Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

Segurança em ambientes de proximidade

Mestrado em Engenharia de Computadores e TelemáticaA crescente adopção de dispositivos móveis, com cada vez mais capacidades de computação e comunicação, leva inevitavelmente à questão de como podem ser explorados. O objectivo desta dissertação passa por explorar algumas dessas capacidades de forma a melhorar e evoluir a interac ção segura entre o utilizador e os serviços que utilizada no seu dia-a-dia. É particularmente interessante o uso destes dispositivos não apenas como sistemas de armazenamento, mas como peças activas na interacção entre o utilizador e o mundo que o rodeia, um cenário potenciado pelas crescentes capacidades de comunicação em proximidade destes dispositivos. Esta dissertação debruça-se sobre o estudo e possível integração da proximidade física entre um utilizador e os sistemas que usa diariamente como um requisito extra na autenticação e comunicação entre eles, usando o seu dispositivo móvel para interagir com os mesmos. De forma a demonstrar uma possível integração destes elementos num sistema, este trabalho apresenta uma implementação que explora o uso de tecnologias de curto alcance como meio de comunicação e como requisito de autenticação, recorrendo a mecanismos de segurança para estabelecer comunicações privadas sobre redes públicas e garantir e veri car a autencidade da informa ção trocada e armazenada.The increasing adoption of mobile devices with more computing and communication capabilities inevitably raises the question of how to explore them. The goal of this dissertation is to explore some of those capabilities to improve and evolve secure interactions between the user and the services that he uses in his daily life. It is particularly interesting to use these devices not only as storage systems, but also as active elements in the interaction between the user and the world around him: this objective is boosted by the increasing proximity-based communication capabilities of those devices. This dissertation focus on the study and possible integration of the physical proximity between a user and the systems he uses every day as an extra requirement for authentication, using his mobile device to interact with them. To demonstrate a possible integration of these elements into a system, this work presents an implementation that explores the use of short-range wireless technologies as a communication mean and as a requirement for authentication, using security mechanisms to establish private communications through public networks and to ensure and verify the authenticity of the information exchanged and stored

Modelo de privacidad digital en inteligencia ambiental basado en sistemas multiagente

El gran desarrollo de las Tecnologías de la Información y la Comunicación utilizadas en los dominios de aplicación de la Inteligencia Ambiental (AmI), ocurrido en la última década, nos sitúa inmersos en los llamados entornos inteligentes, rodeados de una extensa variedad de dispositivos y tecnologías con capacidad de adquirir, almacenar y transmitir nuestra información personal. La complejidad y volumen de los sistemas involucrados en las aplicaciones desarrolladas en Inteligencia Ambiental hacen que seamos incapaces de conocer y controlar toda la información que estos sistemas son capaces de adquirir y transmitir, tanto si esta información ha sido proporcionada por nosotros directamente, como si ha sido adquirida de forma indirecta por otros sistemas sin nuestro conocimiento; lo que pone en riesgo la protección de nuestro derecho a la privacidad. Considerando que, el principal objetivo de la Inteligencia Ambiental es el de ofrecernos diferentes tipos de servicios personalizados en cualquier lugar y en todo momento, facilitándonos así la realización de nuestras actividades cotidianas, se ha llevado a cabo un estudio sobre las aplicaciones desarrolladas en AmI, que ha revelado la necesidad de incluir las cuestiones de tipo social y ético en el diseño del AmI, destacando entre ellas la privacidad por ser uno de los derechos fundamentales de las personas, como así queda reflejado en la Declaración Universal de los Derechos Humanos (Artículo 12). Por ello, para el verdadero desarrollo y aceptación de la Inteligencia Ambiental deberá considerarse no solo los aspectos tecnológicos, sino que, resulta fundamental tener en cuenta las implicaciones sociales y éticas. Esta es la idea del concepto “Design by Privacy” que se ha utilizado en la investigación realizada. En base a este concepto, se han establecido las políticas de privacidad del usuario según los dominios de aplicación del AmI. Partiendo de la base de que sean las propias técnicas utilizadas en AmI las que ayuden a proteger nuestra información personal, se han utilizado los agentes de los modelos de confianza como herramienta para determinar los derechos de privacidad que deben cumplir los agentes en sus comunicaciones, y que ha servido para decidir con quién compartimos nuestras opiniones privadas, minimizando de esta forma los riesgos de la privacidad de nuestra información al interaccionar con los servicios ofrecidos por las aplicaciones del AmI. Así pues, el motivo de investigación de esta tesis es el de presentar un Modelo de Privacidad Digital basado en Sistemas Multiagente, que nos ayudará a decidir en quién confiar a la hora de compartir nuestras opiniones privadas. Este modelo ha sido implementado para su validación en el entorno de experimentación del ART testbed (Agent Reputation and Trust), en el que el dominio de aplicación del AmI es el relacionado con la tasación de cuadros o pinturas de arte. Una vez implementada la manera de decidir con quién compartimos nuestra información privada, y con el fin de controlar el cumplimiento de los derechos de privacidad que se han establecido en las comunicaciones entre los agentes, se han formalizado las posibles infracciones sobre los derechos de privacidad utilizando la Institución Electrónica “Islander” como herramienta de especificación de las normas y sanciones correspondientes que deben cumplir los agentes en sus comunicaciones.The great development of Information and Communication Technologies used in the domains of application of Ambient Intelligence, which has taken place in the last decade, places us immersed in intelligent environments surrounded by a wide variety of devices and Technologies with the ability to acquire, store and transmit our personal information. The complexity and volume of the systems involved in the applications developed in Environmental Intelligence mean that we are unable to know and control all the information that these systems are able to acquire and transmit, whether this information has been provided by us directly, or whether it has Been acquired indirectly by other systems without our knowledge; Which puts at risk the protection of our right to privacy. Considering that the main objective of Environmental Intelligence is to offer different types of personalized services in any place and at all times, facilitating us to carry out our daily activities, a study has been carried out on the applications developed in AmI, which has revealed the need to take into account social and ethical issues in the design of the AmI, highlighting among them the privacy as one of the fundamental rights of the people, as reflected in the Universal Declaration of Human Rights (Article 12). For that reason, for the true development and acceptance of Ambient Intelligence, not only the technological aspects must be taken into account, but it is fundamental to consider the social and ethical implications. This is the idea of the concept "Design by Privacy" that has been used on the research carried out. Based on this concept, user privacy policies have been established and should be taken into account in the AmI application domains. Based on the idea that the techniques used in AmI are those that help protect our personal information, the agents with a trust model have been used as a tool to determine the privacy rights that agents must comply with in their communications, and that has served to decide with whom we share our private opinions, thus minimizing the risks of privacy of our information when interacting with the services offered by AmI applications. Therefore, the aim of the research of this thesis is to present a Digital Privacy Model based on Multi-Agent Systems, which will help us to decide who to trust when sharing our private opinions. This model has been implemented for validation in the experimental environment of the ART testbed (Agent Reputation and Trust), in which the domain of the AmI application, is the one related with the evaluation of art pictures. Once the way to decide with whom we share our private information has been implemented, and in order to control the compliance with the privacy rights established in the communications between the agents, possible violations of privacy rights have been formalized using the Electronic Institution "Islander" as a tool for specifying the standards and corresponding sanctions that agents must comply with in their communications.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Jesús García Herrero.- Secretario: Clara Benac Earle.- Vocal: Ana María Bernardos Barboll