Security Analysis of an Ultra-lightweight RFID Authentication Protocol for M-commerce

Over the last few years, more people perform their social activities on mobile devices, such as mobile payment or mobile wallet. Mobile commerce (m-commerce) refers to manipulating electronic commerce (e-commerce) by using mobile devices and wireless networks. Radio frequency identification(RFID) is a technology which can be employed to complete payment functions on m-commerce. As an RFID subsystem is applied in m-commerce and supply chains, the related security concerns is very important. Recently, Fan et al. have proposed an ultra-lightweight RFID authentication scheme for m-commerce(ULRAS) and claimed that their protocol is enough efficient, and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve the Fan et al. protocol to present a new one, which is resistant to the mentioned attacks presented in this paper and the other known attacks in the context of RFID authentication. Our proposed improvement does not impose any additional workload on the RFID tag

Lightweight Props on the Weak Security of EPC Class-1 Generation-2 Standard

In 2006 EPCglobal and the International Organization for Standards (ISO) ratified the EPC Class-1 Generation-2 (Gen-2) [1] and the ISO 18000-6C standards [2], respectively. These efforts represented major advancements in the direction of universal standardization for low-cost RFID tags. However, a cause for concern is that security issues do not seem to be properly addressed. In this paper, we propose a new lightweight RFID tag-reader mutual authentication scheme for use under the EPCglobal framework. The scheme is based on previous work by Konidala and Kim [3]. We attempt to mitigate the weaknesses observed in the original scheme and, at the same time, consider other possible adversarial threats as well as constraints on low-cost RFID tags requirements

Progressive introduction of network softwarization in operational telecom networks: advances at architectural, service and transport levels

Technological paradigms such as Software Defined Networking, Network Function Virtualization and Network Slicing are altogether offering new ways of providing services. This process is widely known as Network Softwarization, where traditional operational networks adopt capabilities and mechanisms inherit form the computing world, such as programmability, virtualization and multi-tenancy. This adoption brings a number of challenges, both from the technological and operational perspectives. On the other hand, they provide an unprecedented flexibility opening opportunities to developing new services and new ways of exploiting and consuming telecom networks. This Thesis first overviews the implications of the progressive introduction of network softwarization in operational networks for later on detail some advances at different levels, namely architectural, service and transport levels. It is done through specific exemplary use cases and evolution scenarios, with the goal of illustrating both new possibilities and existing gaps for the ongoing transition towards an advanced future mode of operation. This is performed from the perspective of a telecom operator, paying special attention on how to integrate all these paradigms into operational networks for assisting on their evolution targeting new, more sophisticated service demands.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Eduardo Juan Jacob Taquet.- Secretario: Francisco Valera Pintor.- Vocal: Jorge López Vizcaín

Proceedings of the 4th International Conference on Principles and Practices of Programming in Java

This book contains the proceedings of the 4th international conference on principles and practices of programming in Java. The conference focuses on the different aspects of the Java programming language and its applications

Actor based behavioural simulation as an aid for organisational decision making

Decision-making is a critical activity for most of the modern organizations to stay competitive in rapidly changing business environment. Effective organisational decision-making requires deep understanding of various organisational aspects such as its goals, structure, business-as-usual operational processes, environment where it operates, and inherent characteristics of the change drivers that may impact the organisation. The size of a modern organisation, its socio-technical characteristics, inherent uncertainty, volatile operating environment, and prohibitively high cost of the incorrect decisions make decision-making a challenging endeavor. While the enterprise modelling and simulation technologies have evolved into a mature discipline for understanding a range of engineering, defense and control systems, their application in organisational decision-making is considerably low. Current organisational decision-making approaches that are prevalent in practice are largely qualitative. Moreover, they mostly rely on human experts who are often aided with the primitive technologies such as spreadsheets and visual diagrams. This thesis argues that the existing modelling and simulation technologies are neither suitable to represent organisation and decision artifacts in a comprehensive and machine-interpretable form nor do they comprehensively address the analysis needs. An approach that advances the modelling abstraction and analysis machinery for organisational decision-making is proposed. In particular, this thesis proposes a domain specific language to represent relevant aspects of an organisation for decision-making, establishes the relevance of a bottom-up simulation technique as a means for analysis, and introduces a method to utilise the proposed modelling abstraction, analysis technique, and analysis machinery in an effective and convenient manner