Related papers: A Practical Attack on the MIFARE Classic
Radio-frequency identification(RFID) technology is widely applied in daily human life. The RFID cards are seen everywhere, from entrance guard to consumption. The information security of RFID cards, such as data confidentiality, tag…
In this paper, we study the security requirements for remote authentication with password protected smart card. In recent years, several protocols for password-based authenticated key exchange have been proposed. These protocols are used…
Today, we rely on contactless smart cards to perform several critical operations (e.g., payments and accessing buildings). Attacking smart cards can have severe consequences, such as losing money or leaking sensitive information. Although…
With challenges and limitations associated with security in the fintech industry, the rise to the need for data protection increases. However, the current existing passwordless and password-based peer to peer transactions in online banking…
With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. In particular, memory corruption attacks play a predominant role as they allow remote compromise of IoT devices.…
Memory corruption vulnerabilities are still a severe threat for software systems. To thwart the exploitation of such vulnerabilities, many different kinds of defenses have been proposed in the past. Most prominently, Control-Flow Integrity…
Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take…
Smart card based authentication schemes are used in various fields like e-banking, e-commerce, wireless sensor networks, medical system and so on to authenticate the both remote user and the application server during the communication via…
Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing…
EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard's advertised security, various issues have been previously uncovered, deriving from logical flaws that are…
EMV is the global standard for smart card payments and its NFC-based version, EMV contactless, is widely used, also for mobile payments. In this systematization of knowledge, we examine attacks on the EMV contactless protocol. We provide a…
Cryptographic protocols, such as protocols for secure function evaluation (SFE), have played a crucial role in the development of modern cryptography. The extensive theory of these protocols, however, deals almost exclusively with classical…
Wi-Fi signals may help realize low-cost and non-invasive human sensing, yet it can also be exploited by eavesdroppers to capture private information. Very few studies rise to handle this privacy concern so far; they either jam all sensing…
In cross-device federated learning (FL) setting, clients such as mobiles cooperate with the server to train a global machine learning model, while maintaining their data locally. However, recent work shows that client's private information…
Encrypted cloud storage services are steadily increasing in popularity, with many commercial solutions currently available. In such solutions, the cloud storage is trusted for data availability, but not for confidentiality. Additionally,…
Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient…
JavaCard is a multi-application security platform deployed to over twenty billion smartcards, used in applications ranging from secure payments to telecommunications. While the platform is a popular choice for established commercial use…
Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting…
During the last 20 years, the advance of communication technologies has generated multiple exciting applications. However, classical cryptography, commonly adopted to secure current communication systems, can be jeopardized by the advent of…
The paper presents an authentication scheme for remote systems using smart card. The scheme prevents the scenario of many logged in users with the same login identity, and does not require password/verifier table to validate the users'…