A Secure Approach Out-of-Band for e-Bank with Visual Two-Factor Authorization Protocol Laerte Peotta de Melo, Dino Macedo Amaral, Robson de Oliveira Albuquerque, Rafael Timóteo de Sousa Júnior, Ana Lucila Sandoval Orozco, et al. Cryptography, 2024 The article presents an innovative approach for secure authentication in internet banking transactions, utilizing an Out-of-Band visual two-factor authorization protocol. With the increasing rise of cyber attacks and fraud, new security models are needed that ensure the integrity, authenticity, and confidentiality of financial transactions. The identified gap lies in the inability of traditional authentication methods, such as TANs and tokens, to provide security in untrusted terminals. The proposed solution is the Dynamic Authorization Protocol (DAP), which uses mobile devices to validate transactions through visual codes, such as QR codes. Each transaction is assigned a unique associated code, and the challenge must be responded to within 120 s. The customer initiates the transaction on a computer and independently validates it on their mobile device using an out-of-band channel to prevent attacks such as phishing and man-in-the-middle. The methodology involves implementing a prototype in Java ME for Android devices and a Java application server, creating a practical, low-computational-cost system, accessible for use across different operating systems and devices. The protocol was tested in real-world scenarios, focusing on ensuring transaction integrity and authenticity. The results show a successful implementation at Banco do Brasil, with 3.6 million active users, demonstrating the efficiency of the model over 12 years of use without significant vulnerabilities. The DAP protocol provides a robust and effective solution for securing banking transactions and can be extended to other authentication environments, such as payment terminals and point of sale devices.
Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security model Bruno Carneiro da Rocha, Laerte Peotta de Melo, Rafael Timoteo de Sousa 2021 Workshop on Communication Networks and Power Systems Wcnps 2021, 2021 Many organizations are being targeted by different types of attacks. One of the most dangerous attacks is called Advanced Persitent Threats (APT) as it is silent and focused on espionage and information theft, unlike a denial of service (DoS) attack. The proposed solution addresses the implementation of a security model based on zero trust in order to prevent APT attacks on LAN networks. The proposal is to use the concepts of micro-segmentation and Next-Generation Firewalls (NGFWs). Many IoT devices are present in most networks and most of them have several vulnerabilities that can facilitate the theft of information and compromise the local network.
A study on APT in IoT networks Bruno Rocha, Laerte Melo, Rafael Sousa Jr. Proceedings of the 18th International Conference on E Business ICE B 2021, 2021 : Many companies are being targeted by attacks called Advanced Persistent Threats (APT). These are difficult to be detected because espionage and important information stealing are the main tecniques instead of trying to crash the system by causing a denial of service (DoS) attack, for example. With the popularization of the Internet of Things (IoT) and knowing that these devices do not always have a high level of security, this type of attack can be more efficient and further compromise the security of associations. A study containing the main attacks and a proposed defense model will be presented in this work.
Risk Assessment and Real Time Vulnerability Identification in IT Environments Laerte Peotta de Melo, Paulo Roberto Lira Gondim Crisis Management Concepts Methodologies Tools and Applications, 2013 Contrary to static models of risk analysis, the authors propose a pro-active framework for identifying vulnerabilities and assessing risk in real-time. Instead of searching for vulnerabilities from an external point of view, where the information is obtained by simply exploring a digital asset (computational system composed of hardware and software), the authors propose that software agents (sensors) capable of providing application, configuration and location information be incorporated into assets. Any observed changes, such as physical location, software update or installation, hardware modifications, changes in security policy and others, will be immediately reported by the agent, in a pro-active manner, to a central repository. It is possible to assess risk in a certain environment comparing databases of rules and known vulnerabilities with information about each asset, collected by the sensors and stored in the central repository.
Risk assessment and real time vulnerability identification in IT environments Laerte Peotta de Melo, Paulo Roberto de Lira Gondim Information Assurance and Security Technologies for Risk Assessment and Threat Management Advances, 2011 Contrary to static models of risk analysis, the authors propose a pro-active framework for identifying vulnerabilities and assessing risk in real-time. Instead of searching for vulnerabilities from an external point of view, where the information is obtained by simply exploring a digital asset (computational system composed of hardware and software), the authors propose that software agents (sensors) capable of providing application, configuration and location information be incorporated into assets. Any observed changes, such as physical location, software update or installation, hardware modifications, changes in security policy and others, will be immediately reported by the agent, in a pro-active manner, to a central repository. It is possible to assess risk in a certain environment comparing databases of rules and known vulnerabilities with information about each asset, collected by the sensors and stored in the central repository.
Acquisition of digital evidence in Android smartphones Proceedings of the 9th Australian Digital Forensics Conference, 2011
RECENT SCHOLAR PUBLICATIONS
A Systematic Review of Prompt Injection Attacks on Large Language Models: Trends, Taxonomy, Evaluation, Defenses and Opportunities JD Duarte, GD Cândido, JRA De Britto Filho, JS Neto, EJ Costa, ... IEEE Access , 2026 2026 Citations: 5
A Comprehensive Review of Techniques, Methods, Processes, Frameworks, and Tools for Privacy Requirements SL Spósito, JFG Targino, GRS Silva, L Peotta, D de Paula Porto, ... Journal of Internet Services and Applications 16 (1), 508-529 , 2025 2025 Citations: 4
Machine learning for Early Detection of Phishing URLs in Parked Domains: An Approach applied to a financial institution JD Duarte, P Chagas, EJ Costa, LP De Melo, RR Nunes, CG Soares, ... Ieee Access , 2025 2025 Citations: 8
International perspectives on critical infrastructure: Evaluation criteria and definitions EG da Silva, MAC Georg, LAR Júnior, LR Ferreira, LP de Melo, RR Nunes International Journal of Critical Infrastructure Protection 49, 100761 , 2025 2025 Citations: 3
Internal Audit Strategies for Assessing Cybersecurity Controls in the Brazilian Financial Institutions LVA Ferreira, CAM Alves, L Peotta de Melo, RR Nunes Applied Sciences 15 (10), 5715 , 2025 2025 Citations: 17
A secure approach out-of-band for e-bank with visual two-factor authorization protocol LP de Melo, D Macedo Amaral, R de Oliveira Albuquerque, ... Cryptography 8 (4), 51 , 2024 2024 Citations: 3
Ransomware 360°: Abordagens Multidisciplinares da Extorsão Criptoviral G Gueiros, E Wendt Editora Mizuno , 2024 2024
A Review of the Intersection Techniques on Humint and Osint A Macedo, L Peotta, F Deus International Journal on Cybernetics & Informatics (IJCI) 12 (1), 53-63 , 2023 2023 Citations: 5
A Study on APT in IoT Networks. BC da Rocha, LP de Melo, RT de Sousa Jr ICE-B, 160-164 , 2021 2021 Citations: 8
Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security model BC da Rocha, LP de Melo, RT de Sousa 2021 Workshop on Communication Networks and Power Systems (WCNPS), 1-6 , 2021 2021 Citations: 24
Verification of the Dynamic Authorization Protocol FR de Oliveira Master’s Thesis , 2019 2019 Citations: 1
XVII SIMPÓSIO BRASILEIRO EM SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS SBSEG 2017: MINICURSOS RC NUNES, ED CANEDO, RTDES JUNIOR Sociedade Brasileira de Computação , 2017 2017
GONZALES, Selma Lúcia de Moura. DE MELO, Laerte Peotta (Orgs) GF GHELLER Amazônia e Atlântico sul: desafio e perspectivas para defesa no Brasil. Brasília , 2015 2015 Citations: 2
MELO, Laerte Peotta de GF GHELLER, SLM GONZALES AMAZON AND SOUTH ATLANTIC: CHALLENGES AND PERSPECTIVES FOR DEFENSE IN BRAZIL … , 2015 2015 Citations: 2
Amazônia e Atlântico Sul: desafios e perspectivas para a defesa no Brasil GFO Gheller, SLMO Gonzales, LPO Melo 2015 Citations: 23
Análise de artefatos maliciosos em ambiente acadêmico AS Ribeiro, WF Albuquerque 2014
Risk Assessment and Real Time Vulnerability Identification in IT Environments LP de Melo, PRL Gondim Crisis Management: Concepts, Methodologies, Tools, and Applications, 1592-1616 , 2014 2014 Citations: 1
DAP (Dynamic Authorization Protocol): uma abordagem segura out-of-band para e-bank com um segundo fator de autenticação visual. LP de Melo University of Brasília, Brazil , 2012 2012 Citations: 1
Minicursos do XI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais AC Faleiros, CG Ralha, LP de Melo, DM Amaral, F Sakakibara, ... Sociedade Brasileira de Computação , 2011 2011
A formal classification of internet banking attacks and vulnerabilities L Peotta, MD Holtz, BM David, FG Deus, RT de Sousa International Journal of Computer Science & Information Technology 3 (1 … , 2011 2011 Citations: 93
MOST CITED SCHOLAR PUBLICATIONS
A formal classification of internet banking attacks and vulnerabilities L Peotta, MD Holtz, BM David, FG Deus, RT de Sousa International Journal of Computer Science & Information Technology 3 (1 … , 2011 2011.0 Citations: 93
Acquisition of digital evidence in android smartphones AML Simao, FC Sicoli, LP de Melo, FE de Deus, RT de Sousa Junior 9th australian digital forensics conference 116 , 2011 2011.0 Citations: 62
Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security model BC da Rocha, LP de Melo, RT de Sousa 2021 Workshop on Communication Networks and Power Systems (WCNPS), 1-6 , 2021 2021.0 Citations: 24
Amazônia e Atlântico Sul: desafios e perspectivas para a defesa no Brasil GFO Gheller, SLMO Gonzales, LPO Melo 2015.0 Citations: 23
Internal Audit Strategies for Assessing Cybersecurity Controls in the Brazilian Financial Institutions LVA Ferreira, CAM Alves, L Peotta de Melo, RR Nunes Applied Sciences 15 (10), 5715 , 2025 2025.0 Citations: 17
Análise de malware: Investigação de códigos maliciosos através de uma abordagem prática LP de Melo, DM Amaral, F Sakakibara, AR de Almeida, RT de Sousa Jr, ... SBSeg 11, 9-52 , 2011 2011.0 Citations: 13
Machine learning for Early Detection of Phishing URLs in Parked Domains: An Approach applied to a financial institution JD Duarte, P Chagas, EJ Costa, LP De Melo, RR Nunes, CG Soares, ... Ieee Access , 2025 2025.0 Citations: 8
A Study on APT in IoT Networks. BC da Rocha, LP de Melo, RT de Sousa Jr ICE-B, 160-164 , 2021 2021.0 Citations: 8
A Systematic Review of Prompt Injection Attacks on Large Language Models: Trends, Taxonomy, Evaluation, Defenses and Opportunities JD Duarte, GD Cândido, JRA De Britto Filho, JS Neto, EJ Costa, ... IEEE Access , 2026 2026.0 Citations: 5
A Review of the Intersection Techniques on Humint and Osint A Macedo, L Peotta, F Deus International Journal on Cybernetics & Informatics (IJCI) 12 (1), 53-63 , 2023 2023.0 Citations: 5
A Context-Dependent Trust Model for the MAC Layer in LR-WPANs BM David, B Santana, L Peotta, MD Holtz, RT Sousa Jr International Journal on Computer Science and Engineering 2 (9), 3007-3016 , 2010 2010.0 Citations: 5
A Comprehensive Review of Techniques, Methods, Processes, Frameworks, and Tools for Privacy Requirements SL Spósito, JFG Targino, GRS Silva, L Peotta, D de Paula Porto, ... Journal of Internet Services and Applications 16 (1), 508-529 , 2025 2025.0 Citations: 4
Um Modelo para as normas sobre certificação digital no Brasil V Bertol, RT de Sousa Jr, LP de Melo VI Conferência Internacional de Perícias em Crimes Cibernéticos. Natal, Brasil , 2009 2009.0 Citations: 4
International perspectives on critical infrastructure: Evaluation criteria and definitions EG da Silva, MAC Georg, LAR Júnior, LR Ferreira, LP de Melo, RR Nunes International Journal of Critical Infrastructure Protection 49, 100761 , 2025 2025.0 Citations: 3
A secure approach out-of-band for e-bank with visual two-factor authorization protocol LP de Melo, D Macedo Amaral, R de Oliveira Albuquerque, ... Cryptography 8 (4), 51 , 2024 2024.0 Citations: 3
A framework for risk assessment of information technology in the corporate environment L Peotta, P Gondim FORENSIC COMPUTER SCIENCE IJoFCS, 75 , 2007 2007.0 Citations: 3
GONZALES, Selma Lúcia de Moura. DE MELO, Laerte Peotta (Orgs) GF GHELLER Amazônia e Atlântico sul: desafio e perspectivas para defesa no Brasil. Brasília , 2015 2015.0 Citations: 2
MELO, Laerte Peotta de GF GHELLER, SLM GONZALES AMAZON AND SOUTH ATLANTIC: CHALLENGES AND PERSPECTIVES FOR DEFENSE IN BRAZIL … , 2015 2015.0 Citations: 2
Social Networks: Security and Privacy LP de Melo, ED Canedo, R de Oliveira Albuquerque, RT de Sousa Júnior 2011.0 Citations: 2
DEUS a Rafael TIMOTEO DE SOUSA L PEOTTA, MD HOLTZ, BM DAVID, G Flavio A Formal Classification of Internet Banking Attacks and Vulnerabilities , 0 Citations: 2
