TWallet ARM TrustZone Enabled Trustable Mobile Wallet: A Case for Cryptocurrency Wallets

With the increasing popularity of Blockchains supporting virtual cryptocurrencies it has become more important to have secure devices supporting operations in trustable cryp- tocurrency wallets. These wallets, currently implemented as mobile Apps or components of mobile Apps must be protected from possible intrusion attacks. ARM TrustZone technology has made available an extension of the ARM processor ar- chitecture, allowing for the isolation of trusted and non-trusted execution environments. Critical components and their runtime support can be "booted" and loaded to run in the isolated execution environment, backed by the ARM processor. The ARM TrustZone solution provides the possible enforcement of security and privacy conditions for applica- tions, ensuring the containment of sensitive software components and data-management facilities, isolating them from OS-level intrusion attacks. The idea is that sensitive compo- nents and managed data are executed with a trust computing base supported at hardware and firmware levels, not affected by intrusions against non-protected OS-level runtime components. In this dissertation we propose TWallet: a solution designed as a generic model to sup- port secure and trustable Mobile Client Wallets (implemented as mobile Apps), backed by the ARM TrustZone technology. The objective is to manage local sensitive stored data and processing components in a trust execution environment isolated from the Android OS. We believe that the proposed TWallet framework model can also inspire other specific solutions that can benefit from the isolation of sensitive components in mobile Android Apps. As a proof-of-concept, we used the TWallet framework model to implement a trusted wallet application used as an Ethereum wallet, to operate with the Ethereum Blockchain. To achieve our goals, we also conducted different experimental observations to analyze and validate the solution, with the implemented wallet integrated, tested and validated with the Rinkeby Ethereum Test Network.Com o aumento da popularidade de Blockchains e utilização de sistemas de criptomoedas, tornou-se cada vez mais importante a utilização de dispositivos seguros para suportar aplicações de carteiras móveis (vulgarmente conhecidas por mobile wallets ou mobile cryptowallets). Estas aplicações permitem aos utilizadores uma gestão local, cómoda, confiável e segura de dados e operações integradas com sistemas de Blockchains. Estas carteiras digitais, como aplicações móveis completas ou como componentes de outras aplicações, têm sido desenvolvidas de forma generalizada para diferentes sistemas operativos convencionais, nomeadamente para o sistema operativo Android e para diferentes sistemas de criptomoedas. As wallets devem permitir processar e armazenar informação sensível associada ao controlo das operações realizadas, incluindo gestão e consulta de saldos de criptomoedas, realização e consultas de históricos de movimentos de transações ou consolidação do estado destas operações integradas com as Blockchains remotas. Devem também garantir o controlo seguro e confiável do processamento criptográfico envolvido, bem como a segurança das respetivas chaves criptográficas utilizadas. A Tecnologia ARM TrustZone disponibiliza um conjunto de extensões para as arquiteturas de processadores ARM, possibilitando o isolamento e execução de código num ambiente de execução suportado ao nível do hardware do próprio processador ARM. Isto possibilita que componentes críticos de aplicações ou de sistemas operativos suportados em processadores ARM, possam executar em ambientes isolados com minimização propiciada pelo isolamento da sua Base de Computação Confiável (ou Trusted Computing Base). A execução em ambiente seguro suportado pela solução TrustZone pode oferecer assim um reforço adicional de propriedades de confiabilidade, segurança e privacidade. Isto possibilita isolar componentes e dados críticos de possíveis ataques ou intrusões ao nível do processamento e gestão de memória ou armazenamento suportados pelo sistema operativo ou bibliotecas middleware, como é usual no caso de aplicações móveis, executando em ambiente Android OS ou noutros sistemas operativos de dispositivos móveis. Nesta dissertação propomos a solução TWallet, uma aproximação genérica para suporte de wallets utilizadas como aplicações móveis confiáveis em ambiente Android OS e fortalecidas pela utilização da tecnologia ARM TrustZone. O objetivo é possibilitar o isolamento de dados e componentes sensíveis deste tipo de aplicações, tornando-as mais seguras e confiáveis. Acreditamos que o modelo de desenho e implementação da solução TWallet, visto como uma framework de referência, poderá também ser utilizada no desenvolvimento de outras aplicações móveis em que o isolamento e segurança de componentes e dados críticos são requisitos semelhantes aos endereçados. Este pode ser o caso de aplicações de pagamento móvel, aplicações bancárias na área de mobile banking ou aplicações de bilhética na área vulgarmente chamada como mobile e-ticketing, entre outras. Como prova de conceito, utilizámos a TWallet framework para implementar um protótipo de uma wallet confiável, suportável em Android OS, para gestão de operações e criptomoedas na Blockchain Ethereum. A implementação foi integrada, testada e validada na rede Rinkeby Test Network - uma rede de desenvolvimento e testes utilizada como primeiro estágio de validação de aplicações e componentes para a rede Ethereum em operação real. Para validação da solução TWallet foi realizada uma avaliação experimen- tal. Esta avaliação envolveu a observação de indicadores de operação com verificação e comparação de diferentes métricas de operação e desempenho, bem como de alocação de recursos da aplicação protegida no modelo TWallet, comparando esses mesmo indicadores com o caso da mesma aplicação sem essa proteção

Architectures for the Future Networks and the Next Generation Internet: A Survey

Networking research funding agencies in the USA, Europe, Japan, and other countries are encouraging research on revolutionary networking architectures that may or may not be bound by the restrictions of the current TCP/IP based Internet. We present a comprehensive survey of such research projects and activities. The topics covered include various testbeds for experimentations for new architectures, new security mechanisms, content delivery mechanisms, management and control frameworks, service architectures, and routing mechanisms. Delay/Disruption tolerant networks, which allow communications even when complete end-to-end path is not available, are also discussed

Towards Trouble-Free Networks for End Users

Network applications and Internet services fail all too frequently. However, end users cannot effectively identify the root cause using traditional troubleshooting techniques due to the limited capability to distinguish failures caused by local network elements from failures caused by elements located outside the local area network. To overcome these limitations, we propose a new approach, one that leverages collaboration of user machines to assist end users in diagnosing various failures related to Internet connectivity and poor network performance. First, we present DYSWIS ("Do You See What I See?"), an automatic network fault detection and diagnosis system for end users. DYSWIS identifies the root cause(s) of network faults using diagnostic rules that consider diverse information from multiple nodes. In addition, the DYSWIS rule system is specially designed to support crowdsourced and distributed probes. We also describe the architecture of DYSWIS and compare its performance with other tools. Finally, we demonstrate that the system successfully detects and diagnoses network failures which are difficult to diagnose using a single-user probe. Failures in lower layers of the protocol stack also have the potential to disrupt Internet access; for example, slow Internet connectivity is often caused by poor Wi-Fi performance. Channel contention and non-Wi-Fi interference are the primary reasons for this performance degradation. We investigate the characteristics of non-Wi-Fi interference that can severely degrade Wi-Fi performance and present WiSlow ("Why is my Wi-Fi slow?"), a software tool that diagnoses the root causes of poor Wi-Fi performance. WiSlow employs user-level network probes and leverages peer collaboration to identify the physical location of these causes. The software includes two principal methods: packet loss analysis and 802.11 ACK number analysis. When the issue is located near Wi-Fi devices, the accuracy of WiSlow exceeds 90%. Finally, we expand our collaborative approach to the Internet of Things (IoT) and propose a platform for network-troubleshooting on home devices. This platform takes advantage of built-in technology common to modern devices --- multiple communication interfaces. For example, when a home device has a problem with an interface it sends a probe request to other devices using an alternative interface. The system then exploits cooperation of both internal devices and remote machines. We show that this approach is useful in home networks by demonstrating an application that contains actual diagnostic algorithms

Theoretical and Applied Foundations for Intrusion Detection in Single and Federated Clouds

Les systèmes infonuagiques deviennent de plus en plus complexes, plus dynamiques et hétérogènes. Un tel environnement produit souvent des données complexes et bruitées, empêchant les systèmes de détection d’intrusion (IDS) de détecter des variantes d’attaques connues. Une seule intrusion ou une attaque dans un tel système hétérogène peut se présenter sous des formes différentes, logiquement mais non synthétiquement similaires. Les IDS traditionnels sont incapables d’identifier ces attaques, car ils sont conçus pour des infrastructures spécifiques et limitées. Par conséquent, une détection précise dans le nuage ne sera absolument pas identifiée. Outre le problème de l’infonuagique, les cyber-attaques sont de plus en plus sophistiquées et difficiles à détecter. Il est donc extrêmement compliqué pour un unique IDS d’un nuage de détecter toutes les attaques, en raison de leurs implications, et leurs connaissances limitées et insuffisantes de celles-ci. Les solutions IDS actuelles de l’infonuagique résident dans le fait qu’elles ne tiennent pas compte des aspects dynamiques et hétérogènes de l’infonuagique. En outre, elles s’appuient fondamentalement sur les connaissances et l’expérience locales pour identifier les attaques et les modèles existants. Cela rend le nuage vulnérable aux attaques «Zero-Day». À cette fin, nous résolvons dans cette thèse deux défis associés à l’IDS de l’infonuagique : la détection des cyberattaques dans des environnements complexes, dynamiques et hétérogènes, et la détection des cyberattaques ayant des informations limitées et/ou incomplètes sur les intrusions et leurs conséquences. Dans cette thèse, nous sommes intéressés aux IDS génériques de l’infonuagique afin d’identifier les intrusions qui sont indépendantes de l’infrastructure utilisée. Par conséquent, à chaque fois qu’un pressentiment d’attaque est identifié, le système de détection d’intrusion doit être capable de reconnaître toutes les variantes d’une telle attaque, quelle que soit l’infrastructure utilisée. De plus, les IDS de l’infonuagique coopèrent et échangent des informations afin de faire bénéficier chacun des expertises des autres, pour identifier des modèles d’attaques inconnues.----------ABSTRACT: Cloud Computing systems are becoming more and more complex, dynamic and heterogeneous. Such an environment frequently produces complex and noisy data that make Intrusion Detection Systems (IDSs) unable to detect unknown variants of known attacks. A single intrusion or an attack in such a heterogeneous system could take various forms that are logically but not synthetically similar. This, in turn, makes traditional IDSs unable to identify these attacks, since they are designed for specific and limited infrastructures. Therefore, the accuracy of the detection in the cloud will be very negatively affected. In addition to the problem of the cloud computing environment, cyber attacks are getting more sophisticated and harder to detect. Thus, it is becoming increasingly difficult for a single cloud-based IDS to detect all attacks, because of limited and incomplete knowledge about attacks and implications. The problem of the existing cloud-based IDS solutions is that they overlook the dynamic and changing nature of the cloud. Moreover, they are fundamentally based on the local knowledge and experience to perform the classification of attacks and normal patterns. This renders the cloud vulnerable to “Zero-Day” attacks. To this end, we address throughout this thesis two challenges associated with the cloud-based IDS which are: the detection of cyber attacks under complex, dynamic and heterogeneous environments; and the detection of cyber attacks under limited and/or incomplete information about intrusions and implications. We are interested in this thesis in allowing cloud-based IDSs to be generic, in order to identify intrusions regardless of the infrastructure used. Therefore, whenever an intrusion has been identified, an IDS should be able to recognize all the different structures of such an attack, regardless of the infrastructure that is being used. Moreover, we are interested in allowing cloud-based IDSs to cooperate and share knowledge with each other, in order to make them benefit from each other’s expertise to cover unknown attack patterns. The originality of this thesis lies within two aspects: 1) the design of a generic cloud-based IDS that allows the detection under changing and heterogeneous environments and 2) the design of a multi-cloud cooperative IDS that ensures trustworthiness, fairness and sustainability. By trustworthiness, we mean that the cloud-based IDS should be able to ensure that it will consult, cooperate and share knowledge with trusted parties (i.e., cloud-based IDSs). By fairness, we mean that the cloud-based IDS should be able to guarantee that mutual benefits will be achieved through minimising the chance of cooperating with selfish IDSs. This is useful to give IDSs the motivation to participate in the community

Easing the smart home: a rule-based language and multi-agent structure for end user development in intelligent environments

Tesis doctoral inédita. Universidad Autónoma de Madrid, Escuela Politécnica Superior, septiembre de 200

Architectural requirements for an open source component and artefact repository system within GENESIS

When software is being created by distributed teams of software engineers, it is necessary to manage the work-flow, processes, and artefacts which are involved in the engineering process. The GENESIS project aims to address some of the technical issues involved by providing a software system to support distributed development. One of the parts of the system will be known as OSCAR, a repository for managing distributed artefacts. Artefacts can be process models, software components, design documents, or any other kind of entity associated with the software engineering process. OSCAR will be designed as a light-weight distributed system, managing the storage and access to a distributed repository of artefacts. This paper presents and discusses the requirements for OSCAR, and suggests a possible architecture for a software system which will meet those requirements. OSCAR will be a reliable and light-weight distributed system, managing both artefacts and meta-data corresponding to the artefacts. Users of OSCAR will be able to access the distributed repository through a local interface, using the searching and indexing capabilities of the system to locate and retrieve components. OSCAR must be able to store and retrieve both artefacts and meta-data efficiently. It must be possible for OSCAR to inter-operate with existing artefact management systems (such as CVS) and to collect metrics about the contents of and accesses to the repository. The next stage in the GENESIS project is to complete the requirements for the whole of the system (in addition to the OSCAR sub-system) and then to design the software. The software will initially be developed in a traditional closed-source fashion until the first release is finished. After the first release, the GENESIS software will become open source, and will be developed accordingly

Towards Secure and Intelligent Diagnosis: Deep Learning and Blockchain Technology for Computer-Aided Diagnosis Systems

Cancer is the second leading cause of death across the world after cardiovascular disease. The survival rate of patients with cancerous tissue can significantly decrease due to late-stage diagnosis. Nowadays, advancements of whole slide imaging scanners have resulted in a dramatic increase of patient data in the domain of digital pathology. Large-scale histopathology images need to be analyzed promptly for early cancer detection which is critical for improving patient's survival rate and treatment planning. Advances of medical image processing and deep learning methods have facilitated the extraction and analysis of high-level features from histopathological data that could assist in life-critical diagnosis and reduce the considerable healthcare cost associated with cancer. In clinical trials, due to the complexity and large variance of collected image data, developing computer-aided diagnosis systems to support quantitative medical image analysis is an area of active research. The first goal of this research is to automate the classification and segmentation process of cancerous regions in histopathology images of different cancer tissues by developing models using deep learning-based architectures. In this research, a framework with different modules is proposed, including (1) data pre-processing, (2) data augmentation, (3) feature extraction, and (4) deep learning architectures. Four validation studies were designed to conduct this research. (1) differentiating benign and malignant lesions in breast cancer (2) differentiating between immature leukemic blasts and normal cells in leukemia cancer (3) differentiating benign and malignant regions in lung cancer, and (4) differentiating benign and malignant regions in colorectal cancer. Training machine learning models, disease diagnosis, and treatment often requires collecting patients' medical data. Privacy and trusted authenticity concerns make data owners reluctant to share their personal and medical data. Motivated by the advantages of Blockchain technology in healthcare data sharing frameworks, the focus of the second part of this research is to integrate Blockchain technology in computer-aided diagnosis systems to address the problems of managing access control, authentication, provenance, and confidentiality of sensitive medical data. To do so, a hierarchical identity and attribute-based access control mechanism using smart contract and Ethereum Blockchain is proposed to securely process healthcare data without revealing sensitive information to an unauthorized party leveraging the trustworthiness of transactions in a collaborative healthcare environment. The proposed access control mechanism provides a solution to the challenges associated with centralized access control systems and ensures data transparency and traceability for secure data sharing, and data ownership

Integrating mobile devices into a scalable Grid Computing architecture designed to perform distributed computations

The idea of Grid Computing originated in the nineties and found its concrete applications in contexts like the SETI@home project where a lot of computers (offered by volunteers) cooperated, performing distributed computations, inside the Grid environment analyzing radio signals trying to find extraterrestrial life. The Grid was composed of traditional personal computers but, with the emergence of the first mobile devices like Personal Digital Assistants (PDAs), researchers started theorizing the inclusion of mobile devices into Grid Computing; although impressive theoretical work was done, the idea was discarded due to the limitations (mainly technological) of mobile devices available at the time. Decades have passed, and now mobile devices are extremely more performant and numerous than before, leaving a great amount of resources available on mobile devices, such as smartphones and tablets, untapped. Here we propose a solution for performing distributed computations over a Grid Computing environment that utilizes both desktop and mobile devices, exploiting the resources from day-to-day mobile users that alternatively would end up unused. The work starts with an introduction on what Grid Computing is, the evolution of mobile devices, the idea of integrating such devices into the Grid and how to convince device owners to participate in the Grid. Then, the tone becomes more technical, starting with an explanation on how Grid Computing actually works, followed by the technical challenges of integrating mobile devices into the Grid. Next, the model, which constitutes the solution offered by this study, is explained, followed by a chapter regarding the realization of a prototype that proves the feasibility of distributed computations over a Grid composed by both mobile and desktop devices. To conclude future developments and ideas to improve this project are presented

2nd Symposium on Management of Future motorway and urban Traffic Systems (MFTS 2018): Booklet of abstracts: Ispra, 11-12 June 2018

The Symposium focuses on future traffic management systems, covering the subjects of traffic control, estimation, and modelling of motorway and urban networks, with particular emphasis on the presence of advanced vehicle communication and automation technologies. As connectivity and automation are being progressively introduced in our transport and mobility systems, there is indeed a growing need to understand the implications and opportunities for an enhanced traffic management as well as to identify innovative ways and tools to optimise traffic efficiency. In particular the debate on centralised versus decentralised traffic management in the presence of connected and automated vehicles has started attracting the attention of the research community. In this context, the Symposium provides a remarkable opportunity to share novel ideas and discuss future research directions.JRC.C.4-Sustainable Transpor