Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Publications

Publications by CRACS

2023

Poster: Privacy-Preserving Joint Communication and Sensing

Authors
Martins, O; Vilela, JP; Gomes, M;

Publication
2023 IEEE 24TH INTERNATIONAL SYMPOSIUM ON A WORLD OF WIRELESS, MOBILE AND MULTIMEDIA NETWORKS, WOWMOM

Abstract
With the recent advancements in wireless networks, Joint Communication and Sensing (JCAS) has become a growing field that is expected to be included in next-generation standards. However, not only is the current performance of the sensing ability still lacking to be used in real-world scenarios, proper security of such privacy-invasive technology has not been fully explored. To this end, we propose the creation of a more robust framework, capable of cross-domain detection and long-term analysis for improved detection, which will also serve as the basis for a security and privacy analysis of the threat landscape and solutions in this field.

2023

Velocity-Aware Geo-Indistinguishability

Authors
Mendes, R; Cunha, M; Vilela, JP;

Publication
CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy

Abstract
Location Privacy-Preserving Mechanisms (LPPMs) have been proposed to mitigate the risks of privacy disclosure yielded from location sharing. However, due to the nature of this type of data, spatio-temporal correlations can be leveraged by an adversary to extenuate the protections. Moreover, the application of LPPMs at collection time has been limited due to the difficulty in configuring the parameters and in understanding their impact on the privacy level by the end-user. In this work we adopt the velocity of the user and the frequency of reports as a metric for the correlation between location reports. Based on such metric we propose a generalization of Geo-Indistinguishability denoted Velocity-Aware Geo-Indistinguishability (VA-GI). We define a VA-GI LPPM that provides an automatic and dynamic trade-off between privacy and utility according to the velocity of the user and the frequency of reports. This adaptability can be tuned for general use, by using city or country-wide data, or for specific user profiles, thus warranting fine-grained tuning for users or environments. Our results using vehicular trajectory data show that VA-GI achieves a dynamic trade-off between privacy and utility that outperforms previous works. Additionally, by using a Gaussian distribution as estimation for the distribution of the velocities, we provide a methodology for configuring our proposed LPPM without the need for mobility data. This approach provides the required privacy-utility adaptability while also simplifying its configuration and general application in different contexts. © 2023 Owner/Author.

2023

Rogue key and impersonation attacks on FIDO2: From theory to practice

Authors
Barbosa, M; Cirne, A; Esquível, L;

Publication
18TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY & SECURITY, ARES 2023

Abstract
FIDO2 is becoming a defacto standard for passwordless authentication. Using FIDO2 and WebAuthn, web applications can enable users to associate cryptographic credentials to their profiles, and then rely on an external authenticator (e.g., a hardware token plugged into the USB port) to perform strong signature-based authentication when accessing their accounts. The security of FIDO2 has been theoretically validated, but these analyses follow the threat model adopted in the FIDO2 design and explicitly exclude some attack vectors as being out of scope. In this paper we show that two of these attacks, which appear to be folklore in the community, are actually straightforward to launch in practice (user PIN extraction, impersonation and rogue key registration). We demonstrate a deployment over vanilla Linux distributions and commercial FIDO2 authenticators. We discuss the potential impact of our results, which we believe will contribute to the improvement of future versions of the protocol.

2022

Automated Assessment in Computer Science Education: A State-of-the-Art Review

Authors
Paiva, JC; Leal, JP; Figueira, A;

Publication
ACM TRANSACTIONS ON COMPUTING EDUCATION

Abstract
Practical programming competencies are critical to the success in computer science (CS) education and goto-market of fresh graduates. Acquiring the required level of skills is a long journey of discovery, trial and error, and optimization seeking through a broad range of programming activities that learners must perform themselves. It is not reasonable to consider that teachers could evaluate all attempts that the average learner should develop multiplied by the number of students enrolled in a course, much less in a timely, deep, and fair fashion. Unsurprisingly, exploring the formal structure of programs to automate the assessment of certain features has long been a hot topic among CS education practitioners. Assessing a program is considerably more complex than asserting its functional correctness, as the proliferation of tools and techniques in the literature over the past decades indicates. Program efficiency, behavior, and readability, among many other features, assessed either statically or dynamically, are now also relevant for automatic evaluation. The outcome of an evaluation evolved from the primordial Boolean values to information about errors and tips on how to advance, possibly taking into account similar solutions. This work surveys the state of the art in the automated assessment of CS assignments, focusing on the supported types of exercises, security measures adopted, testing techniques used, type of feedback produced, and the information they offer the teacher to understand and optimize learning. A new era of automated assessment, capitalizing on static analysis techniques and containerization, has been identified. Furthermore, this review presents several other findings from the conducted review, discusses the current challenges of the field, and proposes some future research directions.

2022

What Makes a Movie Get Success? A Visual Analytics Approach

Authors
Vaz, B; Barros, MD; Lavoura, MJ; Figueira, A;

Publication
MARKETING AND SMART TECHNOLOGIES, VOL 1

Abstract
It is common for people to choose their next movie or show through other viewers' experience statements, like the Internet Movie Database (IMDb) presents. In this paper, we will be inspecting the IMDb public datasets, processing them, and using a visual analytics approach to understand how a movie can be successful among its fans. The main exploration focus is regions where titles are translated to, how the success of a title relates to its cast, crew, and awards nominations/wins. We took a methodology based on hypothesis formulation based on the EDA exploration and their testing based on a visual analytics confirmation.

2022

On Creation of Synthetic Samples from GANs for Fake News Identification Algorithms

Authors
Vaz, B; Bernardes, V; Figueira, A;

Publication
INFORMATION SYSTEMS AND TECHNOLOGIES, WORLDCIST 2022, VOL 3

Abstract
The use of Generative Adversarial Networks is almost traditional in creating synthetic images for medical purposes. They are probably the best use of GANs until now, as their results can easily be checked by the eye of specialists. In fake news detection models, we have seen lately that neural models (and deep learning) can provide a considerable improvement from standard classifiers. Yet, the most problematic problem still is the lack of data, mostly fake news data to feed these models. In this paper, we address that by proposing the use of a GAN. Results show a better capacity to generalize when used for training an extended dataset based on synthetic samples created by this GAN.

  • 15
  • 196