257 resultados para Authentication
Resumo:
El Hogar Digital Accesible (HDA) de la ETSIST nace con el propósito de acercar las nuevas Tecnologías de la Información a las personas que precisan de necesidades concretas de accesibilidad y usabilidad, dotándoles de herramientas que les permitan aumentar su calidad de vida, confort, seguridad y autonomía. El entorno del HDA consta de elementos de control para puertas, persianas, iluminación, agua o gas, sensores de temperatura, incendios, gas, sistemas de climatización, sistemas de entretenimiento y sistemas de seguridad tales como detectores de presencia y alarmas. Todo ello apoyado sobre una arquitectura de red que proporciona una pasarela residencial y un acceso a banda ancha. El objetivo principal de este PFG ha sido el desarrollo de un sistema de autenticación para el Hogar Digital Accesible de bajo coste. La idea de integrar un sistema de autenticación en el HDA, surge de la necesidad de proteger de accesos no deseados determinados servicios disponibles dentro de un ámbito privado. Algunos de estos servicios pueden ser tales como el acceso a la lectura de los mensajes disponibles en el contestador automático, el uso de equipos multimedia, la desconexión de alarmas de seguridad o simplemente la configuración de ambientes según el usuario que esté autenticado (intensidad de luz, temperatura de la sala, etc.). En el desarrollo han primado los principios de accesibilidad, usabilidad y seguridad necesarios para la creación de un entorno no invasivo, que permitiera acreditar la identidad del usuario frente al sistema HDA. Se ha planteado como posible solución, un sistema basado en el reconocimiento de un trazo realizado por el usuario. Este trazo se usará como clave de cara a validar a los usuarios. El usuario deberá repetir el trazado que registró en el sistema para autenticarse. Durante la ejecución del presente PFG, se justificará la elección de este mecanismo de autenticación frente a otras alternativas disponibles en el mercado. Para probar la aplicación, se ha podido contar con dos periféricos de distintas gamas, el uDraw creado para la PS3 que se compone de una tableta digitalizadora y un lápiz que permite recoger los trazos realizados por el usuario de forma inalámbrica y la tableta digitalizadora Bamboo de Wacom. La herramienta desarrollada permite a su vez, la posibilidad de ser usada por otro tipo de dispositivos como es el caso del reloj con acelerómetro de 3 ejes de Texas Instruments Chronos eZ430 capaz de trasladar los movimientos del usuario al puntero de un ratón. El PFG se encuentra dividido en tres grandes bloques de flujo de trabajo. El primero se centra en el análisis del sistema y las tecnologías que lo componen, incluyendo los distintos algoritmos disponibles para realizar la autenticación basada en reconocimiento de patrones aplicados a imágenes que mejor se adaptan a las necesidades del usuario. En el segundo bloque se recoge una versión de prueba basada en el análisis y el diseño UML realizado previamente, sobre la que se efectuaron pruebas de concepto y se comprobó la viabilidad del proyecto. El último bloque incluye la verificación y validación del sistema mediante pruebas que certifican que se han alcanzado los niveles de calidad necesarios para la consecución de los objetivos planteados, generando finalmente la documentación necesaria. Como resultado del trabajo realizado, se ha obtenido un sistema que plantea una arquitectura fácilmente ampliable lograda a través del uso de técnicas como la introspección, que permiten separar la lógica de la capa de negocio del código que la implementa, pudiendo de forma simple e intuitiva sustituir código mediante ficheros de configuración, lo que hace que el sistema sea flexible y escalable. Tras la realización del PFG, se puede concluir que el producto final obtenido ha respondido de forma satisfactoria alcanzando los niveles de calidad requeridos, siendo capaz de proporcionar un sistema de autenticación alternativo a los convencionales, manteniendo unas cotas de seguridad elevadas y haciendo de la accesibilidad y el precio sus características más reseñables. ABSTRACT. Accessible Digital Home (HDA) of the ETSIST was created with the aim of bringing the latest information and communications technologies closer to the people who has special needs of accessibility and usability increasing their quality of life, comfort, security and autonomy. The HDA environment has different control elements for doors, blinds, lighting, water or gas, temperature sensors, fire protection systems, gas flashover, air conditioning systems, entertainments systems and security systems such as intruders detectors and alarms. Everything supported by an architecture net which provides a broadband residential services gateway. The main goal of this PFG was the development of a low-cost authentication system for the Accessible Digital Home. The idea of integrating an authentication system on the HDA, stems from the need to safeguard certain private key network resources from unauthorized access. Some of said resources are the access to the answering machine messages, the use of multimedia devices, the alarms deactivation or the parameter settings for each environment as programmed by the authenticated user (light intensity, room temperature, etc.). During the development priority was given to concepts like accessibility, usability and security. All of them necessary to create a non invasive environment that allows the users to certify their identity. A system based on stroke pattern recognition, was considered as a possible solution. This stroke is used as a key to validate users. The user must repeat the stroke that was saved on the system to validate access. The selection of this authentication mechanism among the others available options will be justified during this PFG. Two peripherals with different ranges were used to test the application. One of them was uDraw design for the PS3. It is wireless and is formed by a pen and a drawing tablet that allow us to register the different strokes drawn by the user. The other one was the Wacom Bamboo tablet, that supports the same functionality but with better accuracy. The developed tool allows another kind of peripherals like the 3-axes accelerometer digital wristwatch Texas Instruments Chronos eZ430 capable of transfering user movements to the mouse cursor. The PFG is divided by three big blocks that represent different workflows. The first block is focused on the system analysis and the technologies related to it, including algorithms for image pattern recognition that fits the user's needs. The second block describes how the beta version was developed based on the UML analysis and design previously done. It was tested and the viability of the project was verified. The last block contains the system verification and validation. These processes certify that the requirements have been fulfilled as well as the quality levels needed to reach the planned goals. Finally all the documentation has been produced. As a result of the work, an expandable system has been created, due to the introspection that provides the opportunity to separate the business logic from the code that implements it. With this technique, the code could be replaced throughout configuration files which makes the system flexible and highly scalable. Once the PFG has finished, it must therefore be concluded that the final product has been a success and high levels of quality have been achieved. This authentication tool gives us a low-cost alternative to the conventional ones. The new authentication system remains security levels reasonably high giving particular emphasis to the accessibility and the price.
Resumo:
La minería de datos es un campo de las ciencias de la computación referido al proceso que intenta descubrir patrones en grandes volúmenes de datos. La minería de datos busca generar información similar a la que podría producir un experto humano. Además es el proceso de descubrir conocimientos interesantes, como patrones, asociaciones, cambios, anomalías y estructuras significativas a partir de grandes cantidades de datos almacenadas en bases de datos, data warehouses o cualquier otro medio de almacenamiento de información. El aprendizaje automático o aprendizaje de máquinas es una rama de la Inteligencia artificial cuyo objetivo es desarrollar técnicas que permitan a las computadoras aprender. De forma más concreta, se trata de crear programas capaces de generalizar comportamientos a partir de una información no estructurada suministrada en forma de ejemplos. La minería de datos utiliza métodos de aprendizaje automático para descubrir y enumerar patrones presentes en los datos. En los últimos años se han aplicado las técnicas de clasificación y aprendizaje automático en un número elevado de ámbitos como el sanitario, comercial o de seguridad. Un ejemplo muy actual es la detección de comportamientos y transacciones fraudulentas en bancos. Una aplicación de interés es el uso de las técnicas desarrolladas para la detección de comportamientos fraudulentos en la identificación de usuarios existentes en el interior de entornos inteligentes sin necesidad de realizar un proceso de autenticación. Para comprobar que estas técnicas son efectivas durante la fase de análisis de una determinada solución, es necesario crear una plataforma que de soporte al desarrollo, validación y evaluación de algoritmos de aprendizaje y clasificación en los entornos de aplicación bajo estudio. El proyecto planteado está definido para la creación de una plataforma que permita evaluar algoritmos de aprendizaje automático como mecanismos de identificación en espacios inteligentes. Se estudiarán tanto los algoritmos propios de este tipo de técnicas como las plataformas actuales existentes para definir un conjunto de requisitos específicos de la plataforma a desarrollar. Tras el análisis se desarrollará parcialmente la plataforma. Tras el desarrollo se validará con pruebas de concepto y finalmente se verificará en un entorno de investigación a definir. ABSTRACT. The data mining is a field of the sciences of the computation referred to the process that it tries to discover patterns in big volumes of information. The data mining seeks to generate information similar to the one that a human expert might produce. In addition it is the process of discovering interesting knowledge, as patterns, associations, changes, abnormalities and significant structures from big quantities of information stored in databases, data warehouses or any other way of storage of information. The machine learning is a branch of the artificial Intelligence which aim is to develop technologies that they allow the computers to learn. More specifically, it is a question of creating programs capable of generalizing behaviors from not structured information supplied in the form of examples. The data mining uses methods of machine learning to discover and to enumerate present patterns in the information. In the last years there have been applied classification and machine learning techniques in a high number of areas such as healthcare, commercial or security. A very current example is the detection of behaviors and fraudulent transactions in banks. An application of interest is the use of the techniques developed for the detection of fraudulent behaviors in the identification of existing Users inside intelligent environments without need to realize a process of authentication. To verify these techniques are effective during the phase of analysis of a certain solution, it is necessary to create a platform that support the development, validation and evaluation of algorithms of learning and classification in the environments of application under study. The project proposed is defined for the creation of a platform that allows evaluating algorithms of machine learning as mechanisms of identification in intelligent spaces. There will be studied both the own algorithms of this type of technologies and the current existing platforms to define a set of specific requirements of the platform to develop. After the analysis the platform will develop partially. After the development it will be validated by prove of concept and finally verified in an environment of investigation that would be define.
Resumo:
The deployment of the Ambient Intelligence (AmI) paradigm requires designing and integrating user-centered smart environments to assist people in their daily life activities. This research paper details an integration and validation of multiple heterogeneous sensors with hybrid reasoners that support decision making in order to monitor personal and environmental data at a smart home in a private way. The results innovate on knowledge-based platforms, distributed sensors, connected objects, accessibility and authentication methods to promote independent living for elderly people. TALISMAN+, the AmI framework deployed, integrates four subsystems in the smart home: (i) a mobile biomedical telemonitoring platform to provide elderly patients with continuous disease management; (ii) an integration middleware that allows context capture from heterogeneous sensors to program environment¿s reaction; (iii) a vision system for intelligent monitoring of daily activities in the home; and (iv) an ontologies-based integrated reasoning platform to trigger local actions and manage private information in the smart home. The framework was integrated in two real running environments, the UPM Accessible Digital Home and MetalTIC house, and successfully validated by five experts in home care, elderly people and personal autonomy.
Resumo:
En los últimos años, la seguridad en redes y servicios ha evolucionado de manera exponencial debido al crecimiento de dispositivos conectados a Internet. Con el avance de las nuevas tecnologías es imprescindible dotar a cualquier servicio o dispositivo de la seguridad adecuada dado que éstos se pueden ver afectados por diversas amenazas tales como la accesibilidad, la integridad, la identidad del usuario, la disponibilidad y la confidencialidad de los datos. Cuando se trata de comunicaciones, la seguridad cobra especial importancia dado que los datos enviados a través de la red pueden ser interceptados por un agente no autorizado y utilizarlos para su propio beneficio o alterar su contenido. Para contrarrestar estos ataques, se han definido unos servicios de seguridad como son, por ejemplo, la confidencialidad y la integridad de los datos. Existen diversos mecanismos de seguridad que implementan estos servicios los cuales se apoyan en técnicas criptográficas. Desde el comienzo de las primeras comunicaciones se han desarrollado diferentes técnicas criptográficas que han ido evolucionando a la vez que éstas. La primera de estas técnicas conocida fue escítala lacedemonia en el siglo V a.C. Los éforos espartanos, que eran los que utilizaban dicha técnica, escribían el mensaje en una cinta de cuero o papiro enrollada en una vara de grosor variable. A continuación desenrollaban la cinta y la enviaban al receptor. Sí el mensaje era interceptado solo podrían leer una pila de letras sin sentido. Sí el mensaje llegaba al receptor, éste enrollaría de nuevo la cinta en una vara del mismo grosor que lo hizo el emisor y leería el mensaje. En este proyecto de fin de grado se va a realizar un estudio del estado de arte sobre mecanismos de seguridad para posteriormente diseñar e implementar un componente de seguridad que ofrecerá los servicios citados. Dicho componente se integrará en el sistema del proyecto Europeo I3RES como un servicio más de los definidos dentro del propio proyecto. Los servicios de seguridad que requiere el proyecto I3RES, y por tanto los que ofrecerá el componente, son los de autenticación, integridad, no repudio y confidencialidad. El proyecto I3RES basa su sistema en una arquitectura distribuida por lo que es necesario realizar un estudio del estado del arte sobre dichas arquitecturas para el correcto despliegue del componente en el sistema. Actualmente, la mayoría de los sistemas mantienen una arquitectura distribuida. Este tipo de arquitectura conecta distintos equipos y dispositivos que están separados físicamente mediante una red llamada middleware. Estos equipos trabajan conjuntamente para implementar un conjunto de servicios. En el documento presente se tratan todos los temas anteriormente citados y se detalla el componente a desarrollar así como las correspondientes pruebas de validación y las conclusiones obtenidas. ABSTRACT. Security in networks and services have been extensively developed in last decades due to the arising of multiple devices connected to Internet. Advances in new technologies enhanced the necessity of security requirements to in order to avoid several warnings such as accessibility, integrity, user identity, availability, and confidentiality of our data. In terms of communications, security is crucial due to data could be intercepted on Internet by non-authorised agents which could use them or even alter their content. In order to avoid this warnings, security services have been defined such as data confidentiality and integrity. There is several security mechanism which implement this services based on cryptographic techniques. In parallel to the evolution of communication, cryptographic technics have been also developed with. The most ancient of technics was described in s. V b.C called escitala lacedemonia. Spartan ephorts, which extensively used this method, were used to write messages on the surface of a leather tape or papyri which were rolled on a rod. Next, they unrolled the tape and they sent to the receptor. Whether the message was intercepted they just would be able to read a mess of letters without sense. On the other hand, if the message arrive to the proper receptor, he roll the tape again in a rod with similar anchor of the transmitter one which leads to the adequate read. This Degree Project is focused on an analysis of the state of art about security mechanism together with a design and implement of a security component which offered the services mentioned. This component will be integrated within the European project I3RES as one of the security elements defined inside the project. The security components required in project I3REs are authentication, integrity and non-repudiation will be offered by the designed component as well. Nowadays, the most of the systems maintain a distributed architecture. This type of architecture connect several devices which are physically separated by a network called middleware. This equipment work altogether to implement a set of services. This document is focused on all the topics mentioned as well as the details of the component developed together with the validation tests required and the conclusions obtained.
Resumo:
El proyecto se trata de una API de desarrollo para el DNI electrónico que permita crear de forma sencilla aplicaciones cuya funcionalidad se apoye en el uso del DNI electrónico. De esta forma, el framework facilita el acceso a las principales operaciones soportadas por el DNIe mediante la invocación de métodos sencillos. Una de las funcionalidades es la de realizar un proceso de autenticación con el DNIe utilizando para ello las capacidades criptográficas del chip que incorpora y el certificado de autenticación. Esta funcionalidad puede ser accedida también de forma dividida en dos pasos, para dar soporte a aplicaciones con arquitectura cliente-servidor. El framework también ofrece la funcionalidad de firma electrónica con el DNIe, una firma legalmente válida y que permite chequear también la integridad del mensaje firmado. También se soporta por el framework la comprobación de un certificado mediante el protocolo OCSP, funcionalidad que si bien no implica directamente al DNIe, sí que es importante en el marco de procesos que se ven involucrados en cualquier Infraestructura de Clave Pública. ABSTRACT The project is a development API for DNIe card that allows easily create applications whose functionality is supported in the use of DNIe. Thus, the framework provides access to the main operations supported by the DNIe by invoking simple methods. One of the features is to perform an authentication process with the DNIe using its chip’s capabilities and authentication certificate. This functionality can also be accessed so divided into two steps, to support applications with client-server architecture. The framework also provides the functionality of electronic signatures with DNIe, a legally valid signature and allows also check the integrity of the signed message. Verification of a certificate using OCSP, functionality but does not imply directly to DNIe is also supported by the framework, yes it is important in the context of processes that are involved in any Public Key Infrastructure.
Resumo:
Cross-contamination between cell lines is a longstanding and frequent cause of scientific misrepresentation. Estimates from national testing services indicate that up to 36% of cell lines are of a different origin or species to that claimed. To test a standard method of cell line authentication, 253 human cell lines from banks and research institutes worldwide were analyzed by short tandem repeat profiling. The short tandem repeat profile is a simple numerical code that is reproducible between laboratories, is inexpensive, and can provide an international reference standard for every cell line. If DNA profiling of cell lines is accepted and demanded internationally, scientific misrepresentation because of cross-contamination can be largely eliminated.
Resumo:
Seventeenth-century French painter, Georges de La Tour, was a forgotten artist. His rediscovery in the nineteenth century set off a firestorm of research and a hunt to find more works by the artist. One problem after another arose as scholars attempted to define the artist by his works, his style, and the remnants of his personal history. There remains a volume of contradictory reports, authentication issues, and new scientific techniques which continue to influence study on the artist.
Resumo:
As the user base of the Internet has grown tremendously, the need for secure services has increased accordingly. Most secure protocols, in digital business and other fields, use a combination of symmetric and asymmetric cryptography, random generators and hash functions in order to achieve confidentiality, integrity, and authentication. Our proposal is an integral security kernel based on a powerful mathematical scheme from which all of these cryptographic facilities can be derived. The kernel requires very little resources and has the flexibility of being able to trade off speed, memory or security; therefore, it can be efficiently implemented in a wide spectrum of platforms and applications, either software, hardware or low cost devices. Additionally, the primitives are comparable in security and speed to well known standards.
Resumo:
Systems biology is based on computational modelling and simulation of large networks of interacting components. Models may be intended to capture processes, mechanisms, components and interactions at different levels of fidelity. Input data are often large and geographically disperse, and may require the computation to be moved to the data, not vice versa. In addition, complex system-level problems require collaboration across institutions and disciplines. Grid computing can offer robust, scaleable solutions for distributed data, compute and expertise. We illustrate some of the range of computational and data requirements in systems biology with three case studies: one requiring large computation but small data (orthologue mapping in comparative genomics), a second involving complex terabyte data (the Visible Cell project) and a third that is both computationally and data-intensive (simulations at multiple temporal and spatial scales). Authentication, authorisation and audit systems are currently not well scalable and may present bottlenecks for distributed collaboration particularly where outcomes may be commercialised. Challenges remain in providing lightweight standards to facilitate the penetration of robust, scalable grid-type computing into diverse user communities to meet the evolving demands of systems biology.
Resumo:
Security protocols preserve essential properties, such as confidentiality and authentication, of electronically transmitted data. However, such properties cannot be directly expressed or verified in contemporary formal methods. Via a detailed example, we describe the phases needed to formalise and verify the correctness of a security protocol in the state-oriented Z formalism.
Resumo:
Security protocols are often modelled at a high level of abstraction, potentially overlooking implementation-dependent vulnerabilities. Here we use the Z specification language's rich set of data structures to formally model potentially ambiguous messages that may be exploited in a 'type flaw' attack. We then show how to formally verify whether or not such an attack is actually possible in a particular protocol using Z's schema calculus.
Resumo:
For the last several years, mobile devices and platform security threats, including wireless networking technology, have been top security issues. A departure has occurred from automatic anti-virus software based on traditional PC defense: risk management (authentication and encryption), compliance, and disaster recovery following polymorphic viruses and malware as the primary activities within many organizations and government services alike. This chapter covers research in Turkey as a reflection of the current market – e-government started officially in 2008. This situation in an emerging country presents the current situation and resistances encountered while engaging with mobile and e-government interfaces. The authors contend that research is needed to understand more precisely security threats and most of all potential solutions for sustainable future intention to use m-government services. Finally, beyond m-government initiatives' success or failure, the mechanisms related to public administration mobile technical capacity building and security issues are discussed.
Resumo:
The advent of personal communication systems within the last decade has depended upon the utilization of advanced digital schemes for source and channel coding and for modulation. The inherent digital nature of the communications processing has allowed the convenient incorporation of cryptographic techniques to implement security in these communications systems. There are various security requirements, of both the service provider and the mobile subscriber, which may be provided for in a personal communications system. Such security provisions include the privacy of user data, the authentication of communicating parties, the provision for data integrity, and the provision for both location confidentiality and party anonymity. This thesis is concerned with an investigation of the private-key and public-key cryptographic techniques pertinent to the security requirements of personal communication systems and an analysis of the security provisions of Second-Generation personal communication systems is presented. Particular attention has been paid to the properties of the cryptographic protocols which have been employed in current Second-Generation systems. It has been found that certain security-related protocols implemented in the Second-Generation systems have specific weaknesses. A theoretical evaluation of these protocols has been performed using formal analysis techniques and certain assumptions made during the development of the systems are shown to contribute to the security weaknesses. Various attack scenarios which exploit these protocol weaknesses are presented. The Fiat-Sharmir zero-knowledge cryptosystem is presented as an example of how asymmetric algorithm cryptography may be employed as part of an improved security solution. Various modifications to this cryptosystem have been evaluated and their critical parameters are shown to be capable of being optimized to suit a particular applications. The implementation of such a system using current smart card technology has been evaluated.
Resumo:
In recent years, interest in digital watermarking has grown significantly. Indeed, the use of digital watermarking techniques is seen as a promising mean to protect intellectual property rights of digital data and to ensure the authentication of digital data. Thus, a significant research effort has been devoted to the study of practical watermarking systems, in particular for digital images. In this thesis, a practical and principled approach to the problem is adopted. Several aspects of practical watermarking schemes are investigated. First, a power constaint formulation of the problem is presented. Then, a new analysis of quantisation effects on the information rate of digital watermarking scheme is proposed and compared to other approaches suggested in the literature. Subsequently, a new information embedding technique, based on quantisation, is put forward and its performance evaluated. Finally, the influence of image data representation on the performance of practical scheme is studied along with a new representation based on independent component analysis.
Resumo:
In a Ubiquitous Consumer Wireless World (UCWW) environment the provision, administration and management of the authentication, authorization and accounting (AAA) policies and business services are provided by third-party AAA service providers (3P-AAA-SPs) who are independent of the wireless access network providers (ANPs). In this environment the consumer can freely choose any suitable ANP, based on his/her own preferences. This new AAA infrastructural arrangement necessitates assessing the impact and re-thinking the design, structure and location of ‘charging and billing’ (C&B) functions and services. This paper addresses C&B issues in UCWW, proposing potential architectural solutions for C&B realization. Implementation approaches of these novel solutions together with a software testbed for validation and performance evaluation are addressed.
