Autómatas celulares y aplicaciones

Un autómata celular es un modelo matemático para un sistema dinámico que evoluciona en pasos discretos. Este trabajo presenta una aplicación de los autómatas celulares para el cifrado de información y el reparto de secretos. Se detalla un ejemplo didáctico de su aplicación para el cifrado de secretos empleando imágenes digitales. El desarrollo de este trabajo ha servido como actividad académica dirigida a alumnado de Ingeniería en Informática, para fomentar su interés en la criptografía mediante herramientas matemáticas estudiadas a lo largo de su carrera

Aspects of Modeling and Verifying Secure Procedures

Security protocols are specifications for exchanging messages on a possibly insecure network. They aim at achieving some security goals (eg authenticating the parties involved in a communication, or preserving confidentiality of certain messages) preventing some malicious party to achieve advantages for its own. Goals of security protocols are generally achieved through the use of cryptography, the art of writing in secret characters, not comprehensible to anyone but the sender and the intended recipient. There is however a branch, in the computer science community, that, among its wide field of activities, aims at studying possible attacks on secure procedures without breaking cryptography, eg by manipulating some of the exchanged messages. This is the formal methods community, with an eye for security. This thesis mainly investigates the formal modeling and analysis of security protocols, both with finite and non finite behaviour, both within a process-algebraic and an automata framework. Real life protocols for signing and protecting digital contents and for giving assurance about authentic correspondences will be specified by means of the above cited formalisms, and some of their properties will be verified by means of formal proofs and automated tools. The original contributions of this thesis are the following. Within the framework of a formal modeling and verification of security protocols, we have applied an automated tool to better understand some secure mechanisms for the delivery of electronic documents. This has given us a deep insight on revealing the effects of omitted (or even erroneously implemented) security checks. Furthermore, a formal framework for modeling and analysing secure multicast and wireless communication protocols has been proposed. The analysis is mostly based on some new compositional principles giving sufficient conditions for safely composing an arbitrary number of components within a unique system. Also, steps towards providing the Team Automata formalism (TA) with a framework for security analysis have been taken. Within the framework, we model and analyse integrity and privacy properties, contributing to testify the expressive power and modelling capabilities of TA

Telecommunications Networks

This book guides readers through the basics of rapidly emerging networks to more advanced concepts and future expectations of Telecommunications Networks. It identifies and examines the most pressing research issues in Telecommunications and it contains chapters written by leading researchers, academics and industry professionals. Telecommunications Networks - Current Status and Future Trends covers surveys of recent publications that investigate key areas of interest such as: IMS, eTOM, 3G/4G, optimization problems, modeling, simulation, quality of service, etc. This book, that is suitable for both PhD and master students, is organized into six sections: New Generation Networks, Quality of Services, Sensor Networks, Telecommunications, Traffic Engineering and Routing

Exploiting Human Factors in User Authentication

Our overarching issue in security is the human factor—and dealing with it is perhaps one of the biggest challenges we face today. Human factor is often described as the weakest part of a security system and users are often described as the weakest link in the security chain. In this thesis, we focus on two problems which are caused by human factors in user authentication and propose respective solutions. a) Secrecy information inference attack—publicly available information can be used to infer some secrecy information about the user. b) Coercion attack—where an attacker forces a user to handover his/her secret information such as account details and password. In the secrecy information inference attack, an attacker can use publicly available data to infer secrecy information about a victim. We should be prudent in choosing any information as secrecy information in user authentication. In this work, we exploit public data extracted from Facebook to infer users' interests. Such interests can also found on their profile pages but such pages are often private. Our experiments conducted on over more than 34, 000 public pages collected from Facebook show that our inference technique can infer interests which are often hidden by users with moderate accuracy. Using the inferred interests, we also demonstrate a secrecy information inference attack to break a preference based backup authentication system BlueMoon™. To mitigate the effect of secrecy information inference attack, we propose a new authentication mechanism based on user's cellphone usage data which is often private. The system generates memorable and dynamic fingerprints which can be used to create authentication challenges. In particular, in this work, we explore if the generated behavioral fingerprints are memorable enough to be remembered by end users to be used for authentication credentials. We demonstrate the application of memorable fingerprints by designing an authentication application on top of it. We conducted an extensive user study that involved collecting about one month of continuous usage data from 58 Symbian and Android smartphone users. Results show that the fingerprints generated are remembered by the user to some extent and that they were moderately secure against attacks even by family members and close friends. The second problem which we focus in this thesis is human vulnerability to coercion attacks. In such attacks, the user is forcefully asked by an attacker to reveal the secret/key to gain access to the system. Most authentication mechanisms today are vulnerable to coercion attacks. We present a novel approach in generating cryptographic keys to fight against coercion attacks. Our technique incorporates a measure of user's emotional status using skin conductance (which changes when the user is under coercion) into the key generation process. A preliminary user study with 39 subjects was conducted which shows that our approach has moderate false acceptance and false rejection rates. Furthermore, to meet the demand of scalability and usability, many real-world authentication systems have adopted the idea of responsibility shifting, where a user's responsibility of authentication is shifted to another entity, usually in case of failure of the primary authentication method. In a responsibility shifting authentication scenario, a human helper who is involved in regaining access, is vulnerable to coercion attacks. In this work, we report our user study on 29 participants which investigates the helper's emotional status when being coerced to assist in an attack. Results show that the coercion causes involuntary skin conductance fluctuation on the helper, which indicates that he/she is nervous and stressed. The results from the two studies show that the skin conductance is a viable approach to fight against coercion attacks in user authentication

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

Emerging Informatics

The book on emerging informatics brings together the new concepts and applications that will help define and outline problem solving methods and features in designing business and human systems. It covers international aspects of information systems design in which many relevant technologies are introduced for the welfare of human and business systems. This initiative can be viewed as an emergent area of informatics that helps better conceptualise and design new world-class solutions. The book provides four flexible sections that accommodate total of fourteen chapters. The section specifies learning contexts in emerging fields. Each chapter presents a clear basis through the problem conception and its applicable technological solutions. I hope this will help further exploration of knowledge in the informatics discipline