2019
Autores
Sousa, PR; Resende, JS; Martins, R; Antunes, L;
Publicação
AD-HOC, MOBILE, AND WIRELESS NETWORKS (ADHOC-NOW 2019)
Abstract
The growth of the Internet of Things (IoT) is raising significant impact in several contexts, e.g., in cities, at home, and even attached to the human body. This digital transformation is happening at a high pace and causing a great impact in our daily lives, namely in our attempt to make cities smarter in an attempt to increase their efficiency while reducing costs and increasing safety. However, this effort is being supported by the massive deployment of sensors throughout cities worldwide, leading to increase concerns regarding security and privacy. While some of these issues have already been tackled, device authentication remains without a viable solution, specially when considering a resilient decentralized approach that is the most suitable for this scenario, as it avoids some issues related to centralization, e.g., censorship and data leakage or profit from corporations. The provisioning is usually an arduous task that encompasses device configuration, including identity and key provisioning. Given the potential large number of devices, this process must be scalable and semi-autonomous, at least. This work presents a novel approach for provisioning IoT devices that adopts an architecture where other device acts as a manager that represents a CA, allowing it to be switched on/off during the provisioning phase to reduce single point of failure (SPOF) problems. Our solution combines One Time Password (OTP) on a secure token and cryptographic algorithms on a hybrid authentication system.
2019
Autores
Resende, JS; Martins, R; Antunes, L;
Publicação
ENTROPY
Abstract
Security and privacy concerns are challenging the way users interact with devices. The number of devices connected to a home or enterprise network increases every day. Nowadays, the security of information systems is relevant as user information is constantly being shared and moving in the cloud; however, there are still many problems such as, unsecured web interfaces, weak authentication, insecure networks, lack of encryption, among others, that make services insecure. The software implementations that are currently deployed in companies should have updates and control, as cybersecurity threats increasingly appearing over time. There is already some research towards solutions and methods to predict new attacks or classify variants of previous known attacks, such as (algorithmic) information theory. This survey combines all relevant applications of this topic (also known as Kolmogorov Complexity) in the security and privacy domains. The use of Kolmogorov-based approaches is resource-focused without the need for specific knowledge of the topic under analysis. We have defined a taxonomy with already existing work to classify their different application areas and open up new research questions.
2020
Autores
Brandao, A; Resende, JS; Martins, R;
Publicação
TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS, TRUSTBUS 2020
Abstract
Over the last years, it has become clear that online games are one of the most used applications on the Internet. This increasing popularity has attracted an influx of players, with some of them trying to gain an unfair advantage for economic reasons, e.g., eSports tournaments, through the use of cheats and exploits. From a different perspective, it is of utmost importance to start analyzing attacks from a defensive perspective to create novel mechanisms that can stop such behaviors. In this work, we introduce a novel solution that extends current anti-cheat solutions through Intel SGX. Our solution moves the core cheat detection engine to a secure enclave provided by SGX while making use of a kernel module for the necessary primitives for system-wide protection. With this, we can prevent client-side tampering in both game code and configuration data by creating a trusted execution environment isolated from the hosting operating system. We are making it capable of preventing the attacker from modifying the cheat detection engine and associated game files. This solution blocks known attacks in games such as CS:GO while maintaining the performance, ensuring gameplay integrity and fairness.
2021
Autores
S. Resende, J; Almeida, M; Martins, R; Antunes, L;
Publicação
Proceedings of Entropy 2021: The Scientific Tool of the 21st Century
Abstract
2021
Autores
Resende, JS; Magalhaes, L; Brandao, A; Martins, R; Antunes, L;
Publicação
SENSORS
Abstract
The growing demand for everyday data insights drives the pursuit of more sophisticated infrastructures and artificial intelligence algorithms. When combined with the growing number of interconnected devices, this originates concerns about scalability and privacy. The main problem is that devices can detect the environment and generate large volumes of possibly identifiable data. Public cloud-based technologies have been proposed as a solution, due to their high availability and low entry costs. However, there are growing concerns regarding data privacy, especially with the introduction of the new General Data Protection Regulation, due to the inherent lack of control caused by using off-premise computational resources on which public cloud belongs. Users have no control over the data uploaded to such services as the cloud, which increases the uncontrolled distribution of information to third parties. This work aims to provide a modular approach that uses cloud-of-clouds to store persistent data and reduce upfront costs while allowing information to remain private and under users' control. In addition to storage, this work also extends focus on usability modules that enable data sharing. Any user can securely share and analyze/compute the uploaded data using private computing without revealing private data. This private computation can be training machine learning (ML) models. To achieve this, we use a combination of state-of-the-art technologies, such as MultiParty Computation (MPC) and K-anonymization to produce a complete system with intrinsic privacy properties.
2021
Autores
Sousa, P; Magalhaes, L; Resende, J; Martins, R; Antunes, L;
Publicação
SENSORS
Abstract
The increasing pervasiveness of the Internet of Things is resulting in a steady increase of cyberattacks in all of its facets. One of the most predominant attack vectors is related to its identity management, as it grants the ability to impersonate and circumvent current trust mechanisms. Given that identity is paramount to every security mechanism, such as authentication and access control, any vulnerable identity management mechanism undermines any attempt to build secure systems. While digital certificates are one of the most prevalent ways to establish identity and perform authentication, their provision at scale remains open. This provisioning process is usually an arduous task that encompasses device configuration, including identity and key provisioning. Human configuration errors are often the source of many security and privacy issues, so this task should be semi-autonomous to minimize erroneous configurations during this process. In this paper, we propose an identity management (IdM) and authentication method called YubiAuthIoT. The overall provisioning has an average runtime of 1137.8 ms +/- 65.11+delta. We integrate this method with the FIWARE platform, as a way to provision and authenticate IoT devices.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.