Find a staff member

Nelson Uto B.Sc., M.Sc.

Contact image
Assistant professor
Email:
This email address is being protected from spambots. You need JavaScript enabled to view it.
Miscellaneous Information:

Nelson possesses over 20 years of experience in the field of cybersecurity and has held various roles, including consultant, researcher, and head of research and development. He has successfully executed numerous projects in the areas of applied cryptography, reverse engineering, malware analysis, penetration testing, server hardening, and PCI DSS compliance. The projects have spanned a wide range of areas, including mobile devices, web applications, smart meters, and software-defined radios. Nelson played a major role in restructuring the Security R&D team at Samsung Brazil, where he led a team of talented engineers in the creation of cutting-edge security solutions for mobile devices. These solutions have achieved global commercial availability and received two awards from Samsung headquarters.

Nelson also brings over 12 years of experience as a lecturer for undergraduate and graduate courses in Computer Sciences and Information Security, both in Brazil and Norway. He has published and presented papers at international conferences and is the sole author of the book 'Web Application Penetration Testing' (in Portuguese). Based on this work, he has provided training to select groups, including the Brazilian Armed Forces and Federal Police.

Research Interests

Nelson’s passion lies in the domains of automated vulnerability discovery, exploit development, software security, and applied cryptography. He is enthusiastic about mentoring talented students who wish to work on interesting projects within any of these areas.

Consultancy, Commercial Work, and Industrial Connections

His most significant commercial and consultancy projects:

    • Reverse engineering and cryptoanalysis of malware samples, leading to the detection of leaked credit card information. This saved credit card issuers millions of dollars, as they could cancel the compromised cards before usage by malicious actors.
    • Development of a protocol analyser for an unknown mainframe protocol, enabling the creation of a network-based fraud detection system, which required no modification of the corresponding applications.
    • Discovery of a critical vulnerability in a smart meter's authentication process, reducing the time for a brute-force attack from 4 years to 3 hours.
    • Identification of numerous bugs in a commercial cryptographic library, which helped the vendor make it compliant to the standards and obtain a national certification for their product.
    • Conducted numerous PCI DSS gap analyses as a PCI Qualified Security Assessor.

Recent Research

Cividanes, R. S., Uto., N., Nakamura, E. T., Botelho, B. A. P., Osti, A. A. (2023). Método para proteção de componentes de software em ambiente web. Brazilian Patent BR 10 2014 029255 1 B1. September 2023.

You can read more publications here.

 
     

Apply now

Top