Social software for music

Tese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 200

Secure entity authentication

According to Wikipedia, authentication is the act of confirming the truth of an attribute of a single piece of a datum claimed true by an entity. Specifically, entity authentication is the process by which an agent in a distributed system gains confidence in the identity of a communicating partner (Bellare et al.). Legacy password authentication is still the most popular one, however, it suffers from many limitations, such as hacking through social engineering techniques, dictionary attack or database leak. To address the security concerns in legacy password-based authentication, many new authentication factors are introduced, such as PINs (Personal Identification Numbers) delivered through out-of-band channels, human biometrics and hardware tokens. However, each of these authentication factors has its own inherent weaknesses and security limitations. For example, phishing is still effective even when using out-of-band-channels to deliver PINs (Personal Identification Numbers). In this dissertation, three types of secure entity authentication schemes are developed to alleviate the weaknesses and limitations of existing authentication mechanisms: (1) End user authentication scheme based on Network Round-Trip Time (NRTT) to complement location based authentication mechanisms; (2) Apache Hadoop authentication mechanism based on Trusted Platform Module (TPM) technology; and (3) Web server authentication mechanism for phishing detection with a new detection factor NRTT. In the first work, a new authentication factor based on NRTT is presented. Two research challenges (i.e., the secure measurement of NRTT and the network instabilities) are addressed to show that NRTT can be used to uniquely and securely identify login locations and hence can support location-based web authentication mechanisms. The experiments and analysis show that NRTT has superior usability, deploy-ability, security, and performance properties compared to the state-of-the-art web authentication factors. In the second work, departing from the Kerb eros-centric approach, an authentication framework for Hadoop that utilizes Trusted Platform Module (TPM) technology is proposed. It is proven that pushing the security down to the hardware level in conjunction with software techniques provides better protection over software only solutions. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. Extensive experiments are conducted to validate the performance and the security properties of the proposed approach. Moreover, the correctness and the security guarantees are formally proved via Burrows-Abadi-Needham (BAN) logic. In the third work, together with a phishing victim identification algorithm, NRTT is used as a new phishing detection feature to improve the detection accuracy of existing phishing detection approaches. The state-of-art phishing detection methods fall into two categories: heuristics and blacklist. The experiments show that the combination of NRTT with existing heuristics can improve the overall detection accuracy while maintaining a low false positive rate. In the future, to develop a more robust and efficient phishing detection scheme, it is paramount for phishing detection approaches to carefully select the features that strike the right balance between detection accuracy and robustness in the face of potential manipulations. In addition, leveraging Deep Learning (DL) algorithms to improve the performance of phishing detection schemes could be a viable alternative to traditional machine learning algorithms (e.g., SVM, LR), especially when handling complex and large scale datasets

Towards context classification and reasoning in IoT

Internet of Things (IoT) is the future of ubiquitous and personalized intelligent service delivery. It consists of interconnected, addressable and communicating everyday objects. To realize the full potentials of this new generation of ubiquitous systems, IoT's 'smart' objects should be supported with intelligent platforms for data acquisition, pre-processing, classification, modeling, reasoning and inference including distribution. However, some current IoT systems lack these capabilities: they provide mainly the functionality for raw sensor data acquisition. In this paper, we propose a framework towards deriving high-level context information from streams of raw IoT sensor data, using artificial neural network (ANN) as context recognition model. Before building the model, raw sensor data were pre-processed using weighted average low-pass filtering and a sliding window algorithm. From the resulting windows, statistical features were extracted to train ANN models. Analysis and evaluation of the proposed system show that it achieved between 87.3% and 98.1% accuracies

CHORUS Deliverable 2.2: Second report - identification of multi-disciplinary key issues for gap analysis toward EU multimedia search engines roadmap

After addressing the state-of-the-art during the first year of Chorus and establishing the existing landscape in multimedia search engines, we have identified and analyzed gaps within European research effort during our second year. In this period we focused on three directions, notably technological issues, user-centred issues and use-cases and socio- economic and legal aspects. These were assessed by two central studies: firstly, a concerted vision of functional breakdown of generic multimedia search engine, and secondly, a representative use-cases descriptions with the related discussion on requirement for technological challenges. Both studies have been carried out in cooperation and consultation with the community at large through EC concertation meetings (multimedia search engines cluster), several meetings with our Think-Tank, presentations in international conferences, and surveys addressed to EU projects coordinators as well as National initiatives coordinators. Based on the obtained feedback we identified two types of gaps, namely core technological gaps that involve research challenges, and “enablers”, which are not necessarily technical research challenges, but have impact on innovation progress. New socio-economic trends are presented as well as emerging legal challenges

Standards Assessment in Disruptive Innovation: A Software Prototype for Cloud Computing

Standards impact interoperability, portability, and security of products or services. Standards con- tribute to open and flexible systems that, in turn, are a catalyst for the uptake of new technologies. The assessment of standards in disruptive innovation is, however, challenged by uncertainty over markets, technology evolution, and organizational change. The dynamics of technology progression, further- more, contribute to high assessment efforts, leading to situations where up-to-date information on standards is effectively missing. In this paper, we build upon previous work on a model and method to support assessment of standards in disruptive innovation. We summarize the methods potentials for reducing standards assessment efforts and automation. Thereupon, we propose a conceptual software architecture for standards assessment platforms and instantiate the platform for the domain of cloud computing. Our discussion of the Cloud Standards Assessment Platform will present the user experi- ence and reflect the realizability of automation potentials in standards assessment. We give an outlook on future work and platform adoption to conclude this paper