Formal Analysis of MCAP Protocol Against Replay Attack

Replay attack is considered a common attacking technique that is used by adversaries to gain access to confidential information. Several approaches have been proposed to prevent replay attack in security-critical systems such as Automated Teller Machines (ATM) systems. Among those approaches is a recent one called the Mutual Chain Authentication Protocol for the Saudi Payments Network transactions (MCAP). This protocol aims to allow Saudi banking systems to overcome existing weaknesses in the currently used Two-Factor Authentication (2FA) protocols. In this paper, we analyze and verify the recent MCAP authentication protocol against replay attacks. Therefore, we examine the mutual authentication between the ATM Terminal, Sponsoring Banks (SBAT), Saudi Payments Network (SPAN) and the Issuing of Financial Bank (CIFI). The paper also provides a formal analysis of the MCAP to conduct formal proofs of the MCAP protocols against replay attacks

Challenges of Implementing Automatic Dependent Surveillance Broadcast in the Nextgen Air Traffic Management System

The Federal Aviation Administration is in the process of replacing the current Air Traffic Management (ATM) system with a new system known as NextGen. Automatic Dependent Surveillance-Broadcast (ADS-B) is the aircraft surveillance protocol currently being introduced as a part of the NextGen system deployment. The evolution of ADS-B spans more than two decades, with development focused primarily on increasing the capacity of the Air Traffic Control (ATC) system and reducing operational costs. Security of the ADS-B communications network has not been a high priority, and the inherent lack of security measures in the ADS-B protocol has come under increasing scrutiny as the NextGen ADS-B implementation deadline draws near. The research conducted in this thesis summarizes the ADS-B security vulnerabilities that have been under recent study. Thereafter, we survey both the theoretical and practical efforts which have been conducted concerning these issues, and review possible security solutions. We create a classification of the ADS-B security solutions considered and provide a ranking of the potential solutions. Finally, we discuss the most compatible approaches available, given the constraints of the current ADS-B communications system and protocol

Quality of Service over Specific Link Layers: state of the art report

The Integrated Services concept is proposed as an enhancement to the current Internet architecture, to provide a better Quality of Service (QoS) than that provided by the traditional Best-Effort service. The features of the Integrated Services are explained in this report. To support Integrated Services, certain requirements are posed on the underlying link layer. These requirements are studied by the Integrated Services over Specific Link Layers (ISSLL) IETF working group. The status of this ongoing research is reported in this document. To be more specific, the solutions to provide Integrated Services over ATM, IEEE 802 LAN technologies and low-bitrate links are evaluated in detail. The ISSLL working group has not yet studied the requirements, that are posed on the underlying link layer, when this link layer is wireless. Therefore, this state of the art report is extended with an identification of the requirements that are posed on the underlying wireless link, to provide differentiated Quality of Service

Flat Cellular (UMTS) Networks

Traditionally, cellular systems have been built in a hierarchical manner: many specialized cellular access network elements that collectively form a hierarchical cellular system. When 2G and later 3G systems were designed there was a good reason to make system hierarchical: from a cost-perspective it was better to concentrate traffic and to share the cost of processing equipment over a large set of users while keeping the base stations relatively cheap. However, we believe the economic reasons for designing cellular systems in a hierarchical manner have disappeared: in fact, hierarchical architectures hinder future efficient deployments. In this paper, we argue for completely flat cellular wireless systems, which need just one type of specialized network element to provide radio access network (RAN) functionality, supplemented by standard IP-based network elements to form a cellular network. While the reason for building a cellular system in a hierarchical fashion has disappeared, there are other good reasons to make the system architecture flat: (1) as wireless transmission techniques evolve into hybrid ARQ systems, there is less need for a hierarchical cellular system to support spatial diversity; (2) we foresee that future cellular networks are part of the Internet, while hierarchical systems typically use interfaces between network elements that are specific to cellular standards or proprietary. At best such systems use IP as a transport medium, not as a core component; (3) a flat cellular system can be self scaling while a hierarchical system has inherent scaling issues; (4) moving all access technologies to the edge of the network enables ease of converging access technologies into a common packet core; and (5) using an IP common core makes the cellular network part of the Internet

Literature review of recent, practical - oriented computer networks papers

This thesis report is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Electrical and Electronic Engineering, 2009.Cataloged from PDF version of thesis report.Includes bibliographical references (page 61).This thesis will include a literature review of recent practical oriented computer networks papers in premier IEEE conferences. The objective of the thesis is to provide detailed plans for a number of computer network related projects that may be implemented by subsequent BRAC University students. We will do an in-depth study of the selected topics and provide a step by step implementation process.Hasibul IslamHassan SameerIrtiza Ahmad FarooqB. Electrical and Electronic Engineerin

IOT DEVICES AS PAYMENT INSTRUMENT FOR ATM TRANSACTIONS

The present disclosure relates to a method and a system for performing Automated Teller Machine (ATM) transactions using a user payment instrument without a physical bank-issued card. According to the present disclosure, a user requests an ATM to perform a user transaction request such as withdrawal of funds from the user account or depositing funds to the user account. Based on the user transaction request, the ATM generates a Quick Response (QR) code with payment information. Thereafter, a user payment instrument may be used to scan the generated QR code, which opens an authentication application, after the user payment instrument is authenticated. Further, the user account details are loaded onto the user payment instrument to perform the financial transaction on the ATM without the physical bank-issued cards

Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area