Ray-tracing assessment of the robustness of Physical Layer Security key generation protocol

Nowadays, information security is a very important topic. In particular, wireless networks are experiencing an ongoing widespread diffusion, also thanks the increasing number of Internet Of Things devices, which generate and transmit a lot of data: protecting wireless communications is of fundamental importance, possibly through an easy but secure method. Physical Layer Security is an umbrella of techniques that leverages the characteristic of the wireless channel to generate security for the transmission. In particular, the Physical Layer based-Key generation aims at allowing two users to generate a random symmetric keys in an autonomous way, hence without the aid of a trusted third entity. Physical Layer based-Key generation relies on observations of the wireless channel, from which harvesting entropy: however, an attacker might possesses a channel simulator, for example a Ray Tracing simulator, to replicate the channel between the legitimate users, in order to guess the secret key and break the security of the communication. This thesis work is focused on the possibility to carry out a so called Ray Tracing attack: the method utilized for the assessment consist of a set of channel measurements, in different channel conditions, that are then compared with the simulated channel from the ray tracing, to compute the mutual information between the measurements and simulations. Furthermore, it is also presented the possibility of using the Ray Tracing as a tool to evaluate the impact of channel parameters (e.g. the bandwidth or the directivity of the antenna) on the Physical Layer based-Key generation. The measurements have been carried out at the Barkhausen Institut gGmbH in Dresden (GE), in the framework of the existing cooperation agreement between BI and the Dept. of Electrical, Electronics and Information Engineering "G. Marconi" (DEI) at the University of Bologna.

Estudio político-criminal y dogmático sobre los delitos de financiación ilegal de partidos políticos

En el año 2012, el legislador español modificó el artículo 31 bis CP de modo que los partidos políticos quedaban sometidos al régimen de responsabilidad penal previsto para las personas jurídicas, tras haber sido excluidos del mismo en el año 2010. Tres años más tarde, en 2015, fruto del Plan de Regeneración Democrática del Partido Popular, se aprobó la última reforma al sistema de financiación de los partidos políticos, en la que se prohibieron las donaciones procedentes de personas jurídicas o se limitó la cantidad máxima donada por una persona física a 50.000 euros anuales. Ese mismo año 2015, se introdujeron en nuestro ordenamiento jurídico los delitos de financiación ilegal de los partidos políticos. Este conjunto de reformas dibujó un panorama completamente renovado en el ámbito de la financiación ilícita de las formaciones políticas. Así pues, el presente trabajo constituye un estudio omnicomprensivo en el que se busca analizar el fenómeno de la financiación ilegal de los partidos políticos en su conjunto, desde la regulación administrativa de la financiación de las formaciones políticas, hasta los nuevos tipos penales de financiación ilegal y la compleja aplicación del régimen de responsabilidad criminal de las personas jurídicas a las organizaciones partidistas. En este sentido, nuestro fin último ha sido aportar las claves interpretativas necesarias para que los operadores jurídicos puedan hacer frente a los distintos supuestos de financiación ilegal de los partidos políticos.

Quantum computing and post-quantum cryptography

One of the main practical implications of quantum mechanical theory is quantum computing, and therefore the quantum computer. Quantum computing (for example, with Shor’s algorithm) challenges the computational hardness assumptions, such as the factoring problem and the discrete logarithm problem, that anchor the safety of cryptosystems. So the scientific community is studying how to defend cryptography; there are two defense strategies: the quantum cryptography (which involves the use of quantum cryptographic algorithms on quantum computers) and the post-quantum cryptography (based on classical cryptographic algorithms, but resistant to quantum computers). For example, National Institute of Standards and Technology (NIST) is collecting and standardizing the post-quantum ciphers, as it established DES and AES as symmetric cipher standards, in the past. In this thesis an introduction on quantum mechanics was given, in order to be able to talk about quantum computing and to analyze Shor’s algorithm. The differences between quantum and post-quantum cryptography were then analyzed. Subsequently the focus was given to the mathematical problems assumed to be resistant to quantum computers. To conclude, post-quantum digital signature cryptographic algorithms selected by NIST were studied and compared in order to apply them in today’s life.

Cyber threat intelligence: identifying hardcoded secrets in GitHub

The usage of version control systems and the capabilities of storing the source code in public platforms such as GitHub increased the number of passwords, API Keys and tokens that can be found and used causing a massive security issue for people and companies. In this project, SAP's secret scanner Credential Digger is presented. How it can scan repositories to detect hardcoded secrets and how it manages to filter out the false positives between them. Moreover, how I have implemented the Credential Digger's pre-commit hook. A performance comparison between three different implementations of the hook based on how it interacts with the Machine Learning model is presented. This project also includes how it is possible to use already detected credentials to decrease the number false positive by leveraging the similarity between leaks by using the Bucket System.