The ultimate control flow transfer in a Java based smart card

International audienceRecently, researchers published several attacks on smart cards. Among these, software attacks are the most affordable, they do not require specific hardware (laser, EM probe, etc.). Such attacks succeed to modify a sensitive system element which offers access to the smart card assets. To prevent that, smart card manufacturers embed dedicated countermeasures that aim to protect the sensitive system elements. We present a generic approach based on a Control Flow Transfer (CFT) attack to modify the Java Card program counter. This attack is built on a type confusion using the couple of instructions jsr/ret. Evaluated on different Java Cards, this new attack is a generic CFT exploitation that succeeds on each attacked cards. We present several countermeasures proposed by the literature or implemented by smart card designers and for all of them we explain how to bypass them. Then, we propose to use Attack Countermeasure Tree to develop an effective and affordable countermeasure for this attack

A cooperative cellular and broadcast conditional access system for Pay-TV systems

This is the author's accepted manuscript. The final published article is available from the link below. Copyright @ 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.The lack of interoperability between Pay-TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay-TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay-TV systems. As a result, this paper presents the Mobile Conditional Access System (MICAS) as an end-to-end access control solution for Pay-TV systems. It incorporates the mobile and broadcasting systems and provides a platform whereby service providers can effectively interact with their customers, personalize their services and adopt appropriate security measurements. This would result in the decrease of operating expenses and increase of customers' satisfaction in the system. The paper provides an overview of state-of-the-art conditional access solutions followed by detailed description of design, reference model implementation and analysis of possible MICAS security architectures.Strategy & Technology (S&T) Lt

City Data Fusion: Sensor Data Fusion in the Internet of Things

Internet of Things (IoT) has gained substantial attention recently and play a significant role in smart city application deployments. A number of such smart city applications depend on sensor fusion capabilities in the cloud from diverse data sources. We introduce the concept of IoT and present in detail ten different parameters that govern our sensor data fusion evaluation framework. We then evaluate the current state-of-the art in sensor data fusion against our sensor data fusion framework. Our main goal is to examine and survey different sensor data fusion research efforts based on our evaluation framework. The major open research issues related to sensor data fusion are also presented.Comment: Accepted to be published in International Journal of Distributed Systems and Technologies (IJDST), 201

Internet Prepaid Card

The project focuses on development of a Java smart card application to be used as Internet prepaid card. The main objectives of this project are to study the smart card technology architecture and to develop an Internet prepaid card application for Internet usage in Universiti Teknologi PETRONAS (UTP) using Java smart card. Currently, UTP students pay a huge fixed amount for Internet fees every semester. The frequent inaccessibility of the network made this an undesirable approach as students cannot utilize the internet to its maximum as compared to the amount they paid. Furthermore students' usage of the internet varies from one student to another. Some students either uses it rarely or did not use at all while some students are heavy users. Thus, it is unfair for the students to be charged the same amount every semester. Looking at this, the author took advantage of the widely available technology that is simple and easy to use to try to solve the current problem faced. The system was developed in 6 phases throughout 5 months. For future improvement, the system can be integrated with bank so that balance will be deducted straight from user bank account. The system can also be enhanced to be a web-based system so that it will be more efficient

The potential use of smart cards in vehicle management with particular reference to the situation in Western Australia

Vehicle management may be considered to consist of traffic management, usage control, maintenance, and security. Various regulatory authorities undertake the first aspect, fleet managers will be concerned with all aspects, and owner-drivers will be interested mainly in maintenance and security. Car theft poses a universal security problem. Personalisation, including navigational assistance, might be achieved as a by-product of an improved management system. Authorities and fleet managers may find smartcards to be key components of an improved system, but owners may feel that the need for improved security does not justify its cost. This thesis seeks to determine whether smartcards may be used to personalise vehicles in order to improve vehicle management within a forseeable time and suggest when it might happen. In the process four broad questions are addressed. • First, what improvements in technology are needed to make any improved scheme using smartcards practicable, and what can be expected in the near future? • Second, what problems and difficulties may impede the development of improved management? • Third, what non-vehicle applications might create an environment in which a viable scheme could emerge? • Finally, is there a perceived need for improved vehicle management? The method involved a literature search, the issue of questionnaires to owner drivers and fleet managers, discussions with fleet managers, the preparation of data-flow and state diagrams, and the construction of a simulation of a possible security approach. The study concludes that although vehicle personalisation is possible- and desirable it is unlikely to occur within the next decade because the environment needed to make it practicable will not emerge until a number of commercial and standardisation problems that obstruct all smartcard applications have been solved

A generic framework for process execution and secure multi-party transaction authorization

Process execution engines are not only an integral part of workflow and business process management systems but are increasingly used to build process-driven applications. In other words, they are potentially used in all kinds of software across all application domains. However, contemporary process engines and workflow systems are unsuitable for use in such diverse application scenarios for several reasons. The main shortcomings can be observed in the areas of interoperability, versatility, and programmability. Therefore, this thesis makes a step away from domain specific, monolithic workflow engines towards generic and versatile process runtime frameworks, which enable integration of process technology into all kinds of software. To achieve this, the idea and corresponding architecture of a generic and embeddable process virtual machine (ePVM), which supports defining process flows along the theoretical foundation of communicating extended finite state machines, are presented. The architecture focuses on the core process functionality such as control flow and state management, monitoring, persistence, and communication, while using JavaScript as a process definition language. This approach leads to a very generic yet easily programmable process framework. A fully functional prototype implementation of the proposed framework is provided along with multiple example applications. Despite the fact that business processes are increasingly automated and controlled by information systems, humans are still involved, directly or indirectly, in many of them. Thus, for process flows involving sensitive transactions, a highly secure authorization scheme supporting asynchronous multi-party transaction authorization must be available within process management systems. Therefore, along with the ePVM framework, this thesis presents a novel approach for secure remote multi-party transaction authentication - the zone trusted information channel (ZTIC). The ZTIC approach uniquely combines multiple desirable properties such as the highest level of security, ease-of-use, mobility, remote administration, and smooth integration with existing infrastructures into one device and method. Extensively evaluating both, the ePVM framework and the ZTIC, this thesis shows that ePVM in combination with the ZTIC approach represents a unique and very powerful framework for building workflow systems and process-driven applications including support for secure multi-party transaction authorization

Reefer container monitoring system based on WSN and cloud technology

Reefer containers are the main transportation method for the import and export of food and medicine. For high-quality products is necessary to monitor the condition of the reefer containers in order to avoid affecting goods quality due to environmental variations. Monitoring the reefer containers which are used to transport fruits, vegetables, and dairy products is one of the examples. In this context appears the necessity to develop this work expressed by a distributed sensor system for monitoring reefer containers. With the support of the WSN (wireless sensor network) including a set of sensors, it is possible to obtain the information about the temperature, humidity and location data of the reefer container and upload those data to a cloud platform expressed in the case of the purposed system by The Things Network platform. Based on LEACH (Low Energy Adaptive Clustering Hierarchy) routing algorithm, the embedded software was developed to guarantee a well-balanced distribution of the energy load among WSN end-nodes. A web application and a mobile application has been developed to display the data coming from the WSN node. To check if the reefer container working in a good condition, an alarm software module has been developed to highlight abnormal data coming for the system. The routing algorithm has been simulated and the effectiveness of the algorithm is verified by simulation results. The effectiveness of the proposed system was experimentally tested, and several results are included in this dissertation.Os contentores frigoríficos são o principal método de transporte para a importação e exportação de alimentos e medicamentos. Em produtos de alta qualidade, é necessário monitorizar as condições dos contentores frigoríficos, a fim de evitar a perda da qualidade das merca dorias devido a variações térmicas. Por exemplo, monitorarizando os contentores frigoríficos usados para transportar frutas, vegetais e laticínios. Neste contexto, aparece a necessidade do desenvolvimento deste projeto descrito por um sistema de sensores distribuídos para monitorizar contentores frigoríficos. Com o suporte da rede de sensores sem fios, incluindo um conjunto de sensores, é possível obter informações sobre os dados da temperatura, humidade e localização do contentor refrigerado e fazer uplo ad desses dados numa plataforma em cloud expressa no caso do sistema proposto por plataforma de rede de coisas. Com base no algoritmo de roteamento LEACH, o software incorporado foi desenvolvido para garantir uma distribuição equilibrada da carga de energi a entre os nós de WSN. Uma aplicação Web e uma aplicação móvel foram desenvolvidas para mostrar os dados provenientes do nó WSN. Para verificar a qualidade dos dados, um módulo de software de alarme foi também desenvolvido para destacar dados anormais que chegam ao sistema. O algoritmo de roteamento foi simulado e a eficiência do algoritmo é verificada pelos resultados da simulação. A eficiência do sistema proposto foi testada experimentalmente e os vários resultados estão incluídos nesta dissertação

Chemical applications of escience to interfacial spectroscopy

This report is a summary of works carried out by the author between October 2003 and September 2004, in the first year of his PhD studie

Designing and generating prototype for E-Governance based election strategy using biometric authentication and smart card device

Not availabl