A Proposed Blockchain-Based Voting System with User Authentication through Biometrics

Transparency and security in an electoral process are fundamental to the legitimacy of the results and the confidence of voters. Thus, it is necessary to assess opportunities to improve traditional voting systems. Among the main problems is the lack of transparency, due to the impossibility of a voter checking their vote and the lack of access to the source from which the results are obtained. Another problem is mobility, due to the impossibility of performing remote voting, as traditional voting systems continue to require the physical presence of the voter in an electoral zone. Thus, the objective of this work is to propose a voting system that is functional, transparent, safe, and accessible to everyone. Voters can vote through a mobile application with biometric authentication using fingerprint and password access. In our proposal, votes are registered in an Ethereum Blockchain through a Smart Contract, allowing the voter to check their vote. The results are expected to collaborate with the evolution of studies necessary to improve traditional voting systems, especially in fundamental aspects such as security, transparency, and mobility.

A Survey on Machine Learning Adversarial Attacks

It is becoming notorious several types of adversaries based on their threat model leverage vulnerabilities to compromise a machine learning system. Therefore, it is important to provide robustness to machine learning algorithms and systems against these adversaries. However, there are only a few strong countermeasures, which can be used in all types of attack scenarios to design a robust artificial intelligence system. This paper is structured and comprehensive overview of the research on attacks to machine learning systems and it tries to call the attention from developers and software houses to the security issues concerning machine learning.

FlexAEAD v1.1 -A Lightweight AEAD Cipher with Integrated Authentication

This paperdescribes a symmetrical block cipher family – FlexAEAD v1.1. This is an updated version of the work presented as round 1 candidate on the contest for NIST lightweight crypto standardization process. It was engineered to be lightweight, consuming less computational resources than other ciphers and to work with different block and key sizes. Other important characteristic is to integrate the authentication on its basic algorithm. This approach is helps to reduce the resource needs. The algorithm capacity to resist against linear and different cryptanalysis attacks was evaluated. The FlexAEAD also supports the authentication of the Associated Data (AD). The version 1.1 makes the algorithm resistant to iterated differential attacks. It also resolves a padding attack on the AD that allowed messages to have the same tag if the last AD block was filled with zeros.

Environment for Threat Intelligence Analysis and Generation using Open Sources

Analyzing attacks on computer networks is complex given the volume of data considered and the large number of machines, even in small networks. The volume of data is large and the time to process and analyze it is short. The goal is to extract and analyze information about network attacks that has been obtained from open sources. Using a robust, elastic and scalable architecture that makes use of processing techniques with the use of Hadoop so that the information is available in a timely manner. With the proposed architecture implemented all the desired characteristics were obtained allowing the processing of the data in near real time. The system provides intelligence information about large-scale attacks with agility and efficiency.

Stories Behind a Minuscule Chinese Chip

We begin by examining the context of a political media campaign launched in October of 2018 in the scope of the North Atlantic Treaty Organization military alliance, aimed at disseminating among IT managers, with backing from general public opinion, perceptions of new risks in the use of electronic microchips fabricated by Chinese companies, for use in sensitive computational platforms. We then contrast theses actions, which occur at the intersection of psychological and informational cyber fronts of the contemporary form of warfare (hybrid, 4th generation), with a similar type of risks inherent to the model for informatization of the federalized electoral process in Brazil, chosen more than twenty years ago and since frozen. Such contrast signals the presence of some form of geopolitical and/or ideological filtering, active in the mapping and evaluation of risks through scientific, legal and lay narratives on cibersecurity, regarding either embedded systems for military use, such as in weapons’ controls, or for civilian purposes, such as in electronic voting systems.

A WIRELESS SECURE KEY DISTRIBUTION SYSTEM WITH NO COURIERS: A ONE-TIME-PAD REVIVAL

<p>Among the problems to guarantee secrecy for in-transit information, the difficulties involved in renewing cryptographic keys in a secure way using couriers, the perfect secrecy encryption method known as One-Time-Pad (OTP) became almost obsolete. Pure quantum key distribution (QKD) ideally offers security for key distribution and could revive OTP. However, special networks that may need optical fibers, satellite, relay stations, expensive detection equipment compared with telecom technology and the slow protocol offer powerful obstacles for widespread use of QKD.<br />Classical encryption methods flood the secure communication landscape. Many of them rely its security on historical difficulties such as factoring of large numbers - their alleged security sometimes are presented as the difficulty to brake encryption by brute force. The possibility for a mathematical breakthrough that could make factoring trivial are poorly discussed. <br /> This work proposes a solution to bring perfect secrecy to in-transit communication and without the above problems. It shows the key distribution scheme (nicknamed KeyBITS Platform) based on classical signals carrying information but that carry with them recordings of quantum noise. Legitimate users start with a shared information of the coding bases used that gives them an information advantage that allows easy signal recovery. The recorded noise protects the legitimate users and block the attacker's access.<br /> This shared information is refreshed at the end of each batch of keys sent providing the secret shared information for the next round. With encryption keys distilled from securely transmitted signals at each round OTP can be revived and at fast speeds.</p>

Click Fraud Detection and Prevention System for Ad Networks

Click fraud detection consists of identifying the intention behind received clicks, given only technical data and context information. Reviewing concepts involved in click fraud practices and related work, a system that detects and prevents this type of fraud is proposed and implemented. The system is based and implemented on an ad network, one of the 3 main agents in the online ad environment, and for its validation, 3 servers were used, representing the publisher, the ad network with the system implemented and the announcer, and a bot that attempts to commit a click fraud.

A Fuzzy Model for Knowledge Base IoT Information Security Evaluation

Internet of Things (IoT) accelerating growth exposes many unsecured issues related to the design and the usage of network integrated devices. This paper presents a fuzzy evaluation method, based on both IOT hardware/software developers’ and users’ knowledge, creating an novel model to aid correctness actions over security procedures, in order to increase the IOT safeness usage. This method combines both the developer’s and user’s perspectives, creating an integrated adaptive evaluation attached to the Information Technology security standards and best practices guidelines. The proposed evaluation method is divided by categories, each one composed of security control clauses and their corresponding action recommendation. The user perspective of such evaluation method was applied into a service company, and the developer perspective was defined by an IoT device manufacturer. The obtained results have shown that the evaluation method enhances both the manufacturer security awareness and the IOT users experience in the improvement of security IoT issues.

BYOD with Security

<p class="IndexTerms">The concern of companies to keep sensitive data protected from improper access and information leaking has grown a lot. The constant cases of industrial espionage and information leakage regarding companies are an evidence of the need to apply strict information security policies, improve data protection and allow an auditing track. With the evolution of technology, the usage of personal mobile devices increased in organizations (BYOD - Bring Your Own Device), which allows the employees to use their own mobile devices at work. This paper addresses the current challenges faced by IT companies and teams in protecting access to this kind of information, and what strategies are used to mitigate, to track leaks, and reduce the misuse of documents in the organization. Considering the scenario evaluated, a framework with good Information Security practices based on the ISO 27002:2005 and the practical controls of the Center of Internet Security (CIS) is proposed, associating good practices with the needs of BYOD’s culture. The framework suggested in this paper reinforces the necessity for a standardization of the rules of information security in the process of adoption of BYOD’s culture, following the life cycle of the user with his personal mobile device in the company.</p><p class="IndexTerms"> </p><p class="IndexTerms"> </p>