Decrypting SSL/TLS traffic for hidden threats detection

The paper presents an analysis of the main mechanisms of decryption of SSL/TLS traffic. Methods and technologies for detecting malicious activity in encrypted traffic that are used by leading companies are also considered. Also, the approach for intercepting and decrypting traffic transmitted over SSL/TLS is developed, tested and proposed. The developed approach has been automated and can be used for remote listening of the network, which will allow to decrypt transmitted data in a mode close to real time.Comment: 4 pages, 1 table, 1 figur

ScannerS: Constraining the phase diagram of a complex scalar singlet at the LHC

We present the first version of a new tool to scan the parameter space of generic scalar potentials, ScannerS. The main goal of ScannerS is to help distinguish between different patterns of symmetry breaking for each scalar potential. In this work we use it to investigate the possibility of excluding regions of the phase diagram of several versions of a complex singlet extension of the Standard Model, with future LHC results. We find that if another scalar is found, one can exclude a phase with a dark matter candidate in definite regions of the parameter space, while predicting whether a third scalar to be found must be lighter or heavier. The first version of the code is publicly available and contains various generic core routines for tree level vacuum stability analysis, as well as implementations of collider bounds, dark matter constraints, electroweak precision constraints and tree level unitarity.Comment: 24 pages, 4 figures, 3 tables. Project development webpage - http://gravitation.web.ua.pt/Scanner

Settlement in modern network-based payment infrastructures – description and prototype of the E-Settlement model

Payment systems are undergoing rapid and fundamental changes stimulated largely by technological progress especially distributed network technology and real-time processing. Internet and e-commerce will have a major impact on payment systems in the future. User demands and competition will speed up developments. Payment systems will move from conventions that were originally paper-based to truly network-based solutions. This paper presents a solution – E-Settlement – for improving interbank settlement systems. It is based on a decentralised approach to be fully integrated with the banks’ payment systems. The basic idea is that central bank money, the settlement cover, is transferred as an encrypted digital stamp as part of the interbank payment message. The future payment systems would in this model operate close to the Internet/e-mail concept by sending payment messages directly from the sending bank’s account/payment server to the system of the receiving bank with immediate final interbank settlement without intervening centralised processing. Payment systems would become more efficient and faster and the overall structure would be come straightforward. The E-Settlement and network-based system concept could be applied with major benefits for correspondent banking, ACH and RTGS processing environments. In order to assess this novel idea the Bank of Finland built a prototype of the E-Settlement model. It consist of a group of emulated banks sending payments to each other via a TCP/IP network under the control of a central bank as the liquidity provider and an administration site monitoring the system security. This paper contains an introduction to network-based payment systems and E-Settlement, the specifications of the E-Settlement model and the description, results and experiences of the actual E-Settlement prototype.network-based payment systems; settlement systems; interbank settlement; payment system integration

How to ask sensitive questions in conservation: A review of specialized questioning techniques

Tools for social research are critical for developing an understanding of conservation problems and assessing the feasibility of conservation actions. Social surveys are an essential tool frequently applied in conservation to assess both people’s behaviour and to understand its drivers. However, little attention has been given to the weaknesses and strengths of different survey tools. When topics of conservation concern are illegal or otherwise sensitive, data collected using direct questions are likely to be affected by non-response and social desirability biases, reducing their validity. These sources of bias associated with using direct questions on sensitive topics have long been recognised in the social sciences but have been poorly considered in conservation and natural resource management. We reviewed specialized questioning techniques developed in a number of disciplines specifically for investigating sensitive topics. These methods ensure respondent anonymity, increase willingness to answer, and critically, make it impossible to directly link incriminating data to an individual. We describe each method and report their main characteristics, such as data requirements, possible data outputs, availability of evidence that they can be adapted for use in illiterate communities, and summarize their main advantages and disadvantages. Recommendations for their application in conservation are given. We suggest that the conservation toolbox should be expanded by incorporating specialized questioning techniques, developed specifically to increase response accuracy. By considering the limitations of each survey technique, we will ultimately contribute to more effective evaluations of conservation interventions and more robust policy decisions

Integration of Hardware Security Modules and Permissioned Blockchain in Industrial IoT Networks

Hardware Security Modules (HSM) serve as a hardware based root of trust that offers physical protection while adding a new security layer in the system architecture. When combined with decentralized access technologies as Blockchain, HSM offers robustness and complete reliability enabling secured end-toend mechanisms for authenticity, authorization and integrity. This work proposes an ef cient integration of HSM and Blockchain technologies focusing on, mainly, public-key cryptography algorithms and standards, that result crucial in order to achieve a successful combination of the mentioned technologies to improve the overall security in Industrial IoT systems. To prove the suitability of the proposal and the interaction of an IoT node and a Blockchain network using HSM a proof of concept is developed. Results of time performance analysis of the prototype reveal how promising the combination of HSMs in Blockchain environments is.Infineon Technologies AGEuropean Union's Horizon 2020 Research and Innovation Program through the Cyber Security 4.0: Protecting the Industrial Internet of Things (C4IIoT) 833828FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades B-TIC-588-UGR2

Assessment of attribute-based credentials for privacy-preserving road traffic services in smart cities

Smart cities involve the provision of advanced services for road traffic users. Vehicular ad hoc networks (VANETs) are a promising communication technology in this regard. Preservation of privacy is crucial in these services to foster their acceptance. Previous approaches have mainly focused on PKI-based or ID-based cryptography. However, these works have not fully addressed the minimum information disclosure principle. Thus, questions such as how to prove that a driver is a neighbour of a given zone, without actually disclosing his identity or real address, remain unaddressed. A set of techniques, referred to as Attribute-Based Credentials (ABCs), have been proposed to address this need in traditional computation scenarios. In this paper, we explore the use of ABCs in the vehicular context. For this purpose, we focus on a set of use cases from European Telecommunications Standards Institute (ETSI) Basic Set of Applications, specially appropriate for the early development of smart cities. We assess which ABC techniques are suitable for this scenario, focusing on three representative ones—Idemix, U-Prove and VANET-updated Persiano systems. Our experimental results show that they are feasible in VANETs considering state-of-the-art technologies, and that Idemix is the most promising technique for most of the considered use cases.This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You); the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks) and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV - Security mechanisms for fog computing: advanced security for devices). Jose Maria de Fuentes and Lorena Gonzalez were also supported by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid