Wilson Vicente Ruggiero

A Continuous Authentication System Based on User Behavior Analysis

This paper presents a continuous authentication system based on user behavior analysis that makes use of environmental context information, users’ behavior analysis and Neuro-Fuzzy Logic. This system must be able to acquire information in context, making them into a computational environment. This information is the basis of user behavior. The System, based on the evidences of the behavior, establishes if it can trust the user or not. According to the user behavior, levels of trust are released, to access the application software. Weights are attributed in the fuzzyfication process, according to the rules that were previously established for the parameters which help to establish the evidences of behavioral trust, in its different degrees. The neuro-fuzzy logic allows that the user behavioral database be continuously updated, interacting with the fuzzyfication mechanism, so as to keep trust levels updated according to the user behavior, in a more accurate and faithful way.

Scaling efficient code-based cryptosystems for embedded platforms

We describe a family of efficient codes for cryptographic purposes and dedicated algorithms for their manipulation. Our proposal is especially tailored for highly constrained platforms, becoming competitive with conventional schemes.

An Approach to Personalisation in E-learning

This paper presents an approach to personalisation in e-learning. The concept of a personalised learning policy (PLP) is introduced and its application in a learning management system (LMS) is detailed. Aiming to represent the criteria used in the system adaptation process, a data structure named orientation layer is proposed. The student current cognitive status is determined considering both the interactions between student and system and the aspects judged relevant to be observed. As a result, didactic contents and learning activities that match the pedagogical goals with the students preferences and skills are provided. That is, the LMS is endowed with a level of configurability and the system adaptive behaviour is consistent with the system users (i.e. teachers and students).

SMSCrypto: A lightweight cryptographic framework for secure SMS transmission

Despite the continuous growth in the number of smartphones around the globe, Short Message Service (SMS) still remains as one of the most popular, cheap and accessible ways of exchanging text messages using mobile phones. Nevertheless, the lack of security in SMS prevents its wide usage in sensitive contexts such as banking and health-related applications. Aiming to tackle this issue, this paper presents SMSCrypto, a framework for securing SMS-based communications in mobile phones. SMSCrypto encloses a tailored selection of lightweight cryptographic algorithms and protocols, providing encryption, authentication and signature services. The proposed framework is implemented both in Java (target at JVM-enabled platforms) and in C (for constrained SIM Card processors) languages, thus being suitable for a wide range of scenarios. In addition, the signature model adopted does not require an on-line infrastructure and the inherent overhead found in the Public Key Infrastructure (PKI) model, facilitating the development of secure SMS-based applications. We evaluate the proposed framework on a real phone and on SIM Card-comparable microcontroller.

A parallel k-partition method to perform Montgomery Multiplication

This paper proposes a new approach to speed up the Montgomery Multiplication by distributing the multiplier operand bits into k partitions that can process in parallel. Each partition executes in n/k steps. A computation step, although operating in radix 2k, has its complexity reduced by the use of a limited digit set. Experiments with a 90nm cell library show that the hardware cost and its complexity have a linear growth with the number of partitions. Besides the gain in speed, the approach provides 20% average reduction in energy consumption for multiplication operands with 256, 512, 1024, and 2048 bits.

PCE algorithm for traffic grooming and QoS in multi-layer/multi-domain IP over WDM networks

Differentiated services provision according to clients or applications is an added feature that network operators ambition to fully provide. One of the possible approaches is to map DiffServ into MPLS based network. However in an IP over WDM (Wavelength Division Multiplexing) network data flow traverse multiple layers and, therefore, Class-Type information from the MPLS DiffServ layer is eventually lost. Besides, with the implement of a Path Computation Element (PCE) on multi-layer and multi-domain networks, the bandwidth constraints used to differentiate services are no longer applied. This paper presents a proposal for a QoS DiffServ approach applied on PCE as a traffic grooming technique for WDM core networks and the problematic involved on the application of this technology on multilayer and multi-domain networks.

A distributed mechanism for trust propagation and consolidation in ad hoc networks

Trust is a persons knowledge of and confidence in anothers behavior and reputation This concept can be applied to ad hoc networks, whose entities interact based on some kinds of relationships of trust in each other This paper presents a trust model for ad hoc networks, using a specific metric to establish and associate the consolidated trust rating to their entities A distributed mechanism is defined to propagate and consolidate these trust ratings, enabling the entities of an ad hoc network to decide whether or not to trust other entities with which they intend to interact.

Multiple personal security domains

Mobility, usability and security are major requirements for any Ad Hoc network systems, and there have been numerous papers in regards to them. However, often these requirements are addressed separately. For a valid solution, these requirements must be considered from an integrated view. In this paper, taking into account mobility and usability, we implement a framework which allows to securely share resources and services between devices in Ad-hoc networks, based on security policies defined by the owners of those devices. In addition, we extend our framework to support inter-domain sharing of services and resources. We detail our design, present the preliminary results of our prototype, and discuss the lessons learned, in particular how user experience led to several re-designs of the initial security solution.

Challenges and Requirements of a Control Plane for Elastic Optical Networks

Elastic Optical Networks have emerged as a promising technology for the e cient use of optical network resources. Its adaptable characteristics and adjustable data rate enable operators to meet the diverse granularity of their clients needs. In order to automate an elastic optical network operation, a control plane is required. Wavelength Switched Optical Networks (WSON) may already rely on a robust control plane which enables dynamic network management, provides prompt demand reply optimizing spectrum use, and implements important network features as survivability strategies, di erentiated service, and grooming procedures. Due to its specific characteristics, Elastic Optical Networks may not implement traditional WSON control plane solutions without further enhancement. Therefore, recent research e orts have been focusing on developing the control plane for this new technology, in most cases by proposing extensions to the currently available architectures. This paper describes a survey on the current ongoing research e orts to define Elastic Optical Network control plane architecture. It identifies and classifies the most relevant proposals currently found in literature, and discusses how these propositions address the main requirements to design a control plane which enables automating the specific functions of an Elastic Optical Network.

Known User Continuous Authentication System for Consumer Application Software

This paper presents KUCAS (Known User Continuous Authentication System), a work-in-progress security system, that has a continuous authentication mechanism of users/consumers. The KUCAS system makes use of environmental context information, users behavior analysis, the behavior theories of Skinner and the Mathematical Confidence of Dempster-Shafer Evidences Theory, that establishes trust levels to authenticate the user by his behavior analysis, during an application software, in a specific domain of the computer networks, in a period of time. The dynamics of enclosed management in this system compares the current behavior with the users previous behaviors description and with the trust restrictions. In case of indications of changes in the users behavior, the system provides the behavior analysis of the user using database restrictions information. If there are uncertainties and divergences, mechanisms of security and alert signals are triggered.