2021
Autores
Malta, S; Pinto, P; Veiga, MF;
Publicação
PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON DEEP LEARNING THEORY AND APPLICATIONS (DELTA)
Abstract
The process of building and deploying Machine Learning (ML) models includes several phases and the training phase is taken as one of the most time-consuming. ML models with time series datasets can be used to predict users positions, behaviours or mobility patterns, which implies paths crossing by well-defined positions, and thus, in these cases, syntactic similarity can be used to reduce these models training time. This paper uses the case study of a Mobile Network Operator (MNO) where users mobility are predicted through ML and the use of syntactic similarity withWord2Vec (W2V) framework is tested with Recurrent Neural Network (RNN), Gate Recurrent Unit (GRU), Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) models. Experimental results show that by using framework W2V in these architectures, the training time task is reduced in average between 22% to 43%. Also an improvement on the validation accuracy of mobility prediction of about 3 percentage points in average is obtained.
2021
Autores
Faria, H; Paiva, S; Pinto, P;
Publicação
IEEE ACCESS
Abstract
The digital contact tracing applications are one of the many initiatives to fight the COVID-19 virus. Some of these Apps use the Exposure Notification (EN) system available on Google and Apple's operating systems. However, EN-based contact tracing Apps depend on the availability of Bluetooth interfaces to exchange proximity identifiers, which, if compromised, directly impact their effectiveness. This paper discloses and details the Advertising Overflow attack, a novel internal Denial of Service (DoS) attack targeting the EN system on Android devices. The attack is performed by a malicious App that occupies all the Bluetooth advertising slots in an Android device, effectively blocking any advertising attempt of EN or other Apps. The impact of the disclosed attack and other previously disclosed DoS-based attacks, namely Battery Exhaustion and Storage Drain, were tested using two target smartphones and other six smartphones as attackers. The results show that the Battery Exhaustion attack imposes a battery discharge rate 1.95 times higher than in the normal operation scenario. Regarding the Storage Drain, the storage usage increased more than 30 times when compared to the normal operation scenario results. The results of the novel attack reveal that a malicious App can prevent any other App to place their Bluetooth advertisements, for any chosen time period, thus canceling the operation of the EN system and compromising the efficiency of any COVID contact tracing App using this system.
2021
Autores
Oliveira, J; Pinto, P; Santos, H;
Publicação
JOURNAL OF SENSOR AND ACTUATOR NETWORKS
Abstract
Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device's firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection.
2020
Autores
Carreira, R; Pinto, P; Pinto, A;
Publicação
Blockchain and Applications - 2nd International Congress, BLOCKCHAIN 2020, L'Aquila, Italy, 17-19 June, 2020.
Abstract
Payments using cryptocurrencies may require that the user is able to provide proof of ownership and proof of provenance for a specific transaction. In this paper an innovative web based solution is proposed as a framework that issues reports, on request, pertaining proof of ownership and proof of provenance. The proposed framework provides proof of ownership by using micro-payments and, when used recursively, it can produce provenance reports up to a defined granularity level of transactions. A proof of concept prototype of the proposed framework was implemented and its operation and output is presented and explained. Some limitations and future work directions are also identified. © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020.
2020
Autores
Pereira, H; Carreira, R; Pinto, P; Lopes, SI;
Publicação
2020 15TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI'2020)
Abstract
Radio-Frequency IDentification (RFID) technologies have been widely used in physical ID cards in educational institutions due to its low-cost, simple integration and convenience. In a university campus, the RFID technology can be used for proximity-based authentication for services such as access control, student/employee attendance record, or in-campus payments. These RFID-based technologies present vulnerabilities that, if exploited, can compromise the university campus authentications systems. RFID skimming and tag killing are examples of attacks that are simple to execute and have a high impact on their victims. This paper exploits a tag-related vulnerability of an ID Card based on RFID technology for proximity-based authentication inside a university campus. The proof of concept presented shows that, by using low-cost commercial-off-the-shelf hardware and open-source software, it is simple to clone an ID card and perform RFID skimming, harming the real ID card users. Possible countermeasures are later introduced and discussed.
2021
Autores
Brito, C; Pinto, L; Marinho, V; Paiva, S; Pinto, P;
Publicação
PROCEEDINGS OF 2021 16TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI'2021)
Abstract
The Implanted Medical Devices (IMD) industry has grown over the past few decades and is expected to grow in the coming ones. Being an asset for the health and quality of life of a patient, the availability of IMD-related products, their increasing complexity and advances in communication capabilities do not seem to have been seamlessly accompanied by cybersecurity concerns. Recent IMD can be integrated in the concept of IoT (Internet of Things) and thus, they are also exposed to attacks impacting on privacy and, above all, on the health and even the life of the device users. While in an early stage of the IMD development, the security procedures were based on the existing classic protocols and models and their functional capabilities were the focus of development, recent efforts have been made to address security from the start. In this paper we review the most recent contributions on the cybersecurity of IMD products and we highlight innovative ideas that represent new design and development paradigms of these devices next generations. In this review it is reinforced that the technological evolution and the progressive access of attackers to resources capable of exploiting multiple vulnerabilities can have a crucial impact in the IMD already implanted in the patient's body, designed to remain in operation for many years. Also, it brings the need to develop novel and robust protocols to guarantee security compatible with constrained computing resources and extremely low energy requirements to be feasible. Finally, the security and privacy concerns regarding this kind of devices should be addressed in the design phase and policies must move from damage mitigation to threat prevention.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.