Model of NFT Implementation on Web SSO over OpenID Connect and Oauth 2.0 protocols

Single Sign-On (SSO) is a mechanism that allows users to access various services using a single set of login credentials. However, in SSO implementations, there are still challenges related to security and authentication management, particularly attacks targeting the Identity Provider (IDP). To address this, the use of Non-Fungible Tokens (NFTs) as proof of IDP ownership has been proposed as a solution to enhance security in the authentication mechanism. The utilization of NFTs in SSO with OpenID Connect and OAuth 2.0 has the potential to improve security and convenience in the authentication process due to the unique and non-duplicable nature of NFTs. The results of this research present a model and design of SSO with NFTs on OpenID Connect and OAuth 2.0. An SSO application with login, register, and password recovery features was also developed to provide convenience to users during the login process. The findings conclude that the utilization of NFTs in SSO with OpenID Connect and OAuth 2.0 has the potential to enhance security and convenience in the authentication mechanism. Further research is needed to explore aspects such as scalability, in-depth security analysis, testing in real-world scenarios, improvement of integration and interoperability, as well as comparative analysis with other SSO technologies

Extending Mobile Wallet That Utilizes NFC

In recent years, the purpose of a mobile phone has been redefined. Mobile users are expecting that one day they can get away with their physical wallet. Mobile phone can virtually store all the content of the physical wallet like transit cards, identity cards including the credit/debit cards so that payments can be made easily, quickly, and securely with a mobile phone. Mobile payments have been in use for the past couple of years and gaining momentum as more mobile phones are shipped with Near Field Communication (NFC) support. NFC-enabled mobile phones could play a key role in day-to-day life, serving as wallet, loyalty cards, access cards, and travel cards. This thesis first explains Mobile Wallet concepts and different mobile payment types, while focusing on payments using Near Field Communication. Second, this thesis discusses the current leading Mobile Wallet solutions. Finally, the Star Bonus service is introduced by which users can see their past transactions and summary of their accrued bonus points. Star Bonus service is a value-added service to the Mobile Wallet user. It was presented in Mobile World Congress-2014, 2015 and received good feedback. By integrating the loyalty card into the Mobile Wallet payment use case, Star Bonus makes payments easier and quicker. The positive response it garnered highlights the importance of adding value-added services to Mobile Wallet

Automatização dos procedimentos de check-in no sector turístico

This report takes advantage of Web and IoT technology to remove the necessity of 3th people into the check-in procedures. The innovation has the objective to improve the accommodation sector in Tourism and Travel activities. For choosing of the most suitable technology, a careful analysis was performed about the target audience and the possible technologies. Then, a business plan was developed to explain how the product can be profitable, generate value to society and present itself as an innovation. Only after that, MVP was developed to test the viability of this business model. The MVP consisted on platform and locker that allow the user to manage and use their desired accesses to the mechanical engineering laboratories in university of Aveiro.Este trabalho aproveita tecnologias como IOT e Web para remover a necessidade de terceiros nos procedimentos de check-in. A inovação tem o objetivo de melhorar o setor de alojamento na indústria turística. Para a escolha da tecnologia mais adequada, foi realizada uma análise cuidadosa sobre o público-alvo e as possíveis tecnologias. Em seguida, foi desenvolvido um plano de negócios para explicar como o produto pode ser rentável, gerar valor para a sociedade e apresentar-se como uma inovação. Somente depois disso, foi desenvolvido um protótipo para testar a viabilidade desse modelo de negócio. O protótipo consiste numa plataforma e fechadura que permite a utilização a gestão automática dos acessos para os laboratórios de engenharia mecânica da Universidade de Aveiro.Mestrado em Engenharia Mecânic

Европейский и национальный контексты в научных исследованиях

В настоящем электронном сборнике «Европейский и национальный контексты в научных исследованиях. Технология» представлены работы молодых ученых по геодезии и картографии, химической технологии и машиностроению, информационным технологиям, строительству и радиотехнике. Предназначены для работников образования, науки и производства. Будут полезны студентам, магистрантам и аспирантам университетов.=In this Electronic collected materials “National and European dimension in research. Technology” works in the fields of geodesy, chemical technology, mechanical engineering, information technology, civil engineering, and radio-engineering are presented. It is intended for trainers, researchers and professionals. It can be useful for university graduate and post-graduate students

FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones

Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.Comment: 16 pages, 6 figures, the dataset is available at https://doi.org/10.5281/zenodo.7572697 and the source code is available at https://github.com/seemoo-lab/fido2-the-smartphon

Eesti elektrooniline ID-kaart ja selle turvaväljakutsed

Eesti elektrooniline isikutunnistust (ID-kaart) on üle 18 aasta pakkunud turvalist elektroonilist identiteeti Eesti kodanikele. Avaliku võtme krüptograafia ja kaardile talletatud privaatvõti võimaldavad ID-kaardi omanikel juurde pääseda e-teenustele, anda juriidilist jõudu omavaid digiallkirju ning elektrooniliselt hääletada. Käesolevas töös uuritakse põhjalikult Eesti ID-kaarti ning sellega seotud turvaväljakutseid. Me kirjeldame Eesti ID-kaarti ja selle ökosüsteemi, seotud osapooli ja protsesse, ID-kaardi elektroonilist baasfunktsionaalsust, seotud tehnilisi ja juriidilisi kontseptsioone ning muid seotud küsimusi. Me tutvustame kõiki kasutatud kiipkaardiplatforme ja nende abil väljastatud isikutunnistuste tüüpe. Iga platformi kohta esitame me detailse analüüsi kasutatava asümmeetrilise krüptograafia funktsionaalsusest ning kirjeldame ja analüüsime ID-kaardi kauguuendamise lahendusi. Lisaks esitame me süstemaatilise uurimuse ID-kaardiga seotud turvaintsidentidest ning muudest sarnastest probleemidest läbi aastate. Me kirjeldame probleemide tehnilist olemust, kasutatud leevendusmeetmeid ning kajastust ajakirjanduses. Käesoleva uurimustöö käigus avastati mitmeid varem teadmata olevaid turvaprobleeme ning teavitati nendest seotud osapooli. Käesolev töö põhineb avalikult kättesaadaval dokumentatsioonil, kogutud ID-kaartide sertifikaatide andmebaasil, ajakirjandusel,otsesuhtlusel seotud osapooltega ning töö autori analüüsil ja eksperimentidel.For more than 18 years, the Estonian electronic identity card (ID card) has provided a secure electronic identity for Estonian residents. The public-key cryptography and private keys stored on the card enable Estonian ID card holders to access e-services, give legally binding digital signatures and even cast an i-vote in national elections. This work provides a comprehensive study on the Estonian ID card and its security challenges. We introduce the Estonian ID card and its ecosystem by describing the involved parties and processes, the core electronic functionality of the ID card, related technical and legal concepts, and the related issues. We describe the ID card smart card chip platforms used over the years and the identity document types that have been issued using these platforms. We present a detailed analysis of the asymmetric cryptography functionality provided by each ID card platform and present a description and security analysis of the ID card remote update solutions that have been provided for each ID card platform. As yet another contribution of this work, we present a systematic study of security incidents and similar issues the Estonian ID card has experienced over the years. We describe the technical nature of the issue, mitigation measures applied and the reflections on the media. In the course of this research, several previously unknown security issues were discovered and reported to the involved parties. The research has been based on publicly available documentation, collection of ID card certificates in circulation, information reflected in media, information from the involved parties, and our own analysis and experiments performed in the field.https://www.ester.ee/record=b541416

FINE-GRAINED ACCESS CONTROL ON ANDROID COMPONENT

The pervasiveness of Android devices in today’s interconnected world emphasizes the importance of mobile security in protecting user privacy and digital assets. Android’s current security model primarily enforces application-level mechanisms, which fail to address component-level (e.g., Activity, Service, and Content Provider) security concerns. Consequently, third-party code may exploit an application’s permissions, and security features like MDM or BYOD face limitations in their implementation. To address these concerns, we propose a novel Android component context-aware access control mechanism that enforces layered security at multiple Exception Levels (ELs), including EL0, EL1, and EL3. This approach effectively restricts component privileges and controls resource access as needed. Our solution comprises Flasa at EL0, extending SELinux policies for inter-component interactions and SQLite content control; Compac, spanning EL0 and EL1, which enforces component-level permission controls through Android runtime and kernel modifications; and TzNfc, leveraging TrustZone technologies to secure third-party services and limit system privileges via Trusted Execution Environment (TEE). Our evaluations demonstrate the effectiveness of our proposed solution in containing component privileges, controlling inter-component interactions and protecting component level resource access. This enhanced solution, complementing Android’s existing security architecture, provides a more comprehensive approach to Android security, benefiting users, developers, and the broader mobile ecosystem

An Investigation of Security in Near Field Communication Systems

Increasingly, goods and services are purchased over the Internet without any form of physical currency. This practice, often called e-commerce, offers sellers and buyers a convenient way to trade globally as no physical currency must change hands and buyers from anywhere in the world can browse online store fronts from around the globe. Nevertheless, many transactions still require a physical presence. For these sorts of transactions, a new technology called Near Field Communication has emerged to provide buyers with some of the conveniences of e-commerce while still allowing them to purchase goods locally. Near Field Communication (NFC), an evolution of Radio-Frequency Identification (RFID), allows one electronic device to transmit short messages to another nearby device. A buyer can store his or her payment information on a tag and a cashier can retrieve that information with an appropriate reader. Advanced devices can store payment information for multiple credit and debit cards as well as gift cards and other credentials. By consolidating all of these payment forms into a single device, the buyer has fewer objects to carry with her. Further, proper implementation of such a device can offer increased security over plastic cards in the form of advanced encryption. Using a testing platform consisting of commercial, off-the-shelf components, this dissertation investigates the security of the NFC physical-layer protocols as well as the primary NFC security protocol, NFC-SEC. In addition, it analyzes a situation in which the NFC protocols appear to break, potentially compromising sensitive data. Finally, this dissertation provides a proof of security for the NFC-SEC-1 variation of NFC-SEC

Recommendations for implementing a Bitcoin wallet using smart card

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.Bitcoin is a decentralized peer-to-peer electronic cash system that allows any two willing parties to transact directly without the need for a trusted third party. The user's funds are protected by private keys that must be kept safe, preferably not on third party wallet services, but on hardware wallets, which are the best balance between very high security and ease of use. In this work we made a review on cryptography, the Bitcoin protocol and secure elements, then we dived into the project of hardware wallets, discussing different requirements and ways to construct one. Our proposed device uses an anti tamper Java Card to store the private keys. We considered variations of the device, one with a dedicated touchscreen and another with NFC to integrate with a mobile phone. We analyzed security aspects of the project, made recommendations and described some challenges. Finally, we implemented our own open source prototype, showing the architecture of the project, its components, the requirements, the APDU communication protocol and the results

Segurança e privacidade em terminologia de rede

Security and Privacy are now at the forefront of modern concerns, and drive a significant part of the debate on digital society. One particular aspect that holds significant bearing in these two topics is the naming of resources in the network, because it directly impacts how networks work, but also affects how security mechanisms are implemented and what are the privacy implications of metadata disclosure. This issue is further exacerbated by interoperability mechanisms that imply this information is increasingly available regardless of the intended scope. This work focuses on the implications of naming with regards to security and privacy in namespaces used in network protocols. In particular on the imple- mentation of solutions that provide additional security through naming policies or increase privacy. To achieve this, different techniques are used to either embed security information in existing namespaces or to minimise privacy ex- posure. The former allows bootstraping secure transport protocols on top of insecure discovery protocols, while the later introduces privacy policies as part of name assignment and resolution. The main vehicle for implementation of these solutions are general purpose protocols and services, however there is a strong parallel with ongoing re- search topics that leverage name resolution systems for interoperability such as the Internet of Things (IoT) and Information Centric Networks (ICN), where these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus- são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis- cussão é a forma como atribuímos nomes a recursos na rede, uma escolha com consequências práticas no funcionamento dos diferentes protocols de rede, na forma como se implementam diferentes mecanismos de segurança e na privacidade das várias partes envolvidas. Este problema torna-se ainda mais significativo quando se considera que, para promover a interoperabili- dade entre diferentes redes, mecanismos autónomos tornam esta informação acessível em contextos que vão para lá do que era pretendido. Esta tese foca-se nas consequências de diferentes políticas de atribuição de nomes no contexto de diferentes protocols de rede, para efeitos de segurança e privacidade. Com base no estudo deste problema, são propostas soluções que, através de diferentes políticas de atribuição de nomes, permitem introdu- zir mecanismos de segurança adicionais ou mitigar problemas de privacidade em diferentes protocolos. Isto resulta na implementação de mecanismos de segurança sobre protocolos de descoberta inseguros, assim como na intro- dução de mecanismos de atribuiçao e resolução de nomes que se focam na protecçao da privacidade. O principal veículo para a implementação destas soluções é através de ser- viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas soluções extende-se também a outros tópicos de investigação que recorrem a mecanismos de resolução de nomes para implementar soluções de intero- perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na informação (ICN).Programa Doutoral em Informátic