A formal methodology for integral security design and verification of network protocols

We propose a methodology for verifying security properties of network protocols at design level. It can be separated in two main parts: context and requirements analysis and informal verification; and formal representation and procedural verification. It is an iterative process where the early steps are simpler than the last ones. Therefore, the effort required for detecting flaws is proportional to the complexity of the associated attack. Thus, we avoid wasting valuable resources for simple flaws that can be detected early in the verification process. In order to illustrate the advantages provided by our methodology, we also analyze three real protocols

Simulation of a Clustering Scheme for Vehicular Ad Hoc Networks Using a DEVS-based Virtual Laboratory Environment

ANT 2018, The 9th International Conference on Ambient Systems, Networks and Technologies, Porto, PORTUGAL, 08-/05/2018 - 11/05/2018Protocol design is usually based on the functional models developed according to the needs of the system. In Intelligent Transport Systems (ITS), the features studied regarding Vehicular Ad hoc Networks (VANET) include self-organizing, routing, reliability, quality of service, and security. Simulation studies on ITS-dedicated routing protocols usually focus on their performance in specific scenarios. However, the evolution of transportation systems towards autonomous vehicles requires robust protocols with proven or at least guaranteed properties. Though formal approaches provide powerful tools for system design, they cannot be used for every types of ITS components. Our goal is to develop new tools combining formal tools such as Event-B with DEVS-based (Discrete Event System Specification) virtual laboratories in order to design the models of ITS components which simulation would allow proving and verifying their properties in large-scale scenarios. This paper presents the models of the different components of a VANET realized with the Virtual Laboratory Environment (VLE). We point out the component models fitting to formal modeling, and proceed to the validation of all designed models through a simulation scenario based on real-world road traffic data

Protección de la privacidad en la gestión de eventos de calendario en la nube

Hoy en día muchos de los recursos informáticos que se emplean pueden ser ofrecidos como servicios. Así, muchas son las empresas que han lanzado al mercado diversas aplicaciones y herramientas en forma de servicios cloud. La facilidad de acceso a los sistemas en la nube a través de Internet ha permitido a los usuarios finales realizar todo tipo de tareas cotidianas, tanto personales como laborables. No obstante, estas rutinas suponen, de facto, una externalización de la custodia y gestión de la información, lo que ha originado un intenso debate en la sociedad en torno a la seguridad y privacidad de los datos en la nube. En efecto, no siempre es posible saber con claridad la forma de administración ni la finalidad de algunas de las operaciones que los proveedores cloud realizan con nuestros datos. No basta con que dichos proveedores establezcan medidas de protección frente a agentes externos maliciosos. El carácter central de la información exige ir un paso más allá desplegando de modo transparente soluciones que permitan conseguir un adecuado equilibrio entre seguridad y privacidad. Las aplicaciones cloud son muy variadas, y entre sus servicios se encuentran los gestores de eventos de calendario. Estos productos son cada vez más demandados, sobretodo en el ámbito profesional, dado que permiten organizar y planificar las tareas en un marco temporal concreto. Con este panorama y con las inquietudes antes mencionadas, se decidió crear una aplicación software para gestionar de modo seguro y privado calendarios almacenados en la nube. Asimismo, y con objeto de garantizar la disponibilidad del servicio, se concibió la aplicación como una solución de escritorio con la posibilidad de modo de ejecución offline, esto es, que puede utilizarse sin conexión a Internet. Además, la aplicación es multiplataforma y OpenSource, para proporcionar más diversidad en los entornos de utilización, y para dar a la comunidad y a la sociedad una herramienta de software libre que, consecuentemente, pueda ser analizada y auditada para saber qué hace y cómo lo hace.Today many of the former computer-based functionality can be interpreted as cloud services. As matter of fact, the ease to access Internet and the quality of the service have fostered the adoption of cloud applications by more and more users. Consequently, it is possible to assert that the cloud is a central hub of many of our daily personal and professional activities. Nevertheless, we should take into account that the storage and processing of information in the cloud entail the outsourcing of the data custody. Indeed, we trust cloud service providers to protect our information and to access it only upon our informed consent. These assumptions are not always satisfied, which has pave the way for an intense debate around the difficult tradeoff between security and privacy in cloud services. Among all the possible cloud applications, in this work the focus is on cloud-based event managers. These applications are increasingly used, especially in the professional field, since they allow to organize and plan tasks in a very convenient way. On the grounds of the aforementioned security and privacy threats, this project was intended to design and implement a secure and privacyrespectful software application to handle cloud-based calendars. Service availability was also a major concern in this project, and thus the application was designed to enable offline access to calendar events. Finally, the application was conceived as a cross-platform and OpenSource desktop solution, which further endorses the service availability and auditability. Certainly, the resulting product can be used in different operating systems and its source code is publicly available to be thoroughly analyzed and improved

The Stability/Sustainability Dynamics: The Case of Marine Environmental Management in Somalia

Since January 1991, Somalia has been a war-torn society without law and order machinery. After a decade of chaos, in January 2001, an interim government formed in Djibouti was brought to Mogadishu, albeit it failed to function. Two similar others followed; one in 2004 and the other in 2007. In 2012, a federal government was elected by 275 members of parliament, but it is yet to govern most of the countrys regions. Consequently, over 25 years, there has been sociopolitical and economic instability which jeopardised Somalias environment and security (land and marine). Now, who are the actors of socio-political and economic instability, and can marine sustainability be achieved in the absence of stability? This doctoral study identifies, defines, examines and analyzes each of the state and non-state actors/networks operating in Somalia, at the international, regional, national, provincial, and local levels. I investigated who are they and what are their backgrounds/origins? What are their objectives and strategies? What are their capacities and economic status? What are their motives and manoeuvres? and what are their internal and external relationships? I categorised each one of them based on these scales: instability, potential stability or stability. I adopted a multi-dimensional approach which aims at tackling both marine environmental degradation and insecurity in the Somali basin, while establishing a community-based policy as a milestone for the formulation of a national/provincial policy. The study finds out that the competing multifaceted and multipurpose (economic, political or social gains) networks deliberately or inadvertently destroy the countrys environment and contribute to instability. Yet, in the countrys post-conflict situation, environmental traditional-based policy and socio-legal systems can be practiced at the grassroots level. I then proposed the roles to be played by individuals, local communities, provincials, and national, as well as regional, and international communities in the implementation of this bottom-up approach policy. While showing the relationship between environmental sustainability and sociopolitical stability, I argue that marine problems are borderless and as such, need global attention. I shed light on how war-torn states and post-conflict countries can establish vital means of environmental sustainability by applying community-based policy, implemented through self-help programs

Diseño y desarrollo de una aplicación Android para el uso de identidades digitales, autenticación y firmas digitales en sistemas interactivos

En este proyecto se ha desarrollado una aplicación Android que permite al usuario obtener una identidad digital de la que puede hacer uso, como por ejemplo, para autenticarse en un sistema. Para la consecución de tal identidad, se ha implementado un protocolo, desarrollado previamente por el GNB para la plataforma Moodle, que permite obtenerla sin necesidad de desplazarse para identificarse a ninguna entidad de registro y con cierto grado de seguridad. Para alcanzar estos objetivos, se ha realizado, en primer lugar, un estudio sobre el contexto en el que se desarrolla la aplicación en referencia a los conocimientos básicos de seguridad en la implementación de un sistema y la seguridad existente en una plataforma de amplia expansión como es Android. En segundo lugar, se ha realizado una descripción de las diferentes herramientas que facilitan la implementación de tal aplicación y cómo han de usarse o cuál es la metodología para facilitar y automatizar el trabajo. A continuación, se expone el diseño que se ha llevado a cabo sobre el protocolo de seguridad implementado y su uso en relación a la aplicación desarrollada, explicando que pasos se han seguido para la realización tanto de la aplicación, como del protocolo. Después del desarrollo de la aplicación y de la implementación del protocolo, se muestra cuál es el resultado final de la aplicación, sus funciones, sus características y cualidades y se comprueba cuál es el rendimiento final del sistema. Por último, se lleva a cabo una discusión sobre las conclusiones a las que se ha llegado a lo largo de la realización del proyecto además de las propuestas para un trabajo futuro.In this Master Thesis, an Android application, which lets a user obtain a digital identity from which he can make use e. g. to authenticate himself in a system, has been developed. A protocol previously developed by the GNB group for Moodle platform, has been implemented to obtain that identity without the needing from a user to move to identificate himself in any registration entity and having certain level of security. In order to achieve these objetives, firstly, there has been made a research of the context in which the application is developed regarding basic knowledge of a system security and existing security in a wide spread platform like Android. In the second place, there has been carried out a description of the different tools that facilitate the implementation of such an application and how they have to be used or what is the metodology for facilitating and automating the work. Following, there has been exposed the design carried out on the security protocol here implemented and its use regarding the developed application, explaining the steps that there have been followed to the realization of both the application and the protocol. After the development of the application and the protocol implementation, it is shown which is the final result of the application, its functions, its features and attributes, and it is checked which is the final efficiency of the system. Finally, there has been carried out a discussion on the conclusions that have been reached during the Master Thesis realization, in addition to the suggestions for future work