915 research outputs found
Strengthening e-banking security using keystroke dynamics
This paper investigates keystroke dynamics and its possible use as a tool to prevent or detect fraud in the banking industry. Given that banks are constantly on the lookout for improved methods to address the menace of fraud, the paper sets out to review keystroke dynamics, its advantages, disadvantages and potential for improving the security of e-banking systems. This paper evaluates keystroke dynamics suitability of use for enhancing security in the banking sector. Results from the literature review found that keystroke dynamics can offer impressive accuracy rates for user identification. Low costs of deployment and minimal change to users modus operandi make this technology an attractive investment for banks. The paper goes on to argue that although this behavioural biometric may not be suitable as a primary method of authentication, it can be used as a secondary or tertiary method to complement existing authentication systems
The Dangers of Verify PIN on Contactless Cards
Contactless / Near Field Communication (NFC) card payments are being introduced around the world, allowing customers to use a card to pay for small purchases by simply placing the card onto the Point of Sale terminal. Although the terminal needs to be able to verify a PIN, it is not clear if such PIN verification features should be available on the NFC card itself. We show that contactless Visa payment cards have (largely redundant) functionality, Verify PIN, which makes them vulnerable to new forms of wireless attack. Based on careful examination of the Europay, MasterCard and Visa (EMV) protocol and experiments with the Visa fast Dynamic Data Authentication transaction protocol, we provide a set of building blocks for possible attacks. These building blocks are data skimming, Verify PIN and transaction relay, which we implement and experiment with. Based on these building blocks, we propose a number of realistic attacks, including a denial-of-service attack and a newly developed realistic PIN guessing attack. The conclusion of our work is that implementing Verify PIN functionality on NFC cards has no demonstrated benefits and opens up new avenues of attack
BioVault : a protocol to prevent replay in biometric systems
D.Com. (Informatics)Please refer to full text to view abstrac
Security and Privacy Issues of Big Data
This chapter revises the most important aspects in how computing
infrastructures should be configured and intelligently managed to fulfill the
most notably security aspects required by Big Data applications. One of them is
privacy. It is a pertinent aspect to be addressed because users share more and
more personal data and content through their devices and computers to social
networks and public clouds. So, a secure framework to social networks is a very
hot topic research. This last topic is addressed in one of the two sections of
the current chapter with case studies. In addition, the traditional mechanisms
to support security such as firewalls and demilitarized zones are not suitable
to be applied in computing systems to support Big Data. SDN is an emergent
management solution that could become a convenient mechanism to implement
security in Big Data systems, as we show through a second case study at the end
of the chapter. This also discusses current relevant work and identifies open
issues.Comment: In book Handbook of Research on Trends and Future Directions in Big
Data and Web Intelligence, IGI Global, 201
A tokenization-based communication architecture for HCE-Enabled NFC services
Following the announcement of Host Card Emulation (HCE) technology, card emulation mode based Near Field Communication (NFC) services have gained further appreciation as an enabler of the Cloud-based Secure Element (SE) concept. A comprehensive and complete architecture with a centralized and feasible business model for diverse HCE-based NFC services will be highly appreciated, particularly by Service Providers and users. To satisfy the need in this new emerging research area, a Tokenization-based communication architecture for HCE-based NFC services is presented in this paper. Our architecture proposes Two-Phased Tokenization to enable the identity management of both user and Service Provider. NFC Smartphone users can store, manage, and make use of their sensitive data on the Cloud for NFC services; Service Providers can also provide diverse card emulation NFC services easily through the proposed architecture. In this paper, we initially present the Two-Phased Tokenization model and then validate the proposed architecture by providing a case study on access control. We further evaluate the usability aspect in terms of an authentication scheme. We then discuss the ecosystem and business model comprised of the proposed architecture and emphasize the contributions to ecosystem actors. Finally, suggestions are provided for data protection in transit and at rest.This work is funded by KocSistem Information and Communication Services Inc. and Turkish Ministry of Science, Industry and Technology under SAN-TEZ Project no. 0726.STZ.2014Publisher's Versio
Evaluation of mobile network security in Ghana
Applied project submitted to the Department of Computer Science, Ashesi University College, in partial fulfillment of Bachelor of Science degree in Computer Science, April 2015Mobile technology is one of the most successful technologies on the African
continent. Personal and professional communication as well as critical
services like banking and remittances are widely made through mobile
networks and platforms in Ghana. However, little is known about the
security of the underlying infrastructure and devices consumers use to
interact with the mobile network.
The focus of this project is to determine if the core systems of the mobile
network operators, the technology infrastructure, and the 2G/3G dongles
have exploitable security vulnerabilities, demonstrate some of those
exploits, and make recommendations on how to mitigate or eliminate the
risk of exploitation.Ashesi University Colleg
- …