From Physical to Cyber: Escalating Protection for Personalized Auto Insurance

Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers' cars. In this paper, we show such a personalized insurance mechanism -- wildly adopted by many auto insurance companies -- is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage off-the-shelf hardware to manipulate the data to the device that collects drivers' habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers' data collection. The main idea of this mechanism is to augment the insurer's data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.Comment: Appeared in Sensys 201

Practical Attacks on NFC Enabled Cell Phones

Contains fulltext : 92208.pdf (publisher's version ) (Open Access)2011 3rd International Workshop on Near Field Communication (NFC), February 22, Hagenber

Scrutinizing WPA2 password generating algorithms in wireless routers

Contains fulltext : 151602.pdf (preprint version ) (Open Access)WOOT'15 : 9th USENIX Workshop on Offensive Technologies, August 10-11,2015, Washington, D.C

The (in)security of proprietary cryptography

Contains fulltext : 140089.pdf (publisher's version ) (Open Access)Proprietary cryptography is a term used to describe custom encryption techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi - conductor companies, which keep the technical description strictly confidential after designing. It is difficult to give a public and independent security assessment of the cryptography, without having access to the detailed information of the design. The first part of this dissertation is dedicated to an introduction of the general field of computer security and cryptography. It includes an extensive description of the theoretical background that refers to related literature and gives a summary of well - known cryptographic at tack techniques. Additionally, a broad summary of related scientific research on proprietary cryptography is given. Finally, the technical part of this doctoral dissertation presents serious weaknesses in widely deployed proprietary cryptosystems, which are still actively used by billions of consumers in their daily lives.Radboud Universiteit Nijmegen, 21 april 2015Promotores : Jacobs, Bart, Verbauwhede, I. Co-promotores : Batina, L., Martinez, C.D.XXII, 283 p

Gone in 360 Seconds: Hijacking with Hitag2

Contains fulltext : 103396.pdf (author's version ) (Open Access)21st USENIX Security Symposium, August 8-10, 2012, Belleveu, W

The (in)security of proprietary cryptography

Proprietary cryptography is a term used to describe custom encryption techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi - conductor companies, which keep the technical description strictly confidential after designing. It is difficult to give a public and independent security assessment of the cryptography, without having access to the detailed information of the design. The first part of this dissertation is dedicated to an introduction of the general field of computer security and cryptography. It includes an extensive description of the theoretical background that refers to related literature and gives a summary of well - known cryptographic at tack techniques. Additionally, a broad summary of related scientific research on proprietary cryptography is given. Finally, the technical part of this doctoral dissertation presents serious weaknesses in widely deployed proprietary cryptosystems, which are still actively used by billions of consumers in their daily lives

Blackboard Security Assessment

Contains fulltext : 117321.pdf (publisher's version ) (Open Access)31 p

Exposing iClass key diversification

Contains fulltext : 91798.pdf (author's version ) (Open Access)WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologie

Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research : Tutorial at 8th Workshop on RFID Security and Privacy (RFIDSec 2012)

Contains fulltext : 94153.pdf (preprint version ) (Open Access)9 p