12 research outputs found
A Hierarchical Agent-based Approach to Security in Smart Offices
As electronic devices become more and more pervasively integrated
in our daily routine, security concerns start to become evident.
In the last years, there has been an increasing interest on the topic of security
in smart environments. One of the most challenging environments
regarding security are smart offices due to the high number of potential
users, devices and spaces, and the diversity of security roles. This paper
presents a security solution for an agent-based architecture for the smart
office. This security solution is potentially applicable to generic smart
environments, but it suits particularly well to the smart office scenario,
taking advantage of the particular characteristics of the environment to
satisfy the security requirements. The result is a hierarchical, agent-based
solution, flexible and scalable enough to be applicable to different smart
office scenarios, from small businesses to large organizations
ANEGSYS: Un sistema de recomendación basado en negociaciones automáticas para mercados electrónicos locales
Local e-marketplaces are local online e-commerce platforms deployed by product and service
providers and accessed by local customers via mobile devices. In this scenario, customers need to gather
information about available offers from the different providers in the area, in order to select the most
suitable for their needs and preferences. We present ANEGSYS, an agent-based recommender system for
product acquisition which uses automatic bilateral negotiations to generate purchase pre-agreements among
buyer and seller agents. This greatly enhances the search for solutions which maximize both buyer and
seller utilities
Strategies for offer generation and relaxation in fuzzy constraint-based negotiation models
Ministerio de Educación y Cienci
A novel method for automatic detection and classification of movement patterns in short duration playing activities
Autonomous devices able to evaluate diverse situations without external help have become especially relevant in recent years because they can be used as an important source of relevant information about the activities performed by people (daily habits, sports performance, and health-related activities). Specifically, the use of this kind of device in childhood games might help in the early detection of developmental problems in children. In this paper, we propose a method for the detection and classification of movements performed with an object, based on an acceleration signal. This method can automatically generate patterns associated with a given movement using a set of reference signals, analyze sequences of acceleration trends, and classify the sequences according to the previously established patterns. This method has been implemented, and a series of experiments has been carried out using the data from a sensor-embedded toy. For the validation of the obtained results, we have, in parallel, developed two other classification systems based on popular techniques, i.e., a similarity search based on Euclidean distances and machine-learning techniques, specifically a support vector machine model. When comparing the results of each method, we show that our proposed method achieves a higher number of successes and higher accuracy in the detection and classification of isolated movement signals as well as in sequences of movements
Detecting and defeating advanced man-in-the-middle attacks against TLS
Sobre los derechos de acceso: Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial purposes is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE.TLS es un bloque esencial para la construcción de redes privadas. Un aspecto crítico para la seguridad de TLS es la autenticación y el intercambio de claves, que habitualmente se realiza mediante certificados. Un intercambio inseguro de claves puede conducir a un ataque de hombre en el medio (MITM). La confianza en los certificados se consigue habitualmente gracias a la utilización de una infraestructura de clave pública (PKI), que emplea autoridades de certificación (CA) de confianza para el establecimiento de cadenas de validez de certificados. En los últimos años, han surgido una serie de problemas relacionados con el uso del PKI: lo certificados pueden ser emitidos para cualquier entidad de Internet, con independencia de la posición de la CA en el árbol jerárquico. Esto implica que un ataque exitoso contra una CA tiene el potencial de permitir la generación de certificados válidos que posibilitarán la realización de ataques de hombre en el medio. No podemos descartar la posibilidad de usos malicioso de CA intermedias para llevar a cabo ataques dirigidos mediante la emisión de certificados ad-hoc, que serían extremadamente difíciles de detectar. La infraestructura PKI actual es susceptible a este tipo de ataques, por lo que se hace necesaria la creación de nuevos mecanismos para la detección y neutralización de los mismos. El IETF y otros organismos de estandarización han lanzado distintas iniciativas para posibilitar la detección de certificados falsificados. La mayoría de estas iniciativas intentan solucionar los problemas existentes mantenimiento el modelo PKI y agregando la técnica de 'certificate pinning', que asocia certificados concretos a servidores. Estas técnicas tienen limitaciones significativas, como la necesidad de un proceso de arranque seguro, o el establecimiento de la asociación para cada host de forma individual y uno por uno. Este trabajo proporciona una evolución desde el esquema de 'pinning' realizado en el host a un esquema de 'pinning' en la red, mediante la habilitación de mecanismos para la validación de certificados cuando atraviesan una red determinada. Los certificados se clasificarán como confiables o no como resultado del cruce de información obtenida de distintas fuentes. Esto resultaría en la detección temprana de certificados sospechosos y lanzaría mecanismos para rechazar el ataque, minimizar su impacto y recopilar información sobre los atacantes. Junto con lo anterior, se podría realizar un análisis más detallado y pormenorizado.TLS is an essential building block for virtual private networks. A critical aspect for the security of TLS dialogs is authentication and key exchange, usually performed by means of certificates. An insecure key exchange can lead to a man-in-the-middle attack (MITM). Trust in certificates is generally achieved using Public Key Infrastructures (PKIs), which employ trusted certificate authorities (CAs) to establish certificate validity chains.
In the last years, a number of security concerns regarding PKI usage have arisen: certificates can be issued for entities in the Internet, regardless of its position in the CA hierarchy tree. This means that successful attacks on CAs have the potential to generate valid certificates enabling man-in-the-middle attacks. The possibility of malicious use of intermediate CAs to perform targeted attacks through ad-hoc certificates cannot be neglected and are extremely difficult to detect. Current PKI infrastructure for TLS is prone to MITM attacks, and new mechanisms for detection and avoidance of those attacks are needed. IETF and other standardization bodies have launched several initiatives to enable the detection of “forged” certificates. Most of these initiatives attempt to solve the existing problems by maintaining the current PKI model and using certificate pinning, which associates certificates and servers on use. These techniques have significant limitations, such as the need of a secure bootstrap procedure, or pinning requiring some host-by-host basis. This study proposes an evolution from pinning-in-the-host to pinning-in-the-net, by enabling mechanisms to validate certificates as they travel through a given network. Certificates would be classified as trusted or not trusted as a result of cross-information obtained from different sources. This would result in early detection of suspicious certificates and would trigger mechanisms to defeat the attack; minimize its impact; and gather information on the attackers. Additionally, a more detailed and thorough analysis could be performed
Una Arquitectura de Seguridad Jerárquica para Entornos de Trabajo Inteligentes
In the last years, there has been an increasing interest on security concerns in smart
environments. In smart home environments the main goals are user comfort and easy deployment of
new devices, so security is usually left apart or focuses mainly in transparency and privacy
enhancement. Office security, however, has more rigorous security requirements due to the high
number of potential users, devices and spaces, and the diversity of security roles. This paper presents a
security solution for an agent-based architecture for the smart office. This security solution is
potentially applicable to generic smart environments, but it suits particularly well to the smart office
scenario, taking advantage of the particular characteristics of the environment to satisfy the security
requirements
Empleo de la herramienta NEMESIS para la generación de escenarios para la enseñanza de seguridad de redes y sistemas
Comunicación en el Primer Workshop de Investigación en Tecnologías de Seguridad TIC (Fundación Sierra Pambley - León, 30 de noviembre de 2012
Generación de diccionarios inteligentes para la recuperación de contraseñas
Comunicación en el Primer Workshop de Investigación en Tecnologías de Seguridad TIC (Fundación Sierra Pambley - León, 30 de noviembre de 2012
Images Protection Sent to Mobile Devices
With the increasing use of multimedia technologies and mobile
devices, also increases the applications which purpose is to offer information or
to do advertising by means of the sending of images or videos. In this paper, we
approached a digital tourist guide scene in which mobile devices with limited
resources need to receive multimedia information across a wireless connection.
Also we approached that this information is visible only authorized users. We
centre the article on the protection of images on an format of compression
adapted. Standard JPEG 2000 has been selected to offer an optimal balance between
the quality of image and the occupied space. In order to protect the information,
we have worked with selective encryption mechanism, that allow to
obtain a relation of commitment between the computational cost, on having
concealed the information and the concealment degree
A Hierarchical Agent-based Approach to Security in Smart Offices
As electronic devices become more and more pervasively integrated
in our daily routine, security concerns start to become evident.
In the last years, there has been an increasing interest on the topic of security
in smart environments. One of the most challenging environments
regarding security are smart offices due to the high number of potential
users, devices and spaces, and the diversity of security roles. This paper
presents a security solution for an agent-based architecture for the smart
office. This security solution is potentially applicable to generic smart
environments, but it suits particularly well to the smart office scenario,
taking advantage of the particular characteristics of the environment to
satisfy the security requirements. The result is a hierarchical, agent-based
solution, flexible and scalable enough to be applicable to different smart
office scenarios, from small businesses to large organizations