Cristina del Carmen Arroyo Siruela

For ordinary citizens, digital certificates are those electronic files or documents that allow them to carry out thousands of legal actions, administrative actions, and they can dispense with having to go in person to carry out these procedures. But, what is a digital certificate? A digital certificate is an electronic document signed and generated by a certification authority (CA) or certification service provider, which allows the unique identification of an entity or applicant. This is done using public key or asymmetric cryptography, in which a pair of electronic encryption keys (public and private) is used. Public key encryption, or public key cryptography, is a method of encrypting data with two different keys and making one of the keys, the public key, available for anyone to use. The private key is held only by the owner or applicant of the digital certificate. The operating mechanism of asymmetric or public key cryptography is that data encrypted with the public key can only be decrypted with the private key, and vice versa. Certification Authority (CA) and Public Key Infrastructure (PKI) A certification authority (CA) is a trusted entity responsible for providing a series of electronic certification services. One of the best known and most widely used certification authorities in Spain is the FNMT (Fabrica Nacional de Moneda y Timbre). Following the entry into force of the European regulation eIDAS 914/2018, CAs have been replaced by the div of Qualified Service Provider (QSP), although the term CA is still used, especially in the business world. These authorities are responsible for issuing, verifying the validity and revocation of electronic certificates, always guaranteeing the identity and veracity of the certificate holders' data. A public key infrastructure (PKI) is a system composed of hardware elements, software and security procedures, whose main function is the governance of encryption keys and digital certificates, making use of cryptographic and other mechanisms. The usual components of a PKI infrastructure are: Certification authority: As explained above, it is responsible for establishing user identities and creating digital certificates, an electronic document that associates identity and the set of public and private keys. Registration authority: Responsible for the initial registration and authentication of users who are subsequently issued a certificate if they meet all the requirements. Certificate server: Responsible for issuing the approved certificates with the registration authority. The generation of the public key for the user is composed with the user's data and finally digitally signed with the private key of the certification authority. Certificate repository: This component is responsible for the availability of the public keys of the registered identities. When a certificate needs to be validated, the repository is consulted, the signature and the certificate status are verified. They also have the CRL (Cerficate Revocation List), which lists those certificates that for some reason have ceased to be valid before the expiry date and have been revoked. Time Stamping Authority (TSA): This is the authority in charge of signing documents in order to prove that they existed before a certain point in time. Inside Digital Certificates X.509 is a standard used in public key infrastructures to define the digital certificate structure. In 1998, the ITU (International Telecommunication Union) introduced this standard. There are 3 versions of X.509 available. For more details on this standard, it is recommended to consult RFC 5280. Digital certificates under the X.509 standard is in ASN.1 language and encoded in most cases using DER, CRT and CER. The extensions used can be .pfx, .cer, .crt, .p12, etc. The most common parts of a digital certificate are: Version: used to identify the X.509 version. Certificate serial number: this is a unique integer number generated by the CA. Signing Algorithm Identifier: used to identify the algorithm used by the CA at the time of signing. Issuer Name: displays the name of the CA issuing a certificate. Validity: Used to display the validity of the certificate, showing when it expires. Username: Displays the name of the user to whom the certificate belongs. User's public key information: contains the user's public key and the algorithm used for the key. In higher versions, more fields appear, such as the Unique Issuer Identifier, which helps to find the CA uniquely if two or more CAs have used the same issuer name, among others. Digital certificates mainly employ asymmetric cryptography and use encryption algorithms such as RSA (Rivest, Shamir and Adleman), DSA (Digital Signature Algorithm) and ECDSA (Elliptic Curve Digital Signature Algorithm). The DSA algorithm is mainly used for actions dealing with digital signature and signature verification. The RSA and ECDSA algorithms are used for actions related to electronic signature and also for data encryption and decryption. Digital certificate types and classes There are many types and classes of digital certificates, as these are provided by the CAs, which determine which ones they provide and manage. The European regulation eIDAS 910/2014 establishes 2 types of certificates: Electronic Certificate: Document signed by a certification service provider, linked to a series of signature verification data and ratification of the signatory's identity. It follows the issuing requirements established in Law 59/2003 on electronic signatures and the eIDAS Regulation of the European Parliament. Qualified Electronic Certificate: Certificate that adds a series of additional conditions. The issuing provider must identify the applicants and seek reliability in the services it provides. This certificate complies with the requirements of the Electronic Signature Law 59/2003 in its content, in the processes for verifying the signatory's identity and in the conditions to be met by the certification service provider. Example: Electronic ID card. If we consider digital certificates according to the type of identity and data, in general terms, the following 3 types can be established: Natural Person: Associated with the identity of a natural person or citizen. They are designed to be used mainly for personal, official procedures. For legal persons: Their use is intended for all types of organisations, whether they are companies, administrations or other types of organisations, all of which have a legal identity. For entities without legal personality: They link the applicant with signature verification data and confirm their identity for use only in communications and data transmissions by electronic, computer and telematic means in the field of taxation and public administration in general. They are also classified in some cases according to the scope of application of the certificate, examples of which include: Web server certificate Source code signing certificate Company membership certificate Representative certificate Proxy certificate Company seal certificate The main purpose of web server certificates is to ensure the security of communications and transactions between the web server and visitors. This allows access to the contents of the web server that has the certificate, in a secure way (web pages or database), as long as it is well implemented. These certificates use the TLS (Transport Layer Security) protocol, which replaces the SSL (Secure Socket Layer) protocol. There are various web server certificates such as SSL/TLS, wildcard, SAN or multi-domain certificates, among others. Usefulness of digital certificates The usefulness of digital certificates is uneven, as this depends on the type of digital certificate involved and as seen above, there are many types. The main advantages offered by the use of digital certificates are: Security in communications and servers. Security in the authentication systems where they are implemented. Ease of carrying out legal or administrative actions remotely. Electronic signature capacity, for the signing of documentation. Data and information encryption capacity.

The term "engineer" comes from the Latin, ingenium, in English ingenuity. The world of engineering has long been associated with the male sex. But is ingenuity a purely masculine thing? Do women lack ingenuity? In recent years, society has begun to normalise the presence of women in engineering or STEM careers. Gradually, it seems that some established stereotypes about women and their ability to pursue engineering careers are fading or disappearing. What have been the steps to get to this point? What have been the foundations and the path to enable a woman to study engineering? Why does a woman study engineering or a technical degree? Female Engineers Have Been Around for More Than 100 Years Female presence in the field of engineering dates back to the period around the First World War (although it is probably earlier). The Women's Engineering Society (WES) launched the Women's Engineering Day initiative in the UK on June 23, 2014, on the occasion of its 95th anniversary. The aim was to commemorate the inclusion of women in the world of engineering and to give visibility to the female presence, as well as to establish objectives with a view to achieving gender equality in this field. Today it is still celebrated with the same premises and demands, as these objectives have not yet been achieved. There have been many outstanding female engineers in history, although most have not received enough recognition or value. Ada Lovelace laid the foundations for the algorithms used in computers and programming today. Edith Clarke contributed her knowledge so that today we can enjoy electricity without blackouts and Hedy Lamarr, an actress of the Second World War era, contributed to what is today GPS, Wi-Fi or Bluetooth. Women have been adding value to engineering for more than 100 years, even if they have not been properly recognised or even mentioned in school textbooks. They and many others laid the foundations and made important discoveries that led to incredible advances in the field of engineering. Breaking Moulds and Stereotypes Those female engineers, in spite of their outstanding value and knowledge, encountered many obstacles and stereotypes in their way, trying to stop them from succeeding due to their gender. Fortunately, these women and others decided that they would not stand back and that, against all that was imposed or established, they would demonstrate through their vocation and passion for engineering and their desire to discover something greater, that women can be scientists and engineers. Unfortunately, some of these stereotypes remain today. Society has a moral obligation to break them down and eradicate them through the necessary actions and initiatives, especially in undeveloped and developing countries. When Do Women Develop an Interest in Engineering or STEM Careers? Throughout childhood and youth, skills such as curiosity and a general interest in STEM-type areas and technologies are developed. Some girls may have wondered how some electronic devices work, how programmes are written, how mobile phones or telephones work, or how roads, train tracks, etc. are built. Most of them will probably spend their afternoons jumping rope or playing video games. Others will be more interested in doing chemistry experiments, in understanding how a video game or programme is developed. They will find it more interesting than the chemical result itself or the video game or programme itself. They will seek to understand how things work, to modify and improve them. It is currently reported that many girls lose interest in engineering, technology and STEM careers by the time they reach their teenage years. This loss of interest is mainly associated with cultural barriers, which grow out of insecurity about choosing degrees that are known to be difficult or more male-dominated. There are several programmes and cultural actions that aim to prevent this loss of interest and remove these fears and barriers, such as #LadyHacker, StemTalentGirl, and others. And Why Do Women Study/Not Study Engineering or Technical Degrees? Do Female Engineers Have the Same Job Opportunities as Male Engineers? Some women, either because of the stereotypes of the time or for various reasons, gave up their vocation as engineers to study "more "girlish" careers, such as law or business. In my case: "I started studying LADE because I was convinced that computer engineering was very difficult, according to some of my professors. Shortly afterwards I decided to accept my vocation, overcome my fears and after joining a group of engineers (all boys) at university with whom I shared passion and hours of study and research, I decided to reorient myself towards computer science and communications". According to a study by the OEI (Organisation of Ibero-American States for Education, Science and Culture), women represent only 13% of students in STEM or engineering degrees. Nowadays, engineering degrees are degrees with many job opportunities and are in great demand. They are considered to be difficult and highly competitive, and it is this thinking, as well as other social and cultural stigmas, that has limited women's choice of these degrees in many cases. Society must be made aware of the importance of engineering, technical careers that provide an extraordinary education and provide the necessary basis to face different professional challenges and develop in various fields. In 2019, according to Eurostat's statistical data, 41.1% of total employment in the science and engineering sector in the European Union corresponded to women. They also indicated that in Spain 49.3% corresponded to the national total of women in science and engineering. We will have to check whether this trend continues or improves once more up-to-date data become available. The biggest gaps between men and women are in working conditions, salaries and promotion to more senior engineering positions. These gaps are especially pronounced in underdeveloped or developing countries. Assembling And Advancing Along the Engineering Journey The path consists of assembling, with all the tools available today, the pieces or keys necessary to achieve a situation in which women and men have full gender parity in the field of engineering, in all aspects (access to studies, working conditions and salaries, equal conditions for promotion, equal treatment and status, etc.) It is society that must get involved in this path, in this change of paradigm that allows us to achieve equality in all areas of engineering: access to degrees, to jobs, having the same working conditions and salaries for both sexes and encouraging actions to recognise those female engineers forgotten by history, who did so much and contributed so much and who can serve as an inspiration to young women. States and society in general must be proactively involved in all actions regarding access to STEM degrees, especially for girls and teenagers, who specially suffer the greatest gender inequality. Ingenuity, curiosity, perseverance and passion are the necessary elements to dedicate oneself to a career and profession that, for those who profess it and venture into it, there are no limits, there is only technology, ingenuity, problem solving and a whole range of needs and possibilities to improve or create. Engineering science is responsible for the welfare state currently enjoyed. Advances and the breaking down of boundaries in the field of engineering have led to substantial improvements in the welfare state: in homes, transport, communications, to name but a few. Undoubtedly, the most important screw or mechanism to dedicate oneself to the world of engineering is ingenuity. Engineering provides the tools and knowledge that, together with the ingenuity of each human being, allow us to create, improve and build unimaginable things. Who is in?

There is currently a lot of confusion about the terms encryption, encoding, cryptography, hashing and obfuscation techniques. These terms are related to computer security, specifically to the confidentiality and integrity of data or information, except in the case of encryption and obfuscation. Given the high importance of data and information, which are considered key elements in information systems, it is useful to know which mechanisms are available to protect them and in which cases one or the other should be used. Cryptography, a methodology for information systems security Cryptography is part of the field of cryptology, a science that is composed of fields such as cryptanalysis and steganography. Cryptography focuses on the study of the methods used to ensure that a message or information cannot be read by an unauthorised third party, i.e., to guarantee the confidentiality of information. It is also used to prevent unauthorised access to and use of network resources, information systems, etc. Cryptography is a methodology whose objective is to provide security in information systems and telematic networks, including among many of its functions the identification of entities, authentication and access control mechanisms to resources, the confidentiality and integrity of transmitted messages and their non-repudiation. Message encryption Encryption is a process of transforming data into a format different from the original. It is done using a public method, available to anyone and in most cases using a widely used standard format. An example is the American Standard Code for Information Interchange, known as ASCII. In this standard, alphabetic characters and special characters are converted into numbers. These numbers are known as the “code”. Encryption is not used for security purposes, as it only transforms the presentation of data from one format to another, without using any key in the process, and using the same method or algorithm to encrypt and decrypt the data or information. This process was born in response to the need to transmit information over the Internet using standards that would allow the interpretation of the data or information by different environments, programmes and other elements. Examples of encryption are the use of ASCII, UNICODE, MORSE, Base64 and URLEncoding tables. Using mathematical functions; hashing The hash function is the cryptographic process by which a unique string of characters is obtained through a mathematical function. This mathematical function or hash is at the core of the algorithm, which is capable of transforming any arbitrary block of data into a character string with a fixed length. The length of the resulting string will always be the same size, regardless of the length of the input data, as long as the same hash algorithm is used. Examples of hash functions are MD5, SHA1, SHA-256, etc. In the following image you can understand how, depending on the input, and according to the hash algorithm applied (in this example SHA1), the digest or output will be in one way or another. If, for example, we were to use SHA-256, in all the above cases, the output would be of a fixed length, in any case, and independently of the length of the input, of 256 bits and 64 characters, although the digests would be totally different. To consider that a hash function is secure, it must meet these 3 properties: Collision resistance: It must be unfeasible for any two different inputs to produce the same hash as output. Pre-image resistance: Must meet the improbability or very low probability of "reversing" the hash function (finding the input from a given output). Resistance to second pre-image: Unfeasible to find a collision, i.e., the same hash cannot exist for different inputs. Hash functions can be used in multiple use cases, some examples include the following: Specific searches for information in large databases. Analysis of large files and data management. In message authentication, digital signatures and SSL/TLS certificates. Generation of new Bitcoin addresses and keys in the mining process. What is data encryption? Data encryption is the process of converting text or data in readable form into unreadable text or data, known as encrypted output. Encryption is based on the application of an algorithm using a key or master key that allows the transformation of the structure and composition of the information to be protected, in such a way that, if this information is intercepted by a third party, it cannot be interpreted or understood, i.e., it is unreadable. Photo: Maxim Zhgulev / Unsplash When data has been encrypted, only those who have the key that allows decryption will be able to carry out that action, allowing access to the data in a readable format. Therefore, this mechanism has a focus primarily on protecting confidentiality. The use of complex cryptographic keys makes such encryption more secure, making it more difficult for cyber-attacks, brute-force or otherwise, to be carried out on them. The 2 most common encryption methods are symmetric encryption and asymmetric encryption. The names refer to whether or not the same key is used for encryption and decryption: Symmetric encryption keys: Also known as single key encryption. Its main characteristic is the use of the same key for both encryption and decryption, making this process more convenient for users and closed systems. On the other hand, the key must be available to all interested parties and distributed through secure mechanisms. This increases the risk that it could be compromised if intercepted by a third party such as a cybercriminal, unless it is encrypted with an asymmetric key, which is the usual practice. This method is faster than the asymmetric method. Asymmetric encryption keys: in this type of encryption, 2 different keys (public and private) mathematically linked together are used. The keys are basically large numbers linked together, but they are not identical, hence the term “asymmetric”. The owner keeps the private key secret, while the public key is shared among authorised recipients or made available to the general public. The encryption process is therefore carried out with the public key, and the decryption process with the recipient's private key. Encryption is used in many cases, some of which include the following: Encryption of voice communications. Encryption of banking and credit card data. Database encryption. Digital signatures, for verification of the authenticity of the origin of the information. Obfuscation The purpose of obfuscation is to make something more difficult to understand, usually for the purpose of making it more difficult to attack or copy. Photo: Markus Spiske / Unsplash This mechanism is commonly used to obfuscate the source code of an application in order to make it more difficult to replicate a given product or function. This mechanism is not a strong security control, but it is a hindrance to making something more unreadable, helping to make reverse engineering more difficult. It is often reversible, like encryption, using the same technique that was used in obfuscation. Other times it is simply a manual process that takes some time. Some applications that help with this process, although it is always recommended to do it manually, are JavaScript Obfuscator, and ProGuard. Featured image: Pexels / ThisIsEngineering.

IDS (Intrusion Detection System), IPS (Intrusion Prevention System) and SIEM solutions are fundamental elements in event monitoring and cybersecurity. IDSs and IPSs are intrusion detection and prevention systems that employ a set of methods and techniques to reveal suspected malicious activity on one or more computer resources, and in the case of IPSs, take action when such potential malicious activity is detected. IDSs respond to malicious activity by generating alarms. These malicious activities are detected by signature pattern matching, although it depends in a more concrete way on the class of IDS. IPSs analyse network traffic in real time and prevent attacks by taking actions according to their configuration and technology. Unlike firewalls, IDSs and IPSs analyse data packets comprehensively, both headers and payload, looking for known events. SIEMs are hybrid solutions comprising a SIM (Security Information Management) part and a SEM (Security Event Manager) part. This technology confers the capacity to analyse in real time the security alerts (previously condivd) of what is happening in the network or systems. IDS, detecting intruders These systems aim to detect and monitor events occurring in the network. This helps to understand attacks, improve protection and estimate the impact of attacks. To detect intrusions in a system, IDSs use 3 types of information: an event history, the current system configuration and, finally, active system processes or rules. These elements perform 2 main functions: Prevention, by means of sensors or probes installed in equipment or information elements that allow network traffic to be "listened" to. Generation and notification of alarms, in the event of what it identifies as a pattern of intrusive behaviour or malicious activity on the network. There are different types and typologies, depending on several factors such as the approach, the origin of the data, the structure of the IDS itself or the behaviour of the IDS. Within the focus IDS, 3 categories are established. Anomaly detection, which uses knowledge-based techniques and statistical methods, as well as machine learning systems. Usage or signature detection, which focus on monitoring network activity and comparing usage and signatures with their own database of attack signatures. Hybrids, considered the most reliable, combine the two previous typologies, i.e., both anomaly detection and signature detection. According to the data source, the following classes are established: HIDS (Host-based Intrusion Detection Systems), based on the monitoring of data and events generated by users, in most cases via syslog, and identifying threats at host level. NIDS (Network Intrusion Detection Systems), installed on devices in promiscuous mode and dedicated to passively listening and monitoring what happens on the network, acting as a sniffer, but with the capacity to generate alarms. Hybrids, which are a combination of HIDS and NIDS, taking the best of each type. They allow local detection of malicious activity on systems, sensors on each network segment and take advantage of both architectures. On the other hand, according to the structure of the IDS, they can be centralised, with sensors that send the information to a central system or distributed. The latter are based on the installation of distributed systems using nodes that collect events and then communicate them to a central node. On the other hand, according to the structure of the IDS, they can be centralised, with sensors that send the information to a central system or distributed. The latter are based on the installation of distributed systems using nodes that collect events and then communicate them to a central node. IPS: the best defence is an attack The behaviour of IPSs is often associated with the behaviour of firewalls, but their level of complexity and completeness is higher. These elements analyse the entire contents of the packets, both header and payload, for malicious activity and when detected, proceed according to the configuration of the element, either generating an alarm, discarding packets or disconnecting connections. Its main features are: Automated reaction to incidents through real-time analysis. Application of filters as attacks in progress are detected. Automatic blocking of attacks carried out in real time. Reduction of false alarms of network attacks. Ability to detect applications and implement network security policies at the application layer. There are several classes according to the technology: HIPS (Host Intrusion Prevention System) are those aimed at protecting hosts from possible attacks via IP addresses. NIPS (Network Intrusion Prevention System) focus on monitoring the network for suspicious traffic. On the other hand, and in a more particular way, WIPS (Wireless Intrusion Prevention System) are dedicated to wireless networks, with the same functions as a NIPS, but for a wireless environment. And NBA (Network Behaviour Analysis), based on network behaviour, in order to analyse unusual traffic. Differences between IDS, IPS and Next Generation Firewalls (NGFW) IDSs and IPSs have in common that they analyse packets in their entirety, not just the headers. This is not the case for firewalls, which analyse only the packet headers. The response of a firewall is based on the application of a set of condivd rules, always depending on the source, destination addresses and ports. Firewalls can deny any traffic that does not meet specific criteria, even if it is legitimate and non-malicious traffic. On the other hand, when an IPS detects malicious activity after packet analysis, it can raise an alarm, discard packets or disconnect connections, depending on the action condivd for that event. When IDSs detect malicious activity, they generate an alarm or notification. Next generation firewalls (NGFWs) are solutions with superior capabilities to traditional firewalls. While traditional firewalls detect suspicious traffic and block access to the network according to a predefined blacklist or according to rules they have established, NGFWs include additional functions such as intrusion prevention and deep packet inspection, as well as application blocking or management. SIEMs, monitoring solutions These solutions have multiple capabilities for collecting, analysing and presenting the information they gather, mainly from security devices (firewalls, sensors, IDS, IPS, etc.) and network traffic (servers, databases, etc.). They are often the main tool used in SOCs (Security Operations Centres) for incident detection and response. The main capabilities of a SIEM are: Correlation and alerting: processing of incoming data to transform the data into information, as well as analysis after correlation, generating security alerts. Integration of sources and multiple data: Allows receiving and managing information received from sources. Dashboards: They have environments that allow the generation of dashboards with the information represented in tables and graphs. Storage and retention: Some have long-term data storage capacity, essential for forensic analysis. Scalability: They can be condivd by means of hierarchies that allow increasing or decreasing resources and elements according to the needs of the moment. The main advantages of having a SIEM in place include: Early detection of incidents, due to the fact that the analyses are carried out in real time, providing information at all times and allowing rapid action to be taken to avoid a greater impact. Forensic analysis capacity, making it possible to identify the origin of an incident, how it happened and to take actions to improve and prevent incidents. It allows the centralisation of information, in such a way that it facilitates the management of the elements integrated in the SIEM. Allows for the identification of anomalous events, operational problems or events that could trigger an incident.