CMS 2014

15th Joint IFIP TC6 and TC11 Conference on

Communications and Multimedia Security - CMS 2014

September 25th - 26th, 2014, Aveiro, Portugal
University of AveiroUniversity of Aveiro


Paulo Mateus

Paulo Mateus is an Associate Professor from the Mathematics Department of Instituto Superior Técnico and a researcher from Instituto de Telecomunicações where he coordinates the Security and Quantum Information group. He obtained his doctorate degree in Mathematics in 2001 at the Technical University of Lisbon and was a Postdoc at the University of Pennsylvania. He was awarded the IBM scientific prize, Portugal, in 2005 for his habilitation thesis where he showed how to use quantum systems to attack privacy protocols. His research is focused on using quantum resources for security and communication and has been author and co-author of 36 peer-reviewed international journal publications. He has been guest editor of Logic Journal of the IGPL, IEEE Communications, and part of the program committee of several workshop and conferences. He was member of the Managing Board of the European Network and Information Security Agency, is a vice-president of Centro Internacional de Matemática and vice-coordinator of the PhD program in Information Security at IST.

Enhancing privacy with quantum networks

Using quantum networks to distribute symmetric keys has become a usable and commercial technology available under limitations that are acceptable in many application scenarios. The fact that the security is implemented directly at the hardware level, and moreover, relies on the laws of physics instead of conjectured hardness assumptions, justifies the use of quantum security in many cases. Limitations include 100 km communication range and installation of quantum channels between each pair of users of the network. Presently, with the current lack of trust in commercial security solutions, mostly due to the Snowden crisis, there is the need to improve such solutions. In this paper we discuss how quantum networks can be used to setup secure multiparty computation (SMC), allowing for instance for private data mining, electronic elections among other security functionalities. SMC relies mostly on establishing an efficient oblivious transfer protocol. We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations that can be implemented with current technology based on optics and whose security relies only on the laws of physics.

Rui Melo Biscaia

Rui Melo Biscaia serves as the Director of Product Management for Watchful Software, being responsible for the company's product direction and go-to-market efforts. Watchful Software provides advanced persistent security solutions that keep sensitive information safe from security breaches resulting from accidental or malicious disclosure. Watchful was formed to protect an organization’s most critical asset after its people – its information. The company addresses the growing need for protecting sensitive and proprietary information against accidental or malicious theft, leakage, or loss. Leveraging key technologies including advanced encryption algorithms, digital rights management, and eBiometrics, Watchful has developed a suite of solutions that ensure only authorized personnel have access to enterprise systems and information, protecting against potentially massive economic and competitive damage from cyberterrorists and information thieves. Rui is a huge sports fan and has spent years exploiting his 6ft 6in frame on the basketball pitch. Rui holds an MBA and several post-graduation studies in Sales & Marketing and Information Protection & Control is nothing less than a passion.

The fundamental principle of Information Protection & Control

Hardening the network to keep attackers out does not suffice anymore. While it remains necessary IT practice, it takes no account of two very important and inescapable truths - users are always inside the perimeter, and those authorized users can cause significant damage. Chief Information Officers (CIOs) who ignore this 'insider threat' to information security fail to tackle possibly the most fundamental persistent threat - that of a breach orchestrated by one or more of the organization's own users. Regardless of intent, security breaches caused by insiders can be devastating to any organization. If the greatest threat isn't the 'bad guys' breaking into the network, but the 'good guys' letting the information out, how do CIOs control what happens to the data?

All accepted papers will be published by LNCS Series of Springer Verlag.



Organization: University of Aveiro