Preventing Man-in-the-Middle Attacks in Near Field Communication by Out-of-Band Key Exchange

Near Field Communication (NFC) is an RFID based proximity communication technology. The extensive use of NFC technology for popular and sensitive applications such as financial transactions and content sharing necessitates the implementation of secure transmission standards for data exchange. NFC-SEC is one such set of cryptographic standards that extends NFC to provide better security. However, NFC is still susceptible to Man-in-the-Middle (MITM) attacks due to the lack of device authentication, which in turn allows for masquerading and other attacks. Inclusion of a certification authority has commonly been proposed to resolve this issue at the cost of significant additional communication overhead. In this thesis, we first demonstrate a practical MITM attack on an NFC-SEC communication session. We then present NonceCrypt, a light-weight countermeasure against this class of attacks. NonceCrypt addresses the vulnerability of NFC-SEC by an added step of authentication over a secure out-of-band communication channel. We implement NonceCrypt on an Arduino platform and evaluate its implementation cost and runtime overhead in a set of experiments. Results indicate that the increase memory and time overhead for this scheme are negligible. It avoids involving any additional entities in the communication and is based on a flexible implementation scheme that can be used for both smartphones and contactless cards

The Ticker, February 13, 2018

The Ticker is the student newspaper of Baruch College. It has been published continuously since 1932, when the Baruch College campus was the School of Business and Civic Administration of the City College of New York

A secure localization framework of RAIN RFID objects for ambient assisted living

Internet of things (IoT) is currently on our doorsteps. Numerous domains have beneted from this technology. It ranges from a simple application such as identifying an object up to handling a more complex system. The Radio Frequency IDentication (RFID) is one of the enabling technologies that drive the IoT to its position today. It is small, cheap and does not require any additional power sources. Along with its ubiquitous functionality, this technology enables the positioning of an object within a specic area. Ambient Assisted Living (AAL) is one of the many domains that benet from the IoT. It aims at assisting elderly people in their daily routines by providing new assistive services in smart homes for instance. RFIDs in a smart home come as a great help to an elderly person, for example, to nd an object that they misplaced. However, even with all its benets in simplifying our lives, it is unfortunately double-edged where the advantage that it brings to an object could in turn go against itself. Indeed to be able to help the older adults to locate an object, the system requires certain data in relation to the positioning of the object and its identication. As the passive RFID tag coverage is very small, once its presence is detected, it is dicult to hide it. The ability of this technology in localizing objects gives an opportunity to a third person to take an advantage of the system. In parallel with the persistent and constant need of privacy and secrecy by the users, the objective of this thesis consists of improving the privacy in localizing an object through a new protocol based on the latest version of the RFID second generation passive tag. The proposed protocol must be able to prevent an object from being identied and located by unauthorized parties or a malicious reader. The rst contribution of this work is the assessment of the RFID anti collision management. It is performed through the creation of an OMNET++ framework, modelled and built based on the latest RFID standard developed by GS1 and incorporated by ISO/IEC called Gen2V2 (RFID class 2 Generation 2 Version 2). It is a passive RFID tag that does not require any internal power sources to operate. It communicates using the UHF frequency. The Gen2V2 standard provides a list of cryptographical suites that can be used as a method to authenticate a tag and a reader. This new generation of tags is supported by an alliance of manufacturers called RAIN (RAdio frequency IdenticatioN) that promotes the adoption of the Gen2V2. The anti collision management overall performance is then compared with its theoretical value and four of its cryptographical suites namely PRESENT80, XOR, AES128 and cryptoGPS. Among the performances evaluated within the framework is the number of collisions and the duration required to interrogate a group of tags. Note that an addition of a localization functionality within the framework reveals that exchanged messages through wireless channel prior to the authentication can lead to a malicious localization of an object. To increase the localization privacy within AAL application, we propose therefore a second contribution which is a new localization method that is based on the current Gen2V2 standard exchanges by anonymizing the tag identity

Usability and Security in Medication. Administration Applications

The traditional process of filling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicinechart. This process can be very strenuous and error-prone, given the number of sub-tasksinvolved in the entire workflow and the dynamic nature of the work environment.Therefore, efforts are being made to digitalise the medication dispensation process byintroducing a mobile application called Smart Dosing application. The introduction ofthe Smart Dosing application into hospital workflow raises security concerns and callsfor security requirement analysis. This thesis is written as a part of the smart medication management project at EmbeddedSystems Laboratory, A˚bo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modifications to the tray design and the workflow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users find it convenient and make less errors while using it. The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis first understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workflow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive state-of-the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or fix them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.Siirretty Doriast

Sailing New Seas

This Newport paper presents the ideas of one of the Navy\u27s most senior leaders. Admiral Reason\u27s topic is the course the United States Navy should steer in the typhoon of change characterizing today\u27s and tomorrow\u27s world. Admiral Reason proposes a new way to think about the fleet as a whole, one that discards the industrial age model in favor of the flight deck paradigm of a high-performance organization operating at the edge of chaos.https://digital-commons.usnwc.edu/usnwc-newport-papers/1013/thumbnail.jp

Accounting trends and techniques, 59th annual survey, 2005 edition

https://egrove.olemiss.edu/aicpa_att/1050/thumbnail.jp