New Security Protocols for Offline Point-of-Sale Machines

EMV (Europay MasterCard Visa) is the protocol implement-ed to secure the communication between a client’s payment device and a Point-of-Sale machine during a contact or an NFC (Near Field Communication) purchase transaction. In several studies, researchers have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are interested in proposing new security solutions that aim to overcome the two dangerous EMV vulnerabilities. Our solutions address the case of Point-of-Sale machines that do not have access to the banking network and are therefore in the “offline” connectivity mode. We verify the accuracy of our proposals by using the Scyther security verification tool

A Survey on Malware Detection with Graph Representation Learning

Malware detection has become a major concern due to the increasing number and complexity of malware. Traditional detection methods based on signatures and heuristics are used for malware detection, but unfortunately, they suffer from poor generalization to unknown attacks and can be easily circumvented using obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data and have become a solution preferred over traditional methods. More recently, the application of such techniques on graph-structured data has achieved state-of-the-art performance in various domains and demonstrates promising results in learning more robust representations from malware. Yet, no literature review focusing on graph-based deep learning for malware detection exists. In this survey, we provide an in-depth literature review to summarize and unify existing works under the common approaches and architectures. We notably demonstrate that Graph Neural Networks (GNNs) reach competitive results in learning robust embeddings from malware represented as expressive graph structures, leading to an efficient detection by downstream classifiers. This paper also reviews adversarial attacks that are utilized to fool graph-based detection methods. Challenges and future research directions are discussed at the end of the paper.Comment: Preprint, submitted to ACM Computing Surveys on March 2023. For any suggestions or improvements, please contact me directly by e-mai

Analysis of Blockchain Solutions for E-Voting: A Systematic Literature Review

To this day, abstention rates continue to rise, largely due to the need to travel to vote. This is why remote e-voting will increase the turnout by allowing everyone to vote without the need to travel. It will also minimize the risks and obtain results in a faster way compared to a traditional vote with paper ballots. In fact, given the high stakes of an election, a remote e-voting solution must meet the highest standards of security, reliability, and transparency to gain the trust of citizens. In literature, several remote e-voting solutions based on blockchain technology have been proposed. Indeed, the blockchain technology is proposed today as a new technical infrastructure for several types of IT applications because it allows to remove the TTP and decentralize transactions while offering a transparent and fully protected data storage. In addition, it allows to implement in its environment the smart-contracts technology which is used to automate and execute agreements between users. In this paper, we are interested in reviewing the most revealing e-voting solutions based on blockchain technology

A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks

Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection

Vers des transactions de paiement avec contact et sans contact (NFC) plus sécurisées : de nouveaux mécanismes de sécurité et une extension pour les petits commerçants

EMV est la norme implémentée pour sécuriser une transaction d'achat avec contact ou sans contact (NFC) entre un appareil de paiement d'un client et un PoS. Elle représente un ensemble de messages de sécurité échangés entre les acteurs de la transaction, garantissant plusieurs propriétés de sécurité importantes. En effet, plusieurs chercheurs ont analysé le fonctionnement de la norme EMV afin de vérifier sa fiabilité: ils ont identifié plusieurs vulnérabilités de sécurité qui représentent aujourd'hui des risques majeurs pour notre sécurité au quotidien. Par conséquent, nous sommes intéressés à proposer de nouvelles solutions qui visent à améliorer la fiabilité d’EMV. Dans un premier temps, nous présentons un aperçu du système de sécurité EMV et nous étudions ses vulnérabilités identifiées dans la littérature. En particulier, il existe deux vulnérabilités de sécurité EMV, qui mènent à des risques dangereux menaçant à la fois les clients et les commerçants. Par conséquent, nous sommes intéressés dans la deuxième étape à répondre à ces deux faiblesses. Nous examinons d'abord une sélection des travaux qui ont été conçus pour résoudre ces vulnérabilités. Ensuite, afin d'obtenir de meilleurs résultats par rapport à ces travaux, nous proposons un nouveau système pour le paiement avec contact et NFC qui intègre 4 mécanismes de sécurité innovants. Enfin, dans la troisième étape, nous adaptons notre premier mécanisme de sécurité dans le contexte d'une nouvelle architecture de paiement NFC. Cette architecture est particulièrement destinée aux petits commerçants, leur permettant de profiter de leurs smartphones NFC pour une utilisation directe en tant que des lecteurs NFC.EMV is the standard implemented to secure the communication, between a client’s payment device and a PoS, during a contact or NFC purchase transaction. It represents a set of security messages, exchanged between the transaction actors, guaranteeing several important security properties. Indeed, researchers in various studies, have analyzed the operation of this standard in order to verify its reliability: unfortunately, they have identified several security vulnerabilities that, today, represent major risks for our day to day safety. Consequently, in this thesis, we are interested in proposing new solutions that improve the reliability of this standard. In the first stage, we introduce an overview of the EMV security payment system and we survey its vulnerabilities identified in literature. In particular, there are two EMV security vulnerabilities that lead to dangerous risks threatening both clients and merchants: (1) the confidentiality of banking data is not guaranteed, (2) the authentication of the PoS is not ensured to the client’s device. Therefore, our interests move in the second stage to address these two weaknesses. We first review a selection of the related works that have been implemented to solve these vulnerabilities, and then, in order to obtain better results than the related works, we propose a new secure contact and NFC payment system that includes four innovative security mechanisms. Finally, in the third stage, we adapt our first security mechanism in the context of a new NFC payment architecture. This architecture is especially destined for small merchants, allowing them to take advantage of their NFC smartphones for use directly as NFC readers

Magic Always Comes with a Price: Utility Versus Security for Bank Cards

International audienc

Artwork NFTs for Online Trading and Transaction Cancellation

Blockchain, a revolutionary technology that has attracted a great deal of interest in recent years, is transforming various industries and redefining the way we think about data, transactions and trust. It began as a secure environment for online commerce and has extended its scope to other areas such as healthcare systems, e-voting, supply chain, digital assets and telecommunications. Its key features are decentralization (no need for a Trusted Third Party (TTP)), immutability, transparency and the implementation of smart contracts. These are used to automate and execute agreements between blockchain users. They are also used to create unique digital assets (such as artworks, real estate, collectibles, etc.) by representing them as Non-Fungible Tokens (NFTs). In this paper, we present a smart contracts application that allows the creation of an NFT, that represents an artwork, with the possibility of trading this NFT on a marketplace, selling it and transferring the ownership from the seller to the buyer, as well as cancelling transactions and reimbursing buyers with paid amounts

Analysis of Blockchain Security: Classic attacks, Cybercrime and Penetration Testing

Blockchain is an innovative technology that gives built-in security to any software or application. There is a wide range of applications for blockchain, from risk management to financial services, crypto-currencies and the Internet of Things (IoT). This innovation is based on transparency, immutability, security, efficiency and decentralization. It is a trending topic since cryptocurrencies are a hot topic in the market. Blockchain is a combination of mathematics, cryptography, algorithms and models. In this paper, we present a general overview of the security aspects of blockchain technology

Artwork NFTs for Online Trading and Transaction Cancellation

Blockchain, a revolutionary technology that has attracted a great deal of interest in recent years, is transforming various industries and redefining the way we think about data, transactions and trust. It began as a secure environment for online commerce and has extended its scope to other areas such as healthcare systems, e-voting, supply chain, digital assets and telecommunications. Its key features are decentralization (no need for a Trusted Third Party (TTP)), immutability, transparency and the implementation of smart contracts. These are used to automate and execute agreements between blockchain users. They are also used to create unique digital assets (such as artworks, real estate, collectibles, etc.) by representing them as Non-Fungible Tokens (NFTs). In this paper, we present a smart contracts application that allows the creation of an NFT, that represents an artwork, with the possibility of trading this NFT on a marketplace, selling it and transferring the ownership from the seller to the buyer, as well as cancelling transactions and reimbursing buyers with paid amounts

Analysis of Blockchain Security: Classic attacks, Cybercrime and Penetration Testing

Blockchain is an innovative technology that gives built-in security to any software or application. There is a wide range of applications for blockchain, from risk management to financial services, crypto-currencies and the Internet of Things (IoT). This innovation is based on transparency, immutability, security, efficiency and decentralization. It is a trending topic since cryptocurrencies are a hot topic in the market. Blockchain is a combination of mathematics, cryptography, algorithms and models. In this paper, we present a general overview of the security aspects of blockchain technology