2016
Autores
Sousa, PR; Faria, P; Correia, ME; Resende, JS; Antunes, L;
Publicação
Electronic Government and the Information Systems Perspective - 5th International Conference, EGOVIS 2016, Porto, Portugal, September 5-8, 2016, Proceedings
Abstract
There are some obstacles, towards a paperless office. One of them is the collection of signatures, since nearly half of all documents are printed for the sole purpose of collecting them. Digital signatures can have the same legal evidential validity as handwritten signatures, provided they are based on certificates issued by accredited certification authorities and the associated private keys are stored on tamper proof token security devices like smart cards. In this article, we propose a platform for secure digital signature workflow management that integrates secure token based digital signatures with the Enterprise Content Management Alfresco, where each user can associate a set of smart cards to his account. The documents can then be signed with the citizen card or other smart card that has digital signatures capabilities. We have implemented an Alfresco module that allows us to explore several workflow techniques to implement real task secure digital signatures workflows, as people for example do when they pass a paper document between various departments to be signed. Since all users can see the current state of the documents being signed during the entire signage process, important security properties like system trust are preserved. We also describe an external validation web service, that provides a way for users to validate signed documents. The validation service then shows to the user important document security properties like timestamps, certificates attributes and highlights the document integrity in face of the digital signatures that have been collected in the workflows defined by our module in Alfresco. © Springer International Publishing Switzerland 2016.
2017
Autores
Costa, V; Resende, J; Sousa, P; Sousa, A; Lau, N; Reis, L;
Publicação
10TH INTERNATIONAL CONFERENCE OF EDUCATION, RESEARCH AND INNOVATION (ICERI2017)
Abstract
Autonomous Vehicles are a topic of important research, also being visually appealing to the public and attractive to educators and researchers. The autonomous driving competition in the Portuguese Robotics Open tries to take advantage of this context but concerns arise from lack of participators. Participants mention the complexity of issues related to the challenge, the space occupied for the track and the budget needed for participation. This paper takes advantage of a realistic simulator under Gazebo/ROS, studies a new track design and proposes a change in the track. The analysis presented tries to ascertain if the new design facilitates the learning process that is intended for participants while keeping visual appeal for both the general public and the participants. The proposed setup for the rules and simulator is expected to address the mentioned concerns. The rule's modification and simulator are evaluated and tested, hinting that expected learning outcomes are encouraged and the track occupied area is reduced. Learning includes mobile robotics (discrete event system and continuous control), real time artificial image vision systems (2D at image recognition and processing of real world imagery seen in 3D perspective), general real world robotics such as mechanics, control, programming, batteries, systems thinking as well as transversal skills such as team cooperation, soft skills, etc. Shown results hint that the new track and realistic simulation are promising to foster learning and hopefully attract more competing teams.
2018
Autores
Resende, JS; Sousa, PR; Antunes, L;
Publicação
TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS
Abstract
Some governments do not consider metadata as personal data, and so not in the scope of privacy regulations. However, often, metadata gives more relevant information than the actual content itself. Metadata can be very useful to identify, locate, understand and manage personal data, i.e., information that is eminently private in nature and under most privacy regulation should be anonymized or deleted if users have not give their consent. In voice calls, we are facing a critical situation in terms of privacy, as metadata can identify who calls to whom and the duration of the call, for example. In this work, we investigate privacy properties of voice calls metadata, in particular when using secure VoIP, giving evidence of the ability to extract sensitive information from its ("secure") metadata. We find that ZRTP metadata is freely available to any client on the network, and that users can be re-identified by any user with access to the network. Also, we propose a solution for this problem, suitable for all the ZRTP-based implementations.
2018
Autores
Resende, JS; Martins, R; Antunes, L;
Publicação
2018 16TH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST)
Abstract
Cloud storage allows users to remotely store their data, giving access anywhere and to anyone with an Internet connection. The accessibility, lack of local data maintenance and absence of local storage hardware are the main advantages of this type of storage. The adoption of this type of storage is being driven by its accessibility. However, one of the main barriers to its widespread adoption is the sovereignty issues originated by lack of trust in storing private and sensitive information in such a medium. Recent attacks to cloud-based storage show that current solutions do not provide adequate levels of security and subsequently fail to protect users' privacy. Usually, users rely solely on the security supplied by the storage providers, which in the presence of a security breach will ultimate lead to data leakage. In this paper, we propose and implement a broker (ARGUS) that acts as a proxy to the existing public cloud infrastructures by performing all the necessary authentication, cryptography and erasure coding. ARGUS uses erasure code as a way to provide efficient redundancy (opposite to standard replication) while adding an extra layer to data protection in which data is broken into fragments, expanded and encoded with redundant data pieces that are stored across a set of different storage providers (public or private). The key characteristics of ARGUS are confidentiality, integrity and availability of data stored in public cloud systems.
2019
Autores
Sousa, PR; Cirne, A; Resende, JS; Martins, R; Antunes, L;
Publicação
ICDCN '19: PROCEEDINGS OF THE 2019 INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING AND NETWORKING
Abstract
The number of devices connected to the Internet has been increasing exponentially. There is a substantial amount of data being exchanged among numerous connected devices. The added convenience brought by these devices spans across multiple facets of everyday life, such as drivers reporting an accident through dash cams, patients monitoring their own health, and companies controlling the safety of their facilities. However, it is critical to increase safety and privacy across the data generated and propagated by these devices. Previous works have focused mainly on device management and relied on centralized solutions namely Public Key Infrastructure (PKI). This paper describes a novel mechanism that ensures secure autonomous communication between Internet of Things (IoT) devices, while using a completely decentralized solution that mitigates the classical single points-of-failure problem. This is accomplished by a new peer-to-peer protocol using Short Authentication Strings (SAS), in which verification is made through a Limited-Location Channel (LLC).
2019
Autores
Resende, JS; Sousa, PR; Martins, R; Antunes, L;
Publicação
INTERNATIONAL JOURNAL OF INFORMATION SECURITY
Abstract
There are many cryptographic protocols in the literature that are scientifically and mathematically sound. By extension, cryptography today seeks to respond to numerous properties of the communication process beyond confidentiality (secrecy), such as integrity, authenticity, and anonymity. In addition to the theoretical evidence, implementations must be equally secure. Due to the ever-increasing intrusion from governments and other groups, citizens are now seeking alternatives ways of communication that do not leak information. In this paper, we analyze multiparty computation (MPC), which is a sub-field of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. This is a very useful method that can be used, for example, to carry out computations on anonymous data without having to leak that data. Thus, due to the importance of confidentiality in this type of technique, we analyze active and passive attacks using complexity measures (compression and entropy). We start by obtaining network traces and syscalls, then we analyze them using compression and entropy techniques. Finally, we cluster the traces and syscalls using standard clustering techniques. This approach does not need any deep specific knowledge of the implementations being analyzed. This paper presents a security analysis for four MPC frameworks, where three were identified as insecure. These insecure libraries leak information about the inputs provided by each party of the communication. Additionally, we have detected, through a careful analysis of its source code, that SPDZ-2's secret sharing schema always produces the same results.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.