Maurice Aarts, MSc.
Completed education in Information Security Technology in Computer Science at The Kerckhoffs Institute.
Curriculum Vitae (CV) / Resume
The list below is far from complete, and outdated. Feel free to contact me for more up to date information.
Intern - MSc graduate project on EM-FI at Riscure B.V.
March 2013 - November 2013 – Delft Area, Netherlands
Research, refinement, and further development of electromagnetic fault injection techniques.
Electromagnetic Fault Injection (EM-FI) target choice effectiveness for transient pulse injections and comparison to optical fault injection methods.
An analysis of the effectiveness of fault injection attacks on smart cards using the transient pulse variety of electromagnetic fault injections. This thesis addresses the best testing method to use when using EM-FI technology and describes the types of effects that may be obtained. It also compares the effectiveness of EM-FI in contrast to other methods, such as laser-based optical fault injection, along with the advantages and disadvantages of both. It helps to distinguish in which situations EM-FI is a more viable or better option than optical FI techniques and gives insights into whether common fault injection protection mechanisms and countermeasures are effective against EM-FI or if additional security testing and new EM-FI specific countermeasures and certifications are required.
Thesis: Electromagnetic Fault Injection using Transient Pulse Injections
Presentation (Given on 18-11-2013 and 21-11-2013)
RFID Security - Skimming and Cloning
RFID tags are being used more and more for tagging and security purposes.
However, RFID tags often suffer from security flaws that allow an attacker to influence the communication between the parties and thus break the security of the system.
Two such attacks are called the cloning attack and a skimming attack.
These two types of attacks are described in the paper and presentation below.
- Cloning attack:
When someone uses an RFID reader to scan data from a RFID tag, and then write that data to an empty RFID chip to make an exact 1:1 copy of the chip.
- Skimming attack:
When someone uses an RFID reader to scan data from an RFID tag without the RFID tag holder's knowledge.
Hardware attacks - Tamper-resistance/responsiveness/evidence
Side channel attacks can be done on physical hardware in order to undermine the security of a system.
There are a number of different ways to try to avoid such an attack from succeeding.
This paper will focus on the underlying aspects of tamper-resistance, the responsiveness of the system, and showing evidence that the system was tampered with.
RFID Security - Skimming and Cloning. Available here.
Hardware Attacks - Tamper Resistance, Tamper Response and Tamper Evidence. Available here.
A honeypot research assignment for the Network Security course at UT - University of Twente Report
A presentation for research into RFID Security - Skimming and Cloning Presentation
The presentation of my thesis topic Electromagnetic Fault Injection using Transient Pulse injections Presentation
Parsing of a custom language grammar as defined by this document and further defined by this document.
I wrote a complete parser to the specifications using Haskell.
The parser's source code is available.
A complete ProVerif specification in Pi-Calculus for a JavaCard based ePurse Payment system.
The project was to implement a complete Pin/bankcard payment system from scratch, that is secure against most common attacks.
In order to verify that our protocol was secure we decided to use ProVerif, which resulted in the specification which can be found here.
Refolding Planar Polygons:
This paper describes an implementation of an algorithm for the refolding of multiple polygons with a guarantee of non-intersection. The implementation builds on prior results from single polygon refolding. The intersection avoidance machinery is adapted to handle multiple polygons without introducing extra complexity.
The report is available here and the project sourcecode is available here.
Stack Overflow Careers Profile
Maurice Aarts, MSc.
Master of Information Security Technology - Kerckhoffs Institute
Department of Mathematics and Computer Science
Technische Universiteit Eindhoven
Email: Firstname AT Lastname DOT info