In this paper we investigate denial of service (DoS) vulnerabilities in Voice over IP (VoIP) systems, focusing on the ITU-T H.323 family of protocols. We provide a simple characterisation of DoS attacks that allows us to readily identify DoS issues in H.323 protocols. We also discuss network layer DoS vulnerabilities that affect VoIP systems. A number of improvements and further research directions are proposed

Anonymous subject identification and privacy information management in video surveillance

The widespread deployment of surveillance cameras has raised serious privacy concerns, and many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. Of equal importance are the privacy and efficiency of techniques to first, identify those individuals for privacy protection and second, provide access to original surveillance video contents for security analysis. In this paper, we propose an anonymous subject identification and privacy data management system to be used in privacy-aware video surveillance. The anonymous subject identification system uses iris patterns to identify individuals for privacy protection. Anonymity of the iris-matching process is guaranteed through the use of a garbled-circuit (GC)-based iris matching protocol. A novel GC complexity reduction scheme is proposed by simplifying the iris masking process in the protocol. A user-centric privacy information management system is also proposed that allows subjects to anonymously access their privacy information via their iris patterns. The system is composed of two encrypted-domain protocols: The privacy information encryption protocol encrypts the original video records using the iris pattern acquired during the subject identification phase; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of our framework

Mobipag: integrated mobile payment, ticketing and couponing solution based on NFC

The adoption of mobile payment systems is known to face multiple concerns regarding security, usability and value proposition. In this work, we start from the assumption that initial acceptance will always be weak because of the lack of an established usage frame. Instead, we focus on understanding how we can leverage upon the real contact with the technology to create a solid path for gradual acceptance through the development of new practices and the increasing perception of value. In this study, we report on our findings with a real-world prototype of a NFC-based payment system. We identify a set of design lessons that may help to improve the initial phases of NFC-based payment deployments and provide a path for the adoption that focuses on positive initial user experiences and early adoption scenarios.This work was co-funded by ”Agˆencia de Inovac¸ ˜ao” and the national QREN program through the COMPETE program, under the project MOBIPAG - National Initiative for Mobile Payments (project 13847)

Towards Quantum Communication from Global Navigation Satellite System

Satellite-based quantum communication is an invaluable resource for the realization of a quantum network at the global scale. In this regard, the use of satellites well beyond the low Earth orbits gives the advantage of long communication time with a ground station. However, high-orbit satellites pose a great technological challenge due to the high diffraction losses of the optical channel, and the experimental investigation of such quantum channels is still lacking. Here, we report on the first experimental exchange of single photons from Global Navigation Satellite System at a slant distance of 20000 kilometers, by exploiting the retroreflector array mounted on GLONASS satellites. We also observed the predicted temporal spread of the reflected pulses due to the geometrical shape of array. Finally, we estimated the requirements needed for an active source on a satellite, aiming towards quantum communication from GNSS with state-of-the-art technology.Comment: Revte