CPS and RDNS meetup: Joel Samper & Juan Christian

Speakers: Joel Samper (LASIGE – DI/FCUL) & Juan Christian (DI/FCUL)

Date: March 8, 2023, 12h00

Where: C6.3.27

Talk 1: SAFEX: Security-enhancing framework for private media exchange

Abstract: More and more people use mobile app platforms, such as Grindr or Tinder, to make new acquaintances. This often results in exchanges of private images, especially nudes. While this opens a way to interact with new people, it raises privacy concerns regarding either adversarial apps or adversarial recipients, which could use our private images maliciously.

To tackle adversarial apps, there are solutions for encrypting images before they are accessed by the app. However, such methods are more geared towards social networks like Facebook, and they require to previously validate your contacts’ public keys out of band, somehow. We will consider alternative methods that do not require any previous authentication, as this fits better with our use case. This may include some framework similar to DRM, but end-to-end and cross-platform.

To tackle adversarial people, ephemeral media features such as self-destructing images are a widely used mitigation, but they cover only certain threats, and implementation issues have been discovered. It remains a question whether JPEG digital watermarking can embed non-eraseable information about sender and recipient identities. Also, we do not know if dating apps currently make use of remote attestation APIs (already available in both Android and iOS) to check the integrity of the recipient environment. Finally, we would like to explore the possibility of a Compliance Protocol, which could have dissuasive effects, especially if coupled with a legal framework.

Short Bio: Joel Samper (or “Sam”) is a 1st-year PhD student at LASIGE, at the University of Lisbon. He obtained a Telecommunication Engineering degree at Pompeu Fabra University, in Barcelona, after which he worked for 14 years in the private sector in Andorra, deploying computer networks, data centers and IP telephony solutions for banking, hospitality and health care sector. More recently, he obtained a MS degree in Cybersecurity at the New York University with a Fulbright scholarship. He is currently doing his doctoral program with a “la Caixa” Foundation fellowship.

Research interests: mobile and cloud security and privacy, blockchain, formal methods for software analysis, algorithms.

Talk 2: Scaling security with orchestration and automation

Abstract: Information security is a must-have for any organization willing to stay relevant and grow, it plays an important role as a business enabler, be it from a regulatory or reputation perspective. Having people, process, and technology to solve the ever-growing number of security incidents as fast as possible and with the least amount of impact is a challenge.

The use of security orchestration, automation and response (SOAR) is a way to translate the manual procedures followed by the security analysts into automated actions, making the process faster and scalable while saving on human resources budget.

In this talk, we will explore a low-cost cloud native SOAR platform, including the underlying details of its design. The performance of the platform was evaluated through real-world incidents in a production environment. The results show that the solution decreased the duration of the security tasks by an average of 99.02% while having an operating expense of less than $65/month.

Short Bio: Juan Christian is a Lead Security Enginner at OutSystems, a Portuguese unicorn and a leader in the Low-code market. He has over 6 years of experience in security engineering and operations in large companies featured on Forbes and Fortune. In 2023, he earned a Master’s degree in Information Security from the University of Lisbon. Additionally, he holds certifications from organizations such as AWS, Azure, EC-Council, Exin, etc.

Juan’s primary interests are security orchestration, automation, incident response, cloud computing, and containerization. He has extensive experience in developing and deploying cloud-native solutions to enhance the security posture of complex environments worth billions of dollars.