Abstract
FIDO2 is becoming a defacto standard for passwordless authentication. Using FIDO2 and WebAuthn, web applications can enable users to associate cryptographic credentials to their profiles, and then rely on an external authenticator (e.g., a hardware token plugged into the USB port) to perform strong signature-based authentication when accessing their accounts. The security of FIDO2 has been theoretically validated, but these analyses follow the threat model adopted in the FIDO2 design and explicitly exclude some attack vectors as being out of scope. In this paper we show that two of these attacks, which appear to be folklore in the community, are actually straightforward to launch in practice (user PIN extraction, impersonation and rogue key registration). We demonstrate a deployment over vanilla Linux distributions and commercial FIDO2 authenticators. We discuss the potential impact of our results, which we believe will contribute to the improvement of future versions of the protocol.

Abstract
Regulated exocytosis consists of the fusion between vesicles and the plasma membranes, leading to the formation of a narrow fusion pore through which secretions exit the vesicle lumen into the extracellular space. An increase in the cytosolic concentration of free Ca2+ ([Ca2+](i)) is considered the stimulus of this process. However, whether this mechanism can be preserved in a simplified system of membrane lawns with docked secretory vesicles, devoid of cellular components, is poorly understood. Here, we studied peptide discharge from individual secretory vesicles docked at the plasma membrane, prepared from primary endocrine pituitary cells (the lactotrophs), releasing hormone prolactin. To label secretory vesicles, we transfected lactotrophs to express the fluorescent atrial natriuretic peptide (ANP.emd), previously shown to be expressed in and released from prolactin-containing vesicles. We used stimulating solutions containing different [Ca2+] to evoke vesicle peptide discharge, which appeared similar in membrane lawns and in intact stimulated lactotrophs. All vesicles examined discharged peptides in a subquantal manner, either exhibiting a unitary or sequential time course. In the membrane lawns, the unitary vesicle peptide discharge was predominant and slightly slower than that recorded in intact cells, but with a shorter delay with respect to the stimulation onset. This study revealed directly that Ca2+ triggers peptide discharge from docked single vesicles in the membrane lawns with a half-maximal response of similar to 8 mu M [Ca2+], consistent with previous whole-cell patch-clamp studies in endocrine cells where the rapid component of exocytosis, interpreted to represent docked vesicles, was fully activated at <10 mu M [Ca2+]. Interestingly, the sequential subquantal peptide vesicle discharge indicates that fluctuations between constricted and dilated fusion pore states are preserved in membrane lawns and that fusion pore regulation appears to be an autonomously controlled process.

Abstract
Location Privacy-Preserving Mechanisms (LPPMs) have been proposed to mitigate the risks of privacy disclosure yielded from location sharing. However, due to the nature of this type of data, spatio-temporal correlations can be leveraged by an adversary to extenuate the protections. Moreover, the application of LPPMs at collection time has been limited due to the difficulty in configuring the parameters and in understanding their impact on the privacy level by the end-user. In this work we adopt the velocity of the user and the frequency of reports as a metric for the correlation between location reports. Based on such metric we propose a generalization of Geo-Indistinguishability denoted Velocity-Aware Geo-Indistinguishability (VA-GI). We define a VA-GI LPPM that provides an automatic and dynamic trade-off between privacy and utility according to the velocity of the user and the frequency of reports. This adaptability can be tuned for general use, by using city or country-wide data, or for specific user profiles, thus warranting fine-grained tuning for users or environments. Our results using vehicular trajectory data show that VA-GI achieves a dynamic trade-off between privacy and utility that outperforms previous works. Additionally, by using a Gaussian distribution as estimation for the distribution of the velocities, we provide a methodology for configuring our proposed LPPM without the need for mobility data. This approach provides the required privacy-utility adaptability while also simplifying its configuration and general application in different contexts.

Abstract
With the recent advancements in wireless networks, Joint Communication and Sensing (JCAS) has become a growing field that is expected to be included in next-generation standards. However, not only is the current performance of the sensing ability still lacking to be used in real-world scenarios, proper security of such privacy-invasive technology has not been fully explored. To this end, we propose the creation of a more robust framework, capable of cross-domain detection and long-term analysis for improved detection, which will also serve as the basis for a security and privacy analysis of the threat landscape and solutions in this field.

Abstract
Pulp and Paper Companies collaborate to monitor and monetize waste and create value from their by-products. This process of Industrial Symbiosis requires the creation and maintenance of trusted and transparent relationships between all entities participating in these networks, which is a constant challenge. In this context, a blockchain-based system can help in establishing and maintaining these networks, serving as a ground truth between companies operating at a national or a global scale. This paper proposes a scalable and modular blockchain architecture design using smart contracts to enhance the industrial symbiosis process of the Pulp, Paper, and Cardboard Production Sector companies in Portugal. This design comprehends all entities participating in the network. The implementation of this design assumes the use of a permissioned ledger built using Hyperledger Fabric to provide the required trust and transparency between all entities.

Abstract
Since its first introduction in late 90s, the use of marketplaces has continued to grow, today virtually everything from physical assets to services can be purchased on digital marketplaces, real estate is not an exception. Some marketplaces allow acclaimed asset owners to advertise their products, to which the services gets commission/percentage from proceeds of sale/lease. Despite the success recorded in the use of the marketplaces, they are not without limitations which include identity and property fraud, impersonation and the use of centralised technology with trusted parties that are prone to single point of failures (SPOF). Being one of the most valuable assets, real estate has been a target for marketplace fraud as impersonators take pictures of properties they do not own, upload them on marketplace with promising prices that lures innocent or naive buyers. This paper addresses these issues by proposing a self sovereign identity (SSI) and smart contract based framework for identity verification and verified transaction management on secure digital marketplaces. First, the use of SSI technology enable methods for acquiring verified credential (VC) that are verifiable on a decentralised blockchain registry to identify both real estate owner(s) and real estate property. Second, the smart contracts are used to negotiate the secure transfer of real estate property deeds on the marketplace. To assess the viability of our proposal we define an application scenario and compare our work with other approaches.