Radboud University

Displaying 1-20 of 20 results

  • White Papers // Mar 2012

    The SmartLogic Tool: Analysing and Testing Smart Card Protocols

    This paper introduces the SmartLogic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is...

    Provided By Radboud University

  • White Papers // Jul 2011

    Hierarchical ECC-Based RFID Authentication Protocol

    RFID (Radio Frequency IDentification) technology enables readers to scan remote RFID tags, and label the objects and people to which they are attached. Current cryptographic authentication protocols deployed in heterogeneous environments are often not compatible, or reveal too much information to the RFID readers. To tackle this problem, the authors...

    Provided By Radboud University

  • White Papers // Mar 2011

    Eavesdropping on GSM: State-of-Affairs

    In the almost 20 years since GSM was deployed several security problems have been found, both in the protocols and in the - originally secret - cryptography. However, practical exploits of these weaknesses are complicated because of all the signal processing involved and have not been seen much outside of...

    Provided By Radboud University

  • White Papers // Oct 2010

    Extending ECC-Based RFID Authentication Protocols to Privacy-Preserving Multi-Party Grouping Proofs

    Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability,...

    Provided By Radboud University

  • White Papers // Aug 2010

    Privacy-Friendly Energy-Metering Via Homomorphic Encryption

    Many countries, for instance in Europe and North America, are currently undergoing changes in their electricity infrastructure, in which a better match between production and consumption is one of the goals. The first part of this paper discusses developments wrt. Smart (electricity) meters (simply called E-meters) in general, with emphasis...

    Provided By Radboud University

  • White Papers // May 2010

    Privacy and Security Issues in e-Ticketing Optimisation of Smart Card-based Attribute-proving

    This short note concentrates on an optimization of the attribute proving protocol, and provides the improved performance figures. The protocol relies on elliptic curve cryptography with bilinear pairings. These pairings provide signatures that are stable under multiplication with a blinding factor. In this way multiple proofs are unlinkable, and thus...

    Provided By Radboud University

  • White Papers // May 2010

    A Comparison of Java Cards: State-of-Affairs 2006

    This paper presents the results of a comparative study of some popular Java Cards on the market. Eight different cards from four manufacturers have been considered. The analysis has been done at two levels - a documentation-based comparison, also taking other publicly available resources into account, an actual hands-on testing...

    Provided By Radboud University

  • White Papers // Apr 2010

    Wide - Weak Privacy - Preserving RFID Authentication Protocols

    The emergence of pervasive computing devices such as RFID tags raises numerous privacy issues. Cryptographic techniques are commonly used to enable tag-to-server authentication while protecting privacy. Unfortunately, these algorithms and their corresponding implementations are difficult to adapt to the extreme conditions implied by the use of RFID. The extremely limited...

    Provided By Radboud University

  • White Papers // Feb 2010

    Practical Schemes for Privacy & Security Enhanced RFID

    Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical. Some use hash functions instead of the more hardware efficient symmetric encryption schemes as a cryptographic primitive. Others incur a rather large time penalty at the reader side, because the reader has to perform...

    Provided By Radboud University

  • White Papers // Jan 2010

    The Privacy Coach: Supporting Customer Privacy in the Internet of Things

    The Privacy coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach the authors take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing technologies on the...

    Provided By Radboud University

  • White Papers // Dec 2009

    Modeling Clock Synchronization in the Chess gMAC WSN Protocol

    The authors present a detailed timed automata model of the clock synchronization algorithm that is currently being used in a Wireless Sensor Network (WSN) that has been developed by the Dutch company Chess. Using the UPPAAL model checker, they establish that in certain cases a static, fully synchronized network may...

    Provided By Radboud University

  • White Papers // Aug 2009

    Analysis of a Clock Synchronization Protocol for Wireless Sensor Networks

    This paper studies a clock synchronization protocol for the Chess WSN. First, the paper models the protocol as a network of timed automata and verifies various instances using the Uppaal model checker. Next, it presents a full parametric analysis of the protocol for the special case of cliques (networks with...

    Provided By Radboud University

  • White Papers // Aug 2009

    Avoiding Man-in-the-Middle Attacks When Verifying Public Terminals

    An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that all communications are indeed carried out with the intended terminal, such communications are confidential, and the terminal's integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. The...

    Provided By Radboud University

  • White Papers // Jun 2009

    Secure Ownership and Ownership Transfer in RFID Systems

    The paper presents a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be...

    Provided By Radboud University

  • White Papers // Jun 2009

    Client-Server Password Recovery

    Human memory is not perfect people constantly memorize new facts and forget old ones. One example is forgetting a password, a common problem raised at IT help desks. The authors present several protocols that allow a user to automatically recover a password from a server using partial knowledge of the...

    Provided By Radboud University

  • White Papers // May 2009

    Architecture Is Politics: Security and Privacy Issues in Transport and Beyond

    Many countries are now-a-days in the process of replacing traditional analog electricity meters in people's homes by digital (electronic) meters, also known as smart meters. This paper discusses the political relevance of ICT-architecture through a review of recent developments in the Netherlands, involving the bumpy introduction of a national smart...

    Provided By Radboud University

  • White Papers // Apr 2009

    Exploratory And Exploitative Market Learning In Discontinuous New Product Development

    This research presents the results of an inductive comparative case study of how exploratory and exploitative market learning is balanced during the development of eight discontinuous new product development projects in six different business units of different multinationals in the chemical industry. For these projects, all recently introduced into the...

    Provided By Radboud University

  • White Papers // Jun 2008

    A Practical Attack on the MIFARE Classic

    The MIFARE Classic is the most widely used contactless smart card in the market. Its design and implementation details are kept secret by its manufacturer. This paper studies the architecture of the card and the communication protocol between card and reader. Then it gives a practical, low-cost, attack that recovers...

    Provided By Radboud University

  • White Papers // Jan 2008

    Crossing Borders: Security and Privacy Issues of the European e-Passport

    The first generation of European e-passports will be issued in 2006. The authors discuss how borders are crossed regarding the security and privacy erosion of the proposed schemes, and show which borders need to be crossed to improve the security and the privacy protection of the next generation of e-passports....

    Provided By Radboud University

  • White Papers // Apr 2007

    Two Worlds, One Smart Card: An Integrated Solution for Physical Access and Logical Security Using PKI on a Single Smart Card

    The authors present a use case of the introduction of a large scale Public Key Infrastructure (PKI) environment in an incumbent telecommunications company. The main characteristics of the case are the integration of an existing physical access facility with a PKI environment for logical security of the company ICT infrastructure....

    Provided By Radboud University

  • White Papers // Jun 2009

    Secure Ownership and Ownership Transfer in RFID Systems

    The paper presents a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be...

    Provided By Radboud University

  • White Papers // Aug 2009

    Analysis of a Clock Synchronization Protocol for Wireless Sensor Networks

    This paper studies a clock synchronization protocol for the Chess WSN. First, the paper models the protocol as a network of timed automata and verifies various instances using the Uppaal model checker. Next, it presents a full parametric analysis of the protocol for the special case of cliques (networks with...

    Provided By Radboud University

  • White Papers // Apr 2010

    Wide - Weak Privacy - Preserving RFID Authentication Protocols

    The emergence of pervasive computing devices such as RFID tags raises numerous privacy issues. Cryptographic techniques are commonly used to enable tag-to-server authentication while protecting privacy. Unfortunately, these algorithms and their corresponding implementations are difficult to adapt to the extreme conditions implied by the use of RFID. The extremely limited...

    Provided By Radboud University

  • White Papers // Jun 2009

    Client-Server Password Recovery

    Human memory is not perfect people constantly memorize new facts and forget old ones. One example is forgetting a password, a common problem raised at IT help desks. The authors present several protocols that allow a user to automatically recover a password from a server using partial knowledge of the...

    Provided By Radboud University

  • White Papers // Feb 2010

    Practical Schemes for Privacy & Security Enhanced RFID

    Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical. Some use hash functions instead of the more hardware efficient symmetric encryption schemes as a cryptographic primitive. Others incur a rather large time penalty at the reader side, because the reader has to perform...

    Provided By Radboud University

  • White Papers // Dec 2009

    Modeling Clock Synchronization in the Chess gMAC WSN Protocol

    The authors present a detailed timed automata model of the clock synchronization algorithm that is currently being used in a Wireless Sensor Network (WSN) that has been developed by the Dutch company Chess. Using the UPPAAL model checker, they establish that in certain cases a static, fully synchronized network may...

    Provided By Radboud University

  • White Papers // Apr 2009

    Exploratory And Exploitative Market Learning In Discontinuous New Product Development

    This research presents the results of an inductive comparative case study of how exploratory and exploitative market learning is balanced during the development of eight discontinuous new product development projects in six different business units of different multinationals in the chemical industry. For these projects, all recently introduced into the...

    Provided By Radboud University

  • White Papers // May 2010

    A Comparison of Java Cards: State-of-Affairs 2006

    This paper presents the results of a comparative study of some popular Java Cards on the market. Eight different cards from four manufacturers have been considered. The analysis has been done at two levels - a documentation-based comparison, also taking other publicly available resources into account, an actual hands-on testing...

    Provided By Radboud University

  • White Papers // Mar 2011

    Eavesdropping on GSM: State-of-Affairs

    In the almost 20 years since GSM was deployed several security problems have been found, both in the protocols and in the - originally secret - cryptography. However, practical exploits of these weaknesses are complicated because of all the signal processing involved and have not been seen much outside of...

    Provided By Radboud University

  • White Papers // Jul 2011

    Hierarchical ECC-Based RFID Authentication Protocol

    RFID (Radio Frequency IDentification) technology enables readers to scan remote RFID tags, and label the objects and people to which they are attached. Current cryptographic authentication protocols deployed in heterogeneous environments are often not compatible, or reveal too much information to the RFID readers. To tackle this problem, the authors...

    Provided By Radboud University

  • White Papers // Oct 2010

    Extending ECC-Based RFID Authentication Protocols to Privacy-Preserving Multi-Party Grouping Proofs

    Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability,...

    Provided By Radboud University

  • White Papers // Jan 2010

    The Privacy Coach: Supporting Customer Privacy in the Internet of Things

    The Privacy coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach the authors take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing technologies on the...

    Provided By Radboud University

  • White Papers // Apr 2007

    Two Worlds, One Smart Card: An Integrated Solution for Physical Access and Logical Security Using PKI on a Single Smart Card

    The authors present a use case of the introduction of a large scale Public Key Infrastructure (PKI) environment in an incumbent telecommunications company. The main characteristics of the case are the integration of an existing physical access facility with a PKI environment for logical security of the company ICT infrastructure....

    Provided By Radboud University

  • White Papers // Aug 2009

    Avoiding Man-in-the-Middle Attacks When Verifying Public Terminals

    An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that all communications are indeed carried out with the intended terminal, such communications are confidential, and the terminal's integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. The...

    Provided By Radboud University

  • White Papers // May 2010

    Privacy and Security Issues in e-Ticketing Optimisation of Smart Card-based Attribute-proving

    This short note concentrates on an optimization of the attribute proving protocol, and provides the improved performance figures. The protocol relies on elliptic curve cryptography with bilinear pairings. These pairings provide signatures that are stable under multiplication with a blinding factor. In this way multiple proofs are unlinkable, and thus...

    Provided By Radboud University

  • White Papers // May 2009

    Architecture Is Politics: Security and Privacy Issues in Transport and Beyond

    Many countries are now-a-days in the process of replacing traditional analog electricity meters in people's homes by digital (electronic) meters, also known as smart meters. This paper discusses the political relevance of ICT-architecture through a review of recent developments in the Netherlands, involving the bumpy introduction of a national smart...

    Provided By Radboud University

  • White Papers // Jun 2008

    A Practical Attack on the MIFARE Classic

    The MIFARE Classic is the most widely used contactless smart card in the market. Its design and implementation details are kept secret by its manufacturer. This paper studies the architecture of the card and the communication protocol between card and reader. Then it gives a practical, low-cost, attack that recovers...

    Provided By Radboud University

  • White Papers // Aug 2010

    Privacy-Friendly Energy-Metering Via Homomorphic Encryption

    Many countries, for instance in Europe and North America, are currently undergoing changes in their electricity infrastructure, in which a better match between production and consumption is one of the goals. The first part of this paper discusses developments wrt. Smart (electricity) meters (simply called E-meters) in general, with emphasis...

    Provided By Radboud University

  • White Papers // Jan 2008

    Crossing Borders: Security and Privacy Issues of the European e-Passport

    The first generation of European e-passports will be issued in 2006. The authors discuss how borders are crossed regarding the security and privacy erosion of the proposed schemes, and show which borders need to be crossed to improve the security and the privacy protection of the next generation of e-passports....

    Provided By Radboud University

  • White Papers // Mar 2012

    The SmartLogic Tool: Analysing and Testing Smart Card Protocols

    This paper introduces the SmartLogic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is...

    Provided By Radboud University