Implementing a Web Application for W3C WebAuthn Protocol Testing

[Abstract] During the last few years, the FIDO Alliance and the W3C have been working on a new standard called WebAuthn that aims to substitute the obsolete password as an authentication method by using physical security keys instead. Due to its recent design, the standard is still changing and so are the needs for protocol testing. This research has driven the development of a web application that supports the standard and gives extensive information to the user. This tool can be used by WebAuthn developers and researchers, helping them to debug concrete use cases with no need for an ad hoc implementation.Xunta de Galicia; ED431C 2018/4

Design and Implementation of a Physical Bitcoin Coin

[Abstract] One of the major factors hindering the adoption of crypto assets in general, and Bitcoin in particular, is the high level of complexity they present to the common user. Although physical coins are a possible solution, the need to place trust in the manufacturers (so that they throw away the private key) is a big drawback that has hampered their widespread use. The recent boom of the maker movement has brought in a significant number of users with access to 3D printing devices, as well as the supporting electronic and computing resources. We have taken advantage of these capabilities to develop an open source project that interested parties can use to easily print a physical model of a Bitcoin coin, along with the necessary software that allows the creation and validation of keys and addresses.Xunta de Galicia; ED431C 2018/4

A genetic algorithms-based approach for optimizing similarity aggregation in ontology matching

[Abstract] Ontology matching consists of finding the semantic relations between different ontologies and is widely recognized as an essential process to achieve an adequate interoperability between people, systems or organizations that use different, overlapping ontologies to represent the same knowledge. There are several techniques to measure the semantic similarity of elements from separate ontologies, which must be adequately combined in order to obtain precise and complete results. Nevertheless, combining multiple similarity measures into a single metric is a complex problem, which has been traditionally solved using weights determined manually by an expert, or through general methods that do not provide optimal results. In this paper, a genetic algorithms based approach to aggregate different similarity metrics into a single function is presented. Starting from an initial population of individuals, each one representing a combination of similarity measures, our approach allows to find the combination that provides the optimal matching quality.Instituto de Salud Carlos III; FISPI10/02180Programa Iberoamericano de Ciencia y Tecnología para el Desarrollo; 209RT0366Xunta de Galicia; CN2012/217Xunta de Galicia; CN2011/034Xunta de Galicia; CN2012/21

Ontologies in medicinal chemistry: current status and future challenges

[Abstract] Recent years have seen a dramatic increase in the amount and availability of data in the diverse areas of medicinal chemistry, making it possible to achieve significant advances in fields such as the design, synthesis and biological evaluation of compounds. However, with this data explosion, the storage, management and analysis of available data to extract relevant information has become even a more complex task that offers challenging research issues to Artificial Intelligence (AI) scientists. Ontologies have emerged in AI as a key tool to formally represent and semantically organize aspects of the real world. Beyond glossaries or thesauri, ontologies facilitate communication between experts and allow the application of computational techniques to extract useful information from available data. In medicinal chemistry, multiple ontologies have been developed during the last years which contain knowledge about chemical compounds and processes of synthesis of pharmaceutical products. This article reviews the principal standards and ontologies in medicinal chemistry, analyzes their main applications and suggests future directions.Instituto de Salud Carlos III; FIS-PI10/02180Programa Iberoamericano de Ciencia y Tecnología para el Desarrollo; 209RT0366Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2012/217Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2011/034Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2012/21

BiOSS: A system for biomedical ontology selection

In biomedical informatics, ontologies are considered a key technology for annotating, retrieving and sharing the huge volume of publicly available data. Due to the increasing amount, complexity and variety of existing biomedical ontologies, choosing the ones to be used in a semantic annotation problem or to design a specific application is a difficult task. As a consequence, the design of approaches and tools addressed to facilitate the selection of biomedical ontologies is becoming a priority. In this paper we present BiOSS, a novel system for the selection of biomedical ontologies. BiOSS evaluates the adequacy of an ontology to a given domain according to three different criteria: (1) the extent to which the ontology covers the domain; (2) the semantic richness of the ontology in the domain; (3) the popularity of the ontology in the biomedical community. BiOSS has been applied to 5 representative problems of ontology selection. It also has been compared to existing methods and tools. Results are promising and show the usefulness of BiOSS to solve real-world ontology selection problems. BiOSS is openly available both as a web tool and a web service.Instituto de Salud Carlos III; FIS-PI10/02180Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2012/217Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2011/034Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2012/211Programa Iberoamericano de Ciencia y Tecnología para el Desarrollo; ref. 209RT036

Applying Artificial Intelligence for Operating System Fingerprinting

Presented at the 4th XoveTIC Conference, A Coruña, Spain, 7–8 October 2021.[Abstract] In the field of computer security, the possibility of knowing which specific version of an operating system is running behind a machine can be useful, to assist in a penetration test or monitor the devices connected to a specific network. One of the most widespread tools that better provides this functionality is Nmap, which follows a rule-based approach for this process. In this context, applying machine learning techniques seems to be a good option for addressing this task. The present work explores the strengths of different machine learning algorithms to perform operating system fingerprinting, using for that, the Nmap reference database. Moreover, some optimizations were applied to the method which brought the best results, random forest, obtaining an accuracy higher than 96%.CITIC, as a research center accredited by the Galician University System, is funded by “Consellería de Cultura, Educación e Universidade from Xunta de Galicia”, supported—80% through ERDF, ERDF Operational Programme Galicia 2014–2020, and the remaining 20% by “Secretaría Xeral de Universidades (Grant ED431G 2019/01). This project was also supported by the “Consellería de Cultura, Educación e Ordenación Universitaria” via the Consolidation and Structuring of Competitive Research Units–Competitive Reference Groups (ED431C 2018/49) and the COST Action 17124 DigForAsp, supported by COST (European Cooperation in Science and Technology, www.cost.eu, (accessed on 25 October 2021)).Xunta de Galicia; ED431G 2019/01Xunta de Galicia; ED431C 2018/4

Address Space Layout Randomization Comparative Analysis on Windows 10 and Ubuntu 18.04 LTS

Presented at the 4th XoveTIC Conference, A Coruña, Spain, 7–8 October 2021[Abstract] Memory management is one of the main tasks of an Operating System, where the data of each process running in the system is kept. In this context, there exist several types of attacks that exploit memory-related vulnerabilities, forcing Operating Systems to feature memory protection techniques that make difficult to exploit them. One of these techniques is ASLR, whose function is to introduce randomness into the virtual address space of a process. The goal of this work was to measure, analyze and compare the behavior of ASLR on the 64-bit versions of Windows 10 and Ubuntu 18.04 LTS. The results have shown that the implementation of ASLR has improved significantly on these two Operating Systems compared to previous versions. However, there are aspects, such as partial correlations or a frequency distribution that is not always uniform, so it can still be improved.We wish to acknowledge the support received from the Centro de Investigación de Galicia “CITIC”. CITIC, as Research Center accredited by Galician University System, is funded by “Consellería de Cultura, Educación e Universidade from Xunta de Galicia”, supported in an 80% through ERDF, ERDF Operational Programme Galicia 2014–2020, and the remaining 20% by “Secretaría Xeral de Universidades” (Grant ED431G 2019/01). This work was also supported by the “Consellería de Cultura, Educación e Ordenación Universitaria” via the Consolidation and Structuring of Competitive Research Units—Competitive Reference Groups (ED431C 2018/49) and the COST Action 17124 DigForAsp, supported by COST (European Cooperation in Science and Technology, www.cost.eu, (accessed on 20 July 2021))Xunta de Galicia; ED431G 2019/01Xunta de Galicia; ED431C 2018/4

Global Optimization for Automatic Model Points Selection in Life Insurance Portfolios

[Abstract] Starting from an original portfolio of life insurance policies, in this article we propose a methodology to select model points portfolios that reproduce the original one, preserving its market risk under a certain measure. In order to achieve this goal, we first define an appropriate risk functional that measures the market risk associated to the interest rates evolution. Although other alternative interest rate models could be considered, we have chosen the LIBOR (London Interbank Offered Rate) market model. Once we have selected the proper risk functional, the problem of finding the model points of the replicating portfolio is formulated as a problem of minimizing the distance between the original and the target model points portfolios, under the measure given by the proposed risk functional. In this way, a high-dimensional global optimization problem arises and a suitable hybrid global optimization algorithm is proposed for the efficient solution of this problem. Some examples illustrate the performance of a parallel multi-CPU implementation for the evaluation of the risk functional, as well as the efficiency of the hybrid Basin Hopping optimization algorithm to obtain the model points portfolio.This research has been partially funded by EU H2020 MSCA-ITN-EID-2014 (WAKEUPCALL Grant Agreement 643045), Spanish MINECO (Grant MTM2016-76497-R) and by Galician Government with the grant ED431C2018/033, both including FEDER financial support. A.F., J.G. and C.V. also acknowledge the support received from the Centro de Investigación de Galicia “CITIC”, funded by Xunta de Galicia and the European Union (European Regional Development Fund- Galicia 2014-2020 Program), by grant ED431G 2019/01Xunta de Galicia; ED431C2018/03Xunta de Galicia; ED431G 2019/0

The iOSC3 system: using ontologies and SWRL rules for intelligent supervision and care of patients with acute cardiac disorders

[Abstract] Physicians in the Intensive Care Unit (ICU) are specially trained to deal constantly with very large and complex quantities of clinical data and make quick decisions as they face complications. However, the amount of information generated and the way the data are presented may overload the cognitive skills of even experienced professionals and lead to inaccurate or erroneous actions that put patients’ lives at risk. In this paper, we present the design, development, and validation of iOSC3, an ontology-based system for intelligent supervision and treatment of critical patients with acute cardiac disorders. The system analyzes the patient’s condition and provides a recommendation about the treatment that should be administered to achieve the fastest possible recovery. If the recommendation is accepted by the doctor, the system automatically modifies the quantity of drugs that are being delivered to the patient. The knowledge base is constituted by an OWL ontology and a set of SWRL rules that represent the expert’s knowledge. iOSC3 has been developed in collaboration with experts from the Cardiac Intensive Care Unit (CICU) of the Meixoeiro Hospital, one of the most significant hospitals in the northwest region of Spain.Instituto de Salud Carlos III; FIS-PI10/02180Programa Iberoamericano de Ciencia y Tecnología para el Desarrollo; 209RT0366Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2012/217Xunta. Consellería de Cultura, Educación e Ordenación Universitaria; CN2011/034Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; CN2012/21

Improving Authentication in the Amazon Alexa Virtual Assistant by Using a Geofence

Cursos e Congresos , C-155[Abstract] Amazon Alexa processes voice commands as input to help users perform tasks. For protecting this commands, Amazon Alexa implements some security measures. These security measures, such as voice recognition and user’s PIN, do not have the ability to mitigate replay attacks. In order to mitigate replay attacks, in this paper, we propose an authentication method based on Geofencing, consisting of (1) an Android application and (2) an Alexa Skill. By using the Android application, the user is able to configure a geofence near the Amazon Echo smart speaker. The developed Alexa Skill only accepts requests when the user is within the established geofence. This method mitigates replay attacks: an attacker could only try to use a replay attack when the legitimate user is close to the speaker, making it unfeasibleThis work was supported by the grant ED431C 2022/46 – Competitive Reference Groups GRC – funded by: EU and ”Xunta de Galicia” (Spain). This work was also supported by CITIC, funded by ”Xunta de Galicia” through the collaboration agreement between the ”Consellería de Cultura, Educaci´on, Formaci´on Profesional e Universidades” and the Galician universities to strengthen the research centres of the ”Sistema Universitario de Galicia” (CIGUS). Also, the work is founded by the ”Formaci´on de Profesorado Universitario” (FPU) grant from the Spanish Ministry of Universities to Marti ˜no Rivera Dourado (Grant FPU21/04519)This work was supported by the grant ED431C 2022/46 – Competitive Reference Groups GRC – funded by: EU and ”Xunta de Galicia” (Spain). This work was also supported by CITIC, funded by ”Xunta de Galicia” through the collaboration agreement between the ”Consellería de Cultura, Educaci´on, Formaci´on Profesional e Universidades” and the Galician universities to strengthen the research centres of the ”Sistema Universitario de Galicia” (CIGUS). Also, the work is founded by the ”Formación de Profesorado Universitario” (FPU) grant from the Spanish Ministry of Universities to Marti ˜no Rivera Dourado (Grant FPU21/04519)