Progettazione e implementazione di un servizio di autenticazione a più fattori per i servizi dell'ateneo

I sistemi di autenticazione con secondo fattore permettono una migliore protezione dell'identità digitale degli utenti. Questo lavoro descrive l'analisi e progettazione della soluzione di autenticazione a più fattori da integrare nel sistema di Ateneo, conclusasi con lo sviluppo del modulo di integrazione tra il servizio di autenticazione Web Single Sign-On dell'Università di Bologna (ADFS 3.0) e la piattaforma scelta per la fornitura (Time4ID). L'integrazione è stata effettuata programmando un Authentication Provider, costituito da una libreria di integrazione scritta in C#, capace di integrarsi con la piattaforma cloud-based di verifica del secondo fattore.

University authentication system based on Java card and digital X.509 certificate

This article presents a solution to the problem of strong authentication, portable and expandable using a combination of Java technology and storage of X.509 digital certificate in Java cards to access services offered by an institution, in this case, the technology of the University of Panama, ensuring the authenticity, confidentiality, integrity and non repudiation.

Vahva todennus julkisen avaimen järjestelmässä

Arvokasta tai luottamuksellista tietoa käsittelevien palveluiden, kuten pankki- ja kauppa-palveluiden, tarjoaminen julkisessa Internet-verkossa on synnyttänyt tarpeen vahvalle todennukselle, eli käyttäjien tunnistuksen varmistamiselle. Vahvassa todennuksessa käytetään salaus-menetelmien tarjoamia keinoja todennus-tapahtuman tieto-turvan parantamiseen heikkoihin todennusmenetelmiin nähden. Todennusta käyttäjätunnus-salasana-yhdistelmällä voidaan pitää heikkona menetelmänä. Julkisen avaimen järjestelmän varmenteita voidaan käyttää WWW-ympäristössä toimivissa palveluissa yhteyden osapuolten todentamiseen. Tässä työssä suunniteltiin vahva käyttäjän todennus julkisen avaimen järjestelmällä WWW-ympäristössä tarjottavalle palvelulle ja toteutettiin palvelun tarjoavan sovelluksen komponentiksi soveltuva yksinkertainen varmentaja OpenSSL-salaustyökalupaketin avulla. Työssä käydään läpi myös salauksen perusteet, julkisen avaimen järjestelmä ja esitellään olemassaolevia varmentajatoteutuksia ja mahdollisia tieto-turva-uhkia Vahva todennus tulee suunnitella siten, että palvelun käyttäjä ymmärtää, mikä tarkoitus hänen toimillaan on ja miten ne edistävät tietoturvaa. Internet-palveluissa käyttäjän vahva todennus ei ole yleistynyt huonon käytettävyyden vuoksi.

User and Machine Authentication and Authorization Infrastructure for Distributed Wireless Sensor Network Testbeds

The intention of an authentication and authorization infrastructure (AAI) is to simplify and unify access to different web resources. With a single login, a user can access web applications at multiple organizations. The Shibboleth authentication and authorization infrastructure is a standards-based, open source software package for web single sign-on (SSO) across or within organizational boundaries. It allows service providers to make fine-grained authorization decisions for individual access of protected online resources. The Shibboleth system is a widely used AAI, but only supports protection of browser-based web resources. We have implemented a Shibboleth AAI extension to protect web services using Simple Object Access Protocol (SOAP). Besides user authentication for browser-based web resources, this extension also provides user and machine authentication for web service-based resources. Although implemented for a Shibboleth AAI, the architecture can be easily adapted to other AAIs.

Context-aware multi-factor authentication

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática

Efficient biometric and password based mutual authentication for consumer USB mass storage devices

A Universal Serial Bus (USB) Mass Storage Device (MSD), often termed a USB flash drive, is ubiquitously used to store important information in unencrypted binary format. This low cost consumer device is incredibly popular due to its size, large storage capacity and relatively high transfer speed. However, if the device is lost or stolen an unauthorized person can easily retrieve all the information. Therefore, it is advantageous in many applications to provide security protection so that only authorized users can access the stored information. In order to provide security protection for a USB MSD, this paper proposes a session key agreement protocol after secure user authentication. The main aim of this protocol is to establish session key negotiation through which all the information retrieved, stored and transferred to the USB MSD is encrypted. This paper not only contributes an efficient protocol, but also does not suffer from the forgery attack and the password guessing attack as compared to other protocols in the literature. This paper analyses the security of the proposed protocol through a formal analysis which proves that the information is stored confidentially and is protected offering strong resilience to relevant security attacks. The computational cost and communication cost of the proposed scheme is analyzed and compared to related work to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security.

Identity Provider Shibboleth per il servizio di federazione e Single Sign-On di Ateneo

L’università di Bologna, da sempre attenta alle nuove tecnologie e all’innovazione, si è dotata nel 2010 di un Identity Provider (IDP), ovvero un servizio per la verifica dell’identità degli utenti dell’organizzazione tramite username e password in grado di sollevare le applicazioni web (anche esterne all’organizzazione) dall’onere di verificare direttamente le credenziali dell’utente delegando totalmente la responsabilità sul controllo dell’identità digitale all’IDP. La soluzione adottata (Microsoft ADFS) si è dimostrata generalmente semplice da configurare e da gestire, ma ha presentato problemi di integrazione con le principali federazioni di identità regionali e italiane (FedERa e IDEM) a causa di una incompatibilità con il protocollo SAML 1.1, ancora utilizzato da alcuni dei servizi federati. Per risolvere tale incompatibilità il "CeSIA – Area Sistemi Informativi e Applicazioni" dell’Università di Bologna ha deciso di dotarsi di un Identity Provider Shibboleth, alternativa open source ad ADFS che presenta funzionalità equivalenti ed è in grado di gestire tutte le versioni del protocollo SAML (attualmente rilasciato fino alla versione 2.0). Il mio compito è stato quello di analizzare, installare, configurare e integrare con le federazioni IDEM e FedERa un’infrastruttura basata sull’IDP Shibboleth prima in test poi in produzione, con la collaborazione dei colleghi che in precedenza si erano occupati della gestione della soluzione Microsoft ADFS. Il lavoro che ho svolto è stato suddiviso in quattro fasi: - Analisi della situazione esistente - Progettazione della soluzione - Installazione e configurazione di un Identity Provider in ambiente di test - Deploy dell’Identity Provider in ambiente di produzione

Electrochemical Evidence of Strong Electronic Interaction of PtRu on Carbon Nanotubes with High Density of Defects

We show that carbon nanotubes (CNTs) with high density of defects can present a strong electronic interaction with nanoparticles of Pt-Ru with average particle size of 3.5 +/- 0.8 nm. Depending on the Pt-Ru loading on the CNTs, CO and methanol oxidation reactions suggest there is a charge transfer between Pt-Ru that in turn provokes a decrease in the electronic interaction taking place between Ru and Pt in the PtRu alloy. The CO stripping potentials were observed at about 0.65 and 0.5 V for Pt-Ru/CNT electrodes with Pt-Ru loadings of 10 and 20, and 30 wt %, respectively. (C) 2008 The Electrochemical Society. [DOI: 10.1149/1.2990222] All rights reserved.

BONA FIDE, STRONG-VARIABLE GALACTIC LUMINOUS BLUE VARIABLE STARS ARE FAST ROTATORS: DETECTION OF A HIGH ROTATIONAL VELOCITY IN HR CARINAE

We report optical observations of the luminous blue variable (LBV) HR Carinae which show that the star has reached a visual minimum phase in 2009. More importantly, we detected absorptions due to Si lambda lambda 4088-4116. To match their observed line profiles from 2009 May, a high rotational velocity of nu(rot) similar or equal to 150 +/- 20 km s(-1) is needed (assuming an inclination angle of 30 degrees), implying that HR Car rotates at similar or equal to 0.88 +/- 0.2 of its critical velocity for breakup (nu(crit)). Our results suggest that fast rotation is typical in all strong-variable, bona fide galactic LBVs, which present S-Dor-type variability. Strong-variable LBVs are located in a well-defined region of the HR diagram during visual minimum (the ""LBV minimum instability strip""). We suggest this region corresponds to where nu(crit) is reached. To the left of this strip, a forbidden zone with nu(rot)/nu(crit) > 1 is present, explaining why no LBVs are detected in this zone. Since dormant/ex LBVs like P Cygni and HD 168625 have low nu(rot), we propose that LBVs can be separated into two groups: fast-rotating, strong-variable stars showing S-Dor cycles (such as AG Car and HR Car) and slow-rotating stars with much less variability (such as P Cygni and HD 168625). We speculate that supernova (SN) progenitors which had S-Dor cycles before exploding (such as in SN 2001ig, SN 2003bg, and SN 2005gj) could have been fast rotators. We suggest that the potential difficulty of fast-rotating Galactic LBVs to lose angular momentum is additional evidence that such stars could explode during the LBV phase.

Thermal Transport and Strong Mass Renormalization in NiCl(2)-4SC(NH(2))(2)

Several quantum paramagnets exhibit magnetic-field-induced quantum phase transitions to an anti-ferromagnetic state that exists for H(c1) <= H <= H(c2). For some of these compounds, there is a significant asymmetry between the low-and high-field transitions. We present specific heat and thermal conductivity measurements in NiCl(2)-4SC(NH(2))(2), together with calculations which show that the asymmetry is caused by a strong mass renormalization due to quantum fluctuations for H <= H(c1) that are absent for H >= H(c2). We argue that the enigmatic lack of asymmetry in thermal conductivity is due to a concomitant renormalization of the impurity scattering.

Observation of charge-dependent azimuthal correlations and possible local strong parity violation in heavy-ion collisions

Parity (P)-odd domains, corresponding to nontrivial topological solutions of the QCD vacuum, might be created during relativistic heavy-ion collisions. These domains are predicted to lead to charge separation of quarks along the orbital momentum of the system created in noncentral collisions. To study this effect, we investigate a three-particle mixed-harmonics azimuthal correlator which is a P-even observable, but directly sensitive to the charge-separation effect. We report measurements of this observable using the STAR detector in Au + Au and Cu + Cu collisions at root s(NN) = 200 and 62 GeV. The results are presented as a function of collision centrality, particle separation in rapidity, and particle transverse momentum. A signal consistent with several of the theoretical expectations is detected in all four data sets. We compare our results to the predictions of existing event generators and discuss in detail possible contributions from other effects that are not related to P violation.

Azimuthal Charged-Particle Correlations and Possible Local Strong Parity Violation

Parity-odd domains, corresponding to nontrivial topological solutions of the QCD vacuum, might be created during relativistic heavy-ion collisions. These domains are predicted to lead to charge separation of quarks along the system's orbital momentum axis. We investigate a three-particle azimuthal correlator which is a P even observable, but directly sensitive to the charge separation effect. We report measurements of charged hadrons near center-of-mass rapidity with this observable in Au+Au and Cu+Cu collisions at s(NN)=200 GeV using the STAR detector. A signal consistent with several expectations from the theory is detected. We discuss possible contributions from other effects that are not related to parity violation.

Exotic phases induced by strong spin-orbit coupling in ordered double perovskites

We construct and analyze a microscopic model for insulating rocksalt ordered double perovskites, with the chemical formula A(2)BB'O(6), where the B' atom has a 4d(1) or 5d(1) electronic configuration and forms a face-centered-cubic lattice. The combination of the triply degenerate t(2g) orbital and strong spin-orbit coupling forms local quadruplets with an effective spin moment j=3/2. Moreover, due to strongly orbital-dependent exchange, the effective spins have substantial biquadratic and bicubic interactions (fourth and sixth order in the spins, respectively). This leads, at the mean-field level, to three main phases: an unusual antiferromagnet with dominant octupolar order, a ferromagnetic phase with magnetization along the [110] direction, and a nonmagnetic but quadrupolar ordered phase, which is stabilized by thermal fluctuations and intermediate temperatures. All these phases have a two-sublattice structure described by the ordering wave vector Q=2 pi(001). We consider quantum fluctuations and argue that in the regime of dominant antiferromagnetic exchange, a nonmagnetic valence-bond solid or quantum-spin-liquid state may be favored instead. Candidate quantum-spin-liquid states and their basic properties are described. We also address the effect of single-site anisotropy driven by lattice distortions. Existing and possible future experiments are discussed in light of these results.

Strong reduction of V(4+) amount in vanadium oxide/hexadecylamine nanotubes by doping with Co(2+) and Ni(2+) ions: Electron paramagnetic resonance and magnetic studies

In this work we present a complete characterization and magnetic study of vanadium oxide/hexadecylamine nanotubes (VO(x)/Hexa NT's) doped with Co(2)+ and Ni(2+) ions. The morphology of the NT's has been characterized by transmission electron microscopy, while the metallic elements have been quantified by the instrumental neutron activation analysis technique. The static and dynamic magnetic properties were studied by collecting data of magnetization as a function of magnetic field and temperature and by electron paramagnetic resonance. At difference of the majority reports in the literature, we do not observe magnetic dimers in vanadium oxide nanotubes. Also, we observed that the incorporation of metallic ions (Co(2+), S = 3/2 and Ni(2+), S = 1) decreases notably the amount of V(4+) ions in the system, from 14-16% (nondoped case) to 2%-4%, with respect to the total vanadium atoms (fact corroborated by XPS experiments) anyway preserving the tubular nanostructure. The method to decrease the amount of V(4+) in the nanotubes improves considerably their potential technological applications as Li-ion batteries cathodes. (C) 2011 American Institute of Physics. [doi: 10.1063/1.3580252]

A Strong Protective Action of Guttiferone-A, a Naturally Occurring Prenylated Benzophenone, Against Iron-Induced Neuronal Cell Damage

Guttiferone-A (GA) is a natural occurring polyisoprenylated benzophenone with several reported pharmacological actions. We have assessed the protective action of GA on iron-induced neuronal cell damage by employing the PC12 cell line and primary culture of rat cortical neurons (PCRCN). A strong protection by GA, assessed by the 2,3-bis(2-methoxy-4-nitro-5-sulfophenyl)-2H-tetrazolium-5-carbox-anilide (XTT) assay, was revealed, with IC(50) values <1 mu M. GA also inhibited Fe(3+)-ascorbate reduction, iron-induced oxidative degradation of 2-deoxiribose, and iron-induced lipid peroxidation in rat brain homogenate, as well as stimulated oxygen consumption by Fe(2+) autoxidation. Absorption spectra and cyclic voltammograms of GA Fe(2+)/Fe(3+) complexes suggest the formation of a transient charge transfer complex between Fe(2+) and GA, accelerating Fe(2+) oxidation. The more stable Fe(3+) complex with GA would be unable to participate in Fenton-Haber Weiss-type reactions and the propagation phase of lipid peroxidation. The results show a potential of GA against neuronal diseases associated with iron-induced oxidative stress.