@article {ishak22, title = {Learning multi-party adversarial encryption and its application to secret sharing}, journal = {IEEE Access }, year = {2022}, publisher = {IEEE}, abstract = {

Neural networks based cryptography has seen a significant growth since the introduction of adversarial cryptography which makes use of Generative Adversarial Networks (GANs) to build neural networks that can learn encryption. The encryption has been proven weak at first but many follow up works have shown that the neural networks can be made to learn the One Time Pad (OTP) and produce perfectly secure ciphertexts. To the best of our knowledge, existing works only considered communications between two or three parties. In this paper, we show how multiple neural networks in an adversarial setup can remotely synchronize and establish a perfectly secure communication in the presence of different attackers eavesdropping their communication. As an application, we show how to build Secret Sharing Scheme based on this perfectly secure multi-party communication. The results show that it takes around 45,000 training steps for 4 neural networks to synchronize and reach equilibria. When reaching equilibria, all the neural networks are able to communicate between each other and the attackers are not able to break the ciphertexts exchanged between them.

}, keywords = {Cryptography, Encryption, Generative Adversarial Networks, Kernel, Mathematical models, Neural networks, Secret Sharing, Synchronization, Training}, issn = {2169-3536}, doi = {10.1109/ACCESS.2022.3223430}, url = {https://doi.org/10.1109/ACCESS.2022.3223430}, author = {Ishak Meraouche and Sabyasachi Dutta and Sraban Kumar Mohanty and Isaac Agudo and Kouichi Sakurai} } @article {sarita2018, title = {Detection of Node Capture Attack in Wireless Sensor Networks}, journal = {IEEE Systems Journal}, volume = {13}, year = {2019}, month = {03/2019}, pages = {238 - 247}, publisher = {IEEE}, issn = {1932-8184}, author = {Sarita Agrawal and Manik Lal Das and Javier Lopez} } @inproceedings {1780, title = {A Segregated Architecture for a Trust-based Network of Internet of Things}, booktitle = {IEEE Consumer Communications \& Networking Conference 2019}, year = {2019}, month = {03/2019}, publisher = {IEEE}, organization = {IEEE}, address = {Las Vegas (USA)}, abstract = {

With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems. In this approach, the smart home is segmented into various levels, which can broadly be categorised into an inner level and external level. The external level is protected by a firewall that checks the communication from/to the Internet to/from the external devices. The internal level is protected by an additional firewall that filters the information and the communications between the external and the internal devices. This segmentation guarantees a trusted environment between the entities belonging to the internal network. In this paper, we propose an adaptive trust model that checks the behaviour of the entities and, through this model, in case the entities violate trust rules they can be put in quarantine or banned from the network.

}, keywords = {Security; Trust; Privacy; Internet of Things (IoT); Smart Home}, doi = {10.1109/CCNC.2019.8651703}, url = {https://ieeexplore.ieee.org/document/8651703}, author = {Davide Ferraris and Carmen Fernandez-Gago and Joshua Daniel and Javier Lopez} } @inproceedings {Rios2017query, title = {Query Privacy in Sensing-as-a-Service Platforms}, booktitle = {32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017)}, series = {IFIP Advances in Information and Communication Technology (AICT)}, volume = {502}, year = {2017}, month = {05/2017}, pages = {141{\textendash}154}, publisher = {Springer}, organization = {Springer}, address = {Roma, Italy}, abstract = {

The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.\ 

}, doi = {10.1007/978-3-319-58469-0_10}, author = {Ruben Rios and David Nu{\~n}ez and Javier Lopez}, editor = {Sabrina De Capitani di Vimercati and Fabio Martinelli} } @inproceedings {Ifip15, title = {A4Cloud Workshop: Accountability in the Cloud}, booktitle = {IFIP Sumer School 2015 on Privacy and Identity Management. Time for a Revolution?}, volume = {476}, year = {2016}, month = {07/2016}, pages = {61-78}, publisher = {AICT Series, Springer}, organization = {AICT Series, Springer}, address = {Edinburgh (United Kingdon)}, author = {Carmen Fernandez-Gago and Siani Pearson and Michela D{\textquoteright}Errico and Rehab Alnemr and Tobias Pulls and Anderson Santana de Oliveira} } @article {Roman2010a, title = {Advanced Secure Multimedia Services for Digital Homes}, journal = {Information Systems Frontiers}, volume = {14}, year = {2012}, month = {July 2012}, pages = {527-540}, publisher = {Springer}, abstract = {

Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.

}, keywords = {Content sharing, Digital home, Multimedia, privacy, security}, issn = {1387-3326}, doi = {10.1007/s10796-010-9258-9}, url = {http://www.springerlink.com/content/1785645v5246006u/}, author = {Rodrigo Roman and Javier Lopez and Olivier Dugeon and Marc Lacoste and Pierre Plaza Tron and Marta Bel} } @inproceedings {onieva2012, title = {Como proteger la privacidad de los usuarios en Internet. Verificaci{\'o}n an{\'o}nima de la mayor{\'\i}a de edad}, booktitle = {XII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n - RECSI 2012}, year = {2012}, month = {Sep 2012}, pages = {297-302}, publisher = {Mondragon}, organization = {Mondragon}, address = {San Sebastian (Spain)}, isbn = {978-84-615-9933-2}, author = {Jose A. Onieva and Isaac Agudo and Javier Lopez and G. Drapper-Gil and M.F. Hinarejos} } @inproceedings {422, title = {Un protocolo para la firma de contratos en escenarios multi-two-party con atomicidad}, booktitle = {XII Reuni{\'o}n Espa{\~n}ola de Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n}, year = {2012}, month = {09/2012}, pages = {357-362}, abstract = {

Los avances tecnol{\'o}gicos que est{\'a} experimentando el mundo digital (Internet, comunicaciones, etc.) est{\'a}n acercando a consumidores y proveedores. Los proveedores pueden ofrecer sus productos directamente a los consumidores finales, y {\'e}stos son capaces de acceder a los proveedores desde cualquier lugar y en cualquier momento. A la hora de adquirir productos o
servicios, esta facilidad de acceso permite a los consumidores consultar distintas ofertas de diferentes proveedores. Pero en el caso de que el consumidor quiera m{\'u}ltiples productos, como los paquetes tur{\'\i}sticos, formados por vuelos, hoteles, excursiones, etc, los consumidores carecen de herramientas que les permitan realizar la contrataci{\'o}n multi-two-party de manera at{\'o}mica. En
este art{\'\i}culo presentamos un protocolo de firma de contratos multi-two-party con atomicidad que garantiza la equitatividad de todas las partes.

}, author = {Gerard Draper-Gil and Josep L. Ferrer-Gomilla and M.F. Hinarejos and Jose A. Onieva and Javier Lopez} } @book {RomFatH11, title = {Digital Home Networking}, year = {2011}, publisher = {Wiley-ISTE}, organization = {Wiley-ISTE}, issn = {1848213212}, url = {http://as.wiley.com/WileyCDA/WileyTitle/productCd-1848213212.html}, author = {Romain Carbou and Michel Diaz and Ernesto Exposito and Rodrigo Roman} } @incollection {Alcaraz2011_ChapterBook, title = {Digital Home Networking: Standards}, booktitle = {Digital Home Networking}, number = {7130}, year = {2011}, pages = {60-96}, publisher = {John Wiley \& Sons Inc.}, organization = {John Wiley \& Sons Inc.}, address = {Reino Unido}, keywords = {Standards, ZigBee}, issn = {978-1-84821-321-0}, author = {Remi Bars and Jorge Gomez and Mohamed Mahdi and Cristina Alcaraz and Rodrigo Roman}, editor = {Romain Carbou and Ernesto Exposito and Rodrigo Roman and Michel Diaz} } @inproceedings {DNunez11, title = {Identity Management Challenges for Intercloud Applications}, booktitle = {1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011)}, volume = {187}, year = {2011}, month = {June}, pages = {198-204}, address = {Crete (Greece)}, abstract = {

Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.

}, doi = {10.1007/978-3-642-22365-5_24}, author = {David Nu{\~n}ez and Isaac Agudo and Prokopios Drogkaris and Stefanos Gritzalis} } @inproceedings {6059235, title = {OSAMI Commons: An open dynamic services platform for ambient intelligence}, booktitle = {IEEE 16th Conference on Emerging Technologies Factory Automation (ETFA 2011)}, year = {2011}, month = {Sep 2011}, pages = {1-10}, publisher = {IEEE}, organization = {IEEE}, address = {Toulouse, France}, abstract = {

Today we live in an environment surrounded with networked converging devices. Human computer interactions are becoming personalized and a new concept of a global and cross-domain platform is emerging to exploit the full potential of the network in all business areas. In this convergence process, the software platform should be able to personalize itself dynamically in devices according to the context. OSAmI-Commons, an ITEA2 project for developing an open-source common approach to such a dynamic service-based platform, allows any type of device to connect and exchange information and services. OSAMI consortium is contributing to defining the foundations of a cross-platform open-services ecosystem. The sustainability of this platform is an objective beyond the project duration.

}, isbn = {978-1-4577-0016-3}, issn = {1946-0740}, doi = {10.1109/ETFA.2011.6059235}, author = {Naci Dai and Jesus Bermejo and Felix Cuadrado Latasa and Alejandra Ruiz L{\'o}pez and Isaac Agudo and Elmar Zeeb and Jan Krueger and Oliver Dohndorf and Wolfgang Thronicke and Christoph Fiehe and Anna Litvina} } @incollection {Moyano_DHNChapter, title = {Security}, booktitle = {Digital Home Networking}, year = {2011}, pages = {139-202}, chapter = {Security}, issn = {9781848213210}, author = {Francisco Moyano and Rodrigo Roman and Anas Abou El Kalam and Marc Lacoste and Mohamed Maachaoui}, editor = {Romain Carbou and Michel Diaz and Ernesto Exposito and Rodrigo Roman} } @inproceedings {Rios2010a, title = {Implementaci{\'o}n de un esquema de localizaci{\'o}n privada y segura para interiores}, booktitle = {IX Jornadas de Ingenier{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}10)}, year = {2010}, month = {Sept.}, pages = {237 - 244}, address = {Valladolid (Spain)}, abstract = {

Las aplicaciones basadas en localizaci\ón proporcionan a los usuarios servicios personalizados dependiendo de su ubicaci\ón. Las estimaciones prev\én que estos servicios se extender\án enormemente en los pr\óximos a\ños reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilizaci\ón de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localizaci\ón que da soporte a la provisi\ón de servicios basados en localizaci\ón para entornos indoor y que se fundamenta en la tecnolog\ía de redes de sensores inal\ámbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atenci\ón a la limitaci\ón extrema de recursos caracter\ística de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del \ámbito del proyecto OSAmI.

}, isbn = {978-84-693-5398-1}, author = {Ruben Rios and Isaac Agudo and Jose L. Gonzalez}, editor = {Yannis Dimitriadis and Mar{\'\i}a Jes{\'u}s Verd{\'u} P{\'e}rez} } @article {JordiForne2009, title = {Pervasive Authentication and Authorization Infrastructures for Mobile Users}, journal = {Computer and Security}, volume = {29}, year = {2010}, pages = {501-514}, publisher = {elsevier}, abstract = {

Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.

}, issn = {0167-4048}, doi = {10.1016/j.cose.2009.09.001}, author = {Jordi Forne and Francisca Hinajeros and Andres Marin and Florina Almenarez and Javier Lopez and Jose A. Montenegro and Marc Lacoste and Daniel Diaz} } @inproceedings {1702, title = {An Asynchronous Node Replication Attack in Wireless Sensor Networks}, booktitle = {23rd International Information Security Conference (SEC 2008)}, volume = {278}, year = {2008}, pages = {125-139}, isbn = {978-0-387-09699-5}, author = {J. Zhou and T. Kanti Das and Javier Lopez} } @inproceedings {Rios2008, title = {Clasificaci{\'o}n de canales encubiertos. Un nuevo canal: Covert_DHCP}, booktitle = {X Reuni{\'o}n Espa{\~n}ola de Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (RECSI{\textquoteright}08)}, year = {2008}, month = {Sept.}, pages = {325-336}, address = {Salamanca (Spain)}, abstract = {

Los canales encubiertos son una forma de comunicaci\ón oculta que puede vulnerar la integridad de los sistemas. Desde sus inicios en sistemas de seguridad multinivel a principios de los a\ños 70 han evolucionado considerablemente, apareciendo soluciones para redes de computadores debido a la especificaci\ón de algunos protocolos. Por este motivo, se hace un estudio sobre las t\écnicas que se han utilizado para crear los canales, as\í como sobre las distintos obst\áculos que han tratado de mermar su actividad. Asimismo, se presenta una nueva clasificaci\ón que trata de albergar la mayor cantidad de canales encubiertos existentes en la actualidad. Por \último, se analiza un protocolo ampliamente extendido en la actualidad, DHCP, en busca de posibilidades de albergar informaci\ón encubierta. A partir de este an\álisis se implementan distintas versiones de un canal encubierto haciendo uso de este protocolo.

}, keywords = {Canales encubiertos, control de accesos y detecci{\'o}n de intrusos, seguridad en redes, seguridad en sistemas de informaci{\'o}n}, isbn = {978-84-691-5158-7}, author = {Ruben Rios and Jose A. Onieva}, editor = {Luis Hern{\'a}ndez Encinas and Angel Martin del Rey} } @proceedings {Onieva2008, title = {Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks}, journal = {Workshop in Information Security Theory and Practices}, volume = {5019}, year = {2008}, publisher = {Springer Verlag}, address = {Seville, Spain}, editor = {Jose A. Onieva and Sauveron D. and Chaumette S. and Gollmann D. and Markantonakis K.} } @incollection {Najera2007, title = {RFID: Technological Issues and Privacy Concerns}, booktitle = {Digital Privacy: Theory, Technologies, and Practices}, year = {2007}, month = {December}, pages = {285-306}, publisher = {Auerbach Publications}, organization = {Auerbach Publications}, isbn = {1420052179}, author = {Pablo Najera and Javier Lopez}, editor = {A. Acquisti and Stefanos Gritzalis and C. Lambrinoudakis and Sabrina De Capitani di Vimercati} } @article {Dix07, title = {Temporal Logics of Knowledge and their Applications in Security}, journal = {First Workshop in Information and Computer Security (ICS{\textquoteright}06)}, volume = {186}, year = {2007}, pages = {27-42}, publisher = {Elsevier}, address = {Timisoara, Romania}, abstract = {

\ Temporal logics of knowledge are useful for reasoning about situations where the knowledge of an agent or component is important, and where change in this knowledge may occur over time. Here we investigate the application of temporal logics of knowledge to the specification and verification of security protocols. We show how typical assumptions relating to authentication protocols can be specified. We consider verification methods for these logics, in particular, focusing on proofs using clausal resolution. Finally we present experiences from using a resolution based theorem prover applied to security protocols specified in temporal logics of knowledge.

}, keywords = {security, temporal resolution}, issn = {1571-0661}, doi = {"DOI: 10.1016/j.entcs.2006.11.043"}, author = {Clare Dixon and Carmen Fernandez-Gago and Michale Fisher and Wiebe van der Hoek} } @inproceedings {IsaacAgudo2005a, title = {Delegation Perspective of Practical Authorization Schemes}, booktitle = {Fifth International Network Conference (INC{\textquoteright}05)}, year = {2005}, pages = {157-164}, address = {Samos Island, Greece}, isbn = {960-7475-32-1}, author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro and Eiji Okamoto and Ed Dawson} } @article {Fernandez2005, title = {First-Order Temporal Verification in Practice}, journal = {Journal of Automated Reasoning}, volume = {34}, year = {2005}, pages = {295-321}, publisher = {Springer}, abstract = {

First-order temporal logic, the extension of first-order logic with operators dealing with time, is a powerful and expressive formalism with many potential applications. This expressive logic can be viewed as a framework in which to investigate problems specified in other logics. The monodic fragment of first-order temporal logic is a useful fragment that possesses good computational properties such as completeness and sometimes even decidability. Temporal logics of knowledge are useful for dealing with situations where the knowledge of agents in a system is involved. In this paper we present a translation from temporal logics of knowledge into the monodic fragment of first-order temporal logic. We can then use a theorem prover for monodic first-order temporal logic to prove properties of the translated formulas. This allows problems specified in temporal logics of knowledge to be verified automatically without needing a specialized theorem prover for temporal logics of knowledge. We present the translation, its correctness, and examples of its use.

}, issn = {0168-7433}, doi = {dx.doi.org/10.1007/s10817-005-7354-1}, author = {Carmen Fernandez-Gago and Ullrich Hustadt and Clare Dixon and Michale Fisher and Boris Konev} } @article {Winfield2005, title = {On the Formal Specification of Emergent Behaviours of Swarm Robotics Systems}, journal = {International Journal of Advanced Robotics Systems}, volume = {2}, year = {2005}, pages = {363-371}, publisher = {SAGE Publishing}, abstract = {

It is a characteristic of swarm robotics that specifying overall emergent swarm behaviours in terms of the low-level behaviours of individual robots is very difficult. Yet if swarm robotics is to make the transition from the laboratory to real-world engineering realisation we need such specifications. This paper explores the use of temporal logic to formally specify, and possibly also prove, the emergent behaviours of a robotic swarm. The paper makes use of a simplified wireless connected swarm as a case study with which to illustrate the approach. Such a formal approach could be an important step toward a disciplined design methodology for swarm robotics.

}, keywords = {Swarm Robotics, temporal resolution}, issn = {1729-8806}, doi = {dx.doi.org/10.5772/5769}, author = {Alan Winfield and Jin Sa and Carmen Fernandez-Gago and Clare Dixon and Michale Fisher} } @proceedings {1613, title = {Information Security, 8th International Conference, ISC 2005, Singapore, September 20-23, 2005, Proceedings}, journal = {ISC}, volume = {3650}, year = {2005}, publisher = {Springer}, isbn = {3-540-29001-X}, editor = {Jianying Zhou and Javier Lopez and Robert H. Deng and Feng Bao} } @inproceedings {1716, title = {A Novel Method To Maintain Privacy in Mobile Agent Applications}, booktitle = {Fourth International Conference on Cryptology and Network Security (CANS{\textasciiacute}05)}, series = {LNCS}, volume = {3810}, year = {2005}, pages = {247-260}, publisher = {Springer}, organization = {Springer}, isbn = {978-3-540-30849-2}, author = {K. Peng and Ed Dawson and J Gonzalez-Nieto and Eiji Okamoto and J. Lopez} } @article {javierlopez2005c, title = {Specification and Design of Advanced Authentication and Authorization Services}, journal = {Computer Standards \& Interfaces}, volume = {27}, number = {5}, year = {2005}, month = {Jun 2005}, pages = {467-478}, publisher = {Elsevier}, abstract = {

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.

}, issn = {0920-5489}, doi = {10.1016/j.csi.2005.01.005}, author = {Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson} } @inproceedings {Dix04, title = {Using Temporal Logics of Knowledge in the Formal Verification of Security Protocols}, booktitle = {11th International Symposium on Temporal Representation and Reasoning (TIME{\textquoteright}04)}, year = {2004}, pages = {148-151}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Tatihou, Normandie, France}, abstract = {

Temporal logics of knowledge are useful for reasoning about situations where the knowledge of an agent or component is important, and where change in this knowledge may occur over time. Here we use temporal logics of knowledge to reason about security protocols. We show how to specify part of the Needham-Schroeder protocol using temporal logics of knowledge and prove various properties using a clausal resolution calculus for this logic.

}, keywords = {security protocols, temporal resolution, verification}, issn = {1530-1311}, doi = {http://doi.ieeecomputersociety.org/10.1109/TIME.2004.1314432}, author = {Clare Dixon and Carmen Fernandez-Gago and Michale Fisher and Wiebe van der Hoek} } @inproceedings {EdDawson2003, title = {BAAI: Biometric Authentication and Authorization Infrastructure}, booktitle = {IEEE International Conference on Information Technology (ITRE{\textquoteright}03)}, year = {2003}, pages = {274-278}, publisher = {IEEE}, organization = {IEEE}, abstract = {The combined use of authorization and authentication infrastructures has led to AAIs (authorization and authentication infrastructures). These new infrastructures supply identification and authorization services to a distributed environment There are many possibilities of linkages to get AAIs; one of them is to include the PMI (privilege management infrastructure) as authorization infrastructure and an authentication infrastructure that can be a PKI (public key infrastructure) or kerberos. This symbiosis gives service to applications and servers. However, in physical environments where the physical presence of an individual is required, it is necessary to use biometric systems. This paper describes the development of a solution that combines the relationship between the biometric based systems and the PMIs to finally obtain the biometric AAI.}, isbn = {0780377249}, doi = {10.1109/ITRE.2003.1270620} month={august}, author = {Ed Dawson and Javier Lopez and Jose A. Montenegro and Eiji Okamoto} } @inproceedings {EijiOkamoto2003, title = {Certificate Retrieval and Validation in Online Systems}, booktitle = {Symposium on Cryptography and Information Security (SCIS{\textquoteright}03)}, year = {2003}, month = {January}, pages = {25-30}, address = {Hamamatsu, Japan}, abstract = {

In order to more effectively deal with certificate management issues in PKIs, there is growing interest in supplementing offline X.509 PKI models with online services. An analysis of the security requirements of online models will be presented. Proposed online and delegated processing models will be evaluated in relation to these requirements.

}, author = {Eiji Okamoto and Javier Lopez and Ed Dawson and Juan M. Gonzalez-Nieto and Selwyn Russell and Jason Smith} } @article {SelwynRusell2003, title = {Virtual Certificates and Synthetic Certificates: New Paradigms for Improving Public Key Validation}, journal = {Computer Communications}, volume = {26}, number = {16}, year = {2003}, pages = {1826-1838}, publisher = {Elsevier}, abstract = {

The certificate paradigm is applied recursively to obtain the public keys of a number of Certification Authorities and, accordingly, to obtain the public keys of a number of final entities. Thus, validation of the authorized public key of a party in a network transaction is commonly based on processing the certificate chain descended from a trusted root issuer, involving non-negligible time and cost. Those chains become long in communications between large organizations, which is the typical case of e-commerce and e-government applications. The process of validation of extensive chains introduces performance problems in two aspects: signature verification and revocation checking. That is, the repeated processing of long chains of certificates creates severe efficiency problems. This fact causes that most of the advantages provided by Public Key Infrastructures (PKIs) are not conveniently exploited. In this paper we analyze the scenarios in which large volumes of digitally signed transactions between commercial entities exist. These cases require of interoperation among PKIs. We show that solutions available in those scenarios still involve processing of too long chains of certificates, either at the receiving computer or by an outsourced entity. For this reason, we propose new concepts of virtual certificate and synthetic certificate for faster and less costly processing of certificate chains. In this way, communications in a certificate-based intercommunity can be highly improved. We also show how these types of certificates can be applied in practice.

}, issn = {0140-3664}, author = {Selwyn Rusell and Ed Dawson and Eiji Okamoto and Javier Lopez} } @inproceedings {Fernandez02, title = {Algorithms for Guiding Clausal Temporal Resolution}, booktitle = {25th Conference on Artificial Intelligence (KI{\textquoteright}02)}, series = {LNAI}, volume = {2479}, year = {2002}, month = {September}, pages = {235-249}, publisher = {Springer}, organization = {Springer}, address = {Aachen, Germany}, abstract = {

Clausal temporal resolution is characterised by a translation of the formulae whose satisfiability is to be established to a normal form, step resolution (similar to classical resolution) on formulae occurring at the same states and temporal resolution between formulae describing properties over a longer period. The most complex part of the method occurs in searching for candidates for the temporal resolution operation, something that may need to be carried out several times. In this paper we consider a new technique for finding the candidates for the temporal resolution operation. Although related to the previously developed external search procedure, this new approach not only allows the temporal resolution operation to be carried out at any moment, but also simplifies any subsequent search required for similar temporal formulae. Finally, in contrast with previous approaches, this search can be seen as an inherent part of the resolution process, rather than an external procedure that is only called in certain situations.} year = {2002

}, keywords = {Temporal logic, temporal resolution}, author = {Carmen Fernandez-Gago and Michale Fisher and Clare Dixon} } @inproceedings {JavierLopez2002c, title = {Design of a VPN Software Solution Integrating TCP and UDP Services}, booktitle = {International Conference on Infrastructure Security (InfraSec{\textquoteright}02)}, series = {LNCS}, volume = {2437}, year = {2002}, month = {October}, pages = {325-337}, publisher = {Springer-Verlag}, organization = {Springer-Verlag}, address = {Bristol, U.K.}, abstract = {

The main aims of Virtual Private Network (VPN) are to isolate a distributed network from outsiders, as well as to protect the confidentiality and integrity of sensitive information traversing a non-trusted network such as the Internet. However, some problems arise when security is considered as the unique problem because VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange with non-VPN users, and to access Web and FTP servers external to the organization. This paper presents a new solution that allows the open use of traditional network services running over TCP and UDP layers, while maintaining strong security features. The new scheme works at the TCP/IP transport layer and does not require the addition of new hardware because it is a totally software solution. As a consequence, the application is totally portable. Moreover, and because of its implementation at the transport layer, there is no need to modify any traditional communication applications previously installed in the network system.

}, author = {Javier Lopez and Jose A. Montenegro and Rodrigo Roman and Jorge Davila} } @inproceedings {SelwynRussell2002, title = {Improving Performance in Global PKI using Virtual Certificates and Synthetic Certificates}, booktitle = {Symposium on Cryptography and Information Security (SCIS{\textquoteright}02)}, year = {2002}, month = {January}, pages = {1149-1154}, abstract = {

A digital certificate may be used to inform the world of the public key of its owner. To guard against impersonations and fraud, the receiver needs to perform a series of checks. When a hierarchy of certificates is involved, and when there are large volumes of messages between two parties, as is frequent in commerce, the repeated validation of the same chain of certificates consume significant resources. This paper presents new concepts of virtual certificate and synthetic certificate which can be used to speed up repetitive processing of a chain with improved efficiency.

}, author = {Selwyn Russell and Eiji Okamoto and Ed Dawson and Javier Lopez} } @inproceedings {EdDawson2002, title = {A New Design of Privilege Management Infrastructure (PMIs) for Organizations Using Outsourced PKI}, booktitle = {5th International Conference on Information Security (ISC{\textquoteright}02)}, series = {LNCS}, volume = {2433}, year = {2002}, month = {September}, pages = {136-149}, publisher = {Springer-Verlag}, organization = {Springer-Verlag}, abstract = {Authentication services provided by Public Key Infrastructures (PKI) do not satisfy the needs of many e-commerce applications. These applications require additional use of authorization services in order for users to prove what they are allowed to do. Attribute certificates have changed the way in which the authorization problem has been considered until now, and Privilege Management Infrastructures (PMI) provide the necessary support for a wide use of those certificates. Although both types of infrastructures, PKIs and PMIs, keep some kind of relation, they can operate autonomously. This fact is specially interesting for companies who have taken or will take the decision to outsource PKI services. However, outsourcing PMI services is not a good option for many companies because sometimes information contained in attribute certificates is confidential. Therefore attribute certificates must be managed very carefully and, preferably, only inside the company. In this paper we present a new design of PMI that is specially suited for those companies that outsource PKI services but still need to manage the PMI internally. The scheme provides additional advantages that satisfy the needs of intra-company attribute certification, and eliminates some of the problems associated with the revocation procedures.}, isbn = {3540442707}, doi = {10.1007/3-540-45811-5_10}, author = {Ed Dawson and Javier Lopez and Jose A. Montenegro and Eiji Okamoto} } @inproceedings {1736, title = {Online Public Key Infrastructure}, booktitle = {VII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (VII RECSI)}, year = {2002}, month = {Sep 2002}, pages = {123-135}, address = {Oviedo (Spain)}, isbn = {84-699-8930-8}, author = {W. Caelli and K. Chen and E. Dawson and M. Henricksen and Javier Lopez and E. Okamoto and S. Russell and J. Smith} } @inproceedings {Fernandez01, title = {An Algorithm for Guiding Clausal Temporal Resolution}, booktitle = {4th International Workshop on Strategies in Automated Deduction (STRATEGIES{\textquoteright}01)}, year = {2001}, month = {June}, address = {Siena, Italy}, abstract = {

The clausal resolution method developed for discrete temporal log- ics involves translation to a normal form, classical resolution on formulae within states (termed step resolution) and temporal resolution between states. Step res- olution may generate an unnecessarily large set of clauses. In addition, the most expensive part of the method is the application of the temporal resolution oper- ation. In this paper we develop an algorithm to guide the search for the set of clauses needed for the application of temporal resolution. The algorithm is based on the outputs of a refined temporal resolution rule which allows us to generate temporal resolvents earlier within the process. In particular, this can also help us to avoid unnecessary step resolution and focus search for the most relevant clauses.

}, author = {Carmen Fernandez-Gago and Michale Fisher and Clare Dixon} } @inproceedings {1720, title = {A First Approach to Latin Electronic Notary Public Services}, booktitle = {IFIP Conference on Security \& Control of IT in Security}, year = {2001}, pages = {49-60}, author = {Jorge Davila and Javier Lopez and Rene Peralta and Jose maria troya} } @inproceedings {JorgeDavila2001, title = {Introducci{\'o}n de Aplicaciones UDP en Redes Privadas Virtuales}, booktitle = {III Jornadas de Ingenier{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}01)}, year = {2001}, month = {Septiembre}, pages = {397-404}, address = {Barcelona (Spain)}, abstract = {

Virtual Private Network (VPN) solutions mainly focus on security aspects. However, when security is considered the unique problem, some collateral ones arise. VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange and audio/video conference with non-VPN users, and to access Web and Ftp servers external to the organization. In this paper we present a new solution, located at the TCP/IP transport layer and oriented to UDP applications that, while maintaining strong security features, allows the open use of traditional network services. The solution does not require the addition of new hardware because it is an exclusively software solution. As a consequence, the application is totally portable.

}, author = {Jorge Davila and Javier Lopez and Rodrigo Roman} } @article {1712, title = {Sistemas Electr{\'o}nicos de Micropago}, journal = {Revista de Contrataci{\'o}n Electr{\'o}nica}, volume = {22}, year = {2001}, pages = {3-22}, issn = {1576-2033}, author = {Jorge Davila and Javier Lopez} } @inproceedings {1721, title = {Development of Secure Internet Applications for Governmental Environments}, booktitle = {IEEE International Workshop on Electronic Government (in DEXA{\textquoteright}00)}, year = {2000}, pages = {362-365}, publisher = {IEEE Press}, organization = {IEEE Press}, isbn = {0-7695-0680-1}, author = {Jorge Davila and Javier Lopez and Antonio Mana and Juan J. Ortega and Jose maria troya} } @article {1714, title = {Dise{\~n}o de Protocolos de No-Repudio}, journal = {Revista SIC: Seguridad en Inform{\'a}tica y Comunicaciones}, volume = {38}, year = {2000}, pages = {1-5}, issn = {1136-0623}, author = {Jorge Davila and Javier Lopez and Felipe Rosello} } @inproceedings {1722, title = {Internet Secure Communications Between Citizens and Public Administrations}, booktitle = {IFIP Conference on Advances in Electronic Government}, year = {2000}, pages = {109-120}, author = {Jorge Davila and Lidia Fuentes and Javier Lopez and Jose maria troya and Antonio Vallecillo} } @inproceedings {1737, title = {Una Soluci{\'o}n Flexible para Redes Privadas Virtuales}, booktitle = {VI Reuni{\'o}n Espa{\~n}ola de Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (VI RECSI)}, year = {2000}, month = {Sep 2000}, pages = {329-340}, address = {La Laguna}, isbn = {978-84789743-1-3}, author = {J. Davila and Javier Lopez and R. Peralta} }