SoK: Design, Vulnerabilities and Defense of Cryptocurrency Wallets

The rapid growth of decentralized digital currencies, enabled by blockchain technology, has ushered in a new era of peer-to-peer transactions, revolutionizing the global economy. Cryptocurrency wallets, serving as crucial endpoints for these transactions, have become increasingly prevalent. However, the escalating value and usage of these wallets also expose them to significant security risks and challenges. This research aims to comprehensively explore the security aspects of cryptocurrency wallets. It provides a taxonomy of wallet types, analyzes their design and implementation, identifies common vulnerabilities and attacks, and discusses defense mechanisms and mitigation strategies. The taxonomy covers custodial, non-custodial, hot, and cold wallets, highlighting their unique characteristics and associated security considerations. The security analysis scrutinizes the theoretical and practical aspects of wallet design, while assessing the efficacy of existing security measures and protocols. Notable wallet attacks, such as Binance, Mt. Gox are examined to understand their causes and consequences. Furthermore, the paper surveys defense mechanisms, transaction monitoring, evaluating their effectiveness in mitigating threats

Security and Privacy of Radio Frequency Identification

Tanenbaum, A.S. [Promotor]Crispo, B. [Copromotor

Usability in biometric recognition systems

Mención Internacional en el título de doctorBiometric recognition, which is a technology already mature, grows nowadays in several contexts, including forensics, access controls, home automation systems, internet, etc. Now that technology is moving to mobile scenarios, biometric recognition is being also integrated in smartphones, tablets and other mobile devices as a convenient solution for guaranteeing security, complementing other methods such as PIN or passwords. Nevertheless, the use of biometric recognition is not as spread as desired and it is still unknown for a wide percentage of the population. It has been demonstrated [1] that some of the possible reasons for the slow penetration of biometrics could be related to usability concerns. This could lead to various drawbacks like worst error rates due to systems misuses and it could end with users rejecting the technology and preferring other approaches. This Thesis is intended to cover this topic including a study of the current state of the art, several experiments analysing the most relevant usability factors and modifications to a usability evaluation methodology. The chosen methodology is the H-B interaction, carried out by Fernandez-Saavedra [2], based on the ISO/IEC 19795 [3], the HBSI [4], the ISO 9241-210 [5] and on Common Criteria [6]. Furthermore, this work is focused on dealing with accessibility concerns in biometric recognition systems. This topic, usually included into the usability field, has been addressed here separately, though the study of the accessibility has followed the same steps as the usability study: reviewing the state of the art, pointing and analysing the main influential factors and making improvements to the state of the art. The recently published standard EN 301 549 – “Accessibility requirements suitable for public procurement of ICT products and services in Europe” [7] has been also analysed. These two topics have been overcome through the well-known user-centric-design approach. In this way, first the influential factors have been detected. Then, they have been isolated (when possible) and measured. The results obtained have been then interpreted to suggest new updates to the H-B interaction. This 3-steps approach has been applied cyclically and the factors and methodology updated after each iteration. Due to technology and usability trends, during this work, all the systems/applications developed in the experiments have been thought to be mobile directly or indirectly. The biometric modalities used during the experiments performed in this Thesis are those pointed as suitable for biometric recognition in mobile devices: handwritten recognition signature, face and fingerprint recognition. Also, the scenarios and the applications used are in line with the main uses of biometrics in mobile environments, such as sign documents, locking/unlocking devices, or make payments. The outcomes of this Thesis are intended to guide future developers in the way of designing and testing proper usable and accessible biometrics. Finally, the results of this Thesis are being suggested as a new International Standard within ISO/IEC/JTC1/SC37 – Biometric Recognition, as standardization is the proper way of guaranteeing usability and accessibility in future biometric systems. The contributions of this Thesis include: • Improvements to the H-B interaction methodology, including several usability evaluations. • Improvements on the accessibility of the ICT (Information and Communications Technology) products by means of the integration of biometric recognition systems • Adaptation and application of the EN 301 549 to biometric recognition systems.El reconocimiento biométrico, que es una tecnología ya madura, crece hoy en día en varios contextos, incluyendo la medicina forense, controles de acceso, sistemas de automatización del hogar, internet, etc. Ahora que la tecnología se está moviendo a los escenarios móviles, el reconocimiento biométrico está siendo también integrado en los teléfonos inteligentes, tabletas y otros dispositivos móviles como una solución conveniente para garantizar la seguridad, como complemento de otros métodos de seguridad como el PIN o las contraseñas. Sin embargo, el uso del reconocimiento biométrico es todavía desconocido para un amplio porcentaje de la población. Se ha demostrado [1] que algunas de las posibles razones de la lenta penetración de la biometría podrían estar relacionadas con problemas de usabilidad. Esto podría dar lugar a diversos inconvenientes, ofreciendo un rendimiento por debajo de lo esperado debido al mal uso de los sistemas y podría terminar con los usuarios rechazando la tecnología y prefiriendo otros enfoques. Esta tesis doctoral trata este tema incluyendo un estudio del estado actual de la técnica, varios experimentos que analizan los factores de usabilidad más relevantes y modificaciones a una metodología de evaluación de la usabilidad, la "H-B interaction" [2] basada en la ISO / IEC 19795 [3], el HBSI [4], la ISO 9241 [5] y Common Criteria [6]. Además, este trabajo se centra también en los problemas de accesibilidad de los sistemas de reconocimiento biométrico. Este tema, que por lo general se incluye en el campo de la usabilidad, se ha tratado aquí por separado, aunque el estudio de la accesibilidad ha seguido los mismos pasos que el estudio de usabilidad: revisión del estado del arte, análisis de los principales factores influyentes y propuesta de cambios en la metodología H-B interaction. Han sido también analizados los requisitos de accesibilidad para las Tecnologías de la Información y la Comunicación (TIC) en Europa, bajo la norma EN 301 549 [7]. Estos dos temas han sido estudiados a través de un enfoque centrado en el usuario (User Centric Design - UCD). De esta manera, se han detectado los factores influyentes. A continuación, dichos factores han sido aislados (cuando ha sido posible) y medidos. Los resultados obtenidos han sido interpretados para sugerir nuevos cambios a la metodología H-B interaction. Este enfoque de 3 pasos se ha aplicado de forma cíclica a los factores y a la metodología después de cada iteración. Debido a las tendencias tecnológicas y de usabilidad, durante este trabajo, todos los sistemas / aplicaciones desarrolladas en los experimentos se han pensado para ser móviles, directa o indirectamente. Las modalidades utilizadas durante los experimentos realizados en esta tesis doctoral son las que se señalaron como adecuados para el reconocimiento biométrico en dispositivos móviles: la firma manuscrita, la cara y el reconocimiento de huellas dactilares. Además, los escenarios y las aplicaciones utilizadas están en línea con los principales usos de la biometría en entornos móviles, como la firma de documentos, el bloqueo / desbloqueo de dispositivos, o hacer pagos. Los resultados de esta tesis tienen como objetivo orientar a los futuros desarrolladores en el diseño y evaluación de la usabilidad y la accesibilidad en los sistemas de reconocimiento biométrico. Por último, los resultados de esta tesis doctoral se sugerirán como un nuevo estándar de ISO / IEC / JTC1 / SC37 - Biometric Recognition, ya que la normalización es la manera adecuada de garantizar la usabilidad y la accesibilidad en los futuros sistemas biométricos. Las contribuciones de esta tesis incluyen: • Mejora de la metodología de evaluación H-B interaction, incluyendo varias evaluaciones de usabilidad. • Mejora de la accesibilidad de los sistemas de información / electrónicos mediante la integración de sistemas biométricos y varias evaluaciones. • Adaptación y aplicación de la norma de accesibilidad EN 301 549 al campo de los sistemas biométricos.Programa Oficial de Doctorado en Ingeniería Eléctrica, Electrónica y AutomáticaPresidente: Patrizio Campisi.- Secretario: Enrique Cabellos Pardo.- Vocal: Marcos Faundez Zanu

On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin

RFID Technology in Intelligent Tracking Systems in Construction Waste Logistics Using Optimisation Techniques

Construction waste disposal is an urgent issue for protecting our environment. This paper proposes a waste management system and illustrates the work process using plasterboard waste as an example, which creates a hazardous gas when land filled with household waste, and for which the recycling rate is less than 10% in the UK. The proposed system integrates RFID technology, Rule-Based Reasoning, Ant Colony optimization and knowledge technology for auditing and tracking plasterboard waste, guiding the operation staff, arranging vehicles, schedule planning, and also provides evidence to verify its disposal. It h relies on RFID equipment for collecting logistical data and uses digital imaging equipment to give further evidence; the reasoning core in the third layer is responsible for generating schedules and route plans and guidance, and the last layer delivers the result to inform users. The paper firstly introduces the current plasterboard disposal situation and addresses the logistical problem that is now the main barrier to a higher recycling rate, followed by discussion of the proposed system in terms of both system level structure and process structure. And finally, an example scenario will be given to illustrate the system’s utilization