The potential use of smart cards in vehicle management with particular reference to the situation in Western Australia

Vehicle management may be considered to consist of traffic management, usage control, maintenance, and security. Various regulatory authorities undertake the first aspect, fleet managers will be concerned with all aspects, and owner-drivers will be interested mainly in maintenance and security. Car theft poses a universal security problem. Personalisation, including navigational assistance, might be achieved as a by-product of an improved management system. Authorities and fleet managers may find smartcards to be key components of an improved system, but owners may feel that the need for improved security does not justify its cost. This thesis seeks to determine whether smartcards may be used to personalise vehicles in order to improve vehicle management within a forseeable time and suggest when it might happen. In the process four broad questions are addressed. • First, what improvements in technology are needed to make any improved scheme using smartcards practicable, and what can be expected in the near future? • Second, what problems and difficulties may impede the development of improved management? • Third, what non-vehicle applications might create an environment in which a viable scheme could emerge? • Finally, is there a perceived need for improved vehicle management? The method involved a literature search, the issue of questionnaires to owner drivers and fleet managers, discussions with fleet managers, the preparation of data-flow and state diagrams, and the construction of a simulation of a possible security approach. The study concludes that although vehicle personalisation is possible- and desirable it is unlikely to occur within the next decade because the environment needed to make it practicable will not emerge until a number of commercial and standardisation problems that obstruct all smartcard applications have been solved

Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15

Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville

Biometrics & [and] Security:Combining Fingerprints, Smart Cards and Cryptography

Since the beginning of this brand new century, and especially since the 2001 Sept 11 events in the U.S, several biometric technologies are considered mature enough to be a new tool for security. Generally associated to a personal device for privacy protection, biometric references are stored in secured electronic devices such as smart cards, and systems are using cryptographic tools to communicate with the smart card and securely exchange biometric data. After a general introduction about biometrics, smart cards and cryptography, a second part will introduce our work with fake finger attacks on fingerprint sensors and tests done with different materials. The third part will present our approach for a lightweight fingerprint recognition algorithm for smart cards. The fourth part will detail security protocols used in different applications such as Personal Identity Verification cards. We will discuss our implementation such as the one we developed for the NIST to be used in PIV smart cards. Finally, a fifth part will address Cryptography-Biometrics interaction. We will highlight the antagonism between Cryptography – determinism, stable data – and Biometrics – statistical, error-prone –. Then we will present our application of challenge-response protocol to biometric data for easing the fingerprint recognition process

Authentication Protocols for Internet of Things: A Comprehensive Survey

In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT) is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1) Machine to Machine Communications (M2M), (2) Internet of Vehicles (IoV), (3) Internet of Energy (IoE), and (4) Internet of Sensors (IoS). Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed

Seamless Communication for Crises Management

SECRICOM is proposed as a collaborative research project aiming at development of a reference security platform for EU crisis management operations with two essential ambitions: (A) Solve or mitigate problems of contemporary crisis communication infrastructures (Tetra, GSM, Citizen Band, IP) such as poor interoperability of specialized communication means, vulnerability against tapping and misuse, lack of possibilities to recover from failures, inability to use alternative data carrier and high deployment and operational costs. (B) Add new smart functions to existing services which will make the communication more effective and helpful for users. Smart functions will be provided by distributed IT systems based on an agents’ infrastructure. Achieving these two project ambitions will allow creating a pervasive and trusted communication infrastructure fulfilling requirements of crisis management users and ready for immediate application

New Card Technologies in Retail Banking: Competition and Collaboration in the 1990s

This thesis examines the alternative bank card technologies being considered for retail banking in the UK in the 1990s. Influential organisations suggest that this technology needs updating, and various new technologies are being developed. The thesis identifies the most influential organisations within four groups considered key for retail banking technology: the technology supply industry, the adopting industry, the market and other key players. The observations and analysis in this thesis are based on information provided by each of these four key groups, through written Surveys, face-to-face and telephone interviews, and from a range of written sources. A selection of past and present bank card trials are also described, with particular focus on the introduction of smart card technology. Results confirm that the innovation process in the retail banking industry accords with a highly interactive model, with feedback loops throughout the innovation process. The adopting industry is seen to follow the innovation process in the opposite direction to that experienced in manufacturing industry. Thus, smaller incremental innovations eventually lead to more radical changes which effect complete systems change on a national basis - a ‘reverse cycle’ model of innovation. The thesis analyses the evolution of competitive and cooperative strategies, particularly between banks and their collective organisations, building societies and retailers. The thesis concludes that the dominant institutions driving card technology innovation and standards globally are the international debit and credit card corporations Mastercard, VISA and Europay, operating through their organisation EMV. In the UK, the major clearing banks, and their ABACS organisation, and the large retailers are also key actors. The thesis suggests that smart card is the most likely to be adopted

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Rethinking the legal and institutional framework for digital financial inclusion in Nigeria

About 1.7 billion people globally and 36.8 per cent of Nigerians have no access to financial services due to reasons such as distance, financial illiteracy, irregular income, unemployment and account ineligibility. Justifications for the research include the scale of financial exclusion, the proven capacity of financial inclusion to lift people out of poverty, the need for tailored regulatory policies and the opportunity to harness the value and ubiquity of digital financial services (DFS) for the financially excluded. This research examines the broad question: how suitable are the enabling laws and institutions for digital financial services in Nigeria for addressing the needs of the financially excluded? In considering this broad question, the reasons as to why many Nigerians remain financially excluded, in spite of the abundance of regulatory initiatives, are addressed. Using a combination of doctrinal and empirical methods, the burden of accessing financial services is highlighted, strategies for financial inclusion are considered and options for suitable legal and institutional frameworks are explored. In summary, financial inclusion is broadly discussed in chapter one, while a law and development theoretical and analytical framework is constructed in chapter two. Chapter three examines the legal and institutional framework for financial inclusion in Nigeria while the barriers to financial access are discussed in chapter four. The empirical component of the research is analysed in chapter five, and chapter six considers the impact and prospects of eight new and emerging technologies on financial inclusion. The thesis concludes with recommendations and conclusions in chapter seven. Research results indicate that the path to financial inclusion in Nigeria is characterised by a myriad of laws, slow DFS adoption rates, a bank-centred regulatory model and a wide disparity in the pattern of inclusion across gender and geographical locations. Transaction costs remain high and cash is still king. Recommendations such as adopting a more consumer-centred approach to regulation, permitting alternative providers for on-boarding and adapting laws and regulatory policies tailored to the needs of the excluded are made. Additionally, it is recommended that increased financial literacy and transactional capacity are needed to harness digital financial services. It is expected that the findings of this research will inform regulatory changes that will enable a methodical migration of more of the financially excluded class into the formal finance sector