Abstract-Band - Fakultät für Informatik, TU Wien - Technische ...
Abstract-Band - Fakultät für Informatik, TU Wien - Technische ...
Abstract-Band - Fakultät für Informatik, TU Wien - Technische ...
Sie wollen auch ein ePaper? Erhöhen Sie die Reichweite Ihrer Titel.
YUMPU macht aus Druck-PDFs automatisch weboptimierte ePaper, die Google liebt.
y providing the ability to interface with existing directory services and<br />
authentication mechanisms. The reporting component provides the end users<br />
with personalized reports of their resource consumption. For the use by<br />
managers, administrators and other parties in charge of IT, the data can be<br />
summarized by users and departments or the whole organization. The<br />
component can be extended by additional modules and configured by an<br />
administration website.<br />
Adrian Marek Dabrowski<br />
Security Analysis of Metropolitan Locking Systems Using the Example of the<br />
City of Vienna<br />
Studium: Masterstudium Software Engineering & Internet Computing<br />
BetreuerIn: Ao.Univ.Prof. Dr. Wolfgang Kastner<br />
In this work, we carried out a black-box analysis of the electronic contact-less<br />
BEGEH system that has been steadily replacing the conventional mechanical BG<br />
key on multi-party houses in Vienna. The BG key has been introduced originally<br />
to allow mail delivery services to access multi-party houses but has since then<br />
aggregated additional users. We have found several vulnerabilities in the new<br />
system caused by the design, technology used, organization, and its implementation.<br />
We have further shown that the new system is circumventable with<br />
little costs.This effectively nullifies many security advantages promised by the<br />
manufacturer. We found a configuration issue, enabling access to 43% of all<br />
installations with a reprogrammed transponders worth approximately 2, such as<br />
an old ski pass. We have also shown that it is not necessary to break the<br />
encryption of the data, as it can be replayed together with its UID-derived key.<br />
Therefore, we built a card simulator for less than 20. We also conclude that the<br />
way blacklist updates are organized, raises the black market value of physically<br />
stolen keys. On two more examples (an electronic purse and an UID based<br />
access system) we demonstrated that similar issues are found in other systems<br />
as well. We show that UID based solutions offer a lower level of security than<br />
could be expected, especially when not enough attention is payed to the<br />
entropy of the UID space.<br />
Duc Hoa Do<br />
Möglichkeiten des Nachweises der funktionalen Sicherheit von technischen<br />
Systemen<br />
Studium: Masterstudium Wirtschaftsingenieurwesen <strong>Informatik</strong><br />
BetreuerIn: Em.O.Univ.Prof. Dr. Gerhard Helge Schildt<br />
12<br />
Die Einhaltung grundlegender sicherheitstechnische Prinzipien erhöht nicht nur<br />
die Zuverlässigkeit von technischen Systemen, sondern wird häufig auch vom<br />
Gesetz gefordert. Diese Diplomarbeit beschäftigt sich zuerst mit den zwei<br />
Normen EN 61508 und ISO 26262. Während die EN 61508 generisch ist und<br />
sich hauptsächlich mit der Risikobewertung von sicherheitsbezogenen tech-