"Tap it again, Sam": Harmonizing the frontiers between digital and real worlds in education

Lifelong leaners are intrinsically motivated to embed learning activities into daily life activities. Finding a suitable combination of the two is not trivial since lifelong learners have to face conflicts of time and location. Hence, lifelong learners normally build personal learning ecologies in those moments they set aside to learn making use of their available resources. On the other hand, the advent of Near Field Communication (NFC) technology facilitates the harmonization in the interactions between the digital world and daily physical spaces. Likewise, NFC enabled phones are becoming more and more popular. The contribution of this manuscript is threefold: first, scientific literature where NFC has been used with a direct or indirect purpose to learn is reviewed, and potential uses for lifelong learners are identified; based on these findings the Ecology of Resources for Lifelong Learning is presented as suitable setup for the scaffolding of learning activities with NFC augmented physical spaces; finally, this ecology is piloted and different learning scenarios are proposed for further extension

Mobile applications approaches using near field communication support

Nowadays, the society is constantly evolving technologically and new products and technologies appears every day. These technologies allow the well-being of societies and their populations. Mobile gadgets evolution, mainly the smartphones, has always been at the forefront, everyday new devices appear and with them, more recent technologies. These technologies provide a better quality of life of everybody who uses them. People need to have at their disposal a whole array of new features that make their life increasingly more easily. The use of gadgets to simplify the day-to-day is growing and for this people use all disposal types of devices, such as computers, laptops, file servers, smartphones, tablets, and among of others. With the need to use all these devices a problem appears, the data synchronization and a way to simplify the usage of smartphones. What is the advantage of having so much technology available if we need to concern about the interoperability between all devices? There are some solutions to overcome these problems, but most often the advantage brought by these technologies has associated some setup configurations and time is money. Near field communication (NFC) appeared in 2004 but only now has gained the market dominance and visibility, everybody wants to have a NFC based solution, like Google, Apple, Microsoft and other IT giants. NFC is the best solution to overcome some problems like, file synchronization, content sharing, pairing devices, and launch applications without user interaction. NFC arises as a technology that was forgotten, but it has everything to win in every global solutions and markets. In this dissertation two based solutions are presented, an application to transfer money using NFC and an application launcher. Both solutions are an innovation in market because there are nothing like these. A prototype of each application was build and tested. NFC Launcher is already in Android Market. NFC Launcher and Credit Transfer were built, evaluated and are ready for use

Smart healthcare for smart cities

Treball desenvolupat en el marc del programa "European Project Semester".The growing population around the world and increase of seniors, as well as a demand for high quality services create new problems and challenges, especially in a healthcare sector. Patient treatment is very often a difficult and time consuming process, however, in today’s society people lack time in every aspect of their lives. Shortage of medical staff is only deepening the problem of long waiting time needed to acquire medical assistance. To fulfil the requirements of patients, governments must invest into finding innovative, efficient and yet affordable solutions that will increase efficiency of healthcare systems. The aim of this paper is to describe how smart solutions can be implemented in order to cope with challenges of the healthcare sector. The research was focused on organisational and technological problems that are present in this sector. Though there are various existing solutions to these problems, which will be presented in this report, the main part of it will be devoted to description of the proprietary system that was developed by the team named Salutem, throughout the course of European Project Semester. The solution is a distributed system consisting of two main components, a Web Application and a Mobile Application that communicate with each other. The Web Application is aimed to provide a management tool for health centre employees, as well as an online reservation system for patients. It copes with a problem of long waiting time in queues to doctor’s office by finding an optimal time of a visit for each patient registered for a given doctor. This is done with use of self-learning Artificial Intelligence (AI) algorithm that is embedded in the system. The Mobile Application is using Near Field Communication(NFC) technology to monitor patients that come for a visit, which includes gathering time data that will be used for the process of AI learning. NFC is also used to instantly provide patient data to doctors once a patient is detected in a doctor’s office. The system was created to ensure security and privacy of patients’ data. The report will conclude with a summary of the system, gained experience and possible future development of the solution.Outgoin

MobileTrust: Secure Knowledge Integration in VANETs

Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy

SECURITY AND PRIVACY ASPECTS OF MOBILE PLATFORMS AND APPLICATIONS

Mobile smart devices (such as smartphones and tablets) emerged to dominant computing platforms for end-users. The capabilities of these convenient mini-computers seem nearly boundless: They feature compelling computing power and storage resources, new interfaces such as Near Field Communication (NFC) and Bluetooth Low Energy (BLE), connectivity to cloud services, as well as a vast number and variety of apps. By installing these apps, users can turn a mobile device into a music player, a gaming console, a navigation system, a business assistant, and more. In addition, the current trend of increased screen sizes make these devices reasonable replacements for traditional (mobile) computing platforms such as laptops. On the other hand, mobile platforms process and store the extensive amount of sensitive information about their users, ranging from the user’s location data to credentials for online banking and enterprise Virtual Private Networks (VPNs). This raises many security and privacy concerns and makes mobile platforms attractive targets for attackers. The rapid increase in number, variety and sophistication of attacks demonstrate that the protection mechanisms offered by mobile systems today are insufficient and improvements are necessary in order to make mobile devices capable of withstanding modern security and privacy threats. This dissertation focuses on various aspects of security and privacy of mobile platforms. In particular, it consists of three parts: (i) advanced attacks on mobile platforms and countermeasures; (ii) online authentication security for mobile systems, and (iii) secure mobile applications and services. Specifically, the first part of the dissertation concentrates on advanced attacks on mobile platforms, such as code re-use attacks that hijack execution flow of benign apps without injecting malicious code, and application-level privilege escalation attacks that allow malicious or compromised apps to gain more privileges than were initially granted. In this context, we develop new advanced code re-use attack techniques that can bypass deployed protection mechanisms (e.g., Address Space Layout Randomization (ASLR)) and cannot be detected by any of the existing security tools (e.g., return address checkers). Further, we investigate the problem of application-level privilege escalation attacks on mobile platforms like Android, study and classify them, develop proof of concept exploits and propose countermeasures against these attacks. Our countermeasures can mitigate all types of application-level privilege escalation attacks, in contrast to alternative solutions proposed in literature. In the second part of the dissertation we investigate online authentication schemes frequently utilized by mobile users, such as the most common web authentication based upon the user’s passwords and the recently widespread mobile 2-factor authentication (2FA) which extends the password-based approach with a secondary authenticator sent to a user’s mobile device or generated on it (e.g, a One-time Password (OTP) or Transaction Authentication Number (TAN)). In this context we demonstrate various weaknesses of mobile 2FA schemes deployed for login verification by global Internet service providers (such as Google, Dropbox, Twitter, and Facebook) and by a popular Google Authenticator app. These weaknesses allow an attacker to impersonate legitimate users even if their mobile device with the secondary authenticator is not compromised. We then go one step further and develop a general attack method for bypassing mobile 2FA schemes. Our method relies on a cross-platform infection (mobile-to-PC or PC-to-mobile) as a first step in order to compromise the Personal Computer (PC) and a mobile device of the same user. We develop proof-of-concept prototypes for a cross-platform infection and show how an attacker can bypass various instantiations of mobile 2FA schemes once both devices, PC and the mobile platform, are infected. We then deliver proof-of-concept attack implementations that bypass online banking solutions based on SMS-based TANs and visual cryptograms, as well as login verification schemes deployed by various Internet service providers. Finally, we propose a wallet-based secure solution for password-based authentication which requires no secondary authenticator, and yet provides better security guaranties than, e.g., mobile 2FA schemes. The third part of the dissertation concerns design and development of security sensitive mobile applications and services. In particular, our first application allows mobile users to replace usual keys (for doors, cars, garages, etc.) with their mobile devices. It uses electronic access tokens which are generated by the central key server and then downloaded into mobile devices for user authentication. Our solution protects access tokens in transit (e.g., while they are downloaded on the mobile device) and when they are stored and processed on the mobile platform. The unique feature of our solution is offline delegation: Users can delegate (a portion of) their access rights to other users without accessing the key server. Further, our solution is efficient even when used with constraint communication interfaces like NFC. The second application we developed is devoted to resource sharing among mobile users in ad-hoc mobile networks. It enables users to, e.g., exchange files and text messages, or share their tethering connection. Our solution addresses security threats specific to resource sharing and features the required security mechanisms (e.g., access control of resources, pseudonymity for users, and accountability for resource use). One of the key features of our solution is a privacy-preserving access control of resources based on FoF Finder (FoFF) service, which provides a user-friendly means to configure access control based upon information from social networks (e.g., friendship information) while preserving user privacy (e.g., not revealing their social network identifiers). The results presented in this dissertation were included in several peer-reviewed publications and extended technical reports. Some of these publications had significant impact on follow up research. For example, our publications on new forms of code re-use attacks motivated researchers to develop more advanced forms of ASLR and to re-consider the idea of using Control-Flow Integrity (CFI). Further, our work on application-level privilege escalation attacks was followed by many other publications addressing this problem. Moreover, our access control solution using mobile devices as access tokens demonstrated significant practical impact: in 2013 it was chosen as a highlight of CeBIT – the world’s largest international computer expo, and was then deployed by a large enterprise to be used by tens of thousands of company employees and millions of customers

Systematická analýza bankovních služeb pro studenty v České Republice

The aim of this bachelor thesis is to find out which criteria have for students the greatest importance on the current account selection and on the basis of this finding, determine which bank in the Czech Republic best meets the required criteria. Data is gathered via a quantitative approach using a questionnaire, from 133 students of a Technical University of Ostrava in the Czech Republic. These data are processed by multicriteria analysis, more precisely by the WSM and the AHP method. The multi-criteria decision making analysis revealed that current account price, availability of the ATMs and functionality of mobile banking have the biggest influence on students when choosing a current account and vice versa interest on the overdraft has the least important for students at all. These results should help students who will have an overview of the services provided by Czech banks, as well as banks that, based on student preferences, can better meet the needs of students and thus attract more customers.Cílem této bakalářské práce je zjistit, která kritéria mají pro studenty největší význam při výběru běžného účtu a na základě tohoto zjištění určit, která banka v České republice nejlépe splňuje požadovaná kritéria. Data jsou získávána pomocí kvantitativního přístupu pomocí dotazníku 133 studentů Technické univerzity Ostrava v České republice. Tato data jsou zpracována multikriteriální analýzou, přesněji metodou WSM a AHP. Analýza multikriteriálního rozhodování ukázala, že cena běžného účtu, dostupnost bankomatů a funkčnost mobilního bankovnictví mají největší vliv na studenty při volbě běžného účtu a naopak úroky z kontokorentu mají pro studenty nejméně význam. Tyto výsledky by měly pomoci studentům, kteří budou mít přehled o službách poskytovaných českými bankami, stejně jako bankám, které na základě preferencí studentů lépe uspokojí potřeby studentů a přitáhnou tak více zákazníků.154 - Katedra financívýborn

DebAuthn: a Relying Party Implementation as a WebAuthn Authenticator Debugging Tool

[Abstract] Passwords as an authentication method have become vulnerable to numerous attacks. During the last few years, the FIDO Alliance and the W3C have been working on a new authentication method based on public key cryptography and hardware authenticators, which avoids attacks like phishing or password stealing. This degree thesis focuses on the development of a web application as a flexible testing and debugging environment for developers and researchers of the protocol, still under development. Moreover, the developed tool is used for testing the most relevant hardware authenticators, showcasing their main characteristics.[Resumo] Os contrasinais como método de autentificación volvéronse vulnerables a numerosos ataques. Durante os últimos anos, a FIDO Alliance e a W3C estiveron traballando nun novo sistema de autentificación baseado en criptografía de chave pública e autentificadores hardware, o que evita ataques como phishing ou roubo de contrasinais. Este traballo de fin de grao céntrase no desenvolvemento dunha aplicación web como un entorno flexible de probas e depuración para desenvolvedores e investigadores do protocolo, aínda en desenvolvemento. Ademais, a ferramenta desenvolvida é usada para probar os autentificadores hardware máis relevantes, mostrando as súas características principais

Tap it again, Sam: Harmonizing personal environments towards lifelong learning

The increasing number of mobile vendors releas- ing NFC-enabled devices to the market and their prominent adoption has moved this technology from a niche product to a product with a large market-share. NFC facilitates natural interactions between digital world and physical learning environments. The scaffolding of learning ecologies is a key aspect for lifelong learners in their challenge to integrate learning activities into busy daily life. The contribution of this manuscript is twofold: first, a review of scientific litera- ture in which NFC has been used with a direct or indirect purpose to learn is presented, and potential uses for learners are classified according to their type of interaction; based on these findings the NFC MediaPlayer is presented as an instantiation of an ecology of resources (EoR) in a lifelong learning context. Finally, shortcomings and best practices are highlighted in the conclusions, and future work is discussed