7 research outputs found
Desarrollo de un sistema de autenticación para control de acceso mediante tecnología Bluetooth
Este proyecto consiste en el diseño y desarrollo de un sistema de control de acceso
mediante la tecnología Bluetooth Low Energy, con el fin de realizar un prototipo para
evaluar su implementación en la empresa Redsys.
El sistema está formado por una aplicación móvil desarrollada con tecnología Android y
un dispositivo de control, que a su vez está compuesto por la placa de desarrollo ESP32
DevKitC V4, un LED tricolor y un zumbador. La aplicación Android realiza la función
de “autenticador” frente a dispositivo de control de acceso, que se encarga de verificar
esa autenticación y autorizar el paso.
En este documento se introducirán las tecnologías y protocolos que se van a emplear para
el sistema de control de acceso. A continuación, se explicará detalladamente cómo se han
desarrollado los programas implantados en los dos dispositivos principales, cómo se
realiza el proceso de autenticación basado en un protocolo de autenticación estándar y, lo
más importante, cómo se ha implementado toda la conexión e intercambio de mensajes a
través de la tecnología Bluetooth Low Energy. Además, se demostrará el correcto
funcionamiento del sistema completo mediante las pruebas realizadas y se introducirán
nuevas líneas de trabajado para seguir mejorando el sistema en el futuro.This project consists of the design and development of an access control system using
Bluetooth Low Energy technology, in order to make a prototype to evaluate its
implementation in the company Redsys.
The system is composed of a mobile application developed with Android technology and
a control device, which is also composed of the development board ESP32 DevKitC V4,
a tricolor LED and a buzzer. The Android application performs the function of
authenticator against the access control device, which is responsible for verifying that
authentication and authorizing the passage.
This document will introduce the technologies and protocols that will be used for the
access control system. Next, it will be explained in detail how the programs implemented
in the two main devices have been developed, how the authentication process is carried
out based on a standard authentication protocol and, most importantly, how the entire
connection and exchange of messages has been implemented through Bluetooth Low
Energy technology. In addition, the correct functioning of the complete system will be
demonstrated through the tests carried out and new lines of work will be introduced to
continue improving the system in the future.Ingeniería en Tecnologías de Telecomunicación (Plan 2010
Extensible Authentication Protocol Vulnerabilities and Improvements
Extensible Authentication Protocol(EAP) is a widely used security protocol for Wireless networks around the world. The project examines different security issues with the EAP based protocols, the family of security protocols for Wireless LAN. The project discovers an attack on the subscriber identity module(SIM) based extension of EAP. The attack is a Denial-of-Service attack that exploits the error handling mechanism in EAP protocols. The project further proposes countermeasures for detection and a defense against the discovered attack. The discovered attack can be prevented by changing the protocol to delay the processing of protocol error messages
EAP-TPM Αυθεντικοποίηση Χρηστών σε Ασύρματα Δίκτυα Πρόσβασης
Στην σημερινή εποχή πληθώρα συσκευών είναι συνδεδεμένες σε ασύρματα δίκτυα τόσο
ιδιωτικά όσο και δημόσια. Η αυθεντικοποίηση τους στο δίκτυο αποτελεί μία διαδικασία
στην οποία θα πρέπει να επεμβαίνει ο χρήστης ώστε να εισάγει τα διαπιστευτήρια του.
Σκοπός της παρούσας εργασίας είναι η παρουσίαση μιας εναλλακτικής μεθόδου
αυθεντικοποίησης στα ασύρματα δίκτυα μέσω του Trusted Platform Module (TPM).
Βασική ιδέα ήταν η δημιουργία ενός μηχανισμού αυθεντικοποίησης παρόμοιου με αυτόν
των δικτύων τηλεφωνίας. Σε ένα τηλεφωνικό δίκτυο και κατ’επέκταση σε ένα 5G δίκτυο,
η αυθεντικοποίηση των χρηστών γίνεται μέσω διαπιστευτηρίων που είναι αποθηκευμένα
στην κάρτα SIM των συσκευών, χωρίς να απαιτείται ο χρήστης να παρέχει επιπλέον
στοιχεία για να συνδεθεί στο δίκτυο. Το ίδιο λοιπόν θα μπορούσε να εφαρμοστεί και σε
περιπτώσεις σύνδεσης χρηστών σε ένα WiFi δίκτυο μέσω της χρήσης του TPM, το
οποίο βρίσκεται πλέον ενσωματωμένο στις περισσότερες φορητές συσκευές (laptops,
κινητα) και μπορεί να δημιουργεί αλλά και να αποθηκεύει πιστοποιητικά ασφαλείας.
Βασιζόμενοι σε προηγούμενες έρευνες για την υλοποίηση μιας παραλλαγής του
πρωτοκόλλου EAP-TLS, που ονομάστηκε EAP-TPM, προσπαθήσαμε να μελετήσουμε
την υλοποίηση αυτού τον τρόπο αυθεντικοποίησης. Δημιουργήσαμε λοιπόν ένα
δοκιμαστικό περιβάλλον αποτελούμενο από ένα ασύρματο σημείο πρόσβασης, έναν
FreeRADIUS server και έναν client, ο οποίος έχει ενσωματωμένο TPM, και μελετήσαμε
τον τρόπο δημιουργίας πιστοποιητικών ασφαλείας, τα οποία θα αποθηκεύονται στο
TPM. Στην συνέχεια μελετήσαμε την παραμετροποίηση του TPM για να μπορεί να
υποστηρίξει αυθεντικοποίηση μέσω του πρωτοκόλλου EAP-TLS, ώστε ο client να
μπορεί να αυθεντικοποιείται μέσω των αποθηκευμένων σε αυτό πιστοποιητικών. Τέλος,
παρουσιάζονται η οικονομική αξία των ασύρματων δικτύων πρόσβασης, όπως
προκύπτει από έρευνες, τα πλεονεκτήματα που απορρέουν από την χρήση τους, το
κόστος εγκατάστασης τους αλλα και τα βασικότερα κριτήρια επιλογής αυτών των
δικτύων.Nowadays, many devices are connected to wireless networks, both private and public.
Their authentication on the network is a process in which the user must intervene in
order to enter his credentials. The purpose of this paper is to present an alternative
authentication method for wireless networks through the Trusted Platform Module
(TPM). The basic idea was to create an authentication mechanism similar to that of
telephone networks. In a telephone network and consequently in a 5G network, user
authentication is done through credentials stored on the SIM card of the devices,
without requiring the user to provide additional information to connect to the network.
The same could be applied in cases of users connecting to a wireless network through
the use of TPM, which is now integrated in most mobile devices (laptops, mobile
phones) and can create and store security certificates. Based on previous research to
implement a variant of the EAP-TLS protocol, called EAP-TPM, we have tried to
implement this authentication method. So we created a test environment consisting of a
wireless access point, a FreeRADIUS server and a client, which has a built-in TPM, and
we studied how to create security certificates, which will be stored in the TPM. Then we
studied the TPM configuration to be able to support authentication via the EAP-TLS
protocol, so that the client can authenticate via the certificates stored in it. Finally, the
economic value of wireless access networks is presented, as shown by research, the
advantages resulting from their use, their installation costs and the most basic selection
criteria of these networks
IEEE 802.11 i Security and Vulnerabilities
Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates
Human Computing for Handling Strong Corruptions in Authenticated Key Exchange
International audienceWe propose the first user authentication and key exchange protocols that can tolerate strong corruptions on the client-side. If a user happens to log in to a server from a terminal that has been fully compromised, then the other past and future user's sessions initiated from honest terminals stay secure. We define the security model for Human Authenticated Key Exchange (HAKE) protocols and first propose two generic protocols based on human-compatible (HC) function family, password-authenticated key exchange (PAKE), commitment, and authenticated encryption. We prove our HAKE protocols secure under reasonable assumptions and discuss efficient instantiations. We thereafter propose a variant where the human gets help from a small device such as RSA SecurID. This permits to implement an HC function family with stronger security and thus allows to weaken required assumptions on the PAKE. This leads to the very efficient HAKE which is still secure in case of strong corruptions. We believe that our work will promote further developments in the area of human-oriented cryptography
Towards secure communication and authentication: Provable security analysis and new constructions
Secure communication and authentication are some of the most important and practical topics studied in modern cryptography. Plenty of cryptographic protocols have been proposed to accommodate all sorts of requirements in different settings and some of those have been widely deployed and utilized in our daily lives. It is a crucial goal to provide formal security guarantees for such protocols. In this thesis, we apply the provable security approach, a standard method used in cryptography to formally analyze the security of cryptographic protocols, to three problems related to secure communication and authentication. First, we focus on the case where a user and a server share a secret and try to authenticate each other and establish a session key for secure communication, for which we propose the first user authentication and key exchange protocols that can tolerate strong corruptions on the client-side. Next, we consider the setting where a public-key infrastructure (PKI) is available and propose models to thoroughly compare the security and availability properties of the most important low-latency secure channel establishment protocols. Finally, we perform the first provable security analysis of the new FIDO2 protocols, the promising proposed standard for passwordless user authentication from the Fast IDentity Online (FIDO) Alliance to replace the world's over-reliance on passwords to authenticate users, and design new constructions to achieve stronger security.Ph.D