Measurable Security for NFC

From its-wiki.no

Jump to: navigation, search

|Titel=Measurable Security for NFC |User=Xiangzhong Chang |Supervisor=Josef.Noll |DueDate=2014/01/05 |ThesisStatus=Planned |Objective=NFC has reached the market

  • protocols being available for Android

However, security is addressed in some papers, but not measured in quantitative terms. This thesis will apply the SHIELD methodology on measurable security, privacy, and dependability for NFC |Methods=The tools and methods in this thesis are based on

  • A set of scenario, describing the challenges (e.g. payment or access)
  • A list of requirements being extracted from the scenarios, here: SPD goals for a certain application
  • A description and evaluation of technologies and tools being candidates for solutions, focus on a literature study on security for NFC, together with an evaluation of ongoing projects related to the topic (e.g. Mifare Classic Offline Cracker)
  • A functional architecture/description of the envisaged system, here: list of protocols and how they are connected in terms of "subsystem" and "components"
  • An implementation of the measurable SPD for the NFC system (or the dominant sub-system)
  • An evaluation of novel concepts for the security elements
  • An evaluation of the solution, including a critical review of the decisions taken earlier
  • Conclusions
  • References

|Schedule=The envisaged time schedule (for a long thesis/60 ECTS) is:

T0 0 starting month, T0+m denotes the month where the contribution to a certain chapter shall be finalised
T0+2 months: create an initial page describing the scenario
T0+3: Provide a list of technologies which you think are necessary for the thesis
T0+4: Establish the table of content (TOC) of the envisaged thesis. Each section shall contain 3-10 keywords describing the content of that section
T0+7: Provide a draft of section 2 (scenario) and 3 (technologies)
T0+10: Establish a draft on what to implement/architecture
T0+11: Set-up an implementation, testing and evaluation plan
T0+15: Evaluate your solution based on a set of parameters, keep in mind there is no such thing as a free lunch
T0+17: Deliver the thesis

|Pre-Knowledge=This thesis includes a reasonable amount of programming. The envisaged thesis is based on radio communications, thus expects the user to have followed at least two radio-related courses |Approved=Pending |Keywords=NFC, Information Security, }} This page provides hints on what to include in your master thesis.

TOC

Title page, abstract, ...

1. Introduction, containing: short intro into the area, what is happening
1.1 Motivation, containing: what triggered me to write about what I'm writing about
1.2 Methods, containing: which methods are you using, how do you apply them
2. Scenario, optional chapter for explaining some use cases
2.1 user scenario, (bad name, needs something bedre)
2.2 Requirements/Technological challenges
3. State-of-the art/Analysis of technology, structure your content after hardware/SW (or other domains). Describe which technologies might be used to answer the challenges, and how they can answer the challenges
3.1 technology A
3.2 technology B
4. Implementation
4.1 Architecture, functionality
4.2
5. Evaluation
6. Conclusions
References

Comments

think about the business ecosystem, including e.g.

  • Zwipe, NFC-based finger print reader
  • Seek and Find, for the virtual SIM and the "swapable SIM"

Red line

Your thesis should have a "red line", which is visible throughout the whole thesis. This means you should mention in the beginning of each chapter how the chapter contributes to the "goals of the thesis".

Use of scientific methods

A thesis follows a standard method:

  • describe the problem (problemstilling)
  • extract the challenges. These challenges should be measurable, e.g. method is too slow to be useful to voice handover.
  • Analyse technology with respect to challenges. Don't write & repeat "everything" from a certain technology, concentrate on those parts (e.g. protocols) which are of importance for your problem

References

  • Wikipedia is good to use to get an overview on what is happening. But there is not scientific verification of Wikipedia, thus you should use wikipedia only in the introduction of a chapter (if you use text from wikipedia). Use scientific literature for your thesis.
  • Scientific library is "at your hand", you can get there directly from UiO: [[How to get access to IEEE, Springer and other scientific literature -> Unik/UiOLibrary]]
  • I suggest that references to web pages, e.g. OASIS, W3C standards, are given in a footnote. Only if you find white papers or other .pdf documents on a web page then you refer to them in the reference section.

Evaluation of own work

Perform an evaluation of your own work. Revisit the challenges and discuss in how you fulfilled them. Provide alternative solution and discuss what should be done (or what could have been done).