Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Sobre
Download foto HD

Sobre

António Pinto é doutorado em Engenharia Eletrotécnica e de Computadores, pela Universidade do Porto. O primeiro contacto com a segurança informática e as redes de computadores surgiu à mais de 15 anos, tendo se mantido até hoje. Atualmente desempenha a função de professor adjunto no Instituto Politécnico do Porto, onde ministra as cadeiras de Redes de Computadores, Sistemas Operativos, Segurança Informática e Informática Forense. Concilia esta atividade com a de investigador no CRACS no INESC TEC. Detêm certificações ISO 27001 Lead Implementer/Auditor.

Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    António Pinto
  • Cluster

    Informática
  • Cargo

    Investigador Sénior
  • Desde

    13 janeiro 2005
001
Publicações

2021

Secure Remote Storage of Logs with Search Capabilities

Autores
Araújo, R; Pinto, A;

Publicação
Journal of Cybersecurity and Privacy

Abstract
Along with the use of cloud-based services, infrastructure, and storage, the use of application logs in business critical applications is a standard practice. Application logs must be stored in an accessible manner in order to be used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. In this paper, we evaluate the possibility of storing critical logs in a remote storage while maintaining its confidentiality and server-side search capabilities. To the best of our knowledge, the designed search algorithm is the first to support full Boolean searches combined with field searching and nested queries. We demonstrate its feasibility and timely operation with a prototype implementation that never requires access, by the storage provider, to plain text information. Our solution was able to perform search and decryption operations at a rate of, approximately, 0.05 ms per line. A comparison with the related work allows us to demonstrate its feasibility and conclude that our solution is also the fastest one in indexing operations, the most frequent operations performed.

2019

On the feasibility of blockchain for online surveys with reputation and informed consent support

Autores
de Sousa, HR; Pinto, A;

Publicação
Advances in Intelligent Systems and Computing

Abstract
Economical benefits obtained by large Internet corporations from gathering and processing user information at a global scale led the European Union to legislate on behalf of individual rights and the privacy of personal information. Data collectors, in particular, must now obtain proof of the user’s consent for every single operation comprising their data. Considering the conflicting interests of all involved parties, we propose that consent should be stored in a blockchain. By being a distributed, immutable and verifiable ledger, the blockchain presents itself as an almost tailor-made solution to harmonize conflicting interests while enabling the regulators’ supervision. © Springer Nature Switzerland AG 2019.

2019

On the use of the blockchain technology in electronic voting systems

Autores
Alves, J; Pinto, A;

Publicação
Advances in Intelligent Systems and Computing

Abstract
The benefits of blockchain go beyond its applicability in finance. Electronic Voting Systems (EVS) are considered as a way to achieve a more effective act of voting. EVS are expected to be verifiable and tamper resistant. The blockchain partially fulfills this requirements of EVS by being an immutable, verifiable and distributed record of transactions. The adoption of EVS has been hampered mainly by cultural and political issues rather than technological ones. The authors believe that blockchain is the technology that, due to the overall attention it has been receiving, is capable of fostering the adoption of EVS. In the current work we compare blockchain-based EVS, identifying their strengths and shortcomings. © Springer Nature Switzerland AG 2019.

2019

Preface

Autores
Novais, P; Jung, JJ; Villarrubia, G; Fernández Caballero, A; Navarro, E; González, P; Carneiro, D; Pinto, A; Campbell, AT; Duraes, D;

Publicação
Advances in Intelligent Systems and Computing

Abstract

2019

Privacy preservation and mandate representation in identity management systems

Autores
Shehu, AS; Pinto, A; Correia, ME;

Publicação
Iberian Conference on Information Systems and Technologies, CISTI

Abstract
The growth in Internet usage has increased the use of electronic services requiring users to register their identity on each service they subscribe to. This has resulted in the prevalence of redundant users data on different services. To protect and regulate access by users to these services identity management systems (IdMs)are put in place. IdMs uses frameworks and standards e.g SAML, OAuth and Shibboleth to manage digital identities of users for identification and authentication process for a service provider. However, current IdMs have not been able to address privacy issues (unauthorised and fine-grained access)that relate to protecting users identity and private data on web services. Many implementations of these frameworks are only concerned with the identification and authentication process of users but not authorisation. They mostly give full control of users digital identities and data to identity and service providers with less or no users participation. This results in a less privacy enhanced solutions that manage users available data in the electronic space. This article proposes a user-centred mandate representation system that empowers resource owners to take full of their digital data; determine and delegate access rights using their mobile phone. Thereby giving users autonomous powers on their resources to grant access to authenticated entities at their will. Our solution is based on the OpenID Connect framework for authorisation service. To evaluate the proposal, we've compared it with some related works and the privacy requirements yardstick outlined in GDPR regulation [1] and [2]. Compared to other systems that use OAuth 2.0 or SAML our solution uses an additional layer of security, where data owner assumes full control over the disclosure of their identity data through an assertion issued from their mobile phones to authorisation server (AS), which in turn issues an access token. This would enable data owners to assert the authenticity of a request, while service providers and requestors also benefit from the correctness and freshness of identity data disclosed to them. © 2019 AISTI.

Teses
supervisionadas

2019

Sistema de Consentimento Informado e Reputação persistido em Blockchain

Autor
Hélder Miguel Ribeiro de Sousa

Instituição
IPP-ESTG

2019

Forder application

Autor
David Emanuel Torres Mendes

Instituição
IPP-ESTG

2019

Secure Remote Storage of Logs With Search Capabilities

Autor
Rui Manuel Vieira Araújo

Instituição
IPP-ESTG

2019

Sistema de gestão de eventos de segurança de informação em alta disponibilidade

Autor
Hélio Celso Pinto de Sousa

Instituição
IPP-ESTG

2015

Admission Control based on End-to-end Delay Estimation to Enhance the Support of Real-Time Traffic in Wireless Sensor Networks

Autor
Pedro Filipe Cruz Pinto

Instituição
UP-FEUP