Mohamad Badra

New security protocols for offline point-of-sale machines

By Nour El Madhoun, Emmanuel Bertin, Mohamad Badra, Guy Pujolle

2022-03-01

In The 36th international conference on advanced information networking and applications (AINA-2022)

Abstract

EMV (Europay MasterCard Visa) is the protocol implemented to secure the communication, between a client’s payment device and a Point-of-Sale machine, during a contact or an NFC (Near Field Communication) purchase transaction. In several studies, researchers have analyzed the operation of this protocol in order to verify its safety: unfortunately, they have identified two security vulnerabilities that lead to multiple attacks and dangerous risks threatening both clients and merchants. In this paper, we are interested in proposing new security solutions that aim to overcome the two dangerous EMV vulnerabilities. Our solutions address the case of Point-of-Sale machines that do not have access to the banking network and are therefore in the “offline” connectivity mode. We verify the accuracy of our proposals by using the Scyther security verification tool.

Continue reading

Current trends in blockchain implementations on the paradigm of public key infrastructure: A survey

Abstract

Since the emergence of the Bitcoin cryptocurrency, the blockchain technology has become the new Internet tool with which researchers claim to be able to solve any existing online problem. From immutable log ledger applications to authorisation systems applications, the current technological consensus implies that most of Internet problems could be effectively solved by deploying some form of blockchain environment. Regardless this ’consensus’, there are decentralised Internet-based applications on which blockchain technology can actually solve several problems and improve the functionality of these applications. The development of these new blockchain-based solutions is grouped into a new paradigm called Blockchain 3.0 and its concepts go far beyond the well-known cryptocurrencies. In this paper, we study the current trends in the application of blockchain on the paradigm of Public Key Infrastructures (PKI). In particular, we focus on how these current trends can guide the exploration of a fully Decentralised Identity System, with blockchain as be part of the core technology.

Continue reading

An innovative and decentralized identity framework based on blockchain technology

By Daniel Maldonado-Ruiz, Jenny Torres, Nour El Madhoun, Mohamad Badra

2021-04-01

In 11th IFIP international conference on new technologies, mobility and security (NTMS)

Abstract

Network users usually need a third party validation to prove that they are who they claim to be. Authentication systems mostly assume the existence of a Trusted Third Party (TTP) in the form of a Certificate Authority (CA) or as an authentication server. However, relying on a TTP implies that users do not directly manage their identities, but delegate this role to a third party. This intrinsic issue can generate trust concerns (e.g., identity theft), as well as privacy concerns towards the third party. The main objective of this research is to present an autonomous and independent solution where users can store their self created credentials without depending on TTPs. To this aim, the use of an TTP autonomous and independent network is needed, where users can manage and assess their identities themselves. In this paper, we propose the framework called Three Blockchains Identity Management with Elliptic Curve Cryptography (3BI-ECC). With our proposed framework, the users’ identities are self-generated and validated by their owners. Moreover, it allows the users to customize the information they want to share with third parties.

Continue reading