19 research outputs found
New Security Protocols for Offline Point-of-Sale Machines
EMV (Europay MasterCard Visa) is the protocol implement-ed to secure the communication between a client’s payment device and a Point-of-Sale machine during a contact or an NFC (Near Field Communication) purchase transaction. In several studies, researchers have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are interested in proposing new security solutions that aim to overcome the two dangerous EMV vulnerabilities. Our solutions address the case of Point-of-Sale machines that do not have access to the banking network and are therefore in the “offline” connectivity mode. We verify the accuracy of our proposals by using the Scyther security verification tool
A Survey on Malware Detection with Graph Representation Learning
Malware detection has become a major concern due to the increasing number and
complexity of malware. Traditional detection methods based on signatures and
heuristics are used for malware detection, but unfortunately, they suffer from
poor generalization to unknown attacks and can be easily circumvented using
obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep
Learning (DL) achieved impressive results in malware detection by learning
useful representations from data and have become a solution preferred over
traditional methods. More recently, the application of such techniques on
graph-structured data has achieved state-of-the-art performance in various
domains and demonstrates promising results in learning more robust
representations from malware. Yet, no literature review focusing on graph-based
deep learning for malware detection exists. In this survey, we provide an
in-depth literature review to summarize and unify existing works under the
common approaches and architectures. We notably demonstrate that Graph Neural
Networks (GNNs) reach competitive results in learning robust embeddings from
malware represented as expressive graph structures, leading to an efficient
detection by downstream classifiers. This paper also reviews adversarial
attacks that are utilized to fool graph-based detection methods. Challenges and
future research directions are discussed at the end of the paper.Comment: Preprint, submitted to ACM Computing Surveys on March 2023. For any
suggestions or improvements, please contact me directly by e-mai
Analysis of Blockchain Solutions for E-Voting: A Systematic Literature Review
To this day, abstention rates continue to rise, largely due to the need to travel to vote. This is why remote e-voting will increase the turnout by allowing everyone to vote without the need to travel. It will also minimize the risks and obtain results in a faster way compared to a traditional vote with paper ballots. In fact, given the high stakes of an election, a remote e-voting solution must meet the highest standards of security, reliability, and transparency to gain the trust of citizens. In literature, several remote e-voting solutions based on blockchain technology have been proposed. Indeed, the blockchain technology is proposed today as a new technical infrastructure for several types of IT applications because it allows to remove the TTP and decentralize transactions while offering a transparent and fully protected data storage. In addition, it allows to implement in its environment the smart-contracts technology which is used to automate and execute agreements between users. In this paper, we are interested in reviewing the most revealing e-voting solutions based on blockchain technology
A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks
Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection
Vers des transactions de paiement avec contact et sans contact (NFC) plus sécurisées : de nouveaux mécanismes de sécurité et une extension pour les petits commerçants
EMV est la norme implémentée pour sécuriser une transaction d'achat avec contact ou sans contact (NFC) entre un appareil de paiement d'un client et un PoS. Elle représente un ensemble de messages de sécurité échangés entre les acteurs de la transaction, garantissant plusieurs propriétés de sécurité importantes. En effet, plusieurs chercheurs ont analysé le fonctionnement de la norme EMV afin de vérifier sa fiabilité: ils ont identifié plusieurs vulnérabilités de sécurité qui représentent aujourd'hui des risques majeurs pour notre sécurité au quotidien. Par conséquent, nous sommes intéressés à proposer de nouvelles solutions qui visent à améliorer la fiabilité d’EMV. Dans un premier temps, nous présentons un aperçu du système de sécurité EMV et nous étudions ses vulnérabilités identifiées dans la littérature. En particulier, il existe deux vulnérabilités de sécurité EMV, qui mènent à des risques dangereux menaçant à la fois les clients et les commerçants. Par conséquent, nous sommes intéressés dans la deuxième étape à répondre à ces deux faiblesses. Nous examinons d'abord une sélection des travaux qui ont été conçus pour résoudre ces vulnérabilités. Ensuite, afin d'obtenir de meilleurs résultats par rapport à ces travaux, nous proposons un nouveau système pour le paiement avec contact et NFC qui intègre 4 mécanismes de sécurité innovants. Enfin, dans la troisième étape, nous adaptons notre premier mécanisme de sécurité dans le contexte d'une nouvelle architecture de paiement NFC. Cette architecture est particulièrement destinée aux petits commerçants, leur permettant de profiter de leurs smartphones NFC pour une utilisation directe en tant que des lecteurs NFC.EMV is the standard implemented to secure the communication, between a client’s payment device and a PoS, during a contact or NFC purchase transaction. It represents a set of security messages, exchanged between the transaction actors, guaranteeing several important security properties. Indeed, researchers in various studies, have analyzed the operation of this standard in order to verify its reliability: unfortunately, they have identified several security vulnerabilities that, today, represent major risks for our day to day safety. Consequently, in this thesis, we are interested in proposing new solutions that improve the reliability of this standard. In the first stage, we introduce an overview of the EMV security payment system and we survey its vulnerabilities identified in literature. In particular, there are two EMV security vulnerabilities that lead to dangerous risks threatening both clients and merchants: (1) the confidentiality of banking data is not guaranteed, (2) the authentication of the PoS is not ensured to the client’s device. Therefore, our interests move in the second stage to address these two weaknesses. We first review a selection of the related works that have been implemented to solve these vulnerabilities, and then, in order to obtain better results than the related works, we propose a new secure contact and NFC payment system that includes four innovative security mechanisms. Finally, in the third stage, we adapt our first security mechanism in the context of a new NFC payment architecture. This architecture is especially destined for small merchants, allowing them to take advantage of their NFC smartphones for use directly as NFC readers
Magic Always Comes with a Price: Utility Versus Security for Bank Cards
International audienc
Artwork NFTs for Online Trading and Transaction Cancellation
Blockchain, a revolutionary technology that has attracted a great deal of interest in recent years, is transforming various industries and redefining the way we think about data, transactions and trust. It began as a secure environment for online commerce and has extended its scope to other areas such as healthcare systems, e-voting, supply chain, digital assets and telecommunications. Its key features are decentralization (no need for a Trusted Third Party (TTP)), immutability, transparency and the implementation of smart contracts. These are used to automate and execute agreements between blockchain users. They are also used to create unique digital assets (such as artworks, real estate, collectibles, etc.) by representing them as Non-Fungible Tokens (NFTs). In this paper, we present a smart contracts application that allows the creation of an NFT, that represents an artwork, with the possibility of trading this NFT on a marketplace, selling it and transferring the ownership from the seller to the buyer, as well as cancelling transactions and reimbursing buyers with paid amounts
Analysis of Blockchain Security: Classic attacks, Cybercrime and Penetration Testing
Blockchain is an innovative technology that gives built-in security to any software or application. There is a wide range of applications for blockchain, from risk management to financial services, crypto-currencies and the Internet of Things (IoT). This innovation is based on transparency, immutability, security, efficiency and decentralization. It is a trending topic since cryptocurrencies are a hot topic in the market. Blockchain is a combination of mathematics, cryptography, algorithms and models. In this paper, we present a general overview of the security aspects of blockchain technology
Artwork NFTs for Online Trading and Transaction Cancellation
Blockchain, a revolutionary technology that has attracted a great deal of interest in recent years, is transforming various industries and redefining the way we think about data, transactions and trust. It began as a secure environment for online commerce and has extended its scope to other areas such as healthcare systems, e-voting, supply chain, digital assets and telecommunications. Its key features are decentralization (no need for a Trusted Third Party (TTP)), immutability, transparency and the implementation of smart contracts. These are used to automate and execute agreements between blockchain users. They are also used to create unique digital assets (such as artworks, real estate, collectibles, etc.) by representing them as Non-Fungible Tokens (NFTs). In this paper, we present a smart contracts application that allows the creation of an NFT, that represents an artwork, with the possibility of trading this NFT on a marketplace, selling it and transferring the ownership from the seller to the buyer, as well as cancelling transactions and reimbursing buyers with paid amounts
Analysis of Blockchain Security: Classic attacks, Cybercrime and Penetration Testing
Blockchain is an innovative technology that gives built-in security to any software or application. There is a wide range of applications for blockchain, from risk management to financial services, crypto-currencies and the Internet of Things (IoT). This innovation is based on transparency, immutability, security, efficiency and decentralization. It is a trending topic since cryptocurrencies are a hot topic in the market. Blockchain is a combination of mathematics, cryptography, algorithms and models. In this paper, we present a general overview of the security aspects of blockchain technology