Português English
 
 
   

   

SCHEDULE
Monday
08/27
Tuesday
08/28
Wednesday
08/29
Thursday
08/30
Friday
08/31
08:00 Registration/Reception SC1
SC2
08:30 SI1 SI5 TS1 TS4 SC1
WCAP WTICG
WCAP TS5 SC2
WCAP
10:00 Coffee-Break
10:20 SI2 SI6 TS2 TS6 SC1
WCAP WTICG
WCAP SC2
WCAP
12:20 Lunch CE SEG
Meeting 1
 
13:40 SI3 SI7 TS3 T1 SC3
WCAP WTICG
WCAP
WCAP SC4
15:40 Coffee-Break
16:00 SI4 WTICG
Award
KN1
T1
KN3
SC3
WCAP
SI8
17:00 SI4 Opening   SC4
WCAP
18:00   Cocktail   ST Award  
19:00  

 

  CE SEG
Meeting 2
 
20:30     Confraternization Dinner    

SI: Workshop on Information Security - SegInfo (Roxinho Auditorium)
ST1: Technical Session (Roxinho Auditorium)
ST2: Technical Session (Roxinho Auditorium)
ST3: Technical Session (Roxinho Auditorium)
ST4: Technical Session (Roxinho Auditorium)
ST5: Technical Session (Salão Nobre do CCMN)
ST6: Technical Session (Roxinho Auditorium)  
WCAP: Workshop on Cryptographic Algorithms and Protocols (CCMN Hall)            
WTICG:  Workshop of Scientific Initiation and Undergraduate Works (Maria Irene Mello Amphitheatre/NCE)
KN: Key Notes Speakers (Roxinho Auditorium)
T1:
Tutorial do SBSEG (Roxinho Auditorium)              
MC1: Short Course (Roxinho Auditorium)
MC2: Short Course(CCMN Hall)
MC3: Short Course (CCMN Hall)
MC4: Short Course (Roxinho Auditorium)
CE SEG Meeting 1 (MBI Auditorium)
CE SEG Meeting 2 (Luxor Hotel)
Opening (Roxinho Auditorium)
Cocktail (CCMN Hall)
Confraternization Dinner (Forte de Copacabana)

SEGINFO
  Monday - 08/27
09:00 – 10:00 Palestra Policial sobre aspectos da Segurança da Informação
(aguardando confirmação)
Demétrius Gonzaga de Oliveira
10:00 – 10:20 Coffee Break
10:20 – 11:20 “Estudo de caso sobre os problemas ocorridas
nas eleições de Alagoas em 2006.”
Clovis Torres Fernandes (ITA)
11:20 - 12:20 “O Brasil contra o Cibercrime.”
Jose Henrique Santos Portugal
12:20 – 13:40 Lunch
13:40 – 14:40 “Propagação de Malware através de Software Pirata.”
Jacomo Dimmit Boca Piccolini (CAIS/RNP)
14:40 - 15:40 “Propagação de Malware através de Software Pirata.”
Jacomo Dimmit Boca Piccolini (CAIS/RNP)
15:40 – 16:00 Coffee Break
16:00 – 18:00 “Aspectos jurídicos relacionados à Segurança da Informação.”
Omar Kaminski (CAIS/RNP)
 
  Tuesday - 08/28
08:40 – 10:00 “Aplicabilidades de criptografia baseada na identidade.”
Mehran Misaghi
10:00 – 10:20 Coffee Break
10:20 – 11:20 “Caixa de Ferramentas do Auditor de Redes Wi-Fi.”
Ronaldo Castro de Vasconcellos (CAIS/RNP)
11:20 - 12:20 “Covert channels: o que são, o que fazem e como se prevenir contra eles.”
Ivo de Carvalho Peixinho (Polícia Federal)
12:20 – 13:40 Lunch
13:40 – 15:40 “Blackberry e a Segurança Nacional”
Nelson Murilo de O. Rufino (Pangeia)

 

 WTICG Schedule – Tuesday 08/28

8h30 - 10h - WTICG 1: Algoritmos e Técnicas Criptográficas
Chair: Jorge Nakahara

Implementação em Hardware do Algoritmo MD5 - Melhoria em Termos de Área, Freqüência do Relógio e Consumo de Potência
Joao Oliveira, UERGS
Fernanda Kastensmidt, UFRGS

Curvas Elípticas: Aplicação em Criptografia Assimétrica
Pedro Lara, Fábio Borges, LNCC

Uma implementação de Infra-estrutura em Chaves Públicas Temporal
Guilherme Steinmann, UFSC
Geovani Ferreira da Cruz, UFSC

10h30 - 11h30  - WTICG 2: Biometria e Sistemas biométricos
Chair: Michelle Wangham

Sistema para Aquisição e Transferência Segura de Dados
Danilo Pinheiro da Silveira, UNIVEM
Marcio Delamaro, UNIVEM

Dinâmica da Digitação Aplicada a Ambientes Web
Rodrigo Pavezi, Rafael Andrade, Douglas Dyllon J. de Macedo, Aldo Wangenheim, UFSC

13:40 - 15:40  WTICG 3: Segurança de Sistemas
Chair: José Eduardo Brandão

Sistema de Monitoramento Remoto de Segurança (SMRS)
Tiago Barabasz, Vitor Afonso, Antonio Montes, CenPRA/MCT

Análise de Artefatos Maliciosos
Angelo Carvalho, UNICAMP; Luiz Otávio Duarte, CenPRA/MCT; Marcelo Carvalho Sacchetin, Antonio Montes, CenPRA/MCT

Aplicação web para cadastro e gerenciamento integrado de usuários com o protocolo LDAP
André Proto, Isabela de Oliveira,Allan Calderon, Eli de Melo, Adriano Cansian, UNESP

Implementação de um Modelo de Transposição de Autenticação para Serviços Web
Davi Böger, Joni da Silva Fraga, UFSC; Michelle Wangham, UNIVALI

 

TECHNICAL SESSIONS - SBSeg 2007
Wednesday, August 29, 2007  8:30 AM
TS1: Safety in Applications Chair: Paulo de Geus
SecBox: Uma abordagem para segurança de set-top boxes em TV Digital
Diego Carvalho, Mateus Milanez - USP, Brasil
; Mario Avelino - SCC-ICMC-USP, Brasil; Sarita Bruschi, Rudinei Goularte - ICMC - USP, Brasil.

Reconhecimento de padrões de comportamento individual baseado no histórico de navegação em um Web Site
Luiz Fernando Rust da Costa Carmo, Danielle Costa - NCE/UFRJ, Brasil.

RAWVec A Method for Watermarking Vector Maps
Douglas Marques, CGU – Controladoria Geral da União, Brasil
; Karina Magalhães, Ricardo Dahab - UNICAMP, Brasil.
Wednesday, 29 de agosto, 2007  10:20 AM
TS2: Algorithms and Cryptography Techniques Chair: Jorge Nakahara Junior
Linear Analysis of reduced-round CAST-128 and CAST-256
Jorge Nakahara Junior - Unisantos, Brasil;
Mads Rasmussen - USP, Brasil.

Uma versão mais forte do algoritmo RC6 contra criptanálise qui-quadrado
Routo Terada,
Eduardo Takeo Ueda - USP, Brasil.

Anonymous one-time broadcast using non-interactive dining cryptographer nets with applications to voting
Jeroen van de Graaf - UFMG, Brasil.

Strand spaces and fair exchange: More on how to trace attacks and security problems
Fabio Piva,
José Roberto Monteiro, Ricardo Dahab - UNICAMP, Brasil.
Wednesday, 29 de agosto, 2007  13:40 AM
TS3: Attack Detection and Risk Analysis Chair: Otto Carlos Muniz Bandeira
Avaliação de proteção contra ataques de negação de serviço distribuídos (DDoS) utilizando Lista de IPs Confiáveis
Luis Eduardo Oliveira, Rafael Aschoff, Bruno Lins,
Eduardo Feitosa, Djamel H. Sadok - UFPE, Brasil.

Uma Proposta de Marcação de Pacotes para Rastreamento Robusto a Ataques
Marcelo D. D. Moreira,
Otto Carlos Muniz Bandeira Duarte - UFRJ, Brasil; Rafael Laufer - UCLA, EUA; Pedro Velloso - UPMC, França.

Detecção de ataques de negativa de serviço por meio de fluxos de dados e sistemas inteligentes
Adriano M. Cansian,
Jorge Corrêa - UNESP, Brasil.

Métricas e Artefatos para a Priorização de Investimentos no Ajuste de Conformidade à Norma ISO 17799
Reinaldo Correia, André H. I. Azevedo, Luiz Fernando Rust da Costa Carmo - NCE/UFRJ, Brasil.

 

Thursday, August 39, 2007  08:30 AM
TS4: Safety in GRIDS and P2P Networks Chair: Carlos Maziero
Plataforma para efetivação de múltiplas políticas de controle de acesso em ambientes de grade computacional
Leonardo Mattes, Leonardo Militelli, João Antonio Zuffo - USP, Brasil.

Avaliação de Confiança Contextual em Grades Computacionais Multimodo usando Plataformas Seguras
Ricardo de Barros Costa, Luiz Fernando Rust da Costa Carmo - NCE/UFRJ, Brasil.


Corrupção, Mentiras e Isolamento: avaliação de impacto de ataques a BitTorrent
Rodrigo B. Mansilha, Marlom A. Konrath, Marinho P. Barcellos - UNISINOS, Brasil.
TS5: Short Papers Chair: Luci Pirmez
Blindagem de uma Grade Computacional utilizando TPM e Sandbox
Roberto Nemirovsky, Luiz Fernando Rust da Costa Carmo - NCE/ UFRJ, Brasil.

Merging Pret-a-Voter and PunchScan
Jeroen van de Graaf - UFMG, Brasil.


Certificados Otimizados para a validação eficiente da Assinatura Digital
Adriana Elissa Notoya, Ricardo Felipe Custódio, Fernando Carlos Pereira, Joni da Silva Fraga - UFSC, Brasil.


Avaliando Protocolos de Criptografia baseada em Emparelhamentos em Redes de Sensores Sem Fio
Leonardo B. Oliveira,
Felipe Daguano, Ricardo Dahab - UNICAMP, Brasil.
Thursday, August 30, 2007  10:20 AM
TS6: Safety Models Chair: Marinho Barcellos
Um Modelo Pragmático de Separação de Responsabilidades para o Controle de Acesso Baseado em Papéis
Bruno C. B. Figueiredo, Gustavo H. M. B. Motta - UFPB, Brasil.


Implementação de políticas UCON em um núcleo de sistema operacional
Rafael Coninck Teigao, Carlos A. Maziero, Altair Santin - PUC-PR, Brasil.

Extensões ao Modelo RBAC de Restrições para suporte a Obrigações do UCONabc
Edemilson Silva, Altair Santin,
Edgard Jamhour, Carlos A. Maziero - PUC-PR, Brasil; Emir Toktar - University of Paris VI, França.

Um Serviço de Autorização Java EE Baseado em Certificados de Atributos X.509
Stefan Guilhen,
Francisco Reverbel - USP, Brasil.

 

Key Notes
K1 - 8/29 (16h) - Prof. Claude Crépeau (MCGill University, Canadá)
Título da palestra: Cryptography of quantum information
CANCELLED!
K2 - 8/29 (17h) - Prof. Michel Abdalla (École Normale Supérieure, França)
Título da palestra: Password-based Authentication

Abstract:Password-based authenticated key exchange protocols are designed to be secure even when the secret key used for authentication is drawn from a small set of values (e.g., a 4-digit pin code). The main advantage of these protocols is that they do not require intricate authentication infrastructures since the secret key, which is called a password in this case, is easy to emember. Unfortunately, password-based protocols are always subject to attacks in which the adversary may succeed with non-negligible probability by simply guessing the password shared between users during its online attempt to impersonate one of these users. The main goal of password-based authenticated key exchange protocols is to restrict the adversary to this case only.

In this talk, I will consider some of the main difficulties in designing key exchange protocols based on passwords. I will start by reviewing some of the existing solutions in the 2-party case and then I will proceed to the case of authenticated group key exchange protocols based on passwords. When doing so, I will also show why some of these protocols are not secure. Finally, I will conclude my talk by presenting some interesting open problems related to password-based authentication.

 
K3 - 8/30 (17h) - Prof. Benoît Libert (Université Catholique de Louvain, Bélgica)
Título da palestra: Applications of Pairings in Cryptography
Abstract: Since their first uses for constructive purposes in 2000, pairings have given rise to a couple of new constructions and cryptographic protocols. The talk will illustrate this impact and give a survey of the nice applications permitted by pairings. We will also briefly discuss related underlying intractability assumptions.

 

TUTORIALS

T1: Securing ad hoc networks and vehicular communications

Panagiotis Papadimitratos

 

Part I (2h)

Our network access habits have been changing significantly over the last few years: 20 million wireless-enabled computers and 150 thousand locations for wireless broadband Internet access were available worldwide in 2006. At the same time, an increasing number of wireless community networks are being deployed, portable digital assistants are equipped with radio and infrared transceivers, cellular telephones offer alternative ways of data communication, and wireless sensing and actuating devices are becoming commonplace at home and in factories and hospitals. Overall, the network itself undergoes a gradual transformation: devices collaborate to support basic networking operations, i.e., routing and data forwarding and dissemination, essentially becoming the network.

Mobile ad hoc networking will play a central role, enabling communication across multiple wireless links (hops) in a self-organized manner, without a fixed infrastructure. However, assuming that network entities participate voluntarily and assist the network operation is utopian, as experience from the (wire-line) Internet teaches. Compared to traditional networks, ad hoc networking infrastructures are less protected and hard to monitor and manage. The challenge lies exactly in securing the ad hoc network operation, because any malicious or selfish network entity can disrupt, degrade, or even deny communication of other entities. Security is paramount for both civilian and tactical applications. Users would have no incentive to embrace new products if, for example, they cannot access their services and get the quality they pay for or if their privacy is at stake. Similarly, a General or a Police Commissioner would not endorse networking technologies that do not guarantee secure and reliable communications in a battlefield or an emergency situation.

In the first part of the tutorial, we discuss why it is necessary to redesign security for ad hoc networks, and present basic concepts and protocols from the literature on how to thwart attacks. We focus on fundamental security issues, including: the establishment of secure associations among nodes, the secure discovery of communication paths in the network, that is, of neighbor and route discovery, and the security of data communications.

Part II (1h)

Vehicular communications (VCs) and vehicular ad hoc networks (VANETs) lie at the core of several on-going industry and academic research initiatives. Vehicles and roadside infrastructure units equipped with sensors, computers, and wireless transceivers enable a range of applications that enhance transportation safety and efficiency. VCs offer a rich set of tools but also make possible a formidable set of abuses. For example, an adversary could 'contaminate' large portions of the VANET with false information; or, intercept vehicle-originating messages, track the vehicle location and transactions, and infer sensitive information about their passengers. Without security mechanisms, VCs can make antisocial and criminal behavior easy, essentially jeopardizing the benefits of the VCs systems deployment.

In the second part of the tutorial, we discuss this new and uniquely constrained problem: how to secure vehicular communications. First, we discuss design principles and requirements as well as elements of a secure VCs architecture. Then, we present mechanisms that safeguard different aspects of the VCs system operation, including mechanisms to enhance privacy yet provide strong security, to secure communication, to evict misbehaving or faulty nodes, and to extend the traditional notion of trust to data-centric trust, that is, attribute trustworthiness to node-reported data per se. The presented results reflect recent work, jointly with researchers of the Univ. of Maryland and the Pol. of Torino, as well as the SeVeCom and Car-2-Car communication consortia.
 
Panagiotis Papadimitratos received his PhD degree in Electrical and Computer Engineering from Cornell University Ithaca, NY, in 2005. He joined then the Department of Electrical and Computer Engineering at Virginia Tech, Blacksburg, VA, as a research associate. Panos is currently a senior researcher with the School of Computer and Communication Sciences at EPFL. His research is concerned with networking protocols, network security, ad hoc and sensor networks, and wireless and mobile systems. He has authored more than 40 technical publications on these topics. He has served in the technical program committees of numerous conferences and workshops, among which are ACM ASIACCS, ACM WiSec, ACM VANET, and IEEE MASS. He has delivered several invited talks and lectures, including a tutorial on security and cooperation in wireless networks delivered at ACM MobiCom 2007. His personal website is http://people.epfl.ch/panos.papadimitratos.

 

 

Organized by: Núcleo de Computação Eletrônica