16,557 research outputs found
Design of a secure unified e-payment system in Nigeria: A case study
The automatic teller machine (ATM) is the most widely used e-Payment instrument in Nigeria. It is responsible for about 89% (in volume) of all e-Payment instruments since 2006 to 2008. Some customers have at least two ATM cards depending on the number of accounts operated by them and
they represent the active users of the ATM cards. Furthermore, identity theft has been identified as one
of the most prominent problems hindering the wider adoption of e-Business, particularly e-Banking, hence the need for a more secure platform of operation. Therefore, in this paper we propose a unified (single) smart card-based ATM card with biometric-based cash dispenser for all banking transactions.
This is to reduce the number of ATM cards carried by an individual and the biometric facility is to introduce another level of security in addition to the PIN which is currently being used. A set of questionnaire was designed to evaluate the acceptability of this concept among users and the architecture of the proposed system is presented
NEWSKY - A concept for NEtWorking the SKY for civil aeronautical communications
In this paper, an overview of the NEWSKY project is given. This project is funded by the European Commission within the 6th framework program and will start in January 2007. The NEWSKY project is a feasibility study to clarify if it is possible to establish a heterogeneous network for aeronautical communications which is capable to integrate different communications systems as well as different applications into a single global aeronautical network. The envisaged applications comprise not only air-traffic control and management but also airline and passenger communications
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Chip and Skim: cloning EMV cards with the pre-play attack
EMV, also known as "Chip and PIN", is the leading system for card payments
worldwide. It is used throughout Europe and much of Asia, and is starting to be
introduced in North America too. Payment cards contain a chip so they can
execute an authentication protocol. This protocol requires point-of-sale (POS)
terminals or ATMs to generate a nonce, called the unpredictable number, for
each transaction to ensure it is fresh. We have discovered that some EMV
implementers have merely used counters, timestamps or home-grown algorithms to
supply this number. This exposes them to a "pre-play" attack which is
indistinguishable from card cloning from the standpoint of the logs available
to the card-issuing bank, and can be carried out even if it is impossible to
clone a card physically (in the sense of extracting the key material and
loading it into another card). Card cloning is the very type of fraud that EMV
was supposed to prevent. We describe how we detected the vulnerability, a
survey methodology we developed to chart the scope of the weakness, evidence
from ATM and terminal experiments in the field, and our implementation of
proof-of-concept attacks. We found flaws in widely-used ATMs from the largest
manufacturers. We can now explain at least some of the increasing number of
frauds in which victims are refused refunds by banks which claim that EMV cards
cannot be cloned and that a customer involved in a dispute must therefore be
mistaken or complicit. Pre-play attacks may also be carried out by malware in
an ATM or POS terminal, or by a man-in-the-middle between the terminal and the
acquirer. We explore the design and implementation mistakes that enabled the
flaw to evade detection until now: shortcomings of the EMV specification, of
the EMV kernel certification process, of implementation testing, formal
analysis, or monitoring customer complaints. Finally we discuss
countermeasures
MIRAI Architecture for Heterogeneous Network
One of the keywords that describe next-generation wireless communications is "seamless." As part of the e-Japan Plan promoted by the Japanese Government, the Multimedia Integrated Network by Radio Access Innovation project has as its goal the development of new technologies to enable seamless integration of various wireless access systems for practical use by 2005. This article describes a heterogeneous network architecture including a common tool, a common platform, and a common access. In particular, software-defined radio technologies are used to develop a multiservice user terminal to access different wireless networks. The common platform for various wireless networks is based on a wireless-supporting IPv6 network. A basic access network, separated from other wireless access networks, is used as a means for wireless system discovery, signaling, and paging. A proof-of-concept experimental demonstration system is available
- …