The Experts below are selected from a list of 1272 Experts worldwide ranked by ideXlab platform
John Mullins - One of the best experts on this subject based on the ideXlab platform.
-
Anonymous and secure electronic Transaction protocol
Annales Des Télécommunications, 2005Co-Authors: Srecko Brlek, Sardaouna Hamadou, John MullinsAbstract:RésuméNous présentons un nouveau protocole de Transaction électronique sécuritaire et surtout anonyme par lássociation dún logiciel de cryptage et dúne carte à puce. La sécurité du protocole est assurée par lútilisation des techniques crypto graphique s telles que le chiffrement, la signature électronique et láuthentification. En vue de sássurer que les propriétés de sécurité que le protocole doit assumer sont vérifiées, un modèle du protocole et une spécification de lánonymat sont donnés. Le langage de modélisation du protocole est une algèbre de processus avec passage de paramètres par valeur étendue dún mécanisme appelé observation permettant de spécifier des niveaux de sécurité, de primitives crypto graphique s et d’un mécanisme d’appel de fonction sur des canaux privés permettant la modélisation de l’interaction avec le crypto-système. L’anonymat est exprimé comme une propriété de flot d’information. La méthode de vérification, basée sur la cosimulation, est cohérente et complète. L’analyse confirme que l’anonymat est assuré par le fait que le client ne révèle au marchand aucune information pouvant l’identifier tout en garantissant la quasi-impossibilité d’une fraude.AbstractWe present a new protocol for electronic Transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any Fraudulent Transaction.
-
Anonymous and secure electronic Transaction protocol
Annales Des Télécommunications, 2005Co-Authors: Srecko Brlek, Sardaouna Hamadou, John MullinsAbstract:We present a new protocol for electronic Transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any Fraudulent Transaction.
Srecko Brlek - One of the best experts on this subject based on the ideXlab platform.
-
Anonymous and secure electronic Transaction protocol
Annales Des Télécommunications, 2005Co-Authors: Srecko Brlek, Sardaouna Hamadou, John MullinsAbstract:RésuméNous présentons un nouveau protocole de Transaction électronique sécuritaire et surtout anonyme par lássociation dún logiciel de cryptage et dúne carte à puce. La sécurité du protocole est assurée par lútilisation des techniques crypto graphique s telles que le chiffrement, la signature électronique et láuthentification. En vue de sássurer que les propriétés de sécurité que le protocole doit assumer sont vérifiées, un modèle du protocole et une spécification de lánonymat sont donnés. Le langage de modélisation du protocole est une algèbre de processus avec passage de paramètres par valeur étendue dún mécanisme appelé observation permettant de spécifier des niveaux de sécurité, de primitives crypto graphique s et d’un mécanisme d’appel de fonction sur des canaux privés permettant la modélisation de l’interaction avec le crypto-système. L’anonymat est exprimé comme une propriété de flot d’information. La méthode de vérification, basée sur la cosimulation, est cohérente et complète. L’analyse confirme que l’anonymat est assuré par le fait que le client ne révèle au marchand aucune information pouvant l’identifier tout en garantissant la quasi-impossibilité d’une fraude.AbstractWe present a new protocol for electronic Transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any Fraudulent Transaction.
-
Anonymous and secure electronic Transaction protocol
Annales Des Télécommunications, 2005Co-Authors: Srecko Brlek, Sardaouna Hamadou, John MullinsAbstract:We present a new protocol for electronic Transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any Fraudulent Transaction.
Sardaouna Hamadou - One of the best experts on this subject based on the ideXlab platform.
-
Anonymous and secure electronic Transaction protocol
Annales Des Télécommunications, 2005Co-Authors: Srecko Brlek, Sardaouna Hamadou, John MullinsAbstract:RésuméNous présentons un nouveau protocole de Transaction électronique sécuritaire et surtout anonyme par lássociation dún logiciel de cryptage et dúne carte à puce. La sécurité du protocole est assurée par lútilisation des techniques crypto graphique s telles que le chiffrement, la signature électronique et láuthentification. En vue de sássurer que les propriétés de sécurité que le protocole doit assumer sont vérifiées, un modèle du protocole et une spécification de lánonymat sont donnés. Le langage de modélisation du protocole est une algèbre de processus avec passage de paramètres par valeur étendue dún mécanisme appelé observation permettant de spécifier des niveaux de sécurité, de primitives crypto graphique s et d’un mécanisme d’appel de fonction sur des canaux privés permettant la modélisation de l’interaction avec le crypto-système. L’anonymat est exprimé comme une propriété de flot d’information. La méthode de vérification, basée sur la cosimulation, est cohérente et complète. L’analyse confirme que l’anonymat est assuré par le fait que le client ne révèle au marchand aucune information pouvant l’identifier tout en garantissant la quasi-impossibilité d’une fraude.AbstractWe present a new protocol for electronic Transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any Fraudulent Transaction.
-
Anonymous and secure electronic Transaction protocol
Annales Des Télécommunications, 2005Co-Authors: Srecko Brlek, Sardaouna Hamadou, John MullinsAbstract:We present a new protocol for electronic Transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any Fraudulent Transaction.
Francisco Charte - One of the best experts on this subject based on the ideXlab platform.
-
A Comprehensive and Didactic Review on Multilabel Learning Software Tools
IEEE Access, 2020Co-Authors: Francisco CharteAbstract:Machine learning has become an everyday tool in so many fields that there is plenty of software to run many of these algorithms in every device, from supercomputers to embedded appliances. Most of these methods fall into the category known as standard learning, being supervised models (guided by pre-labeled examples) aimed to classify new patterns into exactly one category. This way, machine learning is in charge of getting rid of junk emails, labeling people in a picture, or detecting a Fraudulent Transaction when using a credit card. Aside from unsupervised learning methods, which are usually applied to group similar patterns, infer association rules and similar tasks, some non-standard supervised machine learning problems have been faced in late years. Among them, multilabel learning is arguably the most popular one. These algorithms aim to produce models in which each data pattern may be linked to several categories at once. Thus, a multilabel classifier generates a set of outputs instead of only one as a standard classifier does. However, software tools for multilabel learning tend to be scarce. This paper provides multilabel researchers with a comprehensive review of the currently available multilabel learning software. It is written following a didactic approach, focusing on how to accomplish each task rather than simply offering a list of programs and websites. The goal is to help finding the most appropriate resource to complete every step, from locating datasets and partitioning them to running many of the multilabel algorithms proposed in the literature until now.
Aad Van Moorsel - One of the best experts on this subject based on the ideXlab platform.
-
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN
2016Co-Authors: Marti Emms, Udi Arief, Leo Freitas, Joseph Hanno, Aad Van MoorselAbstract:In this paper we present an attack, which allows Fraudulent Transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value Transactions without the cardholder’s PIN when the Transaction is carried out in a foreign currency. For example, we have found that Visa credit cards will approve foreign currency Transactions for any amount up to €999,999.99 without the cardholder’s PIN, this side-steps the £20 contactless Transaction limit in the UK. This paper outlines our analysis methodology that identified the flaw in the EMV protocol, and presents a scenario in which Fraudulent Transaction details are transmitted over the Internet to a “rogue merchant ” who then uses the Transaction data to take money fro
-
ACM Conference on Computer and Communications Security - Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards Without the PIN
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014Co-Authors: Marti Emms, Leo Freitas, Budi Arief, Joseph Hannon, Aad Van MoorselAbstract:In this paper we present an attack, which allows Fraudulent Transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value Transactions without the cardholder's PIN when the Transaction is carried out in a foreign currency. For example, we have found that Visa credit cards will approve foreign currency Transactions for any amount up to ∈999,999.99 without the cardholder's PIN, this side-steps the £20 contactless Transaction limit in the UK. This paper outlines our analysis methodology that identified the flaw in the EMV protocol, and presents a scenario in which Fraudulent Transaction details are transmitted over the Internet to a "rogue merchant" who then uses the Transaction data to take money from the victim's account. In reality, the criminals would choose a value between ∈100 and ∈200, which is low enough to be within the victim's balance and not to raise suspicion, but high enough to make each attack worthwhile. The attack is novel in that it could be operated on a large scale with multiple attackers collecting Fraudulent Transactions for a central rogue merchant which can be located anywhere in the world where EMV payments are accepted.
-
Harvesting High Value Foreign Currency Transactions from EMV Contactless Cards Without the PIN
2014Co-Authors: Marti Emms, Udi Arief, Leo Freitas, Joseph Hanno, Aad Van Moorsel, . AriefAbstract:In this paper we present an attack which allows Fraudulent Transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value Transactions without the cardholder's PIN when the Transaction is carried out in a foreign currency. For example, we have found that Visa credit cards will approve foreign currency Transactions for any amount up to €999,999.99 without the cardholder's PIN, this side-steps the £20 contactless Transaction limit in the UK. In reality, the criminals would choose a value between €100 and €200, which is low enough to be within the victim's balance and not to raise suspicion, but high enough to make each attack worthwhile. This paper outlines a scenario in which Fraudulent Transaction details are transmitted over the Internet to a "rogue merchant " who then uses the Transaction data to take money from the victim's account. The attack described in this paper differs from previously identified attacks on EMV cards, i
