4 UPD research papers make it to Kaspersky Lab's regional tilt

MANILA, Philippines - Four research papers by University of the Philippines Diliman (UPD) students made it to the final 15 of the Asia Pacific, Middle East and Africa Cup of Kaspersky Lab's CyberSecurity for the Next Generation 2014.

The computer science students wrote research papers about an online security game, an Android device-based log-in system, an access control for personal health record systems and an open source-based cellular system.

The regional competition is currently being held at the University of Korea in Seoul, South Korea.

Adelen Victoria Festin, Camille Salazar and Flor Marie Carmeli Sison submitted two qualified research papers, one of which is about SecuriThief, an alternative tool to teach children online security in the form of a computer game using true-to-life simulations. 

"We believe that through gaming, children will be able to learn faster and in a more efficient way because of its fun factor and its personal approach to things," Festin said.

Their second paper introduced Communect, a low-cost, easy-to-deploy, alternative and secure open source-based (OpenBTS) communication system where mobile phone users can connect to make calls and send messages particularly in areas that do not have access to conventional mobile networks or areas with damaged telecommunication systems.

The group said Communect can be used for organization of disaster risk management activities and centralization of information dissemination.

Meanwhile, Dan Antonio Reyes, John Smith Paraggua and Ray Torres presented Binary Login using Android Device or what they call BLADE System, an easy-to-deploy solution using a two-factor authentication system.

BLADE requires the use of an Android device as a security token on top of the typical username-password security scheme for a person to successfully log-in and prevent security attacks on his online account.

The fourth paper from the Philippines is Rose Ann Sale-Zuñiga, who proposed a usable, secure and dynamic design for a task-role-based access control for Personal Health Record (PHR) systems. A PHR is a health record that a patient owns and manages.

"What it does is it limits a user's access to the system based on the task assigned to him, while tasks are based on his role. For example, a person with role of a nurse should not be able to access sensitive medical information unless he is authorized. He can only access a patient's medication list if, say, a doctor gives him the task to print it. After printing the list, the task ends and he should not be able to access it again unless another task gives him that privilege," she said.

The student are under the advisory of Dr. Susan Pancho-Festin, founder of UPD Computer Security Group, one of the research groups of the Department of Computer Science that focuses on the enhancement of the security of enterprise and mobile applications through research in cryptographic algorithms, message protocols and the latest developments in cryptographic attacks.