Federation of attribute providers for user self-sovereign identity

In a world where people must subject themselves to high scrutiny in every process they initiate, and in a world where the digital environment grows incessantly, we anticipate more online services asking for personal attributes and their need to trust in such attributes. For tackling such need, we describe a proposal for a secure, decentralized and shared repository of certified personal attributes. Individuals benefit because they have full control over the disclosure of their set of certified attributes (e.g. to assert their identities to service providers). The certifying entities benefit from a blockchain-based, resilient and decentralized infrastructure, avoiding the higher costs of an always-on, centralized infrastructure, while retaining the power to issue and revoke certified attributes. Finally service providers benefit from the correctness and freshness of the certified attributes that individuals disclosed to them.publishe

A fair channel hopping scheme for LoRa Networks with multiple single-channel gateways

LoRa is one of the most prominent LPWAN technologies due to its suitable characteristics for supporting large-scale IoT networks, as it offers long-range communications at low power consumption. The latter is granted mainly because end-nodes transmit directly to the gateways and no energy is spent in multi-hop transmissions. LoRaWAN gateways can successfully receive simultaneous transmissions on multiple channels. However, such gateways can be costly when compared to simpler single-channel LoRa transceivers, and at the same time they are configured to operate with pure-ALOHA, the well-known and fragile channel access scheme used in LoRaWAN. This work presents a fair, control-based channel hopping-based medium access scheme for LoRa networks with multiple single-channel gateways. Compared with the pure-ALOHA used in LoRaWAN, the protocol proposed here achieves higher goodput and fairness levels because each device can choose its most appropriate channel to transmit at a higher rate and spending less energy. Several simulation results considering different network densities and different numbers of single-channel LoRa gateways show that our proposal is able to achieve a packet delivery ratio (PDR) of around 18% for a network size of 2000 end-nodes and one gateway, and a PDR of almost 50% when four LoRa gateways are considered, compared to 2% and 6%, respectively, achieved by the pure-ALOHA approachinfo:eu-repo/semantics/publishedVersio

Modelo de segurança para a composição dinâmica de workflows em arquiteturas de e-government

As arquiteturas de interoperabilidade permitem a criação de workflows transversais na administração pública e a integração de serviços na perspetiva dos cidadãos e empresas. Neste artigo apresentamos um modelo de segurança que visa as questões levantadas por arquiteturas de interoperabilidade baseadas em agentes autónomos que suportam a composição dinâmica de workflows. O modelo baseia-se numa infraestrutura de chave pública e num conjunto de estruturas de dados baseadas em normas bem conhecidas (X.509 V3 e WSDL). Este modelo de segurança suporta a identificação, autenticação, acreditação e autorização e garante que os resultados produzidos pelos agentes apenas são entregues aos seus destinatários, mesmo que estes destinatários não sejam conhecidos na altura da produção do resultado.Interoperability architectures allow the creation of transversal workflows in the public administration and the integration of services from the perspective of citizens and businesses. In this paper we present a security model to address the security issues that are raised by an interoperability architecture that supports the dynamic composition of e-government workflows by autonomous agents. The model is based in a Public Key Infrastructure and a set of data structures which are supported on well-known standards (X.509 V3 and WSDL). It addresses agent identification, authentication, accreditation and authorization and ensures that results produced by agents are privately delivered to their intended recipients even though those recipients may not be known when the results are produced

An overview of security ontologies

This paper presents an overview of ontologies in Information Systems Security. Information Systems Security is a broad and dynamic area that clearly benefits from the formalizations of concepts provided by ontologies. After a very short presentation of ontologies and Semantic Web, several works in Security Ontologies targeting different aspects of security engineering are presented together with another study that compares several publicly available security ontologies

Integration of the Captive Portal paradigm with the 802.1X architecture

In a scenario where hotspot wireless networks are increasingly being used, and given the amount of sensitive information exchanged on Internet interactions, there is the need to implement security mechanisms that guarantee data confidentiality and integrity in such networks, as well as the authenticity of the hotspot providers. However, many hotspots today use Captive Portals, which rely on authentication through Web pages (thus, an application-level authentication approach) instead of a link-layer approach. The consequence of this is that there is no security in the wireless link to the hotspot (it has to be provided at upper protocol layers), and is cumbersome to manage wireless access profiles (we need special applications or browsers' add-ons to do that). This work exposes the weaknesses of the Captive Portals' paradigm, which does not follow a unique nor standard approach, and describes a solution that intends to suppress them, based on the 802.1X architecture. This solution uses a new EAP-compliant protocol that is able to integrate an HTTP-based registration or authentication with a Captive Portal within the 802.1X authentication framework

Authenticated file broadcast protocol

The File Broadcast Protocol (FBP) was developed as a part of the DETIboot system. DETIboot allows a host to broadcast an operating system image through an 802.11 wireless network to an arbitrary number of receivers. Receivers can load the image and immediately boot a Linux live session. The initial version of FBP had no security mechanisms. In this paper we present an authentication protocol developed for FBP that ensures a correct file distribution from the intended source to the receivers. The performance valuations have shown that, with the best operational configuration tested, the file download time is increased by less than 5%