A Hierarchical Agent-based Approach to Security in Smart Offices

As electronic devices become more and more pervasively integrated in our daily routine, security concerns start to become evident. In the last years, there has been an increasing interest on the topic of security in smart environments. One of the most challenging environments regarding security are smart offices due to the high number of potential users, devices and spaces, and the diversity of security roles. This paper presents a security solution for an agent-based architecture for the smart office. This security solution is potentially applicable to generic smart environments, but it suits particularly well to the smart office scenario, taking advantage of the particular characteristics of the environment to satisfy the security requirements. The result is a hierarchical, agent-based solution, flexible and scalable enough to be applicable to different smart office scenarios, from small businesses to large organizations

ANEGSYS: Un sistema de recomendación basado en negociaciones automáticas para mercados electrónicos locales

Local e-marketplaces are local online e-commerce platforms deployed by product and service providers and accessed by local customers via mobile devices. In this scenario, customers need to gather information about available offers from the different providers in the area, in order to select the most suitable for their needs and preferences. We present ANEGSYS, an agent-based recommender system for product acquisition which uses automatic bilateral negotiations to generate purchase pre-agreements among buyer and seller agents. This greatly enhances the search for solutions which maximize both buyer and seller utilities

Strategies for offer generation and relaxation in fuzzy constraint-based negotiation models

Ministerio de Educación y Cienci

A novel method for automatic detection and classification of movement patterns in short duration playing activities

Autonomous devices able to evaluate diverse situations without external help have become especially relevant in recent years because they can be used as an important source of relevant information about the activities performed by people (daily habits, sports performance, and health-related activities). Specifically, the use of this kind of device in childhood games might help in the early detection of developmental problems in children. In this paper, we propose a method for the detection and classification of movements performed with an object, based on an acceleration signal. This method can automatically generate patterns associated with a given movement using a set of reference signals, analyze sequences of acceleration trends, and classify the sequences according to the previously established patterns. This method has been implemented, and a series of experiments has been carried out using the data from a sensor-embedded toy. For the validation of the obtained results, we have, in parallel, developed two other classification systems based on popular techniques, i.e., a similarity search based on Euclidean distances and machine-learning techniques, specifically a support vector machine model. When comparing the results of each method, we show that our proposed method achieves a higher number of successes and higher accuracy in the detection and classification of isolated movement signals as well as in sequences of movements

Detecting and defeating advanced man-in-the-middle attacks against TLS

Sobre los derechos de acceso: Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial purposes is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE.TLS es un bloque esencial para la construcción de redes privadas. Un aspecto crítico para la seguridad de TLS es la autenticación y el intercambio de claves, que habitualmente se realiza mediante certificados. Un intercambio inseguro de claves puede conducir a un ataque de hombre en el medio (MITM). La confianza en los certificados se consigue habitualmente gracias a la utilización de una infraestructura de clave pública (PKI), que emplea autoridades de certificación (CA) de confianza para el establecimiento de cadenas de validez de certificados. En los últimos años, han surgido una serie de problemas relacionados con el uso del PKI: lo certificados pueden ser emitidos para cualquier entidad de Internet, con independencia de la posición de la CA en el árbol jerárquico. Esto implica que un ataque exitoso contra una CA tiene el potencial de permitir la generación de certificados válidos que posibilitarán la realización de ataques de hombre en el medio. No podemos descartar la posibilidad de usos malicioso de CA intermedias para llevar a cabo ataques dirigidos mediante la emisión de certificados ad-hoc, que serían extremadamente difíciles de detectar. La infraestructura PKI actual es susceptible a este tipo de ataques, por lo que se hace necesaria la creación de nuevos mecanismos para la detección y neutralización de los mismos. El IETF y otros organismos de estandarización han lanzado distintas iniciativas para posibilitar la detección de certificados falsificados. La mayoría de estas iniciativas intentan solucionar los problemas existentes mantenimiento el modelo PKI y agregando la técnica de 'certificate pinning', que asocia certificados concretos a servidores. Estas técnicas tienen limitaciones significativas, como la necesidad de un proceso de arranque seguro, o el establecimiento de la asociación para cada host de forma individual y uno por uno. Este trabajo proporciona una evolución desde el esquema de 'pinning' realizado en el host a un esquema de 'pinning' en la red, mediante la habilitación de mecanismos para la validación de certificados cuando atraviesan una red determinada. Los certificados se clasificarán como confiables o no como resultado del cruce de información obtenida de distintas fuentes. Esto resultaría en la detección temprana de certificados sospechosos y lanzaría mecanismos para rechazar el ataque, minimizar su impacto y recopilar información sobre los atacantes. Junto con lo anterior, se podría realizar un análisis más detallado y pormenorizado.TLS is an essential building block for virtual private networks. A critical aspect for the security of TLS dialogs is authentication and key exchange, usually performed by means of certificates. An insecure key exchange can lead to a man-in-the-middle attack (MITM). Trust in certificates is generally achieved using Public Key Infrastructures (PKIs), which employ trusted certificate authorities (CAs) to establish certificate validity chains. In the last years, a number of security concerns regarding PKI usage have arisen: certificates can be issued for entities in the Internet, regardless of its position in the CA hierarchy tree. This means that successful attacks on CAs have the potential to generate valid certificates enabling man-in-the-middle attacks. The possibility of malicious use of intermediate CAs to perform targeted attacks through ad-hoc certificates cannot be neglected and are extremely difficult to detect. Current PKI infrastructure for TLS is prone to MITM attacks, and new mechanisms for detection and avoidance of those attacks are needed. IETF and other standardization bodies have launched several initiatives to enable the detection of “forged” certificates. Most of these initiatives attempt to solve the existing problems by maintaining the current PKI model and using certificate pinning, which associates certificates and servers on use. These techniques have significant limitations, such as the need of a secure bootstrap procedure, or pinning requiring some host-by-host basis. This study proposes an evolution from pinning-in-the-host to pinning-in-the-net, by enabling mechanisms to validate certificates as they travel through a given network. Certificates would be classified as trusted or not trusted as a result of cross-information obtained from different sources. This would result in early detection of suspicious certificates and would trigger mechanisms to defeat the attack; minimize its impact; and gather information on the attackers. Additionally, a more detailed and thorough analysis could be performed

Una Arquitectura de Seguridad Jerárquica para Entornos de Trabajo Inteligentes

In the last years, there has been an increasing interest on security concerns in smart environments. In smart home environments the main goals are user comfort and easy deployment of new devices, so security is usually left apart or focuses mainly in transparency and privacy enhancement. Office security, however, has more rigorous security requirements due to the high number of potential users, devices and spaces, and the diversity of security roles. This paper presents a security solution for an agent-based architecture for the smart office. This security solution is potentially applicable to generic smart environments, but it suits particularly well to the smart office scenario, taking advantage of the particular characteristics of the environment to satisfy the security requirements

Empleo de la herramienta NEMESIS para la generación de escenarios para la enseñanza de seguridad de redes y sistemas

Comunicación en el Primer Workshop de Investigación en Tecnologías de Seguridad TIC (Fundación Sierra Pambley - León, 30 de noviembre de 2012

Generación de diccionarios inteligentes para la recuperación de contraseñas

Comunicación en el Primer Workshop de Investigación en Tecnologías de Seguridad TIC (Fundación Sierra Pambley - León, 30 de noviembre de 2012

Images Protection Sent to Mobile Devices

With the increasing use of multimedia technologies and mobile devices, also increases the applications which purpose is to offer information or to do advertising by means of the sending of images or videos. In this paper, we approached a digital tourist guide scene in which mobile devices with limited resources need to receive multimedia information across a wireless connection. Also we approached that this information is visible only authorized users. We centre the article on the protection of images on an format of compression adapted. Standard JPEG 2000 has been selected to offer an optimal balance between the quality of image and the occupied space. In order to protect the information, we have worked with selective encryption mechanism, that allow to obtain a relation of commitment between the computational cost, on having concealed the information and the concealment degree

A Hierarchical Agent-based Approach to Security in Smart Offices

As electronic devices become more and more pervasively integrated in our daily routine, security concerns start to become evident. In the last years, there has been an increasing interest on the topic of security in smart environments. One of the most challenging environments regarding security are smart offices due to the high number of potential users, devices and spaces, and the diversity of security roles. This paper presents a security solution for an agent-based architecture for the smart office. This security solution is potentially applicable to generic smart environments, but it suits particularly well to the smart office scenario, taking advantage of the particular characteristics of the environment to satisfy the security requirements. The result is a hierarchical, agent-based solution, flexible and scalable enough to be applicable to different smart office scenarios, from small businesses to large organizations