Cookies
O website necessita de alguns cookies e outros recursos semelhantes para funcionar. Caso o permita, o INESC TEC irá utilizar cookies para recolher dados sobre as suas visitas, contribuindo, assim, para estatísticas agregadas que permitem melhorar o nosso serviço. Ver mais
Aceitar Rejeitar
  • Menu
Sobre

Sobre

António Pinto é doutorado em Engenharia Eletrotécnica e de Computadores, pela Universidade do Porto. O primeiro contacto com a segurança informática e as redes de computadores surgiu à mais de 15 anos, tendo se mantido até hoje. Atualmente desempenha a função de professor adjunto no Instituto Politécnico do Porto, onde ministra as cadeiras de Redes de Computadores, Sistemas Operativos, Segurança Informática e Informática Forense. Concilia esta atividade com a de investigador no CRACS no INESC TEC. Detêm certificações ISO 27001 Lead Implementer/Auditor.

Tópicos
de interesse
Detalhes

Detalhes

  • Nome

    António Pinto
  • Cargo

    Investigador Sénior
  • Desde

    13 janeiro 2005
003
Publicações

2023

On the Implementation of a Blockchain-Assisted Academic Council Electronic Vote System

Autores
Alves, J; Pinto, A;

Publicação
SMART CITIES

Abstract
The digitisation of administrative tasks and processes is a reality nowadays, translating into added value such as agility in process management, or simplified access to stored data. The digitisation of processes of decision-making in collegiate bodies, such as Academic Councils, is not yet a common reality. Voting acts are still carried out in person, or at most in online meetings, without having a real confirmation of the vote of each element. This is particularly complex to achieve in remote meeting scenarios, where connection breaks or interruptions of audio or video streams may exist. A new digital platform was already previously proposed. It considered decision-making, by voting in Academic Councils, to be supported by a system that guarantees the integrity of the decisions taken, even when meeting online. Our previous work mainly considered the overall design. In this work, we bettered the design and specification of our previous proposal and describe the implemented prototype, and validate and discuss the obtained results.

2023

On the Performance of Secure Sharing of Classified Threat Intelligence between Multiple Entities

Autores
Fernandes, R; Bugla, S; Pinto, P; Pinto, A;

Publicação
SENSORS

Abstract
The sharing of cyberthreat information within a community or group of entities is possible due to solutions such as the Malware Information Sharing Platform (MISP). However, the MISP was considered limited if its information was deemed as classified or shared only for a given period of time. A solution using searchable encryption techniques that better control the sharing of information was previously proposed by the same authors. This paper describes a prototype implementation for two key functionalities of the previous solution, considering multiple entities sharing information with each other: the symmetric key generation of a sharing group and the functionality to update a shared index. Moreover, these functionalities are evaluated regarding their performance, and enhancements are proposed to improve the performance of the implementation regarding its execution time. As the main result, the duration of the update process was shortened from around 2922 s to around 302 s, when considering a shared index with 100,000 elements. From the security analysis performed, the implementation can be considered secure, thus confirming the secrecy of the exchanged nonces. The limitations of the current implementation are depicted, and future work is pointed out.

2023

Boosting additive circular economy ecosystems using blockchain: An exploratory case study

Autores
Ferreira, IA; Godina, R; Pinto, A; Pinto, P; Carvalho, H;

Publicação
COMPUTERS & INDUSTRIAL ENGINEERING

Abstract
The role of new technologies such as additive manufacturing and blockchain technology in designing and implementing circular economy ecosystems is not a trivial issue. This study aimed to understand if blockchain technology can be an enabler tool for developing additive symbiotic networks. A real case study was developed regarding a circular economy ecosystem in which a fused granular fabrication 3D printer is used to valorize polycarbonate waste. The industrial symbiosis network comprised four stakeholders: a manufacturing company that produces polycarbonate waste, a municipality service responsible for the city waste management, a start-up holding the 3D printer, and a non-profit store. It was identified a set of six requirements to adopt the blockchain technology in an additive symbiotic network, bearing in mind the need to have a database to keep track of the properties of the input material for the 3D printer during the exchanges, in addition to the inexistence of mechanisms of trust or cooperation between well-established industries and the additive manufacturing industry. The findings suggested a permissioned blockchain to support the implementation of the additive symbiotic network, namely, to enable the physical transactions (quantity and quality of waste material PC sheets) and monitoring and reporting (additive manufacturing technology knowledge and final product's quantity and price).Future research venues include developing blockchain-based systems that enhance the development of ad-ditive symbiotic networks.

2023

A Survey and Risk Assessment on Virtual and Augmented Reality Cyberattacks

Autores
Silva, T; Paiva, S; Pinto, P; Pinto, A;

Publicação
30th International Conference on Systems, Signals and Image Processing, IWSSIP 2023, Ohrid, North Macedonia, June 27-29, 2023

Abstract
Nowadays, Virtual Reality (VR) and Augmented Reality (AR) systems are not exclusively associated with the gaming industry. Their potential is also useful for other business areas such as healthcare, automotive, and educational domains. Companies need to accompany technological advances and enhance their business processes and thus, the adoption of VR or AR technologies could be advantageous in reducing resource usage or improving the overall efficiency of processes. However, before implementing these technologies, companies must be aware of potential cyberattacks and security risks to which these systems are subject. This study presents a survey of attacks related to VR and AR scenarios and their risk assessment when considering healthcare, automation, education, and gaming industries. The main goal is to make companies aware of the possible cyberattacks that can affect the devices and their impact on their business domain. © 2023 IEEE.

2023

SPIDVerify: A Secure and Privacy-Preserving Decentralised Identity Verification Framework

Autores
Shehu, AS; Pinto, A; Correia, ME;

Publicação
International Conference on Smart Applications, Communications and Networking, SmartNets 2023, Istanbul, Turkey, July 25-27, 2023

Abstract
Traditional identity management (IdM) systems rely on third-party identity providers (IdPs) and are centralised, which can make them vulnerable to data breaches and other security risks. Self-sovereign identity (SSI) is a newer IdM model that allows users to control their own identities by using decentralised technologies like blockchain to store and verify them. However, SSI systems have their own security concerns, such as digital wallet vulnerabilities, blockchain threats and conflicts with general data protection regulation (GDPR). Additionally, the lack of incentives for issuers, verifiers and data owners could limit its acceptance. This paper proposes SPIDVerify, which is a decentralised identity verification framework that utilises an SSI-based architecture to address these issues. The framework uses a mixed method for acquiring a W3C standard verified credentials and to ensure that only a thoroughly verified entity acquires verified credential, and employs secure key cryptographic protocols; Diffie-Hellman (DH) and Extended Triple Diffie-Hellman (X3DH) for forward secrecy secure communication, single-use challenge-response for authentication, and Swarm network for decentralised storage of data. These methods enhance the security of the proposed framework with better resilience against impersonation and credential stealing. To evaluate the proposal, we have outlined the limitations in related works and demonstrated two scenarios to showcase the strength and effectiveness of SPIDVerify in dealing with the threats identified. We have also tested the methods used in SPIDVerify by measuring the time taken to execute certain processes. © 2023 IEEE.

Teses
supervisionadas

2019

Secure Remote Storage of Logs With Search Capabilities

Autor
Rui Manuel Vieira Araújo

Instituição
IPP-ESTG

2019

Forder application

Autor
David Emanuel Torres Mendes

Instituição
IPP-ESTG

2019

Sistema de gestão de eventos de segurança de informação em alta disponibilidade

Autor
Hélio Celso Pinto de Sousa

Instituição
IPP-ESTG

2019

Sistema de Consentimento Informado e Reputação persistido em Blockchain

Autor
Hélder Miguel Ribeiro de Sousa

Instituição
IPP-ESTG

2015

Admission Control based on End-to-end Delay Estimation to Enhance the Support of Real-Time Traffic in Wireless Sensor Networks

Autor
Pedro Filipe Cruz Pinto

Instituição
UP-FEUP