IT infrastructure & microservices authentication

Mestrado IPB-ESTGBIOma - Integrated solutions in BIOeconomy for the Mobilization of the Agrifood chain project is structured in 6 PPS (Products, Processes, and Services) out of which, a part of PPS2 is covered in this work. This work resulted in the second deliverable of PPS2 which is defined as PPS2.A1.E2 - IT infrastructure design and graphical interface conceptual design. BIOma project is in the early stage and this deliverable is a design task of the project. For defining the system architecture, requirements, UML diagrams, physical architecture, and logical architecture have been proposed. The system architecture is based on microservices due to its advantages like scalability and maintainability for bigger projects like BIOma where several sensors are used for big data analysis. Special attention has been devoted to the research and study for the authentication and authorization of users and devices in a microservices architecture. The proposed authentication solution is a result of research made for microservices authentication where it was concluded that using a separate microservice for user authentication is the best solution. FIWARE is an open-source initiative defining a universal set of standards for context data management that facilitates the development of Smart solutions for different domains like Smart Cities, Smart Industry, Smart Agrifood, and Smart Energy. FIWARE’s PEP (Policy Enforcement Point) proxy solution has been proposed in this work for the better management of user’s identities, and client-side certificates have been proposed for authentication of IoT (Internet of Things) devices. The communication between microservices is done through AMQP (Advanced Message Queuing Protocol), and between IoT devices and microservices is done through MQTT (Message Queuing Telemetry Transport) protocol

Mobile computing algorithms and systems for user-aware optimization of enterprise applications

The adoption of mobile devices, particularly smartphones, has grown steadily over the last decade, also permeating the enterprise sector. Enterprises are investing heavily in mobilization to improve employee productivity and perform business workflows, including smartphones and tablets. Enterprise mobility is expected to be more than a $250 billion market in 2019. Strategies to achieve mobilization range from building native apps, using mobile enterprise application platforms (MEAPS), developing with a mobile backend as a service (mBaaS), relying on application virtualization, and employing application refactoring. Enterprises are not yet experiencing the many benefits of mobilization, even though there is great promise. Email and browsing are used heavily, but the practical adoption of enterprise mobility to deliver value beyond these applications is in its infancy and faces barriers. Enterprises deploy few business workflows (<5 percent). Barriers include the heavy task burden in executing workflows on mobile devices, the irrelevance of available mobile features, non-availability of necessary business functions, the high cost of network access, increased security risks associated with smartphones, and increased complexity of mobile application development. This dissertation identifies key barriers to user productivity on smartphones and investigates user-aware solutions that leverage redundancies in user behavior to reduce burden, focusing on the following mobility aspects: (1) Workflow Mobilization: For an employee to successfully perform workflows on a smartphone, a mobile app must be available, and the specific workflow must survive the defeaturization process necessary for mobilization. While typical mobilization strategies offer mobile access to a few heavily-used features, there is a long-tail problem for enterprise application mobilization, in that many application features are left unsupported or are too difficult to access. We propose a do-it-yourself (DIY) platform, Taskr, that allows users at all skill levels to mobilize workflows. Taskr uses remote computing with application refactoring to achieve code-less mobilization of enterprise web applications. It allows for flexible mobile delivery so that users can execute spot tasks through Twitter, email, or a native mobile app. Taskr prototypes from 15 enterprise applications reduce the number of user actions performing workflows by 40 percent compared to the desktop; (2) Content sharing (enterprise email): An enterprise employee spends an inordinate amount of time on email responding to queries and sharing information with co-workers. This problem is further aggravated on smartphones due to smaller screen real estate. We consider automated information suggestions to ease the burden of reply construction on smartphones. The premise is that a significant portion of the information content in a reply is likely present in prior emails. We first motivate this premise by analyzing both public and private email datasets. We then present Dejavu, a system that relies on inverse document frequency (IDF) and keyword matching to provide relevant suggestions for responses. Evaluation of Dejavu over email datasets shows a 22 percent reduction in the user’s typing burden; (3) Collaboration: Even though many business processes within enterprises require employees to work as a team and collaborate, few mobile apps allow two employees to work on an object from two separate devices simultaneously. We present Peek, a mobile-to-mobile remote computing protocol for collaboration that lets users remotely interact with an application in a responsive manner. Unlike traditional desktop remote computing protocols, Peek provides multi-touch support for ease of operation and a flexible frame compression scheme that accounts for the resource constraints of a smartphone. An Android prototype of Peek shows a 62 percent reduction in time to perform touchscreen actions.Ph.D

A PoW-less Bitcoin with Certified Byzantine Consensus

Distributed Ledger Technologies (DLTs), when managed by a few trusted validators, require most but not all of the machinery available in public DLTs. In this work, we explore one possible way to profit from this state of affairs. We devise a combination of a modified Practical Byzantine Fault Tolerant (PBFT) protocol and a revised Flexible Round-Optimized Schnorr Threshold Signatures (FROST) scheme, and then we inject the resulting proof-of-authority consensus algorithm into Bitcoin (chosen for the reliability, openness, and liveliness it brings in), replacing its PoW machinery. The combined protocol may operate as a modern, safe foundation for digital payment systems and Central Bank Digital Currencies (CBDC)

Implementation of an identity based encryption sub-system for secure e-mail and other applications

This thesis describes the requirements for, and design of, a suite of a sub-systems which support the introduction of Identity Based Encryption (IBE) to Intrenet communications. Current methods for securing Internet transmission are overly complex to users and require expensive and complex supporting infrastructure for distributing credentials such as certificates or public keys. Identity Based Encryption holds a promise of simplifying the process without compromising the security. In this thesis I will outline the theory behind the cryptography required , give a background to e-M ail and messaging protocols,the current security methods, the infrastructure used, the issues with these methods, and the break through that recent innovations in Identity Based Encryption hopes to deliver.I will describe an implementation of a sub-system that secures e-Mail and other protocolsin desktop platforms with as little impact on the end user as possible

SMART GRIDS LABORATORIES INVENTORY 2016

The smart grid implies that a vast amount of information needs to be handled and requires an effective energy management. Assessing the new technological solutions that would best accommodate the needs of a smart grid is of vital importance. This report aims at collecting information about the smart grid topics of research, the technologies and the standards used by top organizations that hold smart grid activities at a laboratory level. For this purpose an online questionnaire has been used. The report presents aggregated results that give an insight into the state-of-the-art regarding the smart grid field.JRC.C.3-Energy Security, Distribution and Market

Implementation and evaluation of a container-based software architecture

Recent advances in fields such as Cloud Computing, Web Systems, Internet of Things and Distributed NoSQL DBMS are enabling the development of innovative enterprise information systems that significantly increase the productivity of end users and developers. The aim of this thesis is to explore the new opportunities that these new technologies are bringing to the enterprise world. The new opportunities are explored by investigating the scenario of a medium-sized worldwide-trading company, Fiorital S.p.A. The thesis presents the design of a software architecture for the future information system of the company. The architecture is based on the usage of the Container technology and of the Microservice architectural style. Containers have empowered the usage of Microservices architectures by being lightweight, providing fast start-up times, and having low overhead. Candidate technologies for the implementation of the proposed software architecture are singled out, and the selection rationale is presented. This thesis provides an evaluation of both the candidate architecture and the technologies through the implementation of a prototype and the application of synthetic workloads that mimic stressful use scenarios. The results show that, in spite of the relative immaturity of some of the candidate technologies, the information system's candidate architecture is appropriate and that a company like Fiorital would considerably benefit from it

Identidade digital federada globaliD

Mestrado em Engenharia de Computadores e TelemáticaO presente texto propõe uma solução para a gestão de identidade digital online tendo em conta a versatilidade, o anonimato, a privacidade, a veracidade, a credibilidade e a responsabilidade do utilizador, recorrendo para isso ao uso do Cartão de Cidadão Electrónico Nacional Português e a outros meios de autenticação públicos usados diariamente pelos utilizadores. A dissertação é composta pela apresentação do conceito de identidade e das suas particularidades, por uma análise aos vários problemas da gestão da informação pessoal online, uma análise aos vários modelos, mecanismos e especificações existentes para gerir a identidade digital online (gestão de identidade digital). Uma solução de gestão de identidade digital baseada no modelo de identidade federada e associada ao Cartão do Cidadão Electrónico Nacional Português é apresentada, descrita, analisada, avaliada e comparada com outras soluções existentes. Por fim um protótipo de um provedor de identidades digitais federadas baseado na solução de gestão de identidade digital proposta é apresentado.The following text provides a solution for the digital identity management on the Web regarding the users’ versatility, anonymity, privacy, veracity, trustworthiness and accountability by using the Portuguese National Electronic Citizen Identity Card and other publicly available authentication mechanisms users use daily. The dissertation consists of the presentation of the concept of identity and its particularities, an analysis to the several problems of managing personal information online, and an analysis to the several existing models, mechanisms and specifications for the management of the digital identity online (digital identity management). A solution for digital identity management based on the federated identity model and associated to the Portuguese National Electronic Citizen Identity Card is introduced, described, analyzed, evaluated and compared to other several existing solutions. Last, a prototype of a federated digital identity provider based on the purposed solution for digital identity management is presented

Defending networked resources against floods of unwelcome requests

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2008.Includes bibliographical references (p. 172-189).The Internet is afflicted by "unwelcome requests'" defined broadly as spurious claims on scarce resources. For example, the CPU and other resources at a server are targets of denial-of-service (DOS) attacks. Another example is spam (i.e., unsolicited bulk email); here, the resource is human attention. Absent any defense, a very small number of attackers can claim a very large fraction of the scarce resources. Traditional responses identify "bad" requests based on content (for example, spam filters analyze email text and embedded URLs). We argue that such approaches are inherently gameable because motivated attackers can make "bad" requests look "good". Instead, defenses should aim to allocate resources proportionally (so if lo% of the requesters are "bad", they should be limited to lo% of the scarce resources). To meet this goal, we present the design, implementation, analysis, and experimental evaluation of two systems. The first, speak-up, defends servers against application-level denial-of-service by encouraging all clients to automatically send more traffic. The "good" clients can thereby compete equally with the "bad" ones. Experiments with an implementation of speak-up indicate that it allocates a server's resources in rough proportion to clients' upload bandwidths, which is the intended result. The second system, DQE, controls spam with per-sender email quotas. Under DQE, senders attach stamps to emails. Receivers communicate with a well-known, untrusted enforcer to verify that stamps are fresh and to cancel stamps to prevent reuse. The enforcer is distributed over multiple hosts and is designed to tolerate arbitrary faults in these hosts, resist various attacks, and handle hundreds of billions of messages daily (two or three million stamp checks per second). Our experimental results suggest that our implementation can meet these goals with only a few thousand PCs.(cont) The enforcer occupies a novel design point: a set of hosts implement a simple storage abstraction but avoid neighbor maintenance, replica maintenance, and mutual trust. One connection between these systems is that DQE needs a DoS defense-and can use speak-up. We reflect on this connection, on why we apply speak-up to DoS and DQE to spam, and, more generally, on what problems call for which solutions.by Michael Walfish.Ph.D