@article {morales2023psi, title = {Private set intersection: A systematic literature review}, journal = {Computer Science Review}, volume = {49}, number = {100567}, year = {2023}, month = {05/2023}, publisher = {Elsevier}, type = {Review}, address = {ScienceDirect}, abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.}, keywords = {privacy, Private set intersection, Secure Multiparty computation, security}, issn = {1574-0137}, doi = {https://doi.org/10.1016/j.cosrev.2023.100567}, url = {https://www.sciencedirect.com/science/article/pii/S1574013723000345}, author = {Daniel Morales and Isaac Agudo and Javier Lopez} } @article {MUNOZ2023103180, title = {A survey on the (in)security of Trusted Execution Environments}, journal = {Computers \& Security}, year = {2023}, pages = {103-180}, publisher = {Elsevier}, address = {In Press}, abstract = {
As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.
}, keywords = {Computer security, Hardware attacks, Secure hardware, Side-channel attacks, Software attacks, Trusted Execution Environments}, issn = {0167-4048}, doi = {https://doi.org/10.1016/j.cose.2023.103180}, url = {https://www.sciencedirect.com/science/article/pii/S0167404823000901}, author = {Mu{\~n}oz, Antonio and Ruben Rios and Rodrigo Roman and Javier Lopez} } @article {ishak22, title = {Learning multi-party adversarial encryption and its application to secret sharing}, journal = {IEEE Access }, year = {2022}, publisher = {IEEE}, abstract = {Neural networks based cryptography has seen a significant growth since the introduction of adversarial cryptography which makes use of Generative Adversarial Networks (GANs) to build neural networks that can learn encryption. The encryption has been proven weak at first but many follow up works have shown that the neural networks can be made to learn the One Time Pad (OTP) and produce perfectly secure ciphertexts. To the best of our knowledge, existing works only considered communications between two or three parties. In this paper, we show how multiple neural networks in an adversarial setup can remotely synchronize and establish a perfectly secure communication in the presence of different attackers eavesdropping their communication. As an application, we show how to build Secret Sharing Scheme based on this perfectly secure multi-party communication. The results show that it takes around 45,000 training steps for 4 neural networks to synchronize and reach equilibria. When reaching equilibria, all the neural networks are able to communicate between each other and the attackers are not able to break the ciphertexts exchanged between them.
}, keywords = {Cryptography, Encryption, Generative Adversarial Networks, Kernel, Mathematical models, Neural networks, Secret Sharing, Synchronization, Training}, issn = {2169-3536}, doi = {10.1109/ACCESS.2022.3223430}, url = {https://doi.org/10.1109/ACCESS.2022.3223430}, author = {Ishak Meraouche and Sabyasachi Dutta and Sraban Kumar Mohanty and Isaac Agudo and Kouichi Sakurai} } @article {munoz2022, title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios}, journal = {Mobile Networks and Applications}, year = {2022}, month = {2022/10/14}, publisher = {Springer}, keywords = {Domestic security, Hacking the IoT, IoT security, Network Security}, issn = {1383-469X}, doi = {10.1007/s11036-022-02046-x}, url = {https://doi.org/10.1007/s11036-022-02046-x}, author = {Mu{\~n}oz, Antonio and Carmen Fernandez-Gago and Roberto Lopez-villa} } @article {Flamini2022, title = {Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives}, journal = {IEEE Transactions on Emerging Topics in Computing}, year = {2022}, publisher = {IEEE}, abstract = {The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.
}, keywords = {Arti cial Intelligence, Cyber- Resilience, Cybersecurity, Dependability, Intelligent Systems, Trustworthy Autonomous Systems}, issn = {2168-6750}, doi = {https://doi.org/10.1109/TETC.2022.3227113}, url = {https://ieeexplore.ieee.org/abstract/document/9979717/authors$\#$authors}, author = {Francesco Flammini and Cristina Alcaraz and Emanuele Bellini and Stefano Marrone and Javier Lopez and Andrea Bondavalli} } @article {Agudo2020, title = {A Blockchain Approach for Decentralized V2X (D-V2X)}, journal = {IEEE Transactions on Vehicular Technology}, volume = {70}, number = {5}, year = {2021}, month = {05/2021}, pages = {4001 - 4010}, publisher = {IEEE}, abstract = {New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet.
One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications.
Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.\
}, issn = {0018-9545}, doi = {10.1109/TVT.2020.3046640}, author = {Isaac Agudo and Manuel Montenegro-G{\'o}mez and Javier Lopez} } @article {anto2021, title = {P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements}, journal = {Information}, volume = {12}, number = {357}, year = {2021}, month = {08/2021}, publisher = {MDPI}, issn = {2078-2489,}, author = {Mu{\~n}oz, Antonio and Farao, Aristeidis and Casas, Ryan and Xenakis, Christos} } @article {Alcaraz2021a, title = {Stakeholder Perspectives and Requirements on Cybersecurity in Europe}, journal = {Journal of Information Security and Applications}, volume = {61}, number = {102916}, year = {2021}, month = {09/2021}, publisher = {Elsevier}, keywords = {Cybersecurity, Requirements, Roadmap, Stakeholder engagement. Research \& innovation}, issn = {2214-2126}, doi = {https://doi.org/10.1016/j.jisa.2021.102916}, url = {https://www.sciencedirect.com/science/article/pii/S2214212621001381}, author = {Simone Fischer-H{\"u}bner and Cristina Alcaraz and Afonso Ferreira and Carmen Fernandez-Gago and Javier Lopez and Evangelos Markatos and Lejla Islami and Mahdi Akil} } @article {RomanFog16, title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges}, journal = {Future Generation Computer Systems}, volume = {78}, year = {2018}, month = {01/2018}, pages = {680-698}, publisher = {Elsevier}, abstract = {For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.
}, keywords = {Cloud Computing, Fog computing, Mobile cloud computing, Mobile edge computing, privacy, security}, issn = {0167-739X}, doi = {10.1016/j.future.2016.11.009}, url = {https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ}, author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo} } @article {Fer_IS17, title = {Modelling Trust Dynamics in the Internet of Things}, journal = {Information Sciences}, volume = {396}, year = {2017}, pages = {72-82}, publisher = {Elsevier}, abstract = {The Internet of Things (IoT) is a paradigm based on the interconnection of\ everyday objects. It is expected that the {\textquoteleft}things{\textquoteright} involved in the IoT paradigm\ will have to interact with each other, often in uncertain conditions. It is therefore\ of paramount importance for the success of IoT that there are mechanisms in\ place that help overcome the lack of certainty. Trust can help achieve this goal.\ In this paper, we introduce a framework that assists developers in including\ trust in IoT scenarios. This framework takes into account trust, privacy and\ identity requirements as well as other functional requirements derived from IoT\ scenarios to provide the different services that allow the inclusion of trust in the\ IoT.
}, keywords = {Dynamic Framework, Internet of Things, Trust}, issn = {0020-0255}, doi = {10.1016/j.ins.2017.02.039}, author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez} } @article {JNCA16, title = {A Model-driven Approach for Engineering Trust and Reputation into Software Services}, journal = {Journal of Network and Computer Applications}, volume = {69}, year = {2016}, month = {04/2016}, pages = {134-151}, publisher = {Elsevier}, issn = {1084-8045}, author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez} } @article {NNMSVRLS, title = {Relay Selection for Secure 5G Green Communications}, journal = {Telecommunication Systems }, volume = {59}, year = {2015}, month = {05/2015}, pages = {169-187}, publisher = {Springer US}, abstract = {In this article, we present relay selection policies in applications with secrecy requirements which are of interest in the fifth generation (5G) of wireless networks. More specifically, we provide a classification of relays based on their distinct communication attributes, such as processing, multiple antennas, storage, channel estimation, density and security level. In addition, we discuss the level of efficiency exhibited by each relay class, regarding their impact in delay-critical applications and green communications applications, while aiming at a specific security level at the physical layer. Then, relay selection policies are proposed taking into consideration the goals set by each application. Numerical evaluation of the proposed policies in terms of the average secrecy rate, average delay and power reduction show improved performance compared to other state-of-the-art solutions.\
This paper introduces a sealed bid and multi-currency auction using secure multiparty computation (SMC).
Two boolean functions, a comparison and multiplication function, have been designed as required to apply SMC. These functions are applied without revealing any information, not even to trusted third parties such as the auctioneer. A type of Zero Knowledge proof, discreet proof, has been implemented with three variants, interactive, regular and reduced non interactive proofs. These proofs make it possible to verify the correctness of the functions whilst preserving the privacy of the bid values. Moreover, a system performance evaluation of the proposal has been realized on heterogeneous platforms, including a mobile platform. The evaluation concludes that our proposal is practical even on mobile platforms.}, keywords = {Multi-currency auctions, proof certification, Sealed auctions, Secure Multiparty computation, Zero Knowledge Protocols}, issn = {0167-4048}, doi = {10.1016/j.cose.2014.06.004}, author = {Jose A. Montenegro and Javier Lopez} } @article {moyano2013re, title = {A Framework for Enabling Trust Requirements in Social Cloud Applications}, journal = {Requirements Engineering}, volume = {18}, year = {2013}, month = {Nov 2013}, pages = {321-341}, publisher = {Springer London}, abstract = {
Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.
}, keywords = {architecture, framework, social cloud, Trust and reputation requirements}, issn = {0947-3602}, doi = {10.1007/s00766-013-0171-x}, author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez} } @article {MFLR13, title = {Secure sealed-bid online auctions using discreet cryptographic proofs}, journal = {Mathematical and Computer Modelling}, volume = {57}, year = {2013}, month = {Jun 2013}, pages = {2583{\textendash}2595}, publisher = {Elsevier}, abstract = {This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a\ Proof Certificatestandard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline.
}, issn = {0895-7177}, doi = {http://dx.doi.org/10.1016/j.mcm.2011.07.027}, author = {Jose A. Montenegro and Michael J. Fischer and Javier Lopez and Rene Peralta} } @article {munoz2012, title = {A performance-oriented monitoring system for security properties in cloud computing applications}, journal = {The Computer Journal}, year = {2012}, publisher = {Oxford Academic}, address = {Reino Unido}, issn = {1460-2067}, author = {Mu{\~n}oz, Antonio}, editor = {Gonz{\'a}lez, Javier} } @article {JordiForne2009, title = {Pervasive Authentication and Authorization Infrastructures for Mobile Users}, journal = {Computer and Security}, volume = {29}, year = {2010}, pages = {501-514}, publisher = {elsevier}, abstract = {Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.
}, issn = {0167-4048}, doi = {10.1016/j.cose.2009.09.001}, author = {Jordi Forne and Francisca Hinajeros and Andres Marin and Florina Almenarez and Javier Lopez and Jose A. Montenegro and Marc Lacoste and Daniel Diaz} } @article {Najera2009, title = {Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents}, journal = {Journal of Universal Computer Science}, volume = {15}, year = {2009}, pages = {970-991}, abstract = {Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.
}, issn = {0948-695X}, doi = {http://dx.doi.org/10.3217/jucs-015-05-0970}, url = {http://www.jucs.org/jucs_15_5/security_mechanisms_and_access}, author = {Pablo Najera and Francisco Moyano and Javier Lopez} } @article {Agudo2008d, title = {Enabling Attribute Delegation in Ubiquitous Environments}, journal = {Mobile Networks and Applications}, volume = {13}, number = {3-4}, year = {2008}, month = {August}, pages = {398-410}, publisher = {Springer}, abstract = {When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.
}, keywords = {attribute based authorization, delegation, federation}, issn = {1383-469X}, doi = {10.1007/s11036-008-0062-4}, author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro} } @article {JavierLopez2007, title = {On the deployment of a real scalable delegation service}, journal = {Information Security Technical Report}, volume = {12}, number = {3}, year = {2007}, month = {Jun 2007}, pages = {139-147}, publisher = {Elsevier}, abstract = {\
\
\
This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker and Keynote, and also on SDSI/SPKI. Then, we elaborate on Federation as a particular case of delegation, and remark the importance given to federation by the industry. Finally, the paper discusses about privilege management infrastructures, introducing a new mechanism to extend their functionality using advanced delegation services.
}, issn = {1363-4127}, doi = {10.1016/j.istr.2007.05.008}, author = {Javier Lopez and Isaac Agudo and Jose A. Montenegro} } @article {IsaacAgudo2005, title = {A Graphical Delegation Solution for X.509 Attribute Certificates}, journal = {ERCIM News}, number = {63}, year = {2005}, month = {October}, pages = {33-34}, publisher = {ERCIM}, issn = {0926-4981}, author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro} } @article {1707, title = {A Metadata-based Access Control Model for Web Services}, journal = {Internet Research Journal}, volume = {15}, number = {1}, year = {2005}, pages = {99-116}, publisher = {Emerald}, author = {Mariemma Yague and Antonio Mana and Javier Lopez} } @article {javierlopez2005c, title = {Specification and Design of Advanced Authentication and Authorization Services}, journal = {Computer Standards \& Interfaces}, volume = {27}, number = {5}, year = {2005}, month = {Jun 2005}, pages = {467-478}, publisher = {Elsevier}, abstract = {A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.
}, issn = {0920-5489}, doi = {10.1016/j.csi.2005.01.005}, author = {Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson} } @article {AntonioMana2004, title = {A Framework for Secure Execution of Software}, journal = {International Journal of Information Security (IJIS)}, volume = {3}, number = {2}, year = {2004}, pages = {99-112}, publisher = {Springer}, abstract = {
\
\
The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues.We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solutions depends on two basic premises: (i) to increase the physical security by using tamperproof devices, and (ii) to increase the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user can not modify the software to bypass an operation that is crucial: checking the presence of the token. However, the experience shows that the second premise is not realistic because the analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.
In this paper, we review the most relevant works related to software protection, present a taxonomy of those works and, most important, we introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of previous premises; that is, Smartprot has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of Smart- Prot as well as the protocols developed to manage licenses. Finally, we provide an analysis of its implementation details.
}, issn = {1615-5262}, author = {Antonio Mana and Javier Lopez and Juan J. Ortega and Ernesto Pimentel and Jose M. Troya} } @article {JavierLopez2004b, title = {PKI Design Based on the Use of On-line Certification Authorities}, journal = {International Journal of Information Security (IJIS)}, volume = {2}, number = {2}, year = {2004}, pages = {91-102}, publisher = {Springer}, abstract = {Public-Key Infrastructures (PKIs) are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert{\textquoteright}eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert{\textquoteright}eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. Because we have considered the revocation problem as priority in the design process, and with a big influence in the rest of the PKI components, we have developed an alternative solution to the use of Certificate Revocation Lists (CRLs), which has become one of the strongest points in this new scheme.
}, issn = {1615-5262}, author = {Javier Lopez and Antonio Mana and Jose A. Montenegro and Juan J. Ortega} } @article {JavierLopez2003c, title = {Integrating PMI Services in CORBA Applications}, journal = {Computer Standards \& Interfaces}, volume = {25}, number = {4}, year = {2003}, pages = {391-409}, abstract = {Application-level access control is an important requirement in many distributed environments. For instance, in new scenarios such as e-commerce, access to resources by previously unknown users is an essential problem to be solved. The integration of Privilege Management Infrastructure (PMI) services in the access control system represents a scalable way to solve this problem. Within the CORBA standards, the Resource Access Decision (RAD) facility is a mechanism used by security-aware applications to obtain authorization decisions and to manage access decision policies. This paper presents PMI-RAD, an approach to integrate the services of an external PMI into CORBA applications using the RAD facility. In particular, the integration of the external PMI in the access control system is based on the semantic description of the PMI services. Our RAD implementation requests and verifies attribute certificates from the PMI in a transparent way for CORBA objects.
}, issn = {0920-5489}, author = {Javier Lopez and Antonio Mana and Juan J. Ortega and Jose M. Troya and Mariemma I. Yague} } @article {1708, title = {A Secure Solution for Commercial Digital Libraries}, journal = {Online Information Review Journal}, volume = {27}, number = {3}, year = {2003}, pages = {147-159}, publisher = {Emerald}, issn = {1468-4527}, author = {Javier Lopez and Antonio Mana and Ernesto Pimentel and Jose maria troya and Marienma Yague} } @article {JavierLopez2002d, title = {The Role of Smartcards in Practial Information Security}, journal = {ERCIM News}, volume = {49}, year = {2002}, pages = {38-40}, abstract = {The transition from traditional commerce to electronic and mobile commerce is fostered by aspects like convenience, speed and ease of use. However, security issues remain unsolved. Smart cards open new possibilities for the development of security schemes and protocols that can provide security in applications such as electronic payments or software protection where traditional cryptographic tools are not useful. The GISUM group is involved in several research projects that make use of smart cards. Current applications include a secure electronic forms framework for government-citizen relations, electronic ticketing systems for GMS phones and Internet, a PDA-based digital signature environment, public transport, access control systems, software protection and banking applications. This report focuses on two recent projects: the eTicket electronic ticketing project (1FD97 1269 C02 02 (TAP)), a coordinated project with the Carlos III University of Madrid; and the Alcance project, consisting of the development of a secure electronic forms framework for secure Internet-based communication between citizens and the public administration (1FD97 0850 (TIC)).
}, issn = {0926-4981}, author = {Javier Lopez and Antonio Mana and Pedro Merino and Jose M. Troya} } @article {GonzaloRamos1998, title = {Comparisons of Parikh{\textquoteright}s conditions to other conditions for context-free languages}, journal = {Theoretical Computer Science}, volume = {202}, number = {1-2}, year = {1998}, pages = {231-244}, publisher = {Elsevier}, abstract = {
\
this paper we first compare Parikh\’s condition to various pumping conditions\ - Bar- Hillel\’s pumping lemma, Ogden\’s condition and Bader-Moura\’s condition; secondly, to interchange condition; and finally, to Sokolowski\’s and Grant\“s conditions. In order to carry out these comparisons we present some properties of Parikh\’s languages. The main result is the orthogonality of the previously mentioned conditions and Parikh\’s condition.
In
}, issn = {0304-3975}, author = {Gonzalo Ramos and Javier Lopez and Rafael Morales} } @article {JavierLopez1998, title = {Una Soluci{\'o}n Integral para la Autenticaci{\'o}n de Usuarios y la Administraci{\'o}n de Claves en Internet}, journal = {Nov{\'a}tica}, volume = {134}, year = {1998}, pages = {20-26}, abstract = {La seguridad es uno de los aspectos m\ás conflictivos del uso de Internet. La falta de una pol\ítica de seguridad global est\á frenando el desarrollo de Internet en \áreas tan interesantes y prometedoras como el comercio electr\ónico o la interacci\ón con las administraciones p\úblicas. Las t\écnicas criptogr\áficas actuales proporcionan un alto grado de confidencialidad; no obstante, es dif\ícil garantizar la identificaci\ón segura de los usuarios y, adem\ás, la gesti\ón de las claves de los mismos es poco eficiente y presenta graves problemas de escalabilidad y seguridad. En este trabajo se describe una soluci\ón a ambos problemas basada en una Infraestructura de Clave P\ública que proporciona una administraci\ón simple y eficiente de las claves de los usuarios y posibilita la autenticaci\ón segura de los mismos. El sistema se ha probado con \éxito de forma local y, en breve, ser\á instalado para su prueba por parte de la comunidad de usuarios de RedIris.
}, issn = {0211-2124}, author = {Javier Lopez and Antonio Mana and Juan J. Ortega and Lucia Pino} }