WOSIS 2015 Abstracts

Full Papers
Paper Nr: 1

Organisational Aspects and Anatomy of an Attack on NFC/HCE Mobile Payment Systems


Maurizio Cavallari, Luca Adami and Francesco Tornieri

Abstract: Near Field Communication (NFC) and contactless applications are increasing at unprecedented rate and their value is being recognised by the financial industry (Ok et al., 2011). Attacks are also increasing and they can compromise the business value on NFC applications (Murdoch and Anderson, 2010, Trend Micro, 2015). The present paper analyse the anatomy of possible attacks, uncovering vulnerabilities and suggesting possible countermeasures. The value of the paper is found in the contribution to practical mitigation of risk in the mobile payment financial business, with respect to the technology side. Host Card Emulation (HCE) is a technology solution that permits the creation of a virtual representation of a smart card using only software components, effectively eliminating the need for Secure Element hardware in the device. NFC/HCE technologies has proved itself very vulnerable in a variety of aspects. The paper would go through specific vulnerabilities and vulnerable situation, like: a non-secure-device/cloud communication channel; access to data saved locally in wallet; reusability of token; use of fake POS; malware and fake application; specific vulnerabilities of “Tap & Pay”; device/cloud decoupling. Countermeasures that have been proved effective are offered to readers along with Organisational aspects to be taken into account.

Paper Nr: 3

Efficient Management of Revoked Pseudonyms in VANETs using ID-Based Cryptography


Francisco Martín-Fernández, Pino Caballero-Gil and Cándido Caballero-Gil

Abstract: The management of fraudulent users of vehicular ad-hoc networks is one of the most important security issues of these mobile networks. It is necessary to prevent the access of malicious users to the network so that they cannot send false information to other users. This paper defines a new method for managing revoked users, using identity-based authentication, what allows improving both efficiency and security through certificateless authentication. The presented proposal optimizes the performance of classical revocation lists by building a data structure based on two concepts: an authenticated dynamic hash k-ary tree, and the frequency with which revoked pseudonyms are queried. Thus, revoked pseudonyms that are more frequently queried have a higher level in the tree. This provides a better match to urban environments, where there are some types of vehicles that spend more time on the road due to their work tasks.

Paper Nr: 4

Using Internet Activity Profiling for Insider-threat Detection


Bushra A. Alahmadi, Philip A. Legg and Jason R. C. Nurse

Abstract: The insider-threat problem continues to be a major risk to both public and private sectors, where those people who have privileged knowledge and access choose to abuse this in some way to cause harm towards their organisation. To combat against this, organisations are beginning to invest heavily in deterrence monitoring tools to observe employees’ activity, such as computer access, Internet browsing, and email communications. Whilst such tools may provide some way towards detecting attacks afterwards, what may be more useful is preventative monitoring, where user characteristics and behaviours inform about the possibility of an attack before it happens. Psychological research advocates that the behaviour and preference of a person can be explained to a great extent by psychological constructs called personality traits, which could then possibly indicate the likelihood of an individual being a potential insider threat. By considering how browsing content relates to psychological constructs (such as OCEAN), and how an individual’s browsing behaviour deviates over time, potential insider-threats could be uncovered before significant damage is caused. The main contribution in this paper is to explore how Internet browsing activity could be used to predict the individual’s psychological characteristics in order to detect potential insider-threats. Our results demonstrate that predictive assessment can be made between the content available on a website, and the associated personality traits, which could greatly improve the prospects of preventing insider attacks.