Papers by Mark van Cuijk

Enforcing a fine-grained network policy in Android

To prevent malicious application from causing harm to the user of a device, the Android platform has a permission model. Applications are required to possess permissions when they want to perform operations that may incur monetary cost or violate confidentiality and integrity of personal data stored on the device. One of the resources that has been protected by a permission is access to the Internet. In practice, 60% of the applications that are available in the Android market request this permission, giving them access to communicate with any host on the Internet.

This thesis presents the permission model used by Android and the way it has been implemented. It also discusses several vulnerabilities that have been identified in existing research literature, including several proposals for enhancing the model. The contribution of this thesis is the proposal of an enhancement to the permission model that allows a more fine-grained Internet access policy to be enforced, implementing the principle of least privilege to Internet access by application on the Android platform. A proof of concept has been created to demonstrate the feasibility of the enhancement. Enforcing a fine-grained network policy in Android

Extended Validation Certificates

When securely browsing the web, the HTTPS protocol is used between a browser and a web server. The protocol protects the data that is transmitted in both directions against eavesdroppers and man-in-the-middle attacks, as long as proper cryptographic ciphers are used and the end user has verified the server certificate. Today, such certificates are issued to any entity that can demonstrate a certain level of control over the domain name that the certificate is to be bound to. Often, this (virtual) entity can only be connected to a legal entity with a limited degree of certainty, if at all possible. Extended Validation Certificates are introduced to overcome this limitation and bind a certificate to a legal entity. Extended Validation Certificates

iKP and SET - a comparison

Starting in the 1990's, the Internet started to be used for electronic commerce, including electronic payment transactions using credit cards. The available technologies were advanced enough to allow these transactions to happen, but they failed to incorporate security features to protect against threats that were introduced in an Internet environment. Both, iKP and SET address these threats. This paper gives a brief introduction on the iKP and SET protocols and compares the protocols at a high level. iKP and SET - a comparison

Location Privacy

As more individuals carry mobile devices that have the capability to determine their current location and communicate this information to a global network, location based services which provide the user with personalized information emerge. Several researchers have attempted to formalize the privacy impact of such services and the level of detailed knowledge they obtain about users. Several algorithms to cloak the exact location of individuals have been designed, each of them delivering a certain balance between privacy and usability. This paper presents the results of a small-scale interview performed by the authors, summarizes several methods to cloak location data and explains an algorithm for a privacy-aware location query processor. Location Privacy

Person identification using DNA

Twenty-five years after the discovery was done that DNA could be used for identification purposes, a lot has changed in the DNA identification area. Up to today, these technologies have mostly been used in forensic applications. This paper shows two identification methods known today (Short Tandem Repeats and Single-Nucleotide Polymorphisms) and discusses the performance of DNA- based identification. Finally, the paper contains a discussion about the question whether DNA-based identification can be used in an automatic deployment in the near future. Person identification using DNA

Security and privacy issues in RFID-enabled bank notes

Over the last decades, central banks around the world have invented several optical and tactile security features to prevent counterfeit bank notes to be created by criminals. Central banks in Europe and Japan have investigated the possibility of extending their arsenal by including electronic security features in the form of RFID tags. While these new security features haven't been deployed yet, research has been done on the impact of RFID tags on security and especially the privacy of bearers of bank notes. This papers re ects a privacy protection scheme designed by Juels and Pappu, discusses the attacks formulated by Avoine and adds an analysis that should be consulted for all future work in this area. Security and privacy issues in RFID-enabled bank notes

Timing attacks on RSA

In general, timing attacks are used to analyze differences in execution time that result from differences in input parameters of a cryptographic algorithm. These timing differences are often caused by optimizing algorithm implementations, but they may leak information about the input parameters. Using a timing attack, an adversary hopes to find secret information, like bits from a secret RSA exponent. This paper summarizes several algorithms used in RSA implementations and how timing attacks can be used to reconstruct the entire secret RSA exponent. Timing attacks on RSA

Wardriving - Building A Yagi Pringles Antenna

Wireless networks bring mobility to the business user and consumer and introduce networking on places where networking couldn't be brought before. With the current mass usage of wireless networking the hardware prices are lowering and the bandwidth is raising. The scanning and logging of these networks is called wardriving. Some locations might be impossible to get at without the adversary attracting unnecessary attention. By using a better antenna than the ones used in standard Wi-Fi hardware, the problem could be avoided. In this paper we describe a custom directional antenna, made using basic everyday parts and a Pringles can. Experiments will be performed to compare the antenna with a regular Wi-Fi equipped laptop in signal quality and reception range. Wardriving - Building A Yagi Pringles Antenna