Olaf Henniger

Security requirements for automotive on-board networks

This paper considers security requirements for automotive on-board networks and describes the processes used for identifying and prioritizing such requirements. The security engineering process starts from use cases for automotive onboard networks that require wireless communication interfaces and involves an investigation of security threat scenarios and the assessment of the relative risks associated with the threats.

Secure automotive on-board protocols: a case of over-the-air firmware updates

The software running on electronic devices is regularly updated, these days. A vehicle consists of many such devices, but is operated in a completely different manner than consumer devices. Update operations are safety critical in the automotive domain. Thus, they demand for a very well secured process. We propose an on-board security architecture which facilitates such update processes by combining hardware and software modules. In this paper, we present a protocol to show how this security architecture is employed in order to achieve secure firmware updates for automotive control units.

Automatic generation of test purposes for testing distributed systems

In this paper, we present an algorithm for generating test purpose descriptions in form of MSC’s from a given labeled event structure that represents the behavior of a system of asynchronously communicating extended finite state machines. The labeled event structure is a non-interleaving behavior model de- scribing the behavior of a system in terms of the partial ordering of events.

Evaluating the biometric sample quality of handwritten signatures

This paper addresses the problem of evaluating the quality of handwritten signatures used for biometric authentication. It is shown that some signature samples yield significantly worse performance than other samples from the same person. Thus, the importance of good reference samples is emphasized. We also give some examples of features that are related to the signature stability and show that these have no influence on the actual utility of the sample in a comparison environment.

Effects of Time Normalization on the Accuracy of Dynamic Time Warping

This paper revisits dynamic time warping, a method for assessing the dissimilarity of time series. In particular, this paper provides theoretical and experimental evidence showing that uncritical normalizing the length of the time series to be compared has a detrimental effect on the recognition accuracy in application domains such as on-line signature recognition, where the length of compared time series matters for their classification as match or non-match.

Biometric User Authentication on Smart Cards by Means of Handwritten Signatures

This paper describes a biometric method for user authentication on smart cards. Smart cards are chip cards with the ability for data processing directly on the card. They are not only usable for storing biometric reference data, but biometric user authentication methods can also be performed on card in order to protect security-relevant functions or data on the cards. The biometric data under consideration are handwritten signatures captured by means of a graphic tablet and a special pen. The feature-matching algorithm is a variant of dynamic time warping, taking the limited resources of smart cards into account. It is implemented as an operating prototype on two types of smart cards.

Improving the binding of electronic signatures to the signer by biometric authentication

Due to the fact that the biometric characteristics of a person are bound to that person, biometric methods deployed for signer authentication have the potential of improving the binding of electronic signatures to persons. If there is evidence that a biometric method was used for signer authentication, and if the level of security of this method is sufficiently high, then the receiver of a signed document can trust that the signature creation was indeed initiated by the legitimate holder of the private signature key. To achieve this goal, an approach to provide evidence of the use of biometric signer authentication has been developed. The approach has been implemented in a prototype electronic signature creation system with fingerprint verification.

Assessment of methods for image recreation from signature time-series data

Human signatures are widely used for biometric authentication. For automatic online signature verification, rather than storing an image of the completed signature, data are represented in the form of a time series of pen position and status information allowing the extraction of temporal-based features. For visualisation purposes, signature images need to be recreated from time-series data. In this study, the authors investigate the accuracy and verification performance of a series of interpolation methods for recreating a signature image from the time-series data contained in two ISO/IEC data storage formats. The authors experiments investigate dynamic data stored at various sample rates and signature images recreated at differing resolutions. Their study indicates possible best practice in terms of image recreation method, recreated image resolution and temporal sample rate and assesses the effect on the accuracy of reconstructed signature data.

Extending EMV Payment Smart Cards with Biometric On-Card Verification

Nowadays, many bank cards are smart cards (i.e. integrated-circuit cards) based on the EMV specifications for payment systems. This paper specifies how biometric on-card verification can be integrated into EMV debit and credit cards in a backwards-compatible way. The biometric verification does not change the EMV transaction flow outside the cardholder-verification step. The proposed payment system has been prototyped using Java cards and an applet for handwritten signature on-card verification.

Handwritten signature on-card matching performance testing

This paper presents equipment and procedures for on-card (in-situ) performance testing of biometric on-card comparison implementations using pre-existing databases of biometric samples. A DTW-based on-line signature on-card comparison implementation serves as an example test object. The test results presented are false match rates and false non-match rates over a range of decision thresholds on a per-test-subject basis. The results reveal considerable differences in the comparison-score frequency distribution among test subjects, which necessitates the setting of user-dependent decision thresholds or comparison-score normalization.