A framework for analyzing RFID distance bounding protocols

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol

A framework for analyzing RFID distance bounding protocols

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unified framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is finally demonstrated on a study case: Munilla–Peinado distance bounding protocol

Bringing security home: A process for developing secure and usable systems

The aim of this paper is to provide better support for the development of secure systems. We argue that current development practice suffers from two key problems: 1. Security requirements tend to be kept separate from other system requirements, and not integrated into any overall strategy. 2. The impact of security measures on users and the operational cost of these measures on a day-to-day basis are usually not considered. Our new paradigm is the full integration of security and usability concerns into the software development process, thus enabling developers to build secure systems that work in the real world. We present AEGIS, a secure software engineering method which integrates asset identification, risk and threat analysis and context of use, bound together through the use of UML, and report its application to case studies on Grid projects. An additional benefit of the method is that the involvement of stakeholders in the high-level security analysis improves their understanding of security, and increases their motivation to comply with policies

Are Non-state Actors Better Innovators? The Ambiguous Role of Non-state Actors in the Transition Process: The Case of Benin and Madagascar

The focusing on new rules and institutional innovations by the international donor community corresponds to current academic analyses on “weak” or “failing states” in Africa and elsewhere. However, the concentration on externally induced institutional innovations and on the formal sector of the society tackles only half of the problem. Frequently it even undermines indigenous development capacities. Innovators in the informal sector and the agency of the civil society, embedded in the local socio-cultural setting, but closely linked to transnational social spaces, do often outperform the state's development efforts and international aid. African culture is not inherently good or bad, but under certain conditions its propensity to change and to influence perceptions of power and values can induce important improvements in well-being. Even seemingly static cultural factors as custom, tradition or ethnicity, often said to be barriers to economic growth in Africa, have been invented or adapted to changing requirements of societies. Rather than blaming the failure of development efforts in Africa over the past decades on cultural barriers or traditional minded actors, we should investigate the propensity of African societies to create indigenous innovations, notably within the realm of the informal sector.Transition; development; informal sector; indigenous innovation; culture; glocalisation; Africa; Bénin; Madagascar;

Preventing Attacks on Machine Readable Travel Documents (MRTDs)

After the terror attacks of 9/11, the U.S. Congress passed legislation that requires in the US Visa Waiver Program to begin issuing issuing machine readable passports that are tamper resistant and incorporate biometric and document authentication identifiers. The International Civil Aviation Organization (ICAO) has issued specifications for Machine Readable Travel Documents (MRTD) that are equipped with a smart card processor to perform biometric identification of the holder. Some countries, such as the United States, will issue machine readable passports that serve only as passports. Other countries, such as the United Kingdom, intend to issue more sophisticated, multi-application passports that can also serve as national identity cards. We have conducted a detailed security analysis of these specificationsm, and we illustrate possible scenarios that could cause a compromise in the security and privacy of holders of such travel documents. Finally, we suggest improved cryptographic protocols and high-assurance smart card operating systems to prevent these compromises and to support electronic visas as well as passports

Are Non-state Actors Better Innovators? The Ambiguous Role of Non-state Actors in the Transition Process: The Case of Benin and Madagascar

The focusing on new rules and institutional innovations by the international donor community corresponds to current academic analyses on “weak” or “failing states” in Africa and elsewhere. However, the concentration on externally induced institutional innovations and on the formal sector of the society tackles only half of the problem. Frequently it even undermines indigenous development capacities. Innovators in the informal sector and the agency of the civil society, embedded in the local socio-cultural setting, but closely linked to transnational social spaces, do often outperform the state's development efforts and international aid. African culture is not inherently good or bad, but under certain conditions its propensity to change and to influence perceptions of power and values can induce important improvements in well-being. Even seemingly static cultural factors as custom, tradition or ethnicity, often said to be barriers to economic growth in Africa, have been invented or adapted to changing requirements of societies. Rather than blaming the failure of development efforts in Africa over the past decades on cultural barriers or traditional minded actors, we should investigate the propensity of African societies to create indigenous innovations, notably within the realm of the informal sector

Are Non-state Actors Better Innovators? The Ambiguous Role of Non-state Actors in the Transition Process: The Case of Benin and Madagascar

The focusing on new rules and institutional innovations by the international donor community corresponds to current academic analyses on “weak” or “failing states” in Africa and elsewhere. However, the concentration on externally induced institutional innovations and on the formal sector of the society tackles only half of the problem. Frequently it even undermines indigenous development capacities. Innovators in the informal sector and the agency of the civil society, embedded in the local socio-cultural setting, but closely linked to transnational social spaces, do often outperform the state's development efforts and international aid. African culture is not inherently good or bad, but under certain conditions its propensity to change and to influence perceptions of power and values can induce important improvements in well-being. Even seemingly static cultural factors as custom, tradition or ethnicity, often said to be barriers to economic growth in Africa, have been invented or adapted to changing requirements of societies. Rather than blaming the failure of development efforts in Africa over the past decades on cultural barriers or traditional minded actors, we should investigate the propensity of African societies to create indigenous innovations, notably within the realm of the informal sector

Usability issues with security of electronic mail

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This thesis shows that human factors can have a large and direct impact on security, not only on the user’s satisfaction, but also on the level of security achieved in practice. The usability issues identified are also extended to include mental models and perceptions as well as traditional user interface issues. These findings were accomplished through three studies using various methodologies to best suit their aims. The research community have issued principles to better align security and usability, so it was first necessary to evaluate their effectiveness. The chosen method for achieving this was through a usability study of the most recent software specifically to use these principles. It was found that the goal of being simultaneously usable and secure was not entirely met, partially through problems identified with the software interface, but largely due to the user’s perceptions and actions whilst using the software. This makes it particularly difficult to design usable and secure software without detailed knowledge of the users attitudes and perceptions, especially if we are not to blame the user for security errors as has occurred in the past. Particular focus was given to e-mail security because it is an area in which there is a massive number of vectors for security threats, and in which it is technologically possible to negate most of these threats, yet this is not occurring. Interviews were used to gain in depth information from the user’s point of view. Data was collected from individual e-mail users from the general public, and organisations. It was found that although the literature had identified various problems with the software and process of e-mail encryption, the majority of problems identified in the interviews stemmed once again from user’s perceptions and attitudes. Use of encryption was virtually nil, although the desire to use encryption to protect privacy was strong. Remembering secure passwords was recurrently found to be problematic, so in an effort to propose a specific method of increasing their usability an empirical experiment was used to examine the memorability of passwords. Specially constructed passwords were tested for their ability to improve memorability, and therefore usability. No statistical significance in the construction patterns was found, but a memory phenomenon whereby users tend to forget their password after a specific period of non-use was discovered. The findings are discussed with reference to the fact that they all draw on a theme of responsibility to maintain good security, both from the perspective of the software developer and the end user. The term Personal Liability and General Use Evaluation (PLaGUE) is introduced to highlight the importance of considering these responsibilities and their effect on the use of security