Abstract

Abstract
With continuous technological advancement, multihomed devices are becoming common. They can connect simultaneously to multiple networks through different interfaces. However, since TCP sessions are bound to one interface per device, it hampers applications from taking advantage of all the available connected networks. This has been solved by MPTCP, introduced as a seamless extension to TCP, allowing more reliable sessions and enhanced throughput. However, MPTCP comes with an inherent risk, as it becomes easier to fragment attacks towards evading NIDS. This paper presents a study of how MPTCP can be used to evade NIDS through simple cross-path attacks. It also introduces tools to facilitate assessing MPTCP-based services in diverse network topologies using an emulation environment. Finally, a new solution is proposed to prevent cross-path attacks through uncoordinated networks. This solution consists of a hostlevel plugin that allows MPTCP sessions only through trusted networks, even in the presence of a NAT.

Abstract
The path towards the United Nations objective of providing legal identity for all, including free birth registrations, has been facing several challenges. Particularly, the diversity of social realities, limited ICT infrastructures, inadequate legal frameworks, and unstable political engagement have resulted in solutions highly fitted to a specific scenario, thus hard to be replicated in different regions. Paired with noncomprehensive public services of civil registration, these aspects impact the way identity records are created, stored and used by citizens in their daily interactions. To tackle these impairments, this work introduces IDINA, a non-authoritative approach aiming at a community-oriented identification system underpinned by relations of social trust, inclusiveness, and the use of cutting-edge accessible technologies. © 2021 Owner/Author.

Abstract
Packet sampling plays an important role in keeping storage and processing requirements at a manageable level in network management. However, because it reduces the amount of available information, it can also reduce the performance of some related tasks, such as detecting security events. In this context, this work explores how packet sampling impacts machine learning-based tasks, in particular, flow-based C2 TLS malware traffic detection using a deep neural network. Based on a proposed lightweight sampling scheme, the ongoing results show a small reduction in classification accuracy compared with analysing all the traffic, while reducing in 10 fold the number of packets processed.

Abstract
Huge efforts and resources are spent every year on prevention and recovery of cyberattacks targeting users, services and network infrastructures. Software-Defined Networking (SDN) is a technology providing advances to the field of security with the ability of programming the network, promoting high-performance solutions and efficient resource utilization at low costs, as the use of specialized hardware is avoided. The present paper aims at exploring the SDN paradigm to develop an SDN-based framework for prevention and mitigation of malicious attacks throuhgt the network. The framework design and proposal has concerns regarding the efficient use of network and computational resources, distributing the inspection of suspicious flows by distinct Intrusion Detection Systems. For this purpose, a load-balancing strategy for traffic inspection is devised, allowing to balance both the usage of resources and the analysis of traffic flows. In this way, this paper also sheds light on the usage of OpenFlow messages to build distributed SDN-based applications with the mentioned properties.