Estudio y desarrollo de un cliente SCEP en una PKI corporativa

El presente proyecto propone la utilización de un protocolo de obtención y gestión de certificados llamado SCEP (Simple Certificate Enrollment Protocol), utilizado inicialmente para el aprovisionamiento automático de certificados en routers y switches de la marca Cisco Networks, para su uso en dispositivos personales o corporativos dentro del ámbito laboral. En la actualidad, se están aplicando nuevas técnicas más eficientes de control del uso de los dispositivos corporativos por parte de los empleados de determinadas empresas. Estas empresas son las encargadas de proporcionar a sus empleados dichos dispositivos, que en muchos casos son un ordenador personal y un teléfono móvil. En las empresas del sector de las TIC, el uso de esos dispositivos es la principal herramienta de sus empleados, con lo que la seguridad y control son mecanismos fundamentales que deben estar presentes y garantizados. Además, nuevas tendencias como el BYOD (Bring Your Own Device o el teletrabajo, permiten a los empleados tanto el uso de los dispositivos corporativos lejos del ámbito laboral (en su domicilio, por ejemplo), como el uso de dispositivos no preparados de antemano por la empresa. A priori, estas técnicas suponen un avance en comodidad para los empleados; pero puede significar todo lo contrario cuando se habla del mantenimiento de la seguridad y el control de acceso a los recursos de la empresa desde dichos dispositivos (obtención de certificados para acceder a recursos internos, envío de información cifrada entre individuos de la misma empresa, etc). Es aquí donde cobra sentido la idea de utilizar un protocolo de aprovisionamiento y gestión automatizada de certificados para garantizar la seguridad y control de acceso en la PKI (Public Key Infrastructure) corporativa, permitiendo el uso de dispositivos personales, y evitando la acumulación de trámites burocráticos incómodos tanto para el empleado como para la empresa. Este proyecto plantea la utilización del protocolo SCEP como mecanismo para la realización de la gestión automatizada de certificados ampliando su utilización a dispositivos de escritorio Windows y móviles Android.

Contexto, criptoanálisis y propuesta de solución de la inscripción de la talla (original) de la Virgen de Candelaria de Tenerife (Canarias, España)

Esta investigación es un ejemplo de simbiosis entre criptoanálisis y desciframiento de lenguas. Es la búsqueda del sentido de una inscripción, un conjunto de casi doscientas letras latinas, en una talla de la Virgen María que estaba en la isla de Tenerife, en la localidad hoy de Candelaria, en las islas Canarias. La imagen desapareció en un temporal en el año 1826. No obstante, es posible lograr una gran certeza sobre qué letras tenía, acudiendo a las fuentes documentales textuales y artísticas. El conocimiento del significado, si lo hubiera, de la inscripción mariana, creemos que no puede lograrse sin la adecuada comprensión del contexto. Esto significa indagar en la historia de la misma talla, que se remonta hasta el siglo XIV o XV, en el estudio de la población autóctona canaria, así como de los pueblos que allí llegaron en sus diferentes momentos históricos. Además, es necesario conocer el redescubrimiento del archipiélago canario y sus procesos de conquista y evangelización. Todos estos datos irán ofreciendo un panorama nuevo y sorprendente para comprender no sólo las letras sino la misma imagen escultórica en madera. A partir de este momento la indagación se moverá en ver si las letras corresponden a alguna lengua posible, lo que nos ha llevado a analizar un amplísimo conjunto de textos lo más cercanos a la época bajo estudio, pertenecientes a alrededor de un centenar de lenguas. Tras el examen lingüístico se ha procedido a un estudio de las posibles formas criptográficas que se hubieran utilizado para generar el texto de la inscripción. Se ofrece un detallado y minucioso elenco de técnicas posibles que pudieran haberse adoptado y se criptoanaliza con exhaustividad las letras de la talla mariana. Al mismo tiempo se ofrece un nuevo marco criptológico de métodos y sistemas más ordenado y completo que el que hasta ahora venía considerándose, en especial desde el surgimiento de la criptografía de clave asimétrica. Continuamos la investigación sopesando la posible generación pseudo-aleatoria del texto, un texto que pudiera no tener sentido alguno. En este momento, y habiendo completado todas las posibilidades e hipótesis, habiéndose negado todas, volvemos a reconsiderar el cuerpo de conjeturas y supuestos. Desde ahí analizamos en profundidad el ámbito etnográfico y lingüístico bereber como hipótesis más plausible y probable. Tras la profundización en esta lengua y la corrección de los errores que nos llevaron a no detectarla en nuestro análisis precedente, llegamos a la conclusión de encontrarnos ante una lengua arcaica bereber, un conjunto de letras pertenecientes a una lengua y familia hoy no desaparecida, si bien muy modelada y difuminada por otras lenguas, en especial el árabe. Esto nos llevará a rescatar aspectos léxicos, morfológicos, sintácticos y fonéticos de este habla arcaica. Con todos estos datos realizamos un amplio estudio semántico de la talla tanto desde la perspectiva aborigen autóctona como cristiana. Finalmente, desde las voces lexicales y sus raíces de las lenguas bereberes e insulares amazigh, ofrecemos el significado de las letras inscritas en la talla mariana de Candelaria. ABSTRACT This research is an example of symbiosis between cryptanalysis and deciphering of languages. It is the search for meaning in an inscription, a group of about two hundred latin letters on a carving of the Virgin Mary that was on the island of Tenerife, in the town of Candelaria today, in the Canary islands. The image disappeared in a storm in 1826. However, it is possible to achieve a great certainty about what letters had, going to the textual and artistic documentary sources. The knowledge of the meaning, if any, of the marian inscription, can not be achieved without an adequate knowledge of the context. This means researching into the history of the same carving, which dates back to the fourteenth and fifteen century; the study of the canarian indigenous people and of the people who came there at different historical moments. Furthermore, it is necessary to know the rediscovery of the Canary islands and their processes of conquest and evangelization. All these data will offer a new and surprising outlook to understanding not only the letters but the same wood sculpture. From this moment the inquiry will move to see if the letters correspond to any possible language, which has led us to analyze a very large set of texts as close to the time under study, in a hundred languages. After the language examination, has been carried out a study of possible cryptographic forms used to generate the text of the inscription. A detailed and thorough list of possible techniques that could be adopted is offered. Then exhaustively we cryptanalyze the letters of the marian carving. At the same time a new crypto framework of methods and systems more orderly and complete, especially since the emergence of asymmetric key cryptography, is provided. We continue researching the possible pseudo-random generation of the text, a text that would not make any sense. At this time, and having completed all the possibilities and hypotheses, all having refused, we return to rethink our assumptions. From there we analyze in depth the ethnographic and linguistic berber sphere as the most likely hypothesis. Following the deepening of this language and correcting the mistakes that led us not to detect it in our analysis above, we conclude that this is an archaic berber language, a set of letters belonging to a language and family not extinct today but very modeled and influenced by other languages, primarily arabic. This will lead us to rescue lexical, morphological, syntactic and phonetic aspects of this archaic speech. With all this data we make a wide semantic study of the carving from the indigenous and christian perspective. Finally, from the lexical voices and roots of the berber languages amazigh and island-amazigh, we give the meaning of the letters inscribed in the marian carving of Candelaria.

Framework para el desarrollo con el DNIe

El proyecto se trata de una API de desarrollo para el DNI electrónico que permita crear de forma sencilla aplicaciones cuya funcionalidad se apoye en el uso del DNI electrónico. De esta forma, el framework facilita el acceso a las principales operaciones soportadas por el DNIe mediante la invocación de métodos sencillos. Una de las funcionalidades es la de realizar un proceso de autenticación con el DNIe utilizando para ello las capacidades criptográficas del chip que incorpora y el certificado de autenticación. Esta funcionalidad puede ser accedida también de forma dividida en dos pasos, para dar soporte a aplicaciones con arquitectura cliente-servidor. El framework también ofrece la funcionalidad de firma electrónica con el DNIe, una firma legalmente válida y que permite chequear también la integridad del mensaje firmado. También se soporta por el framework la comprobación de un certificado mediante el protocolo OCSP, funcionalidad que si bien no implica directamente al DNIe, sí que es importante en el marco de procesos que se ven involucrados en cualquier Infraestructura de Clave Pública. ABSTRACT The project is a development API for DNIe card that allows easily create applications whose functionality is supported in the use of DNIe. Thus, the framework provides access to the main operations supported by the DNIe by invoking simple methods. One of the features is to perform an authentication process with the DNIe using its chip’s capabilities and authentication certificate. This functionality can also be accessed so divided into two steps, to support applications with client-server architecture. The framework also provides the functionality of electronic signatures with DNIe, a legally valid signature and allows also check the integrity of the signed message. Verification of a certificate using OCSP, functionality but does not imply directly to DNIe is also supported by the framework, yes it is important in the context of processes that are involved in any Public Key Infrastructure.

Matrix Power S-box Analysis

* Work supported by the Lithuanian State Science and Studies Foundation.

A new distributed MIKEY mode to secure e-health applications.

Securing e-health applications in the context of Internet of Things (IoT) is challenging. Indeed, resources scarcity in such environment hinders the implementation of existing standard based protocols. Among these protocols, MIKEY (Multimedia Internet KEYing) aims at establishing security credentials between two communicating entities. However, the existing MIKEY modes fail to meet IoT specificities. In particular, the pre-shared key mode is energy efficient, but suffers from severe scalability issues. On the other hand, asymmetric modes such as the public key mode are scalable, but are highly resource consuming. To address this issue, we combine two previously proposed approaches to introduce a new hybrid MIKEY mode. Indeed, relying on a cooperative approach, a set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the pre-shared mode is used in the constrained part of the network, while the public key mode is used in the unconstrained part of the network. Preliminary results show that our proposed mode is energy preserving whereas its security properties are kept safe.

Distributed and compressed MIKEY mode to secure end-to-end communications in the Internet of things.

Multimedia Internet KEYing protocol (MIKEY) aims at establishing secure credentials between two communicating entities. However, existing MIKEY modes fail to meet the requirements of low-power and low-processing devices. To address this issue, we combine two previously proposed approaches to introduce a new distributed and compressed MIKEY mode for the Internet of Things. Indeed, relying on a cooperative approach, a set of third parties is used to discharge the constrained nodes from heavy computational operations. Doing so, the preshared mode is used in the constrained part of network, while the public key mode is used in the unconstrained part of the network. Furthermore, to mitigate the communication cost we introduce a new header compression scheme that reduces the size of MIKEY’s header from 12 Bytes to 3 Bytes in the best compression case. Preliminary results show that our proposed mode is energy preserving whereas its security properties are preserved untouched.

Homomorphic encryption and database query privacy

Homomorphic encryption is a particular type of encryption method that enables computing over encrypted data. This has a wide range of real world ramifications such as being able to blindly compute a search result sent to a remote server without revealing its content. In the first part of this thesis, we discuss how database search queries can be made secure using a homomorphic encryption scheme based on the ideas of Gahi et al. Gahi’s method is based on the integer-based fully homomorphic encryption scheme proposed by Dijk et al. We propose a new database search scheme called the Homomorphic Query Processing Scheme, which can be used with the ring-based fully homomorphic encryption scheme proposed by Braserski. In the second part of this thesis, we discuss the cybersecurity of the smart electric grid. Specifically, we use the Homomorphic Query Processing scheme to construct a keyword search technique in the smart grid. Our work is based on the Public Key Encryption with Keyword Search (PEKS) method introduced by Boneh et al. and a Multi-Key Homomorphic Encryption scheme proposed by L´opez-Alt et al. A summary of the results of this thesis (specifically the Homomorphic Query Processing Scheme) is published at the 14th Canadian Workshop on Information Theory (CWIT).

Open Access and Public Sector Information : Policy Developments in Australia and Key Jurisdictions

This book chapter considers recent developments in Australia and key jurisdictions both in relation to the formation of a national information strategy and the management of legal rights in public sector information.

A symposium of reviews of public criminology? : by Ian Loader and Richard Sparks (Oxford : Key Ideas in Criminology, Routledge, 2010, 196pp.) with contributions from Nils Christie, Elliott Currie, Helena Kennedy, Gloria Laycock, Rod Morgan, Joe Sim, Jacqueline Tombs and Reece Walters

Public or Civic Criminology : A Critique of Loader and Sparks

Key attributes underpinning different markup decision between public and private projects : a China study

In the construction industry, contractors have to improve the efficiency of markup decision-making to survive from fierce business competition. The effect of client type on markup decision has been aware in previous studies and contractors are advocated to take account of decision factors properly when they are confronted with different types of projects. Nevertheless, the rationales behind the inclusion of different factors in markup decision-making for different projects sustain unknown. In this study, fifty-three factors were identified after extensive literature review and interviews with professionals. The identified factors were afterwards grouped under the headings of nine attributes and compiled in a questionnaire for survey in China. Using the Hotelling’s T-square test, it is found that three attributes (i.e., project characteristic, client characteristic, and macro condition) can explain the effect of client type on contractors’ markup decision. The research findings provide useful insights into the cognition of bid pricing as well as the improvement of bidding efficiency. While the research works were situated in China, contractors in other countries could benefit from the research findings in a similar vein.

Certified pseudonyms colligated with master secret key

A pseudonym provides anonymity by protecting the identity of a legitimate user. A user with a pseudonym can interact with an unknown entity and be confident that his/her identity is secret even if the other entity is dishonest. In this work, we present a system that allows users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Our proposal is different from previously published pseudonym systems, as in addition to standard notion of protecting privacy of an user, our system offers colligation between seemingly independent pseudonyms. This new property when combined with a trusted platform that stores a master secret key is extremely beneficial to an user as it offers a convenient way to generate a large number of pseudonyms using relatively small storage.

Identifying the key sociocultural influences on drinking behavior in high and moderate binge-drinking countries and the public policy implications

Despite considerable state investment and initiatives, binge drinking is still a major behavioral problem for policy makers and communities in many parts of the world. Furthermore, the practice of bingeing on alcohol seems to be spreading to young people in countries traditionally considered to have moderate drinking behaviors. Using a sociocultural lens and a framework of sociocultural themes from previous literature to develop propositions from their empirical study, the authors examine binge-drinking attitudes and behaviors among young people from high and moderate binge-drinking countries. The authors then make proposals regarding how policy makers can use social marketing more effectively to contribute to behavior change. Qualitative interviews were conducted with 91 respondents from 22 countries who were studying in two high binge-drinking countries at the time. The results show support for three contrasting sociocultural propositions that identify influences on binge drinking across these countries.