42 research outputs found
From Physical to Cyber: Escalating Protection for Personalized Auto Insurance
Nowadays, auto insurance companies set personalized insurance rate based on
data gathered directly from their customers' cars. In this paper, we show such
a personalized insurance mechanism -- wildly adopted by many auto insurance
companies -- is vulnerable to exploit. In particular, we demonstrate that an
adversary can leverage off-the-shelf hardware to manipulate the data to the
device that collects drivers' habits for insurance rate customization and
obtain a fraudulent insurance discount. In response to this type of attack, we
also propose a defense mechanism that escalates the protection for insurers'
data collection. The main idea of this mechanism is to augment the insurer's
data collection device with the ability to gather unforgeable data acquired
from the physical world, and then leverage these data to identify manipulated
data points. Our defense mechanism leveraged a statistical model built on
unmanipulated data and is robust to manipulation methods that are not foreseen
previously. We have implemented this defense mechanism as a proof-of-concept
prototype and tested its effectiveness in the real world. Our evaluation shows
that our defense mechanism exhibits a false positive rate of 0.032 and a false
negative rate of 0.013.Comment: Appeared in Sensys 201
Practical Attacks on NFC Enabled Cell Phones
Contains fulltext :
92208.pdf (publisher's version ) (Open Access)2011 3rd International Workshop on Near Field Communication (NFC), February 22, Hagenber
Scrutinizing WPA2 password generating algorithms in wireless routers
Contains fulltext :
151602.pdf (preprint version ) (Open Access)WOOT'15 : 9th USENIX Workshop on Offensive Technologies, August 10-11,2015, Washington, D.C
The (in)security of proprietary cryptography
Contains fulltext :
140089.pdf (publisher's version ) (Open Access)Proprietary cryptography is a term used to describe custom encryption
techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi - conductor companies, which keep the technical description strictly confidential after designing. It
is difficult to give a public and independent security assessment of the
cryptography, without having access to the detailed information of the design.
The first part of this dissertation is dedicated to an introduction of the
general field of computer security and cryptography. It includes an extensive description of the theoretical background that refers to related literature and gives a summary of well - known cryptographic at
tack techniques. Additionally, a broad summary of related scientific research on proprietary cryptography is given. Finally, the technical part of this doctoral dissertation presents serious weaknesses in widely deployed proprietary cryptosystems, which are still actively used by billions of consumers in their daily lives.Radboud Universiteit Nijmegen, 21 april 2015Promotores : Jacobs, Bart, Verbauwhede, I.
Co-promotores : Batina, L., Martinez, C.D.XXII, 283 p
Gone in 360 Seconds: Hijacking with Hitag2
Contains fulltext :
103396.pdf (author's version ) (Open Access)21st USENIX Security Symposium, August 8-10, 2012, Belleveu, W
The (in)security of proprietary cryptography
Proprietary cryptography is a term used to describe custom encryption
techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi - conductor companies, which keep the technical description strictly confidential after designing. It
is difficult to give a public and independent security assessment of the
cryptography, without having access to the detailed information of the design.
The first part of this dissertation is dedicated to an introduction of the
general field of computer security and cryptography. It includes an extensive description of the theoretical background that refers to related literature and gives a summary of well - known cryptographic at
tack techniques. Additionally, a broad summary of related scientific research on proprietary cryptography is given. Finally, the technical part of this doctoral dissertation presents serious weaknesses in widely deployed proprietary cryptosystems, which are still actively used by billions of consumers in their daily lives
Blackboard Security Assessment
Contains fulltext :
117321.pdf (publisher's version ) (Open Access)31 p
Exposing iClass key diversification
Contains fulltext :
91798.pdf (author's version ) (Open Access)WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologie
Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research : Tutorial at 8th Workshop on RFID Security and Privacy (RFIDSec 2012)
Contains fulltext :
94153.pdf (preprint version ) (Open Access)9 p