Minicursos do XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Palavras-chave:
Minicursos SBSeg 2023, SBSeg 2023, Segurança da InformaçãoSinopse
O Livro de Minicursos do XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg) traz a versão escrita das propostas aceitas e apresentadas nesta edição do SBSeg. Nos minicursos do SBSeg há conteúdos mais práticos e também mais próximos da fronteira do conhecimento na área de cibersegurança, assim temos minicursos mais aplicados e mais teóricos nesta edição do SBSeg. Os 6 capítulos do livro de minicursos versam sobre temas como: Autenticação e Autorização: antigas demandas, novos desafios e tecnologias emergentes; Provendo Segurança em Cidades Inteligentes: Aplicações, Desafios e Tendências em Mobilidade Elétrica e Tarifação Inteligente com NFTs; Introdução à Análise de Códigos Maliciosos para ambiente Windows; e Protegendo Redes de Computadores na Era do Plano de Dados Programáveis. Estes capítulos do livro de minicursos tem o objetivo de atualizar os conhecimentos de profissionais que já atuam em cibersegurança e dar formação a estudantes com conteúdo que normalmente não são abordados em cursos da área.
Capítulos
-
1. Explorando esquemas criptográficos pós-quânticos considerados pelo NIST com implementação em Sage
-
2. Sistemas de Votação Fim-a-Fim: Teoria e Prática
-
3. Introdução à Engenharia Social: da Psicologia Cognitiva aos Ataques Automatizados
-
4. Ameaças e Vulnerabilidades em Open RAN: Desafios e Soluções
-
5. Desenvolvimento ágil de software seguro e a cultura DevSecOps
-
6. Proteção de Sistemas Biométricos
Downloads
Referências
(2014). Avoiding the top ten security flaws. URL: [link].
(2019). Software security takes a champion – a short guide on building and sustaining a successful security champions program. URL: [link].
(2020). Owasp web security testing guide v4.2. URL: [link].
(2021). Owasp top 10 – 2021. URL: [link].
(2021). Six pillars of devsecops series. URL: [link].
(2023). Owasp api security top 10. URL: [link].
(n.d.). Apa dictionary of psychology - american psychological association.
Abdalla, A. S. e Marojevic, V. (2023). End-to-end O-RAN security architecture, threat surface, coverage, and the case of the open fronthaul. arXiv preprint arXiv:2304.05513.
Abdalla, A. S., Upadhyaya, P. S., Shah, V. K. e Marojevic, V. (2022). Toward next generation open radio access networks: What O-RAN can and cannot do! IEEE Network, 36(6):206–213.
Abouaomar, A., Taik, A., Filali, A. e Cherkaoui, S. (2022). Federated learning for RAN slicing in beyond 5G networks. arXiv preprint arXiv:2206.11328.
Adesina, D., Hsieh, C.-C., Sagduyu, Y. E. e Qian, L. (2023). Adversarial machine learning in wireless communications using RF data: A review. IEEE Communications Surveys & Tutorials, 25(1):77–100.
Adida, B. (2008). Helios: Web-based open-audit voting. In USENIX security symposium, volume 17, pages 335–348.
Al-Charchafchi, A., Manickam, S., and Alqattan, Z. N. (2019). Threats against information privacy and security in social networks: A review. In International Conference on Advances in Cyber Security, pages 358–372. Springer.
Alagic, G., Apon, D., Cooper, D., Dang, Q., Dang, T., Kelsey, J., Lichtinger, J., Miller, C., Moody, D., Peralta, R., et al. (2022). Status report on the third round of the NIST post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology.
Ancis, J. R. (2020). The Age of Cyberpsychology: An Overview. Technology, Mind, and Behavior, 1(1). [link].
Aragon, N., Barreto, P. S. L. M., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.-C., Gaborit, P., Ghosh, S., Gueron, S., Güneysu, T., Aguilar-Melchor, C., Misoczki, R., Persichetti, E., Richter-Brockmann, J., Sendrier, N., Tillich, J.-P., Vasseur, V., and Zémor, G. (2022). BIKE: Bit flipping key encapsulation. [link].
Araújo, L., Sucupira, L., Lizarraga, M., Ling, L., and Yabu-Uti, J. (2005). User authentication through typing biometrics features. IEEE transactions on signal processing, 53(2):851–855.
Armknecht, F., Boyd, C., Carr, C., Gjøsteen, K., Jäschke, A., Reuter, C. A., and Strand, M. (2015). A guide to fully homomorphic encryption. Cryptology ePrint Archive, Paper 2015/1192. [link].
Arnaz, A., Lipman, J., Abolhasan, M. e Hiltunen, M. (2022). Toward Integrating Intelligence and Programmability in Open Radio Access Networks: A Comprehensive Survey. IEEE Access, 10:67747–67770.
Attrill-Smith, A., Fullwood, C., Keep, M., and Kuss, D. J. (2019a). The online self. In The Oxford Handbook of Cyberpsychology, pages 17–34. Oxford University Press.
Attrill-Smith, A., Fullwood, C., Keep, M., and Kuss, D. J. (2019b). The Oxford Handbook of Cyberpsychology. Oxford University Press.
Avanzi, R., Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J. M., Schwabe, P., Seiler, G., and Stehlé, D. (2019). CRYSTALS-Kyber: Algorithm specifications and supporting documentation (2020). NIST PQC Round, 2(4):1–43.
Azariah, W., Bimo, F. A., Lin, C.-W., Cheng, R.-G., Jana, R. e Nikaein, N. (2022). A survey on open radio access networks: Challenges, research directions, and open source approaches. arXiv preprint arXiv:2208.09125.
Bai, S., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., and Stehlé, D. (2021). CRYSTALS-Dilithium: Algorithm specifications and supporting documentation (version 3.1). NIST Post-Quantum Cryptography Standardization Round, 3.
Balakrishnan, S., Venkatesan, V. K., and Syed Shahul Hameed, M. (2021). An embarking user friendly palmprint biometric recognition system with topnotch security. pages 1028–1032.
Bayer, J. B., Triêu, P., and Ellison, N. B. (2020). Social media elements, ecologies, and effects. Annual Review of Psychology, 71(1):471–497.
Beal, A. (2005). Segurança da informação: Princípios e melhores práticas para a proteção dos ativos de informação nas organizações. Atlas.
Benaloh, J. (2006). Simple verifiable elections. In Proceedings of the USENIX/Accurate Electronic Voting Technology Workshop 2006 on Electronic Voting Technology Workshop, pages 5–5.
Benaloh, J. and Naehrig, M. (2022). Electionguard specification 1.1. Technical report, Microsoft Research. [link].
Benias, N. and Markopoulos, A. P. (2017). A review on the readiness level and cyber-security challenges in industry 4.0. In 2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), pages 1–5. IEEE.
Berlekamp, E. R., McEliece, R. J., and Van Tilborg, H. C. (1978). On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory, 24(3):384–386.
Berlinski, N., Doyle, M., Guess, A. M., Levy, G., Lyons, B., Montgomery, J. M., Nyhan, B., and Reifler, J. (2021). The effects of unsubstantiated claims of voter fraud on confidence in elections. Journal of Experimental Political Science, pages 1––16.
Bernstein, D. J., Chou, T., Lange, T., Misoczki, R., Niederhagen, R., Persichetti, E., Schwabe, P., Szefer, J., and Wang, W. (2019a). Classic McEliece: conservative code-based cryptography. NIST submissions.
Bernstein, D. J., Hülsing, A., Kölbl, S., Niederhagen, R., Rijneveld, J., and Schwabe, P. (2019b). The SPHINCS+ signature framework. In Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pages 2129–2146.
Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Commun. ACM, 13(7):422–426.
Bolle, R. M., Connell, J. H., Pankanti, S., Ratha, N. K., and Senior, A. W. (2013). Guide to biometrics. Springer Science & Business Media.
Braga, A. and Dahab, R. (2015a). A Survey on Tools and Techniques for the Programming and Verification of Secure Cryptographic Software. In XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais — SBSeg 2015, pages 30–43, Florianópolis, SC, Brazil.
Braga, A. and Dahab, R. (2015b). Introdução à Criptografia para Programadores: Evitando Maus Usos da Criptografia em Sistemas de Software. In Caderno de minicursos do XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais — SBSeg 2015, pages 1–50. Sociedade Brasileira de Computação.
Braga, A. and Dahab, R. (2016). Mining Cryptography Misuse in Online Forums. In 2016 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 143–150.
Braga, A. and Dahab, R. (2017). A Longitudinal and Retrospective Study on How Developers Misuse Cryptography in Online Communities. In XVII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg’17), Brasília, DF, Brazil.
Braga, A. and Dahab, R. (2018). Criptografia assimétrica para programadores - evitando outros maus usos da criptografia em sistemas de software. In Caderno de minicursos do XVIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais — SBSeg 2018, pages 1–50. Sociedade Brasileira de Computação.
Braga, A. and Dahab, R. (2019). Introdução à criptografia para administradores de sistemas com tls, openssl e apache mod_ssl. In Minicursos do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2019). Sociedade Brasileira de Computação.
Braga, A., Dahab, R., Antunes, N., Laranjeiro, N., and Vieira, M. (2017). Practical Evaluation of Static Code Analysis Tools for Cryptography: Benchmarking Method and Case Study. In The 28th IEEE International Symposium on Software Reliability Engineering (ISSRE).
Braga, A., Dahab, R., Antunes, N., Laranjeiro, N., and Vieira, M. (2019). Understanding how to use static analysis tools for detecting cryptography misuse in software. IEEE Transactions on Reliability, 68(4):1384–1403.
Braga, A., do Nascimento, E. N., da Palma, L. R., and Rosa, R. P. (2012). Introdução à segurança de dispositivos móveis modernos–um estudo de caso em android. Sociedade Brasileira de Computação.
Brik, B., Boutiba, K. e Ksentini, A. (2022). Deep Learning for B5G Open Radio Access Network: Evolution, Survey, Case Studies, and Challenges. IEEE Open Journal of the Communications Society, 3:228–250.
Buchanan, E. A. and Zimmer, M. (2021). Internet research ethics. In Zalta, E. N., editor, The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University, summer 2021 edition.
Camisani-Calzolari, M. (2012). Analysis of twitter followers of the us presidential election candidates: Barack obama and mitt romney. Online). [link].
Carr, C. T. and Hayes, R. A. (2015). Social media: defining, developing, and divining. Atlantic Journal of Communication, 23(1):46–65.
Castells, M. (2002). A sociedade em rede. Editora Paz e Terra.
Chaum, D. and Pedersen, T. P. (1992). Wallet databases with observers. In Annual international cryptology conference, pages 89–105. Springer.
Chaum, D. L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84–90.
Chaum, D., Carback, R. T., Clark, J., Liu, C., Nejadgholi, M., Preneel, B., Sherman, A. T., Yaksetig, M., Zhang, B., et al. (2021). Votexx: Coercion resistance for the real world (preliminary extended abstract). UMBC Student Collection.
Chaum, D., Carback, R., Clark, J., Essex, A., Popoveniuc, S., Rivest, R. L., Ryan, P. Y., Shen, E., Sherman, A. T., et al. (2008). Scantegrity ii: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. EVT, 8(1):13.
Chaum, D., Ryan, P. Y., and Schneider, S. (2005). A practical voter-verifiable election scheme. In Computer Security–ESORICS 2005: 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005. Proceedings 10, pages 118–139. Springer.
Chen, C., Danba, O., Hoffstein, J., Hülsing, A., Rijneveld, J., Schanck, J. M., Saito, T., Schwabe, P., Whyte, W., Xagawa, K., Yamakawa, T., and Zhang, Z. (2020). NTRU: Algorithm specifications and supporting documentation. Brown University and Onboard security company, Wilmington USA.
Chen, L., Jordan, S., Liu, Y.-K., Moody, D., Peralta, R., Perlner, R. A., and Smith-Tone, D. (2016). Report on post-quantum cryptography, volume 12. US Department of Commerce, National Institute of Standards and Technology.
Chen, M. e et al. (2021). A joint learning and communications framework for federated learning over wireless networks. IEEE Transactions on Wireless Communications, 20(1):269–283.
Collier, H., Morton, C., Alharthi, D., and Kleiner, J. (2023). Cultural influences on information security. In European Conference on Cyber Warfare and Security, volume 22, pages 143–150.
Commission, U. E. A. (2023). End to End (E2E) protocol evaluation process. [link]. Acessado em 2 de abril de 2023.
Conrads, J. (2019). Ddos attack fingerprint extraction tool : making a flow-based approach as precise as a packet-based. [link].
Costa, L. R., Obelheiro, R. R., and Fraga, J. S. (2006). Introdução à Biometria. In Minicursos do VI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, volume 1, page 49. SBC, Santos/SP.
Couto, R. S., Cruz, P., Campista, M. E. M. e Costa, L. H. M. K. (2023a). Using public datasets to train O-RAN deep learning models. Em 2st International Conference on 6G Networking (6GNet), p. 1–8. Artigo aceito para publicação (convidado).
Couto, R. S., Mattos, D. M. F., Moraes, I. M., Cruz, P., Medeiros, D. S. V., Souza, L. A. C., Táparo, F. G., Campista, M. E. M. e Costa, L. H. M. K. (2023b). Gerenciamento e orquestração de serviços em O-RAN: Inteligência, tendências e desafios. Em Minicursos do XLI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC 2023), p. 1–52.
Cramer, R., Damgård, I., and Schoenmakers, B. (1994). Proofs of partial knowledge and simplified design of witness hiding protocols. In Annual International Cryptology Conference, pages 174–187. Springer.
Cross, J. and Smith, C. (1995). Thermographic imaging of the subcutaneous vascular network of the back of the hand for biometric identification. In Proceedings The Institute of Electrical and Electronics Engineers. 29th Annual 1995 International Carnahan Conference on Security Technology, pages 20–35. IEEE.
Crossler, R. and Bélanger, F. (2014). An extended perspective on individual security behaviors. ACM SIGMIS Database, 45(4):51–71.
Culot, G., Fattori, F., Podrecca, M., and Sartor, M. (2019). Addressing industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3):79–86.
D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., and Vercauteren, F. (2018). Saber: Module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In Progress in Cryptology–AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings 10, pages 282–305. Springer.
da Silva, J., Braga, A., Rubira, C., and Dahab, R. (2019). An approach for adaptive security of cloud applications within the atmosphere platform. In Anais do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 397–402. SBC.
Darwish, A., Zarka, A. E., and Aloul, F. (2012). Towards understanding phishing victims’ profile. In 2012 International Conference on Computer Systems and Industrial Informatics, pages 1–5.
Das, S. K., Chowdhury, S. S. e Das, S. K. (2017). A survey on resource allocation in cloud computing: Issues and challenges. IEEE Transactions on Cloud Computing, 5(2):358–378.
Davaslioglu, K. e Sagduyu, Y. E. (2019). Trojan attacks on wireless signal classification with adversarial machine learning. Em IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN), p. 1–6.
de Oliveira, N. R., Moraes, I. M., Medeiros, D. S. V., Andreoni, M. e Mattos, D. M. F. (2023). An agile conflict-solving framework for intentbased management of service level agreement. Em 2st International Conference on 6G Networking (6GNet), p. 1–8. Artigo aceito para publicação (convidado).
de Souza Pereira, L. A., Vicentine, A. L., and Rizo, A. C. (2022). Impactos da engenharia social na segurança da informação. Revista Brasileira em Tecnologia da Informação, 4(1):48–58.
Dewangan, M. and Kaushal, R. (2016). Socialbot: Behavioral analysis and detection. In International Symposium on Security in Computing and Communication, pages 450–460. Springer.
Dickerson, J. P., Kagan, V., and Subrahmanian, V. (2014). Using sentiment to detect bots on twitter: Are humans more opinionated than bots? In 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pages 620–627.
Dik, D. e Berger, M. S. (2023). Open-RAN fronthaul transport security architecture and implementation. IEEE Access, 11:46185–46203.
ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE transactions on information theory, 31(4):469–472.
Faria, B. G. (2014). Implementação e avaliação do abid (aplicativo biométrico de impressão digital) utilizando o método fuzzy vault e ferramentas open source. Master’s thesis, Universidade Presbiteriana Mackenzie.
Ferrara, E., Varol, O., Davis, C., Menczer, F., and Flammini, A. (2016). The rise of social bots. Communications of the ACM, 59(7):96–104.
Fiandrino, C., Attanasio, G., Fiore, M. e Widmer, J. (2022). Toward native explainable and robust AI in 6G networks: Current state, challenges and road ahead. Computer Communications, 193:47–52.
Fiat, A. and Shamir, A. (1986). How to prove yourself: Practical solutions to identification and signature problems. In Conference on the theory and application of cryptographic techniques, pages 186–194. Springer.
Firoozjaei, M. D., Jeong, J. P., Ko, H. e Kim, H. (2017). Security challenges with network functions virtualization. Future Generation Computer Systems, 67:315–324.
Fisher, D. (2022). Application Security Program Handbook—A Guide for Software Engineers and Team Leaders. Manning Publications Co.
Freitas, C., Benevenuto, F., and Veloso, A. (2014). Socialbots: Implicações na segurança e na credibilidade de serviços baseados no twitter. SBRC, Santa Catarina, Brasil, pages 603–616.
Freitas, C., Benevenuto, F., Ghosh, S., and Veloso, A. (2015). Revers eengineering socialbot infiltration strategies in twitter. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pages 25–32. IEEE.
Giupponi, L. e Wilhelmi, F. (2022). Blockchain-enabled network sharing for O-RAN in 5G and beyond. Netwrk. Mag. of Global Internetwkg., 36(4):218–225.
Gohn, M. d. G. M. (2014). Sociologia dos movimentos sociais. Number 47 in Questões da nossa época Sociologia. Cortez Editora, São Paulo, 2. ed edition.
Gomez-Barrero, M., Maiorana, E., Galbally, J., Campisi, P., and Fierrez, J. (2017). Multi-biometric template protection based on homomorphic encryption. Pattern Recognition, 67:149–163.
Gomez-Barrero, M., Rathgeb, C., Galbally, J., Busch, C., and Fierrez, J. (2016). Unlinkable and irreversible biometric template protection based on bloom filters. Information Sciences, 370-371:18–32.
Greitzer, F. L., Purl, J., Leong, Y. M., and Sticha, P. J. (2019). Positioning your organization to respond to insider threats. IEEE Engineering Management Review, 47(2):75–83.
Grimme, C., Preuss, M., Adam, L., and Trautmann, H. (2017). Social bots: Human-like by means of human control? Big data, 5(4):279–293.
Groen, J., Doro, S., Demir, U., Bonati, L., Polese, M., Melodia, T. e Chowdhury, K. (2023). Implementing and Evaluating Security in O-RAN: Interfaces, Intelligence, and Platforms. arXiv preprint arXiv:2304.11125.
Guzman, A. L. and Lewis, S. C. (2020). Artificial intelligence and communication: A human–machine communication research agenda. New Media & Society, 22(1):70–86.
Habler, E., Bitton, R., Avraham, D., Klevansky, E., Mimran, D., Brodt, O., Lehmann, H., Elovici, Y. e Shabtai, A. (2022). Adversarial machine learning threat analysis in open radio access networks. arXiv preprint arXiv:2201.06093.
Haenni, R., Locher, P., Koenig, R., and Dubuis, E. (2017). Pseudo- code algorithms for verifiable re-encryption mix-nets. In Financial Cryptography and Data Security: FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers 21, pages 370–384. Springer.
Hatfield, J. M. (2019). Virtuous human hacking: The ethics of social engineering in penetration-testing. Computers & Security, 83:354–366.
Hernandez-Ortega, J., Fierrez, J., Morales, A., and Galbally, J. (2023). Introduction to presentation attack detection in face biometrics and recent advances. Handbook of Biometric Anti-Spoofing: Presentation Attack Detection and Vulnerability Assessment, pages 203–230.
Hoffstein, J., Pipher, J., and Silverman, J. H. (1998). NTRU: A ring-based public key cryptosystem. In International Algorithmic Number Theory Symposium, pages 267–288. Springer.
Hofheinz, D., Hövelmanns, K., and Kiltz, E. (2017). A modular analysis of the Fujisaki-Okamoto transformation. In Theory of Cryptography Conference, pages 341–371. Springer.
Hubbers, E., Jacobs, B., and Pieters, W. (2005). Ries-internet vo ting in action. In 29th Annual International Computer Software and Applications Con- ference (COMPSAC’05), volume 1, pages 417–424. IEEE.
Huber, M., Kowalski, S., Nohlberg, M., and Tjoa, S. (2009). Towards automating social engineering using social networking sites. In 2009 International Conference on Computational Science and Engineering, volume 3, pages 117–124. IEEE.
IEEE (2020). Code of Ethics. IEEE - The Institute of Electrical and Electronics Engineers, Inc.
Ilyas, A., Engstrom, L., Athalye, A. e Lin, J. (2018). Black-box adversarial attacks with limited queries and information. Em International conference on machine learning, p. 2137–2146. PMLR.
Institute, P. M. (2023). Agile Practice Guide. Project Management Institute, Newton Square, PA.
ISO/IEC 24745 (2022). Information security – cybersecurity and privacy protection – biometric information protection. Standard, International Organization for Standardization.
ISO/IEC 29100 (2011). Information technology — security techniques— privacy framework. Standard, International Organization for Standardization.
ISO/IEC 30136 (2018). Information technology—performance testing of biometric template protection schemes. Standard, International Organization for Standardization.
Jain, A., Bolle, R., and Pankanti, S. (1996). Introduction to biometrics. In Jain, A. K., Bolle, R., and Pankanti, S., editors, Biometrics. Springer, Boston, MA.
Jain, A., Bolle, R., and Pankanti, S. (1999). Biometrics: personal identification in networked society, volume 479. Springer Science & Business Media.
Jain, R. and Kant, C. (2015). Attacks on biometric systems: an overview. International Journal of Advances in Scientific Research, 1(07):283–288.
Jakobsson, M., Juels, A., and Rivest, R. L. (2002). Making mix nets robust for electronic voting by randomized partial checking. In 11th USENIX Security Symposium (USENIX Security 02).
Jin, A. T. B., Ling, D. N. C., and Goh, A. (2004). Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11):2245–2255.
Juels, A. and Sudan, M. (2006). A Fuzzy Vault Scheme. Designs, Codes and Cryptography, 38(2):237–257.
Juels, A. andWattenberg, M. (1999). A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security, CCS ’99, page 28–36, New York, NY, USA. Association for Computing Machinery.
Karunaratne, S., Krijestorac, E. e Cabric, D. (2021). Penetrating RF fingerprinting-based authentication with a generative adversarial attack. Em ICC 2021-IEEE International Conference on Communications, p. 1–6. IEEE.
Kaur, H. and Khanna, P. (2016). Biometric template protection using cancelable biometrics and visual cryptography techniques. Multimedia Tools and Applications, 75:16333–16361.
Kavehmadavani, F., Nguyen, V.-D., Vu, T. X. e Chatzinotas, S. (2023). Intelligent traffic steering in beyond 5G Open RAN based on LSTM traffic prediction. IEEE Transactions on Wireless Communications.
Kawahara, H., Yamamoto, R., Ohzahata, S. e Kato, T. (2019). Throughput enhancement with overlay network virtualization using commodity devices. Em Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Companion, UCC ’19 Companion, p. 147–148, New York, NY, USA. Association for Computing Machinery.
Kelkboom, E. J. C., Breebaart, J., Kevenaar, T. A. M., Buhan, I., and Veldhuis, R. N. J. (2011). Preventing the decodability attack based cross-matching in a fuzzy commitment scheme. IEEE Transactions on Information Forensics and Security, 6(1):107–121.
Kelsey, J., Regenscheid, A., Moran, T., and Chaum, D. (2010). Attacking paper-based e2e voting systems. In Towards Trustworthy Elections: New Directions in Electronic Voting, pages 370–387. Springer.
Khan, R. and Das, A. (2018). Build better chatbots. A complete guide to getting started with chatbots.
Khan, S. H., Akbar, M. A., Shahzad, F., Farooq, M., and Khan, Z. (2015). Secure biometric template generation for multi-factor authentication. Pattern Recognition, 48(2):458–472.
Klimburg-Witjes, N. and Wentland, A. (2021). Hacking humans? social engineering and the construction of the “deficient user” in cybersecurity discourses. Science, Technology, & Human Values, 46(6):1316–1339.
Konečný, J., McMahan, H. B., Yu, F. X., Richtárik, P., Suresh, A. e Bacon, D. (2016). Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492.
Köpsell, S., Ruzhanskiy, A., Hecker, A., Stachorra, D. e Franchi, N. (2022). Open RAN risk analysis. Relatório técnico, Federal Office for Information Security (German). Disponível em [link], acessado em 20 de agosto de 2023.
Korteling, J. and Toet, A. (2022). Cognitive Biases. In Encyclopedia of Behavioral Neuroscience, 2nd edition, pages 610–619. Elsevier.
Leary, M. and Tangney, J. P., editors (2014). Handbook of self and identity. Guilford Press, New York London, second edition edition.
Leary, M. R. (2019). Self-Presentation: Impression Management and Interpersonal Behavior. Routledge, 1 edition.
Li, S. Z. and Jain, A. (2009). Encyclopedia of Biometrics: I-Z., volume 1. Springer Science & Business Media.
Li, S. Z. and Jain, A. K., editors (2015). Encyclopedia of Biometrics. Springer, New York, NY, 2 edition.
Libicki, M. (2018). Could the issue of dprk hacking benefit from benign neglect? Georgetown Journal of International Affairs, 19:83–89.
Lin, S. and Costello, D. J. (2004). Error Control Coding. Pearson Education.
Lindeman, M. and Stark, P. B. (2012). A gentle introduction to risk-limiting audits. IEEE Security & Privacy, 10(5):42–49.
Lindeman, M. and Stark, P. B. (2020). Tools for comparisonrisk-limiting election audits. [link]. Acessado em 19 de julho de 2023.
Liyanage, M., Braeken, A., Shahabuddin, S. e Ranaweera, P. (2023). Open RAN Security: Challenges and Opportunities. Journal of Network and Computer Applications, 214:103621.
Lopez, M. A., Barbosa, G. N. N. e Mattos, D. M. F. (2022). New Barriers on 6G Networking: An Exploratory Study on the Security, Privacy and Opportunities for Aerial Networks. Em International Conference on 6G Networking (6GNet), p. 1–6.
Maiorana, E., Campisi, P., Fierrez, J., Ortega-Garcia, J., and Neri, A. (2010). Cancelable templates for sequence-based biometrics with application to online signature recognition. Trans. Sys. Man Cyber. Part A, 40(3):525–538.
Maltoni, D., Maio, D., Jain, A. K., and Prabhakar, S. (2009). Handbook of Fingerprint Recognition. Springer Professional Computing. Springer London, 2 edition.
Marcondes, J. (2019). Biometria, sistema biométrico: O que é, como funciona?. Disponível em: [link]. Acesso em: 18 jul 2023.
Martineau, M., Spiridon, E., and Aiken, M. (2023). A comprehensive framework for cyber behavioral analysis based on a systematic review of cyber profiling literature. Forensic Sciences, 3(3):452–477.
Martinez-Diaz, M., Fierrez-Aguilar, J., Alonso-Fernandez, F., Ortega-Garcia, J., and Siguenza, J. (2006). Hill-climbing and brute-force attacks on biometric systems: A case study in match-on-card fingerprint verification. In Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology, pages 151–159.
Matos, R. M. d. (2000). Autenticação de usuários através da utilização de sistemas biométricos. Dissertação de mestrado, Universidade Federal do Rio Grande do Sul, Porto Alegre, RS, Brasil. Dissertação de Mestrado, UFRGS.
McGraw, G. (2004). 2(02):80–83. Software security. IEEE Security and Privacy,
McGraw, G., Figueroa, H., Shepardson, V. e Bonett, R. (2020). An Architectural Risk Analysis of Machine Learning Systems: Toward More Secure Machine Learning. Relatório técnico, Berryville Institute of Machine Learning.
Melchor, C. A., Aragon, N., Bettaieb, S., Bidoux, L., Blazy, O., Bos, J., Deneuville, J.-C., Dion, A., Gaborit, P., Lacan, J., Persichetti, E., Robert, J.-M., Véron, P., and Zémor, G. (2021). Hamming Quasi-Cyclic: HQC. [link].
Messias, J., Benevenuto, F., and Oliveira, R. (2018). Bots sociais: Como robôs podem se tornar pessoas influentes no twitter? Revista Eletrônica de Iniciação Científica em Computação, 16(1).
Miller, N. (2022). Security culture 1.0. URL: [link].
Mitnick, K. D. and Simon,W. L. (2003). The art of deception: Controlling the human element of security. John Wiley & Sons.
Montañez, R., Golob, E., and Xu, S. (2020). Human cognition through the lens of social engineering cyberattacks. Frontiers in Psychology, 11.
Mouton, F., Malan, M. M., K., K. K., and Venter (2015). Necessity for ethics in social engineering research. Computers Security, 55:114–127.
Mtibaa, A., Petrovska-Delacrétaz, D., Boudy, J., and Ben Hamida, A. (2021). Privacy-preserving speaker verification system based on binary i-vectors. IET Biometrics, 10(3):233–245.
Nafea, O., Ghouzali, S., Abdul, W., and Qazi, E.-u.-H. (2016). Hybrid multi-biometric template protection using watermarking. The Computer Journal, 59(9):1392–1407.
Nicas, J., Milhorance, F., and Ionova, A. (2022). How Bolsonaro built the myth of stolen elections in Brazil. [link].
Niknam, S., Roy, A., Dhillon, H. S., Singh, S., Banerji, R., Reed, J. H., Saxena, N. e Yoon, S. (2022). Intelligent O-RAN for beyond 5G and 6G wireless networks. Em 2022 IEEE Globecom Workshops (GC Wkshps), p. 215–220. IEEE.
NIS Cooperation Group (2022). Report on the cybersecurity of Open RAN. Relatório técnico, European Union. Disponível em [link], acessado em 20 de agosto de 2023.
NIST (2019). Glossary. National Institute of Standards and Technology.
Nobles, C. (2023). Human factors in cybersecurity: academia’s missed opportunity. MWAIS 2023 Proceedings.
O-RAN Alliance (2020). External open source projects. [link].
O-RAN Alliance (2021). O-RAN architecture. [link].
O-RAN Working Group 1 (2023). O-RAN architecture description 9.0. Especificação Técnica v09.00, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 10 (2023). ORAN operations and maintenance interface specification. Especificação Técnica v10.00, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 11 (2023a). Oran.wg11.threat-model.o-r003-v06.00. Especificação técnica, O-RAN Alliance. Disponível em [link], Acessado em 15 de agosto de 2023.
O-RAN Working Group 11 (2023b). Security protocols specifications. Relatório Técnico v06.00, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 11 (2023c). Security requirements specifications. Especificação Técnica v06.00, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 2 (2021). Non-RT RIC: Functional Architecture. Relatório Técnico v01.01, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 2 (2023). Non-RT RIC architecture. Especificação Técnica v03.00, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 3 (2023a). Near-rt ric architecture. Especificação Técnica v04.00, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 3 (2023b). O-RAN e2 service model (e2sm). Especificação Técnica v03.01, O-RAN Alliance. Disponível em [link].
O-RAN Working Group 6 (2023). O2 Interface General Aspects and Principles. Especificação Técnica v04.00, O-RAN Alliance. Disponível em [link].
Oliveira Filho, I. d. L. (2014). Algoritmo Papílio como Método de Proteção de Templates para Aumentar a Segurança em Sistemas de Identificação Biométricos. Tese de doutorado, Universidade Federal do Rio Grande do Norte, Natal, RN, Brasil.
Open RAN Policy Coalition (2021). Open RAN security in 5G. Relatório técnico, Open RAN Policy Coalition. Disponível em [link].
Pabitha, M. and Latha, L. (2013). Efficient approach for retinal biometric template security and person authentication using noninvertible constructions. International Journal of Computer Applications, 69:28–34.
Palmeiras, S. E. (2021). Política de privacidade e proteção de dados. Disponível em: [link]. Acesso em: 21 jul 2023.
Palmeiras, S. E. (2023). Comunicado: Cadastro de biometria facial dos lientes - passaporte. Disponível em: [link]. Acesso em: 21 jul 2023.
Park, C., Itoh, K., and Kurosawa, K. (1994). Efficient anonymous channel and all/nothing election scheme. In Advances in Cryptology—EUROCRYPT’93: Workshop on the Theory and Application of Cryptographi Techniques Lofthus, Norway, May 23–27, 1993 Proceedings 12, pages 248–259. Springer.
Patel, V. M., Ratha, N. K., and Chellappa, R. (2015a). Cancelable biometrics: A review. IEEE Signal Processing Magazine, 32(5):54–65.
Patel, V. M., Ratha, N. K., and Chellappa, R. (2015b). Cancelable biometrics: A review. IEEE Signal Processing Magazine, 32(5):54–65.
Peake, C. (2003). Red teaming: the art of ethical hacking | sans institute.
Peikert, C. (2015). A decade of lattice cryptography. Cryptology ePrint Archive, Paper 2015/939. [link].
Perez, E. (2021). Hacking to save democracy. Voting Village - DEF CON.
Pinheiro, P. P. (2020). Segurança digital: Proteção de dados nas empresas. 1ª edição. São Paulo, SP: Grupo GEN.
Piovesan, L. G., Silva, E. R. C., de Sousa, J. F., and Turibus, S. N. (2019). Engenharia social: Uma abordagem sobre phishing. REVISTA CIENTÍFICA DA FACULDADE DE BALSAS, 10(1):45–59.
Polese, M., Bonati, L., D’Oro, S., Basagni, S. e Melodia, T. (2023). Understanding O-RAN: Architecture, Interfaces, Algorithms, Security, and Research Challenges. IEEE Communications Surveys & Tutorials, 25(2):1376–1411.
Popoveniuc, S. and Hosp, B. (2010). An introduction to punchscan. In Towards Trustworthy Elections: New Directions in Electronic Voting, pages 242–259. Springer.
Pressman, R. S. (c2018.). Software engineering :. McGraw-Hill„ Chennai :, 7th ed. edition. Includes index.
Prest, T., Fouque, P.-A., Hoffstein, J., Kirchner, P., Lyubashevsky, V., Pornin, T., Ricosset, T., Seiler, G., Whyte, W., and Zhang, Z. (2020). Falcon. Post-Quantum Cryptography Project of NIST.
Ramezanpour, K. e Jagannath, J. (2022). Intelligent zero trust architecture for 5G/6G networks: Principles, challenges, and the role of machine learning in the context of O-RAN. Computer Networks, 217:109358.
Ranaweera, P., Jurcut, A. D. e Liyanage, M. (2021). Survey on multi-access edge computing security and privacy. IEEE Communications Surveys & Tutorials, 23(2):1078–1124.
Ratha, N. K., Connell, J. H., and Bolle, R. M. (2001a). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3):614–634.
Ratha, N. K., Connell, J. H., and Bolle, R. M. (2001b). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3):614–634.
Rathgeb, C. and Uhl, A. (2011). A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security, 2011(1):3.
Rathgeb, C., Breitinger, F., Busch, C., and Baier, H. (2014). On application of bloom filters to iris biometrics. IET Biometrics, 3(4):207–218.
Reep-van den Bergh, C. M. and Junger, M. (2018). Victims of cybercrime in europe: a review of victim surveys. Crime science, 7(1):1–15.
República Federativa do Brasil.
Research e Markets (2022). 5G Radio Access Network Market Size, Share & Trends Analysis Report By Component (Hardware, Software, Services), By Architecture Type, By Deployment, By End-user, By Region, And Segment Forecasts, 2022 - 2030. Relatório técnico. Disponível em [link].
Restuccia, F., D’Oro, S., Al-Shawabka, A., Rendon, B. C., Chowdhury, K., Ioannidis, S. e Melodia, T. (2020). Generalized wireless adversarial deep learning. Em Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning, p. 49–54.
Riecken, H. W. (1974). Obedience to authority. an experimental view. stanley milgram. harper and row, new york, 1974. xx, 224 pp., illus. 10. Science, 184(4137):667–669.
Rivest, R. L. (2008). On the notion of ‘software independence’in voting systems. Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 366(1881):3759–3767.
Rivest, R., Adleman, L., and Dertouzos, M. (1978). On data banks and privacy homomorphisms. Foundations of secure computation, 4(11):169–180.
Robinson, N. (2023). Human factors security engineering: The future of cybersecurity teams. EDPACS, 67(5):1–17.
Rodrigues, G. E. d. P., Braga, A. M., and Dahab, R. (2020b). Using graph embeddings and machine learning to detect cryptography misuse in source code. In 2020 19th IEEE International Conference on Machine Learning and Applications (ICMLA), pages 1059–1066.
Rodrigues, G. E. d. P., Braga, A. M., and Dahab, R. (2023). Detecting cryptography misuses with machine learning: Graph embeddings, transfer learning and data augmentation in source code related tasks. IEEE Transactions on Reliability, pages 1–12.
Rodrigues, G., Braga, A., and Dahab, R. (2020a). A machine learning approach to detect misuse of cryptographic apis in source code. In Anais do XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 1–14, Porto Alegre, RS, Brasil. SBC.
Rogers, T., Goldstein, N. J., and Fox, C. R. (2018). Social Mobilization. Annual Review of Psychology, 69(1):357–381.
Rose, S., Borchert, O., Mitchell, S. e Connelly, S. (2020). Zero trust architecture. Relatório Técnico NIST Special Publication 800-207, National Institute of Standards and Technology - U.S. Department of Commerce. Disponível em [link].
Rouse, M. (2013). What is socialbot? WhatIs.com.
Ryan, P., Peacock, T., et al. (2005). Prêt à voter: a system perspective. School of Computing Science Technical Report Series.
Ryan, R. M. and Deci, E. L. (2000). Self-determination theory and the facilitation of intrinsic motivation, social development, and well-being. American Psychologist, 55(1):68–78.
Salahdine, F. and Kaabouch, N. (2019). Social engineering attacks: a survey. Future Internet, 11(4):89.
Sampigethaya, K. and Poovendran, R. (2006). A survey on mix networks and their secure applications. Proceedings of the IEEE, 94(12):2142–2181.
Schauren, L. F. (2016). Segurança no sistema brasileiro de votação eletrônica. Trabalho de Conclusão de Curso. Instituto de Informática. Universidade Federal do Rio Grande do Sul. Disponível em: [link].
Shaabany, G. and Anderl, R. (2018). Security by design as an approach to design a secure industry 4.0-capable machine enabling online-trading of technology data. In 2018 International Conference on System Science and Engineering (ICSSE), pages 1–5. IEEE.
Shafahi, M., Kempers, L., and Afsarmanesh, H. (2016). Phishing through social bots on twitter. In 2016 IEEE International Conference on Big Data, pages 3703–3712. IEEE.
Shi, Y. e Sagduyu, Y. E. (2021). Adversarial machine learning for flooding attacks on 5G radio access network slicing. Em IEEE International Conference on Communications Workshops (ICC Workshops), p. 1–6.
Shi, Y. e Sagduyu, Y. E. (2023). Membership inference attack and defense for wireless signal classifiers with deep learning. IEEE Transactions on Mobile Computing, 22(7):4032–4043.
Shires, J. (2018). Enacting expertise: Ritual and risk in cybersecurity. Politics and Governance, 6(2):31–40.
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pages 124–134. IEEE."
Singh, A. K. e Khoa Nguyen, K. (2022). Joint selection of local trainers and resource allocation for federated learning in Open RAN intelligent controllers. Em 2022 IEEE Wireless Communications and Networking Conference (WCNC), p. 1874–1879.
Solano, E. and Rocha, C., editors (2019). As direitas nas redes e nas ruas: a crise politica no Brasil. Expressao Popular, Sao Paulo, 1a edicao edition. OCLC: on1126542066.
Soltani, S., Shojafar, M., Brighente, A., Conti, M. e Tafazolli, R. (2023). Poisoning Bearer Context Migration in O-RAN 5G Network. IEEE Wireless Communications Letters, 12(3):401–405.
Stoeckli, E., Uebernickel, F., and Brenner, W. (2018). Exploring affordances of slack integrations and their actualization within enterprises-towards an understanding of how chatbots create value. In Proceedings of the 51st Hawaii International Conference on System Sciences.
Stuttard, D. and Pinto, M. (2008). The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws. Wiley.
Sun, G., Cong, Y., Dong, J., Wang, Q., Lyu, L. e Liu, J. (2022). Data poisoning attacks on federated machine learning. IEEE Internet of Things Journal, 9(13):11365–11375.
T. R. Jacqueline, Salem Nathálea, W. M. B. V. (2012). Modelo intencional genérico de sistemas biométricos. In Anais do WER12 - Workshop em Engenharia de Requisitos, Buenos Aires, Argentina, Abril 24-27, 2012.
Terelius, B. and Wikström, D. (2010). Proofs of restricted shuffles. In Progress in Cryptology–AFRICACRYPT 2010: Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings 3, pages 100–113. Springer.
Thiruvasagam, P. K., Venkataram, V., Ilangovan, V. R., Perapalla, M., Payyanur, R., Kumar, V. et al. (2023). Open RAN: Evolution of architecture, deployment aspects, and future directions. arXiv preprint arXiv:2301.06713.
Tribunal Reginal Eleitoral (2023). Perguntas e respostas - parte 1. Disponível em: [link]. Acesso em: 20 jul 2023.
Tribunal Superior Eleitoral (2023). Urna eletrônica. Disponível em: [link]. Acesso em: 20 jul 2023.
Tversky, A. and Kahneman, D. (1974). Judgment under Uncertainty: Heuristics and Biases: Biases in judgments reveal some heuristics of thinking under uncertainty. Science, 185(4157):1124–1131.
Usama, M., Qayyum, A., Qadir, J. e Al-Fuqaha, A. (2019). Blackbox adversarial machine learning attack on network traffic classification. Em 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), p. 84–89. IEEE.
Wang, C.-X., Di Renzo, M., Stanczak, S., Wang, S. e Larsson, E. G. (2020a). Artificial intelligence enabled wireless networking for 5G and beyond: Recent advances and future challenges. IEEE Wireless Communications, 27(1):16–23.
Wang, F., Zhong, C., Gursoy, M. C. e Velipasalar, S. (2020b). Defense strategies against adversarial jamming attacks via deep reinforcement learning. Em 2020 54th annual conference on information sciences and systems (CISS), p. 1–6. IEEE.
Wang, T.-H., Chen, Y.-C., Huang, S.-J., Hsu, K.-S. e Hu, C.-H. (2021). Design of a network management system for 5G Open RAN. Em 2021 22nd Asia-Pacific Network Operations and Management Symposium (APNOMS), p. 138–141.
Watson, C. and Zaw, T. (2018). OWASP Automated Threat HandbookWeb Applications. OWASP Foundation.
Wilke, A. and Mata, R. (2012). Cognitive Bias. In Encyclopedia of Human Behavior, pages 531–535. Elsevier.
Wojewidka, J. (2020). The deepfake threat to face biometrics. Biometric Technology Today, 2020(2):5–7.
Xu, H., Zhang, L., Sun, Y. e I, C.-L. (2021a). BE-RAN: blockchainenabled Open RAN with decentralized identity management and privacy-preserving communication. arXiv preprint arXiv:2101.10856.
Xu, X., Zhang, Y., Li, X., Zhang, Y. e Zhang, H. (2021b). Open RAN: Challenges and opportunities. IEEE Communications Magazine, 59(4):34–39.
Yang, W., Wang, S., Kang, J. J., Johnstone, M. N., and Bedari, A. (2022). A linear convolution-based cancelable fingerprint biometric authentication system. Computers & Security, 114:102583.
Zadeh, L. (1965). Fuzzy sets. Information and Control, 8(3):338–353.
Zagórski, F., Carback, R. T., Chaum, D., Clark, J., Essex, A., and Vora, P. L. (2013). Remotegrity: Design and use of an end-to-end verifiable remote voting system. In International Conference on Applied Cryptography and Network Security, pages 441–457. Springer.
Zimmermann, V. and Renaud, K. (2019). Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies, 131:169–187. 50 years of the International Journal of Human-Computer Studies. Reflections on the past, present and future of humancentred technologies.
