Using classifiers to predict linear feedback shift registers

Proceeding of: IEEE 35th International Carnahan Conference on Security Technology. October 16-19, 2001, LondonPreviously (J.C. Hernandez et al., 2000), some new ideas that justify the use of artificial intelligence techniques in cryptanalysis are presented. The main objective of that paper was to show that the theoretical next bit prediction problem can be transformed into a classification problem, and this classification problem could be solved with the aid of some AI algorithms. In particular, they showed how a well-known classifier called c4.5 could predict the next bit generated by a linear feedback shift register (LFSR, a widely used model of pseudorandom number generator) very efficiently and, most importantly, without any previous knowledge over the model used. The authors look for other classifiers, apart from c4.5, that could be useful in the prediction of LFSRs. We conclude that the selection of c4.5 by Hernandez et al. was adequate, because it shows the best accuracy of all the classifiers tested. However, we have found other classifiers that produce interesting results, and we suggest that these algorithms must be taken into account in the future when trying to predict more complex LFSR-based models. Finally, we show some other properties that make the c4.5 algorithm the best choice for this particular cryptanalytic problem.Publicad

Spatial-temporal certification framework and extension of X.509 attribute certificate framework and SAML standard to support spatial-temporal certificates

Proceeding of: 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, Palma de Mallorca, Spain, June 28-30, 2007The recent development of location-based services has originated a set of new security services that address their particular security problems. Spatial-temporal certification services are among these new services. They have as main goal the generation of evidences about an entity’s spatial-temporal information and, in general, their life-cycle support. Currently there is still a lack of a general framework for spatial-temporal certification services. In this work it is presented such a framework and an extension of the X.509 attribute certificate framework and the SAML standard to represent spatial-temporal certificates

Guaranteeing the authenticity of location information

A comprehensive definition of location authentication and a review of its threats and possible solutions help provide a better understanding of this young security requirement.Publicad

EVAWEB v2 : enhancing a web-based assessment system focused on non-repudiation use and teaching

Security is one of the main problems in web-based assessment systems, particularly guaranteeing non-repudiation of tests submissions. Authors have developed EVAWEB, a web-based assessment system that addresses this issue by using digital signatures. Moreover, the use of this technology in EVAWEB provides a real context to the students for learning digital signatures. In this paper, the enhancements that have been incorporated to EVAWEB in order to develop an improved second version of the system are presented.This work was partially supported by Universidad Carlos III de Madrid under 1ª Convocatoria de Apoyo a Experiencias de Innovación Docente Curso 2003-2004.Publicad

EVAWEB: a Web-based assessment system to learn X.509/PKIX-based digital signatures

EVAWEB is a Web-based assessment system that has been developed to evaluate the learning enhancement produced by the use of X.509 Public Key Infrastructure (X.509/PKIX)-based digital signatures in a real environment. EVAWEB allows the students to experience main X.509/PKIX processes related to the digital signature mechanism. In this paper, EVAWEB and its assessment by the students are described.Publicad

Protocolo de creación de evidencias en entornos vehiculares

V Congreso Iberoamericano de Seguridad Informática, CIBSI'09 (Montevideo, Uruguay, 16 al 18 de Noviembre)Las redes vehiculares son un novedoso escenario de comunicación. Estas redes permiten el diálogo entre vehículos, y de estos con la infraestructura. Gracias a estas redes se puede proporcionar más información y nuevos servicios a conductores y pasajeros. Uno de esos nuevos servicios es la creación de evidencias sobre el comportamiento de un vehículo. Esto será útil, por ejemplo, para la correcta determinación de responsabilidad en un accidente o para justificar un comportamiento adecuado ante una sanción recibida. Utilizando las redes vehiculares se puede obtener la descripción de ese comportamiento a través de los vehículos del entorno. Con ello se impide que el propio vehículo describa su actuación de una forma modificada acorde con sus intereses. Para abordar este nuevo servicio es necesario garantizar la seguridad de la información intercambiada. En este trabajo se presenta un protocolo de creación de evidencias sobre el comportamiento de un vehículo, obteniendo los datos desde los cercanos. Se incluye el protocolo de verificación de las evidencias, así como el análisis de seguridad de la propuesta.Este trabajo ha sido parcialmente financiado por el Ministerio de Ciencia e Innovacion (España), dentro del Plan Nac. de Investigacion Cientifica, Desarrollo e Innovacion Tecnologica 2008-2011, contrato TIN2009-13461 (proy. E-SAVE).Publicad

Control de acceso en redes sociales web

Proceeding of: XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), Donostia-San Sebastián, Spain, 4-7 sept. 2012Recientemente, motivados por la expansión de internet y la aparición de las Redes Sociales Web (RSW), han surgido gran cantidad de problemas y retos asociados con la privacidad. Uno de los problemas principales es el diseño y la implementación de sistemas que posibiliten a los usuarios la gestión del control de acceso. A este respecto, pero en el contexto de las RSW, se han identificado una serie de requisitos. Sin embargo, en la literatura, los trabajos existentes sólo satisfacen parcial o completamente algunos de ellos. En este artículo, se propone primero un modelo de control de acceso, SoNeUCONABC, el cual extiende el modelo UCONABC, junto con la especificación de un mecanismo que lo implementa. En segundo lugar, se proporcionan directrices para el establecimiento de mecanismos que, desplegados sobre SoNeUCONABC, satisfagan todos los requisitos. PalabrasNo publicad

Key-recovery attacks on KIDS, a keyed anomaly detection system

Most anomaly detection systems rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Some works conducted over the last years have pointed out that such algorithms are generally susceptible to deception, notably in the form of attacks carefully constructed to evade detection. Various learning schemes have been proposed to overcome this weakness. One such system is Keyed IDS (KIDS), introduced at DIMVA "10. KIDS" core idea is akin to the functioning of some cryptographic primitives, namely to introduce a secret element (the key) into the scheme so that some operations are infeasible without knowing it. In KIDS the learned model and the computation of the anomaly score are both key-dependent, a fact which presumably prevents an attacker from creating evasion attacks. In this work we show that recovering the key is extremely simple provided that the attacker can interact with KIDS and get feedback about probing requests. We present realistic attacks for two different adversarial settings and show that recovering the key requires only a small amount of queries, which indicates that KIDS does not meet the claimed security properties. We finally revisit KIDS' central idea and provide heuristic arguments about its suitability and limitations

An Economic Analysis of the Environmental Impact of PM2.5 Exposure on Health Status in Three Northwestern Mexican Cities

Introduction: This study provides an economic assessment of the health effects due to exposure to particulate matter PM2.5 in three medium-size cities of northwestern Mexico: Los Mochis, Culiacan and Mazatlán. People in these cities are exposed to high pollutant concentrations that exceed limits suggested in domestic and international guidelines. PM2.5 is an air contaminant negatively associated with people’s health when is highly concentrated in the atmosphere; its diameter is below 2.5 µm and causes the air to appear hazy when levels are elevated. To account for the economic impact of air pollution, a Health Impact Assessment (HIA) was used by the means of the European Aphekom Project. We figured the cost-savings of complying with current environmental standards and computed gains in life expectancy, total avoidable premature mortality, preventable cardiovascular disease, and the economic costs of air pollution related to PM2.5. A formal analysis of air pollution epidemiology is not pursued in this paper. Results: The cost of reducing PM2.5 pollution associated with negative health outcomes was based on two different scenarios: Official Mexican Standard (NOM, Spanish acronym) and World Health Organization (WHO) environmental standards. The mean PM2.5 concentrations in 2017 were 22.8, 22.4 and 14.1 µg/m3 for Los Mochis, Mazatlán and Culiacan, respectively. Conclusions: The mean avoidable mortality for all causes associated to PM2.5 exposure in these cities was 638 for the NOM scenario (i.e., with a reduction to 12 µg/m3) compared to 739 for the WHO scenario (reduction to 10 µg/m3). Complying with the WHO guideline of 10 µg/m3 in annual PM2.5 mean would add up to 15 months of life expectancy at age 30, depending on the city. The mean economic cost per year of the PM2.5 effects on human life in these three cities was USD 600 million (NOM scenario) and USD 695 million (WHO scenario). Thus, effective public health and industrial policy interventions to improve air quality are socially advantageous and cost-saving to promote better health.S

Experimental archeology at Cuevas de la Araña (Málaga, Spain)

En este trabajo abordamos las actividades de Arqueología Experimental desarrolladas en las Cuevas de La Araña. Éstas, cubren los campos más significativos de la Arqueología y sus protocolos -de campo y laboratorio-, así como la reproducción de los procesos tecnológicos con que se tuvieron que enfrentar los grupos prehistóricos para su supervivencia, desde el Paleolítico Inferior hasta el Calcolítico. Con la reproducción de las diversas tecnologías se obtiene una información más directa, y se aprecia mejor las dificultades inherentes a cada una de ellas, obteniéndose una visión más ajustada de la propia evolución tecnológica, y los avances conseguidos en cada periodo culturalThe following paper addresses a series ofexperimental archeology activities performed at the Archeological Site ofLa Araña. They cover the most significant aspects ofArcheology and its protocols -includingfield and laboratory work-as well as the replication of technological processes prehistoric groups had to face for their survival, from the Lower Paleolithic to the Chalcolithic. With the reenactment of the various technologies more immediate information is obtained, and the difficulties inherent to each of them are better appreciated, building a more accurate perspective of the technological evolution itself, andthe advances achieved in each cultural perio