Progettazione e sviluppo di un sistema software di pagamenti basato su nfc - applicazione utente

L’obiettivo di questa tesi è quello di descrivere la progettazione e lo sviluppo di un’applicazione per la gestione di un sistema che permetta agli utenti di effettuare operazioni di pagamento, ricarica, check-in e altre funzionalità. Tutte queste operazioni saranno implementate tramite l’utilizzo della tecnologia NFC (Near Field Communication). Il sistema prevede un'applicazione "cassa" per le transazioni e un'applicazione "utente" per permettere al cliente di visualizzare i dati relativi al proprio conto. In questa tesi sarà analizzata l'applicazione "utente".

Progettazione e sviluppo di un sistema software di pagamenti basato su NFC - applicazione esercente

La tesi in questione ha l'obiettivo di descrivere la progettazione e lo sviluppo di un’applicazione per la gestione di un sistema che permetta agli utenti di effettuare vari tipi di operazioni, tra i quali pagamento, ricarica, check-in e altre funzionalità. Tutte queste operazioni saranno implementate tramite l’utilizzo della tecnologia NFC (Near Field Communication). Il sistema prevede un'applicazione "cassa" per gestire le varie transazioni e un'applicazione "utente" per permettere ai clienti di visualizzare i dati relativi al proprio conto. Dopo una breve introduzione nella quale verrà descritto il sistema nel suo complesso, la presente tesi si occuperà di analizzare nel dettaglio lo sviluppo dell'applicazione "cassa".

Progettazione e sviluppo di un sistema per la gestione di pagamenti su piattaforme mobili android

Il processo di realizzazione di questo lavoro nasce con la ricerca di un'intuizione che potesse emergere come novità nell'oceano di possibilità offerte dal mercato degli applicativi per smartphone. Il risultato finale di questa ricerca ha prodotto una conclusione apparentemente ambiziosa: sostituire il vecchio concetto di 'portamonete' con una versione più pratica, innovativa ed in accordo con l'attuale direzione delle tecnologie moderne.

Applicazioni Android basate su tecnologia NFC: rassegna e sperimentazione in contesti di controllo degli accessi

Il documento illustra le funzionalita' della tecnologia NFC, descrive in maniera dettagliata le API pubblicate da Google per lavorare con NFC su Android, e mostra un caso di studio nel contesto di controllo degli accessi..

NFC parking payment system

Este Proyecto Fin de Carrera (PFC) de la Ingeniería Informática (II) se enmarca en otro proyecto de mayor envergadura, cuyo objetivo final es estudiar y desarrollar aplicaciones móviles basadas en Android, que permitan agilizar los pagos de importes bajos, haciendo uso de la tecnología de comunicación inalámbrica, de corto alcance y alta frecuencia (NFC). El proyecto surge de la oportunidad de desarrollar un prototipo de aplicación haciendo uso de una tecnología que apenas se ha empezado a utilizar, que sin embargo las grandes empresas de telecomunicaciones tienen previsto explotar en los próximos años.

Estudo e desenvolvimento de sistema de cobrança de portagens baseado em NFC

Tese para obter o grau de Mestre em Engenharia Electrónica e Telecomunicações

Sistemi di comunicazione a corto raggio: analisi sperimentale con dispositivi NFC.

Una delle tecnologie radio che negli ultimi anni ha subito il maggior sviluppo è quella dell’identificazione a radio frequenza (Radio Frequency Identification), utilizzata in un gran numero di ambiti quali la logistica, il tracciamento, l’autenticazione e i pagamenti elettronici. Tra le tecnologie specifiche legate all’RFID si ritrova la Near Field Communication (NFC). Questa è una tecnologia di trasmissione dati a corto raggio che rappresenta un’evoluzione dell’RFID. Una delle caratteristiche dell’NFC è quella di instaurare una comunicazione tra due dispositivi in maniera semplice e intuitiva. L’oggetto che instaura la comunicazione è il Reader, nell’ambito RFID è un dispositivo altamente specializzato, poiché può lavorare a diverse frequenze operative. L’elemento innovativo che ha consentito il successo dell’NFC è il fatto che questa tecnologia possa integrare il Reader in uno strumento di comunicazione di largo uso, ovvero lo smartphone. Questo permette di inizializzare lo scambio dati, sia esso di lettura di un circuito integrato passivo o una trasmissione peer-to-peer, a seguito del naturale gesto di avvicinare lo smartphone. Analisti ed esperti del settore sono convinti del successo dell’NFC, nonostante siano state smentite le attese che vedevano l’NFC integrato in oltre la metà dei cellulari entro il 2010. Tra le molteplici applicazioni NFC in questo elaborato ci si soffermerà in particolare sul cosiddetto Smart Poster. Questo utilizzo può essere molto efficace avendo una gamma di impiego molto vasta. Per l’immagazzinamento dei dati nei Tag o nelle Smart Card si è utilizzato un protocollo d’incapsulamento dati chiamato NDEF (NFC Data Exchange Format) trattato nel capitolo 3 di questa trattazione. Nella seconda parte dell’elaborato si è realizzata una sperimentazione per misurare le distanze di funzionamento di cellulari e Reader per PC. In questo ambito si è realizzato quello che si è definito lo Smart Brick, cioè un mattone che comunica con dispositivi NFC grazie all’installazione di un Tag al suo interno. Si parlerà della realizzazione e degli strumenti software/hardware che hanno permesso di realizzare e programmare questo ”mattone elettronico”.

Progettazione e sviluppo di un'applicazione smartphone per acquisti usando l'nfc

Con questa tesi si mostra come sfruttare i tag nfc con lo smartphone per facilitare l'acquisto di alcuni servizi e di facilitarne l'uso.

Conclusion explicitness in advertising: The moderating role of need for cognition (NFC) and argument quality (AQ) on persuasion

Previous research into the use of explicit and implicit conclusions in advertising has yet to demonstrate consistent effects for both brand attitudes and purchase intentions. While research has examined the role of involvement, this study contributes by examining the trait called need for cognition (NFC), which addresses a person’s propensity to engage in effortful thinking. In addition, this study introduces argument quality (AQ) as another potential moderator of conclusion explicitness effects. In a 2 × 2 experiment of 261 subjects, conclusion explicitness (explicit conclusion, implicit conclusion) and AQ (strong, weak) are manipulated, with NFC (high NFC, low NFC) as a third measured variable. Results indicate more favorable evaluations for implicit conclusions over explicit conclusions for high-NFC individuals. Further, implicit conclusions result in more favorable brand attitudes and purchase intentions when linked with strong AQ for high-NFC individuals. The findings confirm that conclusion explicitness does not differentially affect the evaluations of low-NFC subjects. Results suggest that NFC may represent an important moderating variable for future conclusion explicitness research.

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Static analysis of executables for collaborative malware detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

Smartphone malware evolution revisited : Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

An Android application sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

A trusted ecosystem for Android applications based on context-aware access control

Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.