A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider

Ubiquitous Computing

The aim of this book is to give a treatment of the actively developed domain of Ubiquitous computing. Originally proposed by Mark D. Weiser, the concept of Ubiquitous computing enables a real-time global sensing, context-aware informational retrieval, multi-modal interaction with the user and enhanced visualization capabilities. In effect, Ubiquitous computing environments give extremely new and futuristic abilities to look at and interact with our habitat at any time and from anywhere. In that domain, researchers are confronted with many foundational, technological and engineering issues which were not known before. Detailed cross-disciplinary coverage of these issues is really needed today for further progress and widening of application range. This book collects twelve original works of researchers from eleven countries, which are clustered into four sections: Foundations, Security and Privacy, Integration and Middleware, Practical Applications

BLOCKGRID: A BLOCKCHAIN-MEDIATED CYBER-PHYSICAL INSTRUCTIONAL PLATFORM

Includes supplementary material, which may be found at https://calhoun.nps.edu/handle/10945/66767Blockchain technology has garnered significant attention for its disruptive potential in several domains of national security interest. For the United States government to meet the challenge of incorporating blockchain technology into its IT infrastructure and cyber warfare strategy, personnel must be educated about blockchain technology and its applications. This thesis presents both the design and prototype implementation for a blockchain-mediated cyber-physical system called a BlockGrid. The system consists of a cluster of microcomputers that form a simple smart grid controlled by smart contracts on a private blockchain. The microcomputers act as private blockchain nodes and are programmed to activate microcomputer-attached circuits in response to smart-contract transactions. LEDs are used as visible circuit elements that serve as indicators of the blockchain’s activity and allow demonstration of the technology to observers. Innovations in networking configuration and physical layout allow the prototype to be highly portable and pre-configured for use upon assembly. Implementation options allow the use of BlockGrid in a variety of instructional settings, thus increasing its potential benefit to educators.Civilian, CyberCorps: Scholarship for ServiceApproved for public release. distribution is unlimite

Lightup project: development of a concept for a non-profit organization

The main objective of this study is to develop a strong and coherent concept, able to sustain the added value of lightUP project. Through the development of various analysis, from the general market to the organization itself, this project is intended to represent an added value (both for society, as well as for volunteers and partners). It is an aim of the author to give the maximum focus, commitment and strength during every stage of the thesis, making sure that this will be not just a final requirement of the master, but a beginning of a community transformation. This organization will be centered on people’s well being, not focusing on material support, but on the emotional support. Being the Portuguese one of the most pessimistic people of the Europe, it is an aim to contribute to the change of this reality, starting by adults, enhancing the positivism that exists on each individual and that can be replicated to others. There are other goals to be achieved, such as finding the right practices in order to make sure that: (1) The organization will create truly impact, besides being irreverent; (2) The role of the organization is notorious, easily identified by society; (3) Volunteers will be volunteers for life (being informal volunteers in their daily lives, after passing through the project); (4) The social impact will be measured regularly and will be as accurate as possible and (5) The financial sustainability will be treated efficiently.O principal objetivo deste estudo é desenvolver um conceito forte e coerente, capaz de sustentar o valor acrescentado do projeto lightUP. Através do desenvolvimento de várias análises, desde o mercado em geral à organização em si, pretende-se que a implementação deste projeto seja uma mais valia (tanto para a sociedade, como para os voluntários e parceiros). É um objetivo do autor contribuir com o máximo foco, compromisso e força durante cada etapa da tese, garantindo que este não é apenas um requerimento final do mestrado, mas o início de uma transformação da comunidade. Esta organização centrar-se-á no bem estar das pessoas, não focando o apoio material, mas sim o apoio emocional. Sendo os Portugueses um dos povos mais pessimistas da Europa, é um objetivo contribuir para a mudança desta realidade, começando pelos adultos, realçando o positivismo que existe em cada indivíduo e que pode ser replicado para os outros. Há outros objetivos que se pretendem atingir, nomeadamente encontrar as práticas certas de forma a garantir que: (1) A organização criará verdadeiro impacto, para além da sua irreverência; (2) O papel da organização seja notório, facilmente identificado pela sociedade; (3) Os voluntários serão voluntários para a vida (sendo voluntários informais nas suas vidas diárias, após a passagem pelo projeto); (4) O impacto social será medido regularmente e será o mais preciso possível e (5) A sustentabilidade financeira será tratada de forma eficaz

RFID: Prospects for Europe: Item-level Tagging and Public Transportation

This report, which is part of the COMPLETE series of studies, investigates the current and future competitiveness of the European industry in RFID applications in general and in two specific cases: item-level tagging and public transportation. It analyses its constituent technologies, drivers and barriers to growth, actual and potential markets and economic impacts, the industrial position and innovative capabilities, and it concludes with policy implicationsJRC.DDG.J.4-Information Societ

μGIM - Microgrid intelligent management system based on a multi-agent approach and the active participation of end-users

[ES] Los sistemas de potencia y energía están cambiando su paradigma tradicional, de sistemas centralizados a sistemas descentralizados. La aparición de redes inteligentes permite la integración de recursos energéticos descentralizados y promueve la gestión inclusiva que involucra a los usuarios finales, impulsada por la gestión del lado de la demanda, la energía transactiva y la respuesta a la demanda. Garantizar la escalabilidad y la estabilidad del servicio proporcionado por la red, en este nuevo paradigma de redes inteligentes, es más difícil porque no hay una única sala de operaciones centralizada donde se tomen todas las decisiones. Para implementar con éxito redes inteligentes, es necesario combinar esfuerzos entre la ingeniería eléctrica y la ingeniería informática. La ingeniería eléctrica debe garantizar el correcto funcionamiento físico de las redes inteligentes y de sus componentes, estableciendo las bases para un adecuado monitoreo, control, gestión, y métodos de operación. La ingeniería informática desempeña un papel importante al proporcionar los modelos y herramientas computacionales adecuados para administrar y operar la red inteligente y sus partes constituyentes, representando adecuadamente a todos los diferentes actores involucrados. Estos modelos deben considerar los objetivos individuales y comunes de los actores que proporcionan las bases para garantizar interacciones competitivas y cooperativas capaces de satisfacer a los actores individuales, así como cumplir con los requisitos comunes con respecto a la sostenibilidad técnica, ambiental y económica del Sistema. La naturaleza distribuida de las redes inteligentes permite, incentiva y beneficia enormemente la participación activa de los usuarios finales, desde actores grandes hasta actores más pequeños, como los consumidores residenciales. Uno de los principales problemas en la planificación y operación de redes eléctricas es la variación de la demanda de energía, que a menudo se duplica más que durante las horas pico en comparación con la demanda fuera de pico. Tradicionalmente, esta variación dio como resultado la construcción de plantas de generación de energía y grandes inversiones en líneas de red y subestaciones. El uso masivo de fuentes de energía renovables implica mayor volatilidad en lo relativo a la generación, lo que hace que sea más difícil equilibrar el consumo y la generación. La participación de los actores de la red inteligente, habilitada por la energía transactiva y la respuesta a la demanda, puede proporcionar flexibilidad en desde el punto de vista de la demanda, facilitando la operación del sistema y haciendo frente a la creciente participación de las energías renovables. En el ámbito de las redes inteligentes, es posible construir y operar redes más pequeñas, llamadas microrredes. Esas son redes geográficamente limitadas con gestión y operación local. Pueden verse como áreas geográficas restringidas para las cuales la red eléctrica generalmente opera físicamente conectada a la red principal, pero también puede operar en modo isla, lo que proporciona independencia de la red principal. Esta investigación de doctorado, realizada bajo el Programa de Doctorado en Ingeniería Informática de la Universidad de Salamanca, aborda el estudio y el análisis de la gestión de microrredes, considerando la participación activa de los usuarios finales y la gestión energética de lascarga eléctrica y los recursos energéticos de los usuarios finales. En este trabajo de investigación se ha analizado el uso de conceptos de ingeniería informática, particularmente del campo de la inteligencia artificial, para apoyar la gestión de las microrredes, proponiendo un sistema de gestión inteligente de microrredes (μGIM) basado en un enfoque de múltiples agentes y en la participación activa de usuarios. Esta solución se compone de tres sistemas que combinan hardware y software: el emulador de virtual a realidad (V2R), el enchufe inteligente de conciencia ambiental de Internet de las cosas (EnAPlug), y la computadora de placa única para energía basada en el agente (S4E) para permitir la gestión del lado de la demanda y la energía transactiva. Estos sistemas fueron concebidos, desarrollados y probados para permitir la validación de metodologías de gestión de microrredes, es decir, para la participación de los usuarios finales y para la optimización inteligente de los recursos. Este documento presenta todos los principales modelos y resultados obtenidos durante esta investigación de doctorado, con respecto a análisis de vanguardia, concepción de sistemas, desarrollo de sistemas, resultados de experimentación y descubrimientos principales. Los sistemas se han evaluado en escenarios reales, desde laboratorios hasta sitios piloto. En total, se han publicado veinte artículos científicos, de los cuales nueve se han hecho en revistas especializadas. Esta investigación de doctorado realizó contribuciones a dos proyectos H2020 (DOMINOES y DREAM-GO), dos proyectos ITEA (M2MGrids y SPEAR), tres proyectos portugueses (SIMOCE, NetEffiCity y AVIGAE) y un proyecto con financiación en cascada H2020 (Eco-Rural -IoT)

Identifying and combating cyber-threats in the field of online banking

This thesis has been carried out in the industrial environment external to the University, as an industrial PhD. The results of this PhD have been tested, validated, and implemented in the production environment of Caixabank and have been used as models for others who have followed the same ideas. The most burning threats against banks throughout the Internet environment are based on software tools developed by criminal groups, applications running on web environment either on the computer of the victim (Malware) or on their mobile device itself through downloading rogue applications (fake app's with Malware APP). Method of the thesis has been used is an approximation of qualitative exploratory research on the problem, the answer to this problem and the use of preventive methods to this problem like used authentication systems. This method is based on samples, events, surveys, laboratory tests, experiments, proof of concept; ultimately actual data that has been able to deduce the thesis proposal, using both laboratory research and grounded theory methods of data pilot experiments conducted in real environments. I've been researching the various aspects related to e-crime following a line of research focusing on intrinsically related topics: - The methods, means and systems of attack: Malware, Malware families of banker Trojans, Malware cases of use, Zeus as case of use. - The fixed platforms, mobile applications and as a means for malware attacks. - forensic methods to analyze the malware and infrastructure attacks. - Continuous improvement of methods of authentication of customers and users as a first line of defense anti- malware. - Using biometrics as innovative factor authentication.The line investigating Malware and attack systems intrinsically is closed related to authentication methods and systems to infect customer (executables, APP's, etc.), because the main purpose of malware is precisely steal data entered in the "logon "authentication system, to operate and thus, fraudulently, steal money from online banking customers. Experiments in the Malware allowed establishing a new method of decryption establishing guidelines to combat its effects describing his fraudulent scheme and operation infection. I propose a general methodology to break the encryption communications malware (keystream), extracting the system used to encrypt such communications and a general approach of the Keystream technique. We show that this methodology can be used to respond to the threat of Zeus and finally provide lessons learned highlighting some general principles of Malware (in general) and in particular proposing Zeus Cronus, an IDS that specifically seeks the Zeus malware, testing it experimentally in a network production and providing an effective skills to combat the Malware are discussed. The thesis is a research interrelated progressive evolution between malware infection systems and authentication methods, reflected in the research work cumulatively, showing an evolution of research output and looking for a progressive improvement of methods authentication and recommendations for prevention and preventing infections, a review of the main app stores for mobile financial services and a proposal to these stores. The most common methods eIDAMS (authentication methods and electronic identification) implemented in Europe and its robustness are analyzed. An analysis of adequacy is presented in terms of efficiency, usability, costs, types of operations and segments including possibilities of use as authentication method with biometrics as innovation.Este trabajo de tesis se ha realizado en el entorno industrial externo a la Universidad como un PhD industrial Los resultados de este PhD han sido testeados, validados, e implementados en el entorno de producción de Caixabank y han sido utilizados como modelos por otras que han seguido las mismas ideas. Las amenazas más candentes contra los bancos en todo el entorno Internet, se basan en herramientas software desarrolladas por los grupos delincuentes, aplicaciones que se ejecutan tanto en entornos web ya sea en el propio ordenador de la víctima (Malware) o en sus dispositivos móviles mediante la descarga de falsas aplicaciones (APP falsa con Malware). Como método se ha utilizado una aproximación de investigación exploratoria cualitativa sobre el problema, la respuesta a este problema y el uso de métodos preventivos a este problema a través de la autenticación. Este método se ha basado en muestras, hechos, encuestas, pruebas de laboratorio, experimentos, pruebas de concepto; en definitiva datos reales de los que se ha podido deducir la tesis propuesta, utilizando tanto investigación de laboratorio como métodos de teoría fundamentada en datos de experimentos pilotos realizados en entornos reales. He estado investigando los diversos aspectos relacionados con e-crime siguiendo una línea de investigación focalizada en temas intrínsecamente relacionadas: - Los métodos, medios y sistemas de ataque: Malware, familias de Malware de troyanos bancarios, casos de usos de Malware, Zeus como caso de uso. - Las plataformas fijas, los móviles y sus aplicaciones como medio para realizar los ataques de Malware. - Métodos forenses para analizar el Malware y su infraestructura de ataque. - Mejora continuada de los métodos de autenticación de los clientes y usuarios como primera barrera de defensa anti- malware. - Uso de la biometría como factor de autenticación innovador. La línea investiga el Malware y sus sistemas de ataque intrínsecamente relacionada con los métodos de autenticación y los sistemas para infectar al cliente (ejecutables, APP's, etc.) porque el objetivo principal del malware es robar precisamente los datos que se introducen en el "logon" del sistema de autenticación para operar de forma fraudulenta y sustraer así el dinero de los clientes de banca electrónica. Los experimentos realizados en el Malware permitieron establecer un método novedoso de descifrado que estableció pautas para combatir sus efectos fraudulentos describiendo su esquema de infección y funcionamiento Propongo una metodología general para romper el cifrado de comunicaciones del malware (keystream) extrayendo el sistema utilizado para cifrar dichas comunicaciones y una generalización de la técnica de Keystream. Se demuestra que esta metodología puede usarse para responder a la amenaza de Zeus y finalmente proveemos lecciones aprendidas resaltando algunos principios generales del Malware (en general) y Zeus en particular proponiendo Cronus, un IDS que persigue específicamente el Malware Zeus, probándolo experimentalmente en una red de producción y se discuten sus habilidades y efectividad. En la tesis hay una evolución investigativa progresiva interrelacionada entre el Malware, sistemas de infección y los métodos de autenticación, que se refleja en los trabajos de investigación de manera acumulativa, mostrando una evolución del output de investigación y buscando una mejora progresiva de los métodos de autenticación y de la prevención y recomendaciones para evitar las infecciones, una revisión de las principales tiendas de Apps para servicios financieros para móviles y una propuesta para estas tiendas. Se analizan los métodos más comunes eIDAMS (Métodos de Autenticación e Identificación electrónica) implementados en Europa y su robustez y presentamos un análisis de adecuación en función de eficiencia, usabilidad, costes, tipos de operación y segmentos incluyendo un análisis de posibilidades con métodos biométricos como innovación.Postprint (published version

Ubiquitous Semantic Applications

As Semantic Web technology evolves many open areas emerge, which attract more research focus. In addition to quickly expanding Linked Open Data (LOD) cloud, various embeddable metadata formats (e.g. RDFa, microdata) are becoming more common. Corporations are already using existing Web of Data to create new technologies that were not possible before. Watson by IBM an artificial intelligence computer system capable of answering questions posed in natural language can be a great example. On the other hand, ubiquitous devices that have a large number of sensors and integrated devices are becoming increasingly powerful and fully featured computing platforms in our pockets and homes. For many people smartphones and tablet computers have already replaced traditional computers as their window to the Internet and to the Web. Hence, the management and presentation of information that is useful to a user is a main requirement for today’s smartphones. And it is becoming extremely important to provide access to the emerging Web of Data from the ubiquitous devices. In this thesis we investigate how ubiquitous devices can interact with the Semantic Web. We discovered that there are five different approaches for bringing the Semantic Web to ubiquitous devices. We have outlined and discussed in detail existing challenges in implementing this approaches in section 1.2. We have described a conceptual framework for ubiquitous semantic applications in chapter 4. We distinguish three client approaches for accessing semantic data using ubiquitous devices depending on how much of the semantic data processing is performed on the device itself (thin, hybrid and fat clients). These are discussed in chapter 5 along with the solution to every related challenge. Two provider approaches (fat and hybrid) can be distinguished for exposing data from ubiquitous devices on the Semantic Web. These are discussed in chapter 6 along with the solution to every related challenge. We conclude our work with a discussion on each of the contributions of the thesis and propose future work for each of the discussed approach in chapter 7