Key recovery in a business environment

This thesis looks at the use of key recovery primarily from the perspective of business needs, as opposed to the needs of governments or regulatory bodies. The threats that necessitate the use of key recovery as a countermeasure are identified together with the requirements for a key recovery mechanism deployed in a business environment. The applicability of mechanisms (mainly designed for law enforcement access purposes) is also examined. What follows from this analysis is that whether the target data is being communicated or archived can influence the criticality of some of the identified requirements. As a result, key recovery mechanisms used for archived data need to be distinguished from those used for communicated data, and the different issues surrounding those two categories are further investigated. Two mechanisms specifically designed for use on archived data are proposed. An investigation is also carried out regarding the interoperability of dissimilar key recovery mechanisms, when these are used for encrypted communicated data. We study a scheme proposed by the Key Recovery Alliance to promote interoperability between dissimilar mechanisms and we show that it fails to achieve one of its objectives. Instead, a negotiation protocol is proposed where the communicating parties can agree on a mutually acceptable or different, yet interoperable, key recovery mechanism(s). The issue of preventing unfair key recovery by either of two communicating parties, where one of the parties activates a covert channel for key recovery by a third party, is also investigated. A protocol is proposed that can prevent this. This protocol can also be used as a certification protocol for Diffie-Hellman keys in cases where neither the user nor the certification authority are trusted to generate the user’s key on their own. Finally, we study the use of key recovery in one of the authentication protocols proposed in the context of third generation mobile communications. We propose certain modifications that give it a key recovery capability in an attempt to assist its international deployment given potential government demands for access to encrypted communications

Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats

Un algorithme Quasi-Newton dans le domaine fréquentiel pour l'égalisation de transmission en salves

Dans ce papier, nous proposons un nouveau type d'égaliseur qui appartient à la famille des algorithmes Quasi-Newton (QN).Nous présentons un Egaliseur Linéaire Transverse et un Egaliseur à Retour de Décisions. Dans le premier cas, le Hessien est approché par un développement en série de matrices de Toeplitz. Cette formulation nous permet de développer un algorithme performant dans le domaine fréquentiel (DF). Cette même approche est utilisée pour l'algorithme d'adaptation du filtre direct de l'ERD. L'algorithme obtenu ainsi offre à la fois les avantages de vitesse de convergence des algorithmes QN et de moindre complexité due à la formulation dans le DF

XSACd—Cross-domain resource sharing & access control for smart environments

Computing devices permeate working and living environments, affecting all aspects of modern everyday lives; a trend which is expected to intensify in the coming years. In the residential setting, the enhanced features and services provided by said computing devices constitute what is typically referred to as a “smart home”. However, the direct interaction smart devices often have with the physical world, along with the processing, storage and communication of data pertaining to users’ lives, i.e. private sensitive in nature, bring security concerns into the limelight. The resource-constraints of the platforms being integrated into a smart home environment, and their heterogeneity in hardware, network and overlaying technologies, only exacerbate the above issues. This paper presents XSACd, a cross-domain resource sharing & access control framework for smart environments, combining the well-studied fine-grained access control provided by the eXtensible Access Control Markup Language (XACML) with the benefits of Service Oriented Architectures, through the use of the Devices Profile for Web Services (DPWS). Based on standardized technologies, it enables seamless interactions and fine-grained policy-based management of heterogeneous smart devices, including support for communication between distributed networks, via the associated MQ Telemetry Transport protocol (MQTT)–based proxies. The framework is implemented in full, and its performance is evaluated on a test bed featuring relatively resource-constrained smart platforms and embedded devices, verifying the feasibility of the proposed approac

SOCIAL INTERACIONISM AND INVESTIGATION IN CHILDREN’S PLAYFUL ACTIVITIES: A THEORETCALMETHODOLOGICAL ANALYSIS

Com base no interacionismo social de Mead (1863-1931), neste artigo é construído um diálogo com a abordagem sócio-histórica de Vygotsky e Leontiev para enfocar a análise da interação social como recurso teórico-metodológico inovador para a investigação da brincadeira na primeira infância. Para a ampliação dó debate sobre a temática, o texto recorre a trabalhos de pesquisa desenvolvidos mais recentemente no Brasil, baseados nessa abordagem, com o objetivo de destacar o desdobramento empírico da reflexão teórica sobre brincadeiras infantis.Based onMead’s (1863-1931) social interactivism, this articlecreates a dialogue with Vigotski’s and Leontiev’s socio-historical approach in order to focus on lhe analysis of social interaction as an innovating theoretical-methodological resource in lhe investigation of playfulness in early childhood. So as to increase lhe debate over lhe theme, lhe text falis back on research works recently developed in Brazil, based on this approach, with the aim of highlighting theempiricist unfolding of reflections over childish play

Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources.

Ubiquitous devices comprising several resource-constrained nodes with sensors, actuators, and networking capabilities are becoming part of many solutions that seek to enhance user's environment smartness and quality of living, prominently including enhanced healthcare services. In such an environment, security issues are of primary concern as a potential resource misuse can severely impact user's privacy or even become life threatening. Access to these resources should be appropriately controlled to ensure that eHealth nodes are adequately protected and the services are available to authorized entities. The intrinsic resource limitations of these nodes, however, make satisfying these requirements a great challenge. This paper proposes and analyzes a service-oriented architecture that provides a policy-based, unified, cross-platform, and flexible access control mechanism, allowing authorized entities to consume services provided by eHealth nodes while protecting their valuable resources. The scheme is XACML driven, although modifications to the related standardized architecture are proposed to satisfy the requirements imposed by nodes that comprise low-power and lossy networks (LLNs). A proof-of-concept implementation is presented, along with the associated performance evaluation, confirming the feasibility of the proposed approach