SlideShare a Scribd company logo

Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions

U
Underwriters Laboratories

This UL white paper discusses some of the many issues and challenges that must be addressed in the future deployment of wireless technology for the processing of secure transactions. It begins with a discussion of the strengths and limitations of both contactless and wireless technologies. The white paper then reviews and assesses internal system risks, as well as external security concerns, for both technologies. The paper concludes with some thoughts on the future use of wireless technology in secure transactions, and how manufacturers can provide assurances to both system providers and users regarding the security of their private data.

Related slideshows

Identifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyIdentifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities Survey
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
Security Models in Cellular Wireless Networks
Security Models in Cellular Wireless NetworksSecurity Models in Cellular Wireless Networks
Security Models in Cellular Wireless Networks
 
1 of 8
Download to read offline
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions
Moving From Contactless to Wireless Technologies Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions The ability to process secure transactions over-the-air has transformed daily life. From digital payments, border or premises controls, healthcare records, and even transportation ticketing, over-the-air transactions are no longer a novelty but an integral part of the daily interaction with the world. However, over-the-air transaction services must continuously ensure the security of sensitive information, while exploiting the use of secure technologies that protect user information from real and potential threats. Until now, contactless technology has been the most efficient and cost-effective method for processing over-the-air transactions. Unfortunately, the small operating range of the technology, typically just a few centimeters, is too restrictive for many applications. As a consequence, developers are increasingly turning to wireless technology as a way of overcoming the limitations of contactless systems. Wireless devices not only support an extended range of operation, but offer significantly enhanced system capabilities. While wireless standards, such as WiFi and Bluetooth, are relatively mature and provide a stable development environment for manufacturers, efforts to address the use of wireless technology to process secure transactions are only now emerging. This UL white paper discusses some of the many issues and challenges that must be addressed in the future deployment of wireless technology for the processing of secure transactions. It begins with a discussion of the strengths and limitations of both contactless and wireless technologies. The white paper then reviews and assesses internal system risks, as well as external security concerns, for both technologies. The paper concludes with some thoughts on the future use of wireless technology in secure transactions, and how manufacturers can provide assurances to both system providers and users regarding the security of their private data. page 2
Moving From Contactless to Wireless Technologies “Contactless” vs. “Wireless” are significant impediments to efficient, minimize the risk of disclosing private Today, contactless technology is the large-scale attacks. Nonetheless, the data and to prevent unauthorized access method of choice for many secure communication channel itself represents to services. In addition, security has transactions. A secure transaction a potential source of threats, since any become an important element for user is composed of a secure operations individual with malicious intent can acceptance, since few users would utilize sequence such as identification, secretly participate in a transaction WiFi connections if doing so routinely authentication and encryption. These simply by locating themselves within exposed personal information to operations routinely handle highly close proximity to a system. unauthorized parties. sensitive information, such as secret Wireless technology, on the other hand, In an effort to address these concerns, cryptographic keys or user-related means any technology connecting industry standards are being reviewed personal data. Hardware secure standalone devices over the air using and revised to include additional elements (HSM), such as smartcards, the 5GHz frequency band. This includes security requirements. For example, are usually employed to process most of the wireless technologies that the 2007 Bluetooth v2.1 release sensitive information securely are common in everyday life, such introduced significant improvements and efficiently. as WiFi connections available with aimed at strengthening the wireless computers and home automation communication pairing process. Similarly, Contactless systems typically follow systems utilizing Bluetooth or Zigbee- WiFi Protected Access II (WPA2) has a “master/slave” communications compliant communication protocols. replaced the original WiFi Protected protocol. The master (usually a terminal) These technologies all utilize the same Access (WPA) protocol and the Wired is in charge of providing a carrier and frequency band, and typically operate Equivalent Privacy (WEP) protocol to controlling the transaction sequence. within a range as large as 70 meters reinforce WiFi secure connections. The carrier signal represents both a indoors and up to 250 meters outdoors. However, questions remain as to source of power for the HSM and a whether the current wireless standards communication vector. The slave (usually However, because of the wide operating are suitable for meeting today’s a smartcard) operates only upon request ranges available, wireless technology more demanding concerns in secure from the master, and is powered solely presents a unique set of risks for secure over-the-air transactions. by the terminal's carrier. The connection transactions. Attackers can position interface usually provides a limited range themselves at a safe distance from Assessing System Risks area, typically not more than a couple of legitimate communication activities The total cost to ensure the security centimeters. The HSM processes terminal and remain undetected. In addition, of over-the-air transactions may be requests in a secure manner, thereby since wireless devices remain active as significant since the complexity involved representing a key element in overall long as they are powered, their regular in developing a completely secure system system reliability and security. signal emission can be more easily requires additional hardware resources Over-the-air operation offers the detected and exploited. and development time. However, advantage of limiting harmful Initially, wireless technology was mainly it is possible to find an appropriate, manipulation of the contactless device. devoted to the exchange of data between cost-effective solution by identifying Unlike contact-based systems, a card two paired devices. However, many likely risks and determining an acceptable holder in a contactless system is exempt wireless systems now afford one-to-many level of risk. Risk management relies on from inserting the device in a reader, or many-to-many connections, a vulnerability analysis that identifies thereby significantly reducing transaction strengthening the need for more secure potential threats in the context of the duration. Further, since the range area is data exchanges. As such, authentication system’s actual use, and defines security limited to a couple of centimeters, there requirements are now necessary to requirements to address those threats. page 3
Moving From Contactless to Wireless Technologies A vulnerability analysis begins by creating an in-depth profile of a potential attack, including the context within which an attack could occur and the possible motives of an attacker. Then, a list of vulnerable assets or sensitive operations is drawn up. Once potential threats and their targets are clearly identified it is possible to define minimum security requirements and implement appropriate security measures. These measures can include existing fraud techniques or by designing new approaches during the system development process. Confidentiality Cryptographic keys are the heart of any secure system. Since their disclosure can significantly compromise system security, preserving their confidentiality should be the highest priority. But the need for confidentiality also extends to information and other assets transmitted in over-the-air communications, since unauthorized parties can intercept these data transfers. This is why secure WiFi data transfers are encrypted in secured mode usage. When addressing matters of confidentiality, it is necessary to distinguish between private data processed internally from data exchanged through the communication channel. Internally processed data, such as cryptographic keys, are typically subject to physical attacks, and distant attacks are infrequently used to access such data. However, private data accessible through the communication channel represents a potential target and must be thoroughly protected. Authentication Authentication enables a system to restrict access to sensitive operations or data by requiring the use of trusted data. For example, accessing a secure WiFi connection typically requires the knowledge of a key or a pass phrase. As wireless and contactless systems become more open, strong authentication requirements are essential to eliminating illegal access to sensitive assets. Privacy Privacy becomes an issue when an unauthorized person successfully obtains personal user information. The information disclosure does not directly affect a system security, but it can be exploited to a user's detriment. By collecting some user's representative data from a device, it becomes possible to identify or to track an individual user or his/her habits. For instance, ePassport devices have been designed to withstand illegal holder identifications, preventing anyone from accessing a authorized holder's name or picture. Over-the-air communications are especially vulnerable to privacy concerns, since there is no physical restriction to prevent a transaction with a secure device. In such cases, specific protections that combine strong authentication with high confidentiality are of paramount importance. Users are likely to reject any technology solution that does not offer the highest levels of privacy reliability. page 4

Recommended for you

Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security

This paper proposes a protocol for Wireless Sensor Networks and its security which are characterized by severely constrained computational and energy resources, and an ad hoc operational environment. The paper first introduces sensor networks, and discusses security issues and goals along with security problems, threats, and risks in sensor networks. It describes crippling attacks against all of them and suggests countermeasures and design considerations. It gives a brief introduction of proposed security protocol SPINS whose building blocks are SNEP and μTESLA which overcome all the important security threats and problems and achieves security goals like data confidentiality, freshness, authentication in order to provide a secure Wireless Sensor Network

 
by IJERA Editor
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...

Radio Frequency IDentification (RFID) and Wireless Sensor Networks (WSN) are the two most prominent wireless technologies for implementing a complete smart environment for the Internet of Things (IoT). Both RFID and WSN are resource constraint devices, which forces us to go for lightweight cryptography for security purposes. Security in terms of confidentiality, integrity, authentication, authorization, and availability. Key management is one of the major constraints for resource constraint mobile sensor devices. This work is an extension of the work done by Kumar et al. using efficient error prediction and limit of agreement for anomaly score. This work ensures cryptographic property, availability, in RFID-WSN integrated network through outlier detection mechanism for 50 to 5000 nodes network. Through detection ratios and anomaly scores system is tested against outliers. The proposed outlier detection mechanism identifies the inliers and outliers through anomaly score for protection against Denial-of-Service (DoS) attack. Intruders can be detected in few milliseconds without giving any conflict to the access rights. In terms of throughput, a minimum improvement of 6.2% and a maximum of 219.9% is observed for the proposed protocol as compared to Kumar et al. Protocol and in terms of percentage of Packet Delivery Ratio (PDR), a minimum improvement of 8.9% and a maximum of 19.5% is observed for the proposed protocol as compared to Kumar et al. protocol.

 
by IJCNCJournal
wsnmanetrfid
7215nsa05
7215nsa057215nsa05
7215nsa05

The document discusses security issues with 4G networks. It first provides an overview of 4G network architecture, including the IP Multimedia Subsystem security architecture and next generation network security architecture. It then discusses eight security dimensions for 4G networks: access control, authentication, non-repudiation, data confidentiality, communication security, data integrity, availability, and privacy. Finally, it outlines some specific security issues with 4G, including physical layer issues, WiMAX MAC layer issues, denial of service attacks, and Wi-Fi security issues.

 
by Shivanand Manjaragi
Moving From Contactless to Wireless Technologies Data and Transaction Integrity Assessing External reasons, concealing rogue hardware to A secure transaction relies on both a Security Risks catch contact-based transaction fraud is defined sequence of operations and the Conducting a secure over-the-air not an easy task, especially since it must exchange of data between different transaction potentially means that be operated at relatively close range. devices. The security of a transaction can anyone is a prospective participant, However, for contactless or wireless be compromised by either violating the either as a passive or an active player. devices, this technique becomes sequence of commands, such as skipping An individual with malicious intent highly probable and can take place an authentication step, or by modifying could then attempt to compromise the from a distance. or tampering with the data exchange security of a transaction in such a way The threat from eavesdropping is itself. Communication integrity can only that a fraud would go undetected by a already well-known in the wireless field. be achieved through a combination of user. The balance of this paper focuses Dedicated software, such as Wireshark strong protocol design and a secure on external threats, which are potentially or hardware sniffers for Zigbee, is readily implementation. This is particularly as damaging as those originating from available through the Internet, making important for over-the-air channels, system-based considerations. the potential for eavesdropping on which are essentially unsecured. Eavesdropping wireless communications fairly common. Service Reliability However, such easy access is not routinely Incidents involving denial of services Over-the-air communication offers available for contactless communications, attacks have increased dramatically of anyone capable of intercepting a physical which require possession and use of late. The goal of such attacks is to create signal the opportunity to interpret it and relatively specialized equipment for a partial or a complete interruption of partially or fully retrieve any information collecting and interpreting signals. service, potentially compromising the being exchanged. This approach considerably increases the distance from Data Corruption security of a system or an operation and providing an immediate gain for an which an attacker can operate when Data corruption consists of the insertion attacker. Alternatively, a denial of service compared with the normal range area of or the modification of data exchanged attack may represent an attempt to use. Obviously, the goal of eavesdropping during an official transaction. The goal reveal a system’s underlying weakness, is to obtain access to the data being may be to change a normal transaction undermining a user’s perception exchanged during a transaction. Even sequence, for example, skipping a of security. a partial disclosure of data through this control or an authentication process. This Service reliability is particularly important approach can potentially impact the attack technique has been successfully for contactless and wireless devices, since privacy or confidentiality of the demonstrated on a contact-based chip they are exposed to distant attacks. The user's data. and PIN product, in which the change denial of service risk is particularly critical of a single byte led to the successful Eavesdropping on a transaction in process when devices can be compromised to completion of a payment transaction is not a novel approach. For instance, provide unauthorized access that can that bypassed the PIN verification result.2 contact-based banking cards may be ultimately lead to the collapse of entire subject to data disclosure when a secret For both contactless and wireless systems. This is no longer a theoretical possibility, as some industry researchers personal identification number (PIN) is technologies, inserting different data have successfully inserted a self- transferred in plain text, justifying the use during a communication is not an obvious replicating malware computer program, of a corresponding encrypted command. choice, since tampering directly with i.e., a worm, into a local electric system The main difficulty lies in making an the physical signals of devices that are using the wireless interface of a system’s attack transparent to a cardholder communicating in close proximity to one smart meters. 1 or merchant. For obvious ergonomic another is neither easy nor realistic. page 5
Moving From Contactless to Wireless Technologies However, one way to overcome this and then proceed with an attack. An Skimming is only possible when the challenge is to initiate a transaction attack from outside the vicinity of the attacker has the ability to communicate by the use of relays. Relays are modules devices by means of relays is likely to directly with the device. For this reason, whose function is to transfer data using escape detection. Therefore, as with data systems that allow distant access are the same or a different channel. By using corruption, the risk level is correlated with particularly vulnerable to this form of a relay, an attacker can artificially the operating range of the technology. attack. As a potential consequence, an initiate a transaction between two individual with malicious intent may Skimming devices that would normally be too far obtain access to unprotected data, or may apart to communicate with each other, Skimming is one of the most common challenge the security protocols with the techniques for attacking a wireless intent of finding a breach. thereby creating the opportunity to corrupt the data using the system. Its aim is to initiate a fake However, as before, the operating range of “man-in-the-middle” technique. 3 transaction without the consent of a the technology may be a factor in whether device owner. As a result, private or skimming can occur. This is particularly “Man-in-the-Middle” sensitive information can be disclosed. true for contactless technology, the range Another means of corrupting data is the Skimming can also be used to locate area of which is limited to a couple of so-called “man-in-the-middle” technique, and subsequently exploit protocol centimeters. Expanding this range area is in which an attacker positions a malicious weaknesses, such as authentication, and complicated, particularly when the radio device in a genuine transaction between is an excellent method for initiating a frequency carrier must also supply power two devices. To be effective, a malicious denial of service. to the device. device must ensure that both devices believe that they are connected with each other, when they are in reality communicating directly with a malicious device alone. In this way, an attacker may gain unauthorized access to confidential information, or may be able to corrupt the data being exchanged. In a contactless or wireless context, initiating a man-in-the-middle attack in the vicinity of both devices is not a simple process. Indeed, the malicious device must first catch the attention of each device in a one-to-one mode, and then prevent them from directly communicating with one another. In an environment in which multiple devices are operating in the same physical vicinity and are receiving all communication, a physical corruption of signals is unlikely. A more realistic option would be to take advantage of the communication protocol to gain access to both devices page 6
Moving From Contactless to Wireless Technologies Some researchers have investigated the maximum communications distances possible with contactless devices. 4 It is interesting to note that the reading range of contactless devices can reach one meter or slightly more using specific types of materials, compared to a normal range area of a couple of centimeters. However, most research confirms that an attack must take place in close proximity to a cardholder. The distance limitation vanishes with wireless technology. The effect range area expands to several meters, even dozens of meters, typically well within the distance between two apartments in a building, for example. As a consequence, wireless technology is particularly vulnerable to skimming, especially since the attacker can remain hidden. Indeed, some software tools using this technique have been developed to exploit weaknesses in WEP or WPA protocols of WiFi secure connections. Side-Channels Attacks To appropriately address security issues for sensitive applications, it is necessary to remember that communication code is processed by hardware. Some attacks methods have been developed that exploit the physical aspect of processing, defeating otherwise robust specifications or designs. As a result, observation analyses may use hardware to understand internal processing and potentially modify code execution, and may result in the disclosure of confidential data through the analysis of inevitable hardware leakages. Since contactless devices are powered by a carrier supplied by a terminal, an attacker can take advantage of this design to conduct side-channel attacks. Such attacks monitor the device’s internal activity by analyzing the microscopic fluctuations on the carrier signal. As a result, unprotected data may be disclosed using either simple or statistical analyses. Cryptographic keys are particularly vulnerable to this kind of attack.5 Interestingly, this threat does not impact wireless systems, since power is supplied directly to both devices, and the radio frequency signal serves only as a communication vector. As a result, an attacker is not able to directly monitor power fluctuations or remotely analyze internal processing. However, this does not mean that it is not worth protecting devices against this kind of attack, since the risk still exists from attackers who have physical access to a device. page 7
Moving From Contactless to Wireless Technologies Conclusion This white paper has illustrated some of the security challenges inherent in the migration of secure transaction systems from contactless to wireless technologies. Indeed, wireless technology introduces a range of distant attack techniques that can compromise system security. Further, the attack profile is significantly different with the use of wireless technology, since an attacker can safely remain at some distance from targeted devices. The emerging use of wireless technology for secure transactions means that any risk assessment process must include an in-depth vulnerability analysis adapted to the unique conditions presented by the technology. Such an analysis must include possible threats, acceptable level of risk, and techniques in the protocol or device design that can be used to mitigate any weaknesses. The successful introduction of a secure transaction solution requires that both service providers and users have high level of confidence that private or confidential data will remain secure. Guarantees from a manufacturer of wireless devices can aid in the development of the required confidence. Device certification by independent testing laboratories supervised by competent authorities is also an essential element in assuring both system operators and end users that important information will remain protected. Through its RFI Global Services, Ltd. subsidiary, UL has consulting and testing expertise in wireless mobile communications, payment approval services, and wireless security evaluations, the three primary areas involved in secure mobile payments. For more information about the “Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions” white paper, contact Jean-Luc Khaou, RFI Payments and Security Manager at Jean-Luc.Khaou@uk.ul.com. 1 Davis, M. “Smart Grid Device Security: Adventures in a New Medium.” Presentation delivered at Black Hat USA, 2009. Web. 15 Jul 2011. http://www.ioactive.com/pdfs/SmartMeterBlackHat09Preso.pdf 2 Murdoch, S., Drimer, S., Anderson, R., Bond, M. “Chip and PIN is Broken.” IEEE Symposium on Security and Privacy, 2011. Web. 15 Jul 2011. http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf 3 The Computer Laboratory at the University of Cambridge has posted on its web site an interesting illustration of an attack using the relay technique, in which a presumably straightforward payment for a sandwich is modified to pay for expensive jewelry, all without the cardholder’s knowledge. See Drimer, S. and Murdoch, S. “Chip & PIN (EMV) Relay Attacks.” Computer Laboratory. University of Cambridge, 2008. Web. 15 Jul 2011. http://www.cl.cam.ac.uk/research/security/banking/relay/ 4 Koscher, K., Juels, A., Brajkovic, V., Kohno, T. “EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond.” 16th ACM Conference on Computer and Communications Security, 2009. Web. 15 Jul 2011. http://www.cs.washington.edu/homes/yoshi/papers/RFID/ccs280-koscher.pdf 5 This technique has been adapted from the simple power analysis introduced in Kocher, P. “Timing Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems.” Dans Advances in Cryptology CRYPTO 96, volume 1109 de Lecture Notes in Computer Science, pages 104-113. Springer. 1996. ©2011 Underwriters Laboratories Inc. All rights reserved. No part of this document may be copied or distributed without the prior written consent of Underwriters Laboratories Inc. 9/11 page 8

Recommended for you

Wrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowWrapped rsa cryptography check on window
Wrapped rsa cryptography check on window

This document summarizes an article from the International Journal of Computer Engineering and Technology. The article proposes using an FPGA-based hardware dongle to securely implement RSA cryptography and prevent secret software information from being extracted. It describes using the FPGA to perform half of the RSA encryption process, with the other half decrypted on the software side. The document provides details on the RSA encryption algorithm, FPGA programming, a design for interfacing between a computer and the FPGA dongle, and results of encrypting data with the proposed system. It concludes the approach provides a way to wrap the RSA layer and restrict applications from running without a connected dongle.

 
by iaemedu
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...

With the growing usage of wireless sensors in a variety of applications including Internet of Things, the security aspects of wireless sensor networks have been on priority for the researchers. Due to the constraints of resources in wireless sensor networks, it has been always a challenge to design efficient security protocols for wireless sensor networks. An novel elliptic curve signcryption based security protocol for wireless sensor networks has been presented in this paper, which provides anonymity, confidentiality, mutual authentication, forward security, secure key establishment, and key privacy at the same time providing resistance from replay attack, impersonation attack, insider attack, offline dictionary attack, and stolen-verifier attack. Results have revealed that the proposed elliptic curve signcryption based protocol consumes the least time in comparison to other protocols while providing the highest level of security.

 
by IJCNCJournal
wireless sensor networksecurityprotocol
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises

This document discusses improving wireless security for enterprise/corporate users compared to home users. It analyzes security threats like encryption attacks and outlines techniques like WEP, WPA, and WPA2. The key points are: 1) Wireless networks are vulnerable to attacks using tools like AirSnort but techniques like WPA2 with AES encryption provide stronger security. 2) Corporate networks require robust security as they contain sensitive customer data, while basic techniques like WEP may suffice for home networks. 3) The document recommends home users enable security settings and use WPA-PSK encryption to protect their wireless networks.

 
by shrutisreddy

More Related Content

What's hot

Identifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyIdentifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities Survey
Clayton Hatathlie
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
IJNSA Journal
 
Security Models in Cellular Wireless Networks
Security Models in Cellular Wireless NetworksSecurity Models in Cellular Wireless Networks
Security Models in Cellular Wireless Networks
William Chipman
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
IJERA Editor
 
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
IJCNCJournal
 
7215nsa05
7215nsa057215nsa05
7215nsa05
Shivanand Manjaragi
 
Wrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowWrapped rsa cryptography check on window
Wrapped rsa cryptography check on window
iaemedu
 
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
IJCNCJournal
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises
shrutisreddy
 
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGESA SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
Editor IJCTER
 
50120140507012
5012014050701250120140507012
50120140507012
IAEME Publication
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks security
elango30
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
IAEME Publication
 
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Djadja Sardjana
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
IRJET Journal
 
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPCo-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
IJNSA Journal
 
169
169169
169
vivatechijri
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
IJERA Editor
 
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESEFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
IJNSA Journal
 

What's hot (19)

Identifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities SurveyIdentifying Security Vulnerabilities Survey
Identifying Security Vulnerabilities Survey
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
Security Models in Cellular Wireless Networks
Security Models in Cellular Wireless NetworksSecurity Models in Cellular Wireless Networks
Security Models in Cellular Wireless Networks
 
Protocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its SecurityProtocols for Wireless Sensor Networks and Its Security
Protocols for Wireless Sensor Networks and Its Security
 
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...
 
7215nsa05
7215nsa057215nsa05
7215nsa05
 
Wrapped rsa cryptography check on window
Wrapped rsa cryptography check on windowWrapped rsa cryptography check on window
Wrapped rsa cryptography check on window
 
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises
 
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGESA SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
 
50120140507012
5012014050701250120140507012
50120140507012
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks security
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
 
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
 
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPCo-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
 
169
169169
169
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESEFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
 

Similar to Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions

Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
Edie II
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis MPhil/MRes/BSc
 
Security and privacy issues of pervasive computing
Security and privacy issues of pervasive computingSecurity and privacy issues of pervasive computing
Security and privacy issues of pervasive computing
Ram kumar
 
1Table of Contents.docx
1Table of Contents.docx1Table of Contents.docx
1Table of Contents.docx
felicidaddinwoodie
 
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmA Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
Editor IJMTER
 
A Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless NetworksA Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless Networks
Scott Bou
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
Marynol Cahinde
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
Network Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityNetwork Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided security
slametarrokhim1
 
Wsn
WsnWsn
Wsn
Sasi Kumar
 
Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Ichci13 submission 104 (1)
Ichci13 submission 104 (1)
Saravana Kumar
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Chema Alonso
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11i
inventionjournals
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
Altaware, Inc.
 
Paper1
Paper1Paper1
Paper1
SpacSec
 
A Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc NetworksA Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc Networks
International Journal for management Science and Technology - https://www.ijmst.com/
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
Ankit Anand
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
LinkedIn
 

Similar to Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions (20)

Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
 
Security and privacy issues of pervasive computing
Security and privacy issues of pervasive computingSecurity and privacy issues of pervasive computing
Security and privacy issues of pervasive computing
 
1Table of Contents.docx
1Table of Contents.docx1Table of Contents.docx
1Table of Contents.docx
 
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmA Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin Algorithm
 
A Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless NetworksA Literature Review Of Security Threats To Wireless Networks
A Literature Review Of Security Threats To Wireless Networks
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
Network Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided securityNetwork Security Roadmap have some perception of provided security
Network Security Roadmap have some perception of provided security
 
Wsn
WsnWsn
Wsn
 
Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Ichci13 submission 104 (1)
Ichci13 submission 104 (1)
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksLiving in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11i
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
 
Paper1
Paper1Paper1
Paper1
 
A Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc NetworksA Survey of Security Approaches for Wireless Adhoc Networks
A Survey of Security Approaches for Wireless Adhoc Networks
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
 

More from Underwriters Laboratories

UL-2015-Annual-Report_11x8_V5-compressed
UL-2015-Annual-Report_11x8_V5-compressedUL-2015-Annual-Report_11x8_V5-compressed
UL-2015-Annual-Report_11x8_V5-compressed
Underwriters Laboratories
 
Pharmaceuticals and Personal Care Products in Drinking Water
Pharmaceuticals and Personal Care Products in Drinking WaterPharmaceuticals and Personal Care Products in Drinking Water
Pharmaceuticals and Personal Care Products in Drinking Water
Underwriters Laboratories
 
Applied Safety Science and Engineering Techniques (ASSET)
Applied Safety Science and Engineering Techniques (ASSET)Applied Safety Science and Engineering Techniques (ASSET)
Applied Safety Science and Engineering Techniques (ASSET)
Underwriters Laboratories
 
Smoke Alarms and the Modern Residence Fire
Smoke Alarms and the Modern Residence FireSmoke Alarms and the Modern Residence Fire
Smoke Alarms and the Modern Residence Fire
Underwriters Laboratories
 
Ul wp final_medical device approvals in brazil_v6
Ul wp final_medical device approvals in brazil_v6Ul wp final_medical device approvals in brazil_v6
Ul wp final_medical device approvals in brazil_v6
Underwriters Laboratories
 
Eu approval of host devices with integrated wireless modules v5
Eu approval of host devices with integrated wireless modules v5Eu approval of host devices with integrated wireless modules v5
Eu approval of host devices with integrated wireless modules v5
Underwriters Laboratories
 
A new approach to safety for a v and ict equipment-iec 62368-1 v6
A new approach to safety for a v and ict equipment-iec 62368-1 v6A new approach to safety for a v and ict equipment-iec 62368-1 v6
A new approach to safety for a v and ict equipment-iec 62368-1 v6
Underwriters Laboratories
 
The Life Cycle of Materials -- How New Phone Technology Affects the Environment
The Life Cycle of Materials -- How New Phone Technology Affects the EnvironmentThe Life Cycle of Materials -- How New Phone Technology Affects the Environment
The Life Cycle of Materials -- How New Phone Technology Affects the Environment
Underwriters Laboratories
 
UL White Paper - Revisiting Flammable Refrigerants
UL White Paper - Revisiting Flammable RefrigerantsUL White Paper - Revisiting Flammable Refrigerants
UL White Paper - Revisiting Flammable Refrigerants
Underwriters Laboratories
 
UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...
UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...
UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...
Underwriters Laboratories
 
UL White Paper Dielectric Voltage Withstand Test
UL White Paper Dielectric Voltage Withstand TestUL White Paper Dielectric Voltage Withstand Test
UL White Paper Dielectric Voltage Withstand Test
Underwriters Laboratories
 
The Dielectric Voltage Withstand Test Executive Summary
The Dielectric Voltage Withstand Test Executive SummaryThe Dielectric Voltage Withstand Test Executive Summary
The Dielectric Voltage Withstand Test Executive Summary
Underwriters Laboratories
 
Safety Issues for Lithium-Ion Batteries
Safety Issues for Lithium-Ion BatteriesSafety Issues for Lithium-Ion Batteries
Safety Issues for Lithium-Ion Batteries
Underwriters Laboratories
 
New safety standard for high tech products accommodates future
New safety standard for high tech products accommodates futureNew safety standard for high tech products accommodates future
New safety standard for high tech products accommodates future
Underwriters Laboratories
 

More from Underwriters Laboratories (14)

UL-2015-Annual-Report_11x8_V5-compressed
UL-2015-Annual-Report_11x8_V5-compressedUL-2015-Annual-Report_11x8_V5-compressed
UL-2015-Annual-Report_11x8_V5-compressed
 
Pharmaceuticals and Personal Care Products in Drinking Water
Pharmaceuticals and Personal Care Products in Drinking WaterPharmaceuticals and Personal Care Products in Drinking Water
Pharmaceuticals and Personal Care Products in Drinking Water
 
Applied Safety Science and Engineering Techniques (ASSET)
Applied Safety Science and Engineering Techniques (ASSET)Applied Safety Science and Engineering Techniques (ASSET)
Applied Safety Science and Engineering Techniques (ASSET)
 
Smoke Alarms and the Modern Residence Fire
Smoke Alarms and the Modern Residence FireSmoke Alarms and the Modern Residence Fire
Smoke Alarms and the Modern Residence Fire
 
Ul wp final_medical device approvals in brazil_v6
Ul wp final_medical device approvals in brazil_v6Ul wp final_medical device approvals in brazil_v6
Ul wp final_medical device approvals in brazil_v6
 
Eu approval of host devices with integrated wireless modules v5
Eu approval of host devices with integrated wireless modules v5Eu approval of host devices with integrated wireless modules v5
Eu approval of host devices with integrated wireless modules v5
 
A new approach to safety for a v and ict equipment-iec 62368-1 v6
A new approach to safety for a v and ict equipment-iec 62368-1 v6A new approach to safety for a v and ict equipment-iec 62368-1 v6
A new approach to safety for a v and ict equipment-iec 62368-1 v6
 
The Life Cycle of Materials -- How New Phone Technology Affects the Environment
The Life Cycle of Materials -- How New Phone Technology Affects the EnvironmentThe Life Cycle of Materials -- How New Phone Technology Affects the Environment
The Life Cycle of Materials -- How New Phone Technology Affects the Environment
 
UL White Paper - Revisiting Flammable Refrigerants
UL White Paper - Revisiting Flammable RefrigerantsUL White Paper - Revisiting Flammable Refrigerants
UL White Paper - Revisiting Flammable Refrigerants
 
UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...
UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...
UL Executive Summary - Revisiting Flammable Refrigerants in HVAC Equipment an...
 
UL White Paper Dielectric Voltage Withstand Test
UL White Paper Dielectric Voltage Withstand TestUL White Paper Dielectric Voltage Withstand Test
UL White Paper Dielectric Voltage Withstand Test
 
The Dielectric Voltage Withstand Test Executive Summary
The Dielectric Voltage Withstand Test Executive SummaryThe Dielectric Voltage Withstand Test Executive Summary
The Dielectric Voltage Withstand Test Executive Summary
 
Safety Issues for Lithium-Ion Batteries
Safety Issues for Lithium-Ion BatteriesSafety Issues for Lithium-Ion Batteries
Safety Issues for Lithium-Ion Batteries
 
New safety standard for high tech products accommodates future
New safety standard for high tech products accommodates futureNew safety standard for high tech products accommodates future
New safety standard for high tech products accommodates future
 

Recently uploaded

Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Erasmo Purificato
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
20240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 202420240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 2024
Matthew Sinclair
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
Liveplex
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
Enterprise Wired
 
Measuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at TwitterMeasuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at Twitter
ScyllaDB
 
WPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide DeckWPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide Deck
Lidia A.
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing SystemsMitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing Systems
ScyllaDB
 
Research Directions for Cross Reality Interfaces
Research Directions for Cross Reality InterfacesResearch Directions for Cross Reality Interfaces
Research Directions for Cross Reality Interfaces
Mark Billinghurst
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
Aurora Consulting
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
UiPathCommunity
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
Stephanie Beckett
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 

Recently uploaded (20)

Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
20240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 202420240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 2024
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
 
Measuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at TwitterMeasuring the Impact of Network Latency at Twitter
Measuring the Impact of Network Latency at Twitter
 
WPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide DeckWPRiders Company Presentation Slide Deck
WPRiders Company Presentation Slide Deck
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing SystemsMitigating the Impact of State Management in Cloud Stream Processing Systems
Mitigating the Impact of State Management in Cloud Stream Processing Systems
 
Research Directions for Cross Reality Interfaces
Research Directions for Cross Reality InterfacesResearch Directions for Cross Reality Interfaces
Research Directions for Cross Reality Interfaces
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 

Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions

  • 1. Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions
  • 2. Moving From Contactless to Wireless Technologies Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions The ability to process secure transactions over-the-air has transformed daily life. From digital payments, border or premises controls, healthcare records, and even transportation ticketing, over-the-air transactions are no longer a novelty but an integral part of the daily interaction with the world. However, over-the-air transaction services must continuously ensure the security of sensitive information, while exploiting the use of secure technologies that protect user information from real and potential threats. Until now, contactless technology has been the most efficient and cost-effective method for processing over-the-air transactions. Unfortunately, the small operating range of the technology, typically just a few centimeters, is too restrictive for many applications. As a consequence, developers are increasingly turning to wireless technology as a way of overcoming the limitations of contactless systems. Wireless devices not only support an extended range of operation, but offer significantly enhanced system capabilities. While wireless standards, such as WiFi and Bluetooth, are relatively mature and provide a stable development environment for manufacturers, efforts to address the use of wireless technology to process secure transactions are only now emerging. This UL white paper discusses some of the many issues and challenges that must be addressed in the future deployment of wireless technology for the processing of secure transactions. It begins with a discussion of the strengths and limitations of both contactless and wireless technologies. The white paper then reviews and assesses internal system risks, as well as external security concerns, for both technologies. The paper concludes with some thoughts on the future use of wireless technology in secure transactions, and how manufacturers can provide assurances to both system providers and users regarding the security of their private data. page 2
  • 3. Moving From Contactless to Wireless Technologies “Contactless” vs. “Wireless” are significant impediments to efficient, minimize the risk of disclosing private Today, contactless technology is the large-scale attacks. Nonetheless, the data and to prevent unauthorized access method of choice for many secure communication channel itself represents to services. In addition, security has transactions. A secure transaction a potential source of threats, since any become an important element for user is composed of a secure operations individual with malicious intent can acceptance, since few users would utilize sequence such as identification, secretly participate in a transaction WiFi connections if doing so routinely authentication and encryption. These simply by locating themselves within exposed personal information to operations routinely handle highly close proximity to a system. unauthorized parties. sensitive information, such as secret Wireless technology, on the other hand, In an effort to address these concerns, cryptographic keys or user-related means any technology connecting industry standards are being reviewed personal data. Hardware secure standalone devices over the air using and revised to include additional elements (HSM), such as smartcards, the 5GHz frequency band. This includes security requirements. For example, are usually employed to process most of the wireless technologies that the 2007 Bluetooth v2.1 release sensitive information securely are common in everyday life, such introduced significant improvements and efficiently. as WiFi connections available with aimed at strengthening the wireless computers and home automation communication pairing process. Similarly, Contactless systems typically follow systems utilizing Bluetooth or Zigbee- WiFi Protected Access II (WPA2) has a “master/slave” communications compliant communication protocols. replaced the original WiFi Protected protocol. The master (usually a terminal) These technologies all utilize the same Access (WPA) protocol and the Wired is in charge of providing a carrier and frequency band, and typically operate Equivalent Privacy (WEP) protocol to controlling the transaction sequence. within a range as large as 70 meters reinforce WiFi secure connections. The carrier signal represents both a indoors and up to 250 meters outdoors. However, questions remain as to source of power for the HSM and a whether the current wireless standards communication vector. The slave (usually However, because of the wide operating are suitable for meeting today’s a smartcard) operates only upon request ranges available, wireless technology more demanding concerns in secure from the master, and is powered solely presents a unique set of risks for secure over-the-air transactions. by the terminal's carrier. The connection transactions. Attackers can position interface usually provides a limited range themselves at a safe distance from Assessing System Risks area, typically not more than a couple of legitimate communication activities The total cost to ensure the security centimeters. The HSM processes terminal and remain undetected. In addition, of over-the-air transactions may be requests in a secure manner, thereby since wireless devices remain active as significant since the complexity involved representing a key element in overall long as they are powered, their regular in developing a completely secure system system reliability and security. signal emission can be more easily requires additional hardware resources Over-the-air operation offers the detected and exploited. and development time. However, advantage of limiting harmful Initially, wireless technology was mainly it is possible to find an appropriate, manipulation of the contactless device. devoted to the exchange of data between cost-effective solution by identifying Unlike contact-based systems, a card two paired devices. However, many likely risks and determining an acceptable holder in a contactless system is exempt wireless systems now afford one-to-many level of risk. Risk management relies on from inserting the device in a reader, or many-to-many connections, a vulnerability analysis that identifies thereby significantly reducing transaction strengthening the need for more secure potential threats in the context of the duration. Further, since the range area is data exchanges. As such, authentication system’s actual use, and defines security limited to a couple of centimeters, there requirements are now necessary to requirements to address those threats. page 3
  • 4. Moving From Contactless to Wireless Technologies A vulnerability analysis begins by creating an in-depth profile of a potential attack, including the context within which an attack could occur and the possible motives of an attacker. Then, a list of vulnerable assets or sensitive operations is drawn up. Once potential threats and their targets are clearly identified it is possible to define minimum security requirements and implement appropriate security measures. These measures can include existing fraud techniques or by designing new approaches during the system development process. Confidentiality Cryptographic keys are the heart of any secure system. Since their disclosure can significantly compromise system security, preserving their confidentiality should be the highest priority. But the need for confidentiality also extends to information and other assets transmitted in over-the-air communications, since unauthorized parties can intercept these data transfers. This is why secure WiFi data transfers are encrypted in secured mode usage. When addressing matters of confidentiality, it is necessary to distinguish between private data processed internally from data exchanged through the communication channel. Internally processed data, such as cryptographic keys, are typically subject to physical attacks, and distant attacks are infrequently used to access such data. However, private data accessible through the communication channel represents a potential target and must be thoroughly protected. Authentication Authentication enables a system to restrict access to sensitive operations or data by requiring the use of trusted data. For example, accessing a secure WiFi connection typically requires the knowledge of a key or a pass phrase. As wireless and contactless systems become more open, strong authentication requirements are essential to eliminating illegal access to sensitive assets. Privacy Privacy becomes an issue when an unauthorized person successfully obtains personal user information. The information disclosure does not directly affect a system security, but it can be exploited to a user's detriment. By collecting some user's representative data from a device, it becomes possible to identify or to track an individual user or his/her habits. For instance, ePassport devices have been designed to withstand illegal holder identifications, preventing anyone from accessing a authorized holder's name or picture. Over-the-air communications are especially vulnerable to privacy concerns, since there is no physical restriction to prevent a transaction with a secure device. In such cases, specific protections that combine strong authentication with high confidentiality are of paramount importance. Users are likely to reject any technology solution that does not offer the highest levels of privacy reliability. page 4
  • 5. Moving From Contactless to Wireless Technologies Data and Transaction Integrity Assessing External reasons, concealing rogue hardware to A secure transaction relies on both a Security Risks catch contact-based transaction fraud is defined sequence of operations and the Conducting a secure over-the-air not an easy task, especially since it must exchange of data between different transaction potentially means that be operated at relatively close range. devices. The security of a transaction can anyone is a prospective participant, However, for contactless or wireless be compromised by either violating the either as a passive or an active player. devices, this technique becomes sequence of commands, such as skipping An individual with malicious intent highly probable and can take place an authentication step, or by modifying could then attempt to compromise the from a distance. or tampering with the data exchange security of a transaction in such a way The threat from eavesdropping is itself. Communication integrity can only that a fraud would go undetected by a already well-known in the wireless field. be achieved through a combination of user. The balance of this paper focuses Dedicated software, such as Wireshark strong protocol design and a secure on external threats, which are potentially or hardware sniffers for Zigbee, is readily implementation. This is particularly as damaging as those originating from available through the Internet, making important for over-the-air channels, system-based considerations. the potential for eavesdropping on which are essentially unsecured. Eavesdropping wireless communications fairly common. Service Reliability However, such easy access is not routinely Incidents involving denial of services Over-the-air communication offers available for contactless communications, attacks have increased dramatically of anyone capable of intercepting a physical which require possession and use of late. The goal of such attacks is to create signal the opportunity to interpret it and relatively specialized equipment for a partial or a complete interruption of partially or fully retrieve any information collecting and interpreting signals. service, potentially compromising the being exchanged. This approach considerably increases the distance from Data Corruption security of a system or an operation and providing an immediate gain for an which an attacker can operate when Data corruption consists of the insertion attacker. Alternatively, a denial of service compared with the normal range area of or the modification of data exchanged attack may represent an attempt to use. Obviously, the goal of eavesdropping during an official transaction. The goal reveal a system’s underlying weakness, is to obtain access to the data being may be to change a normal transaction undermining a user’s perception exchanged during a transaction. Even sequence, for example, skipping a of security. a partial disclosure of data through this control or an authentication process. This Service reliability is particularly important approach can potentially impact the attack technique has been successfully for contactless and wireless devices, since privacy or confidentiality of the demonstrated on a contact-based chip they are exposed to distant attacks. The user's data. and PIN product, in which the change denial of service risk is particularly critical of a single byte led to the successful Eavesdropping on a transaction in process when devices can be compromised to completion of a payment transaction is not a novel approach. For instance, provide unauthorized access that can that bypassed the PIN verification result.2 contact-based banking cards may be ultimately lead to the collapse of entire subject to data disclosure when a secret For both contactless and wireless systems. This is no longer a theoretical possibility, as some industry researchers personal identification number (PIN) is technologies, inserting different data have successfully inserted a self- transferred in plain text, justifying the use during a communication is not an obvious replicating malware computer program, of a corresponding encrypted command. choice, since tampering directly with i.e., a worm, into a local electric system The main difficulty lies in making an the physical signals of devices that are using the wireless interface of a system’s attack transparent to a cardholder communicating in close proximity to one smart meters. 1 or merchant. For obvious ergonomic another is neither easy nor realistic. page 5
  • 6. Moving From Contactless to Wireless Technologies However, one way to overcome this and then proceed with an attack. An Skimming is only possible when the challenge is to initiate a transaction attack from outside the vicinity of the attacker has the ability to communicate by the use of relays. Relays are modules devices by means of relays is likely to directly with the device. For this reason, whose function is to transfer data using escape detection. Therefore, as with data systems that allow distant access are the same or a different channel. By using corruption, the risk level is correlated with particularly vulnerable to this form of a relay, an attacker can artificially the operating range of the technology. attack. As a potential consequence, an initiate a transaction between two individual with malicious intent may Skimming devices that would normally be too far obtain access to unprotected data, or may apart to communicate with each other, Skimming is one of the most common challenge the security protocols with the techniques for attacking a wireless intent of finding a breach. thereby creating the opportunity to corrupt the data using the system. Its aim is to initiate a fake However, as before, the operating range of “man-in-the-middle” technique. 3 transaction without the consent of a the technology may be a factor in whether device owner. As a result, private or skimming can occur. This is particularly “Man-in-the-Middle” sensitive information can be disclosed. true for contactless technology, the range Another means of corrupting data is the Skimming can also be used to locate area of which is limited to a couple of so-called “man-in-the-middle” technique, and subsequently exploit protocol centimeters. Expanding this range area is in which an attacker positions a malicious weaknesses, such as authentication, and complicated, particularly when the radio device in a genuine transaction between is an excellent method for initiating a frequency carrier must also supply power two devices. To be effective, a malicious denial of service. to the device. device must ensure that both devices believe that they are connected with each other, when they are in reality communicating directly with a malicious device alone. In this way, an attacker may gain unauthorized access to confidential information, or may be able to corrupt the data being exchanged. In a contactless or wireless context, initiating a man-in-the-middle attack in the vicinity of both devices is not a simple process. Indeed, the malicious device must first catch the attention of each device in a one-to-one mode, and then prevent them from directly communicating with one another. In an environment in which multiple devices are operating in the same physical vicinity and are receiving all communication, a physical corruption of signals is unlikely. A more realistic option would be to take advantage of the communication protocol to gain access to both devices page 6
  • 7. Moving From Contactless to Wireless Technologies Some researchers have investigated the maximum communications distances possible with contactless devices. 4 It is interesting to note that the reading range of contactless devices can reach one meter or slightly more using specific types of materials, compared to a normal range area of a couple of centimeters. However, most research confirms that an attack must take place in close proximity to a cardholder. The distance limitation vanishes with wireless technology. The effect range area expands to several meters, even dozens of meters, typically well within the distance between two apartments in a building, for example. As a consequence, wireless technology is particularly vulnerable to skimming, especially since the attacker can remain hidden. Indeed, some software tools using this technique have been developed to exploit weaknesses in WEP or WPA protocols of WiFi secure connections. Side-Channels Attacks To appropriately address security issues for sensitive applications, it is necessary to remember that communication code is processed by hardware. Some attacks methods have been developed that exploit the physical aspect of processing, defeating otherwise robust specifications or designs. As a result, observation analyses may use hardware to understand internal processing and potentially modify code execution, and may result in the disclosure of confidential data through the analysis of inevitable hardware leakages. Since contactless devices are powered by a carrier supplied by a terminal, an attacker can take advantage of this design to conduct side-channel attacks. Such attacks monitor the device’s internal activity by analyzing the microscopic fluctuations on the carrier signal. As a result, unprotected data may be disclosed using either simple or statistical analyses. Cryptographic keys are particularly vulnerable to this kind of attack.5 Interestingly, this threat does not impact wireless systems, since power is supplied directly to both devices, and the radio frequency signal serves only as a communication vector. As a result, an attacker is not able to directly monitor power fluctuations or remotely analyze internal processing. However, this does not mean that it is not worth protecting devices against this kind of attack, since the risk still exists from attackers who have physical access to a device. page 7
  • 8. Moving From Contactless to Wireless Technologies Conclusion This white paper has illustrated some of the security challenges inherent in the migration of secure transaction systems from contactless to wireless technologies. Indeed, wireless technology introduces a range of distant attack techniques that can compromise system security. Further, the attack profile is significantly different with the use of wireless technology, since an attacker can safely remain at some distance from targeted devices. The emerging use of wireless technology for secure transactions means that any risk assessment process must include an in-depth vulnerability analysis adapted to the unique conditions presented by the technology. Such an analysis must include possible threats, acceptable level of risk, and techniques in the protocol or device design that can be used to mitigate any weaknesses. The successful introduction of a secure transaction solution requires that both service providers and users have high level of confidence that private or confidential data will remain secure. Guarantees from a manufacturer of wireless devices can aid in the development of the required confidence. Device certification by independent testing laboratories supervised by competent authorities is also an essential element in assuring both system operators and end users that important information will remain protected. Through its RFI Global Services, Ltd. subsidiary, UL has consulting and testing expertise in wireless mobile communications, payment approval services, and wireless security evaluations, the three primary areas involved in secure mobile payments. For more information about the “Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Transactions” white paper, contact Jean-Luc Khaou, RFI Payments and Security Manager at Jean-Luc.Khaou@uk.ul.com. 1 Davis, M. “Smart Grid Device Security: Adventures in a New Medium.” Presentation delivered at Black Hat USA, 2009. Web. 15 Jul 2011. http://www.ioactive.com/pdfs/SmartMeterBlackHat09Preso.pdf 2 Murdoch, S., Drimer, S., Anderson, R., Bond, M. “Chip and PIN is Broken.” IEEE Symposium on Security and Privacy, 2011. Web. 15 Jul 2011. http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf 3 The Computer Laboratory at the University of Cambridge has posted on its web site an interesting illustration of an attack using the relay technique, in which a presumably straightforward payment for a sandwich is modified to pay for expensive jewelry, all without the cardholder’s knowledge. See Drimer, S. and Murdoch, S. “Chip & PIN (EMV) Relay Attacks.” Computer Laboratory. University of Cambridge, 2008. Web. 15 Jul 2011. http://www.cl.cam.ac.uk/research/security/banking/relay/ 4 Koscher, K., Juels, A., Brajkovic, V., Kohno, T. “EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond.” 16th ACM Conference on Computer and Communications Security, 2009. Web. 15 Jul 2011. http://www.cs.washington.edu/homes/yoshi/papers/RFID/ccs280-koscher.pdf 5 This technique has been adapted from the simple power analysis introduced in Kocher, P. “Timing Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems.” Dans Advances in Cryptology CRYPTO 96, volume 1109 de Lecture Notes in Computer Science, pages 104-113. Springer. 1996. ©2011 Underwriters Laboratories Inc. All rights reserved. No part of this document may be copied or distributed without the prior written consent of Underwriters Laboratories Inc. 9/11 page 8