Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Publicações

Publicações por António Pinto

2019

Privacy Preservation and Mandate Representation In Identity Management Systems

Autores
Shehu, AS; Pinto, A; Correia, ME;

Publicação
2019 14TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI)

Abstract
The growth in Internet usage has increased the use of electronic services requiring users to register their identity on each service they subscribe to. This has resulted in the prevalence of redundant users data on different services. To protect and regulate access by users to these services identity management systems (IdMs) are put in place. IdMs uses frameworks and standards e.g SAML, OAuth and Shibboleth to manage digital identities of users for identification and authentication process for a service provider. However, current IdMs have not been able to address privacy issues (unauthorised and fine-grained access) that relate to protecting users identity and private data on web services. Many implementations of these frameworks are only concerned with the identification and authentication process of users but not authorisation. They mostly give full control of users digital identities and data to identity and service providers with less or no users participation. This results in a less privacy enhanced solutions that manage users available data in the electronic space. This article proposes a user-centred mandate representation system that empowers resource owners to take full of their digital data; determine and delegate access rights using their mobile phone. Thereby giving users autonomous powers on their resources to grant access to authenticated entities at their will. Our solution is based on the OpenID Connect framework for authorisation service. To evaluate the proposal, we've compared it with some related works and the privacy requirements yardstick outlined in GDPR regulation [1] and [2]. Compared to other systems that use OAuth 2.0 or SAML our solution uses an additional layer of security, where data owner assumes full control over the disclosure of their identity data through an assertion issued from their mobile phones to authorisation server (AS), which in turn issues an access token. This would enable data owners to assert the authenticity of a request, while service providers and requestors also benefit from the correctness and freshness of identity data disclosed to them.

2020

Providing Secured Access Delegation in Identity Management Systems

Autores
Shehu, AS; Pinto, A; Correia, ME;

Publicação
PROCEEDINGS OF THE 17TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (SECRYPT), VOL 1

Abstract
The evolutionary growth of information technology has enabled us with platforms that eases access to a wide range of electronic services. Typically, access to these services requires users to authenticate their identity, which involves the release, dissemination and processing of personal data by third parties such as service and identity providers. The involvement of these and other entities in managing and processing personal identifiable data has continued to raise concerns on privacy of personal information. Identity management systems (IdMs) emerged as a promising solution to address major access control and privacy issues, however most research works are focused on securing service providers (SPs) and the services provided, with little emphases on users privacy. In order to optimise users privacy and ensure that personal information are used only for intended purposes, there is need for authorisation systems that controls who may access what and under what conditions. However, for adoption data owners perspective must not be neglected. To address these issues, this paper introduces the concept of IdM and access control framework which operates with RESTful based services. The proposal provides a new level of abstraction and logic in access management, while giving data owner a decisive control over access to personal data using smartphone. The framework utilises Attribute based access control (ABAC) method to authenticate and authorise users, Open ID Connect (OIDC) protocol for data owner authorisation and Public-key cryptography to achieve perfect forward secrecy communication. The solution enables data owner to attain the responsibility of granting or denying access to their data, from a secured communication with an identity provider using a digitally signed token.

2021

Secure Remote Storage of Logs with Search Capabilities

Autores
Araújo, R; Pinto, A;

Publicação
J. Cybersecur. Priv.

Abstract
Along with the use of cloud-based services, infrastructure, and storage, the use of application logs in business critical applications is a standard practice. Application logs must be stored in an accessible manner in order to be used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. In this paper, we evaluate the possibility of storing critical logs in a remote storage while maintaining its confidentiality and server-side search capabilities. To the best of our knowledge, the designed search algorithm is the first to support full Boolean searches combined with field searching and nested queries. We demonstrate its feasibility and timely operation with a prototype implementation that never requires access, by the storage provider, to plain text information. Our solution was able to perform search and decryption operations at a rate of, approximately, 0.05 ms per line. A comparison with the related work allows us to demonstrate its feasibility and conclude that our solution is also the fastest one in indexing operations, the most frequent operations performed.

2021

A Performance Assessment of Free-to-Use Vulnerability Scanners - Revisited

Autores
Araújo, R; Pinto, A; Pinto, P;

Publicação
ICT Systems Security and Privacy Protection - 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22-24, 2021, Proceedings

Abstract
Vulnerability scanning tools can help secure the computer networks of organisations. Triggered by the release of the Tsunami vulnerability scanner by Google, the authors analysed and compared the commonly used, free-to-use vulnerability scanners. The performance, accuracy and precision of these scanners are quite disparate and vary accordingly to the target systems. The computational, memory and network resources required be these scanners also differ. We present a recent and detailed comparison of such tools that are available for use by organisations with lower resources such as small and medium-sized enterprises. © 2021, IFIP International Federation for Information Processing.

2020

A Framework for On-Demand Reporting of Cryptocurrency Ownership and Provenance

Autores
Carreira, R; Pinto, P; Pinto, A;

Publicação
Blockchain and Applications - 2nd International Congress, BLOCKCHAIN 2020, L'Aquila, Italy, 17-19 June, 2020.

Abstract
Payments using cryptocurrencies may require that the user is able to provide proof of ownership and proof of provenance for a specific transaction. In this paper an innovative web based solution is proposed as a framework that issues reports, on request, pertaining proof of ownership and proof of provenance. The proposed framework provides proof of ownership by using micro-payments and, when used recursively, it can produce provenance reports up to a defined granularity level of transactions. A proof of concept prototype of the proposed framework was implemented and its operation and output is presented and explained. Some limitations and future work directions are also identified. © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020.

2022

A Smart Contract Architecture to Enhance the Industrial Symbiosis Process Between the Pulp and Paper Companies - A Case Study

Autores
Goncalves, R; Ferreira, I; Godina, R; Pinto, P; Pinto, A;

Publicação
BLOCKCHAIN AND APPLICATIONS

Abstract
Pulp and Paper Companies collaborate to monitor and monetize waste and create value from their by-products. This process of Industrial Symbiosis requires the creation and maintenance of trusted and transparent relationships between all entities participating in these networks, which is a constant challenge. In this context, a blockchain-based system can help in establishing and maintaining these networks, serving as a ground truth between companies operating at a national or a global scale. This paper proposes a scalable and modular blockchain architecture design using smart contracts to enhance the industrial symbiosis process of the Pulp, Paper, and Cardboard Production Sector companies in Portugal. This design comprehends all entities participating in the network. The implementation of this design assumes the use of a permissioned ledger built using Hyperledger Fabric to provide the required trust and transparency between all entities.

  • 4
  • 10