A federated authentication schema among multiple identity providers.

Single Sign-On (SSO) methods are the primary solution to authenticate users across multiple web systems. These mechanisms streamline the authentication procedure by avoiding duplicate developments of authentication modules for each application. Besides, these mechanisms also provide convenience to the end-user by keeping the user authenticated when switching between different contexts. To ensure this cross-application authentication, SSO relies on an Identity Provider (IdP), which is commonly set up and managed by each institution that needs to enforce SSO internally. However, the solution is not so straightforward when several institutions need to cooperate in a unique ecosystem. This could be tackled by centralizing the authentication mechanisms in one of the involved entities, a solution raising responsibilities that may be difficult for peers to accept. Moreover, this solution is not appropriate for dynamic groups, where peers may join or leave frequently. In this paper, we propose an architecture that uses a trusted third-party service to authenticate multiple entities, ensuring the isolation of the user's attributes between this service and the institutional SSO systems. This architecture was validated in the EHDEN Portal, which includes web tools and services of this European health project, to establish a Federated Authentication schema.

A Fair Channel Hopping Scheme for LoRa Networks with Multiple Single-Channel Gateways.

LoRa is one of the most prominent LPWAN technologies due to its suitable characteristics for supporting large-scale IoT networks, as it offers long-range communications at low power consumption. The latter is granted mainly because end-nodes transmit directly to the gateways and no energy is spent in multi-hop transmissions. LoRaWAN gateways can successfully receive simultaneous transmissions on multiple channels. However, such gateways can be costly when compared to simpler single-channel LoRa transceivers, and at the same time they are configured to operate with pure-ALOHA, the well-known and fragile channel access scheme used in LoRaWAN. This work presents a fair, control-based channel hopping-based medium access scheme for LoRa networks with multiple single-channel gateways. Compared with the pure-ALOHA used in LoRaWAN, the protocol proposed here achieves higher goodput and fairness levels because each device can choose its most appropriate channel to transmit at a higher rate and spending less energy. Several simulation results considering different network densities and different numbers of single-channel LoRa gateways show that our proposal is able to achieve a packet delivery ratio (PDR) of around 18% for a network size of 2000 end-nodes and one gateway, and a PDR of almost 50% when four LoRa gateways are considered, compared to 2% and 6%, respectively, achieved by the pure-ALOHA approach.

A Pseudonymisation Protocol With Implicit and Explicit Consent Routes for Health Records in Federated Ledgers.

Healthcare data for primary use (diagnosis) may be encrypted for confidentiality purposes; however, secondary uses such as feeding machine learning algorithms requires open access. Full anonymity has no traceable identifiers to report diagnosis results. Moreover, implicit and explicit consent routes are of practical importance under recent data protection regulations (GDPR), translating directly into break-the-glass requirements. Pseudonymisation is an acceptable compromise when dealing with such orthogonal requirements and is an advisable measure to protect data. Our work presents a pseudonymisation protocol that is compliant with implicit and explicit consent routes. The protocol is constructed on a (t,n)-threshold secret sharing scheme and public key cryptography. The pseudonym is safely derived from a fragment of public information without requiring any data-subject's secret. The method is proven secure under reasonable cryptographic assumptions and scalable from the experimental results.

An Efficient and Secure Alert System for VANETs to Improve Crosswalks' Security in Smart Cities.

A key characteristic of Smart Cities is the ability to reduce conflicts between different agents coexisting in a dynamic system, such as the interaction between vehicles and pedestrians. This paper presents a system to augment the awareness of vehicle drivers regarding the presence of pedestrians in nearby crosswalks. The proposed system interconnects Road Side Units (RSUs), which are informed about the state of the crosswalks, and vehicles, in order to spread to vehicles, the information about the presence of pedestrians in crosswalks. To prevent false information spreading, RSUs sign the alert messages they broadcast and all vehicles can validate the signatures. This poses strong security requirements, such as non-repudiation of alert messages, as well as strong real-time requirements, such as minimum message validation delays among vehicles approaching a crosswalk of interest. To manage the signed alert messages, we are proposing Nimble Asymmetric Cryptography (NAC), which authenticates implicit broadcast messages. NAC minimizes the usage of asymmetric ciphers, which are fundamental to assure non-repudiation but increase performance penalties and uses hash chaining for source authentication of implicit messages.

A Parser to Support the Definition of Access Control Policies and Rules Using Natural Languages.

As a consequence of the epidemiological transition towards non-communicable diseases, integrated care approaches are required, not solely focused on medical purposes, but also on a range of essential activities for the maintenance of the individuals' quality of life. In order to allow the exchange of information, these integrated approaches might be supported by digital platforms, which need to provide trustful environments and to guarantee the integrity of the information exchanged. Therefore, together with mechanisms such as authentication, logging or auditing, the definition of access control policies assumes a paramount importance. This article focuses on the development of a parser as a component of a platform to support the care of community-dwelling older adults, the SOCIAL platform, to allow the definition of access control policies and rules using natural languages.