@inproceedings {RubioRomanAlcarazZhang2018, title = {Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics}, booktitle = {European Symposium on Research in Computer Security (ESORICS 2018)}, volume = {11098}, year = {2018}, month = {08/2018}, pages = {555-574}, publisher = {Springer}, organization = {Springer}, address = {Barcelona, Spain}, abstract = {

Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.

}, keywords = {Advanced Persistent Threat, Detection, Opinion Dynamics, Traceability}, doi = {10.1007/978-3-319-99073-6_27}, url = {https://link.springer.com/chapter/10.1007/978-3-319-99073-6_27}, author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang} } @inproceedings {Rios2012b, title = {Adecuaci{\'o}n de soluciones de anonimato al problema de la privacidad de localizaci{\'o}n en WSN}, booktitle = {XII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (RECSI 2012)}, year = {2012}, month = {Sep 2012}, pages = {309-314}, address = {Donostia-San Sebasti{\'a}n}, abstract = {

Los patrones de tr{\'a}fico caracter{\'\i}sticos de las redes inal{\'a}mbricas de sensores (WSNs) dan lugar al problema de la privacidad de localizaci{\'o}n. De manera similar, el tr{\'a}fico de los usuarios en Internet revela informaci{\'o}n sensible que puede ser protegida mediante sistemas de comunicaci{\'o}n an{\'o}nima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones hab{\'\i}an sido rechazadas sin un an{\'a}lisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.

}, isbn = {978-84-615-9933-2}, author = {Ruben Rios and Javier Lopez}, editor = {U. Zurutuza and R. Uribeetxeberria and I. Arenaza-Nu{\~n}o} } @inproceedings {alcaraz2012b, title = {Smart Grid Privacy: Issues and Solutions}, booktitle = {21st International Conference on Computer Communications and Networks (ICCCN)}, year = {2012}, month = {Jul 2012}, pages = {1-5}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Munich, Germany}, abstract = {

Migration to an electronically controlled electrical grid to transmit, distribute, and deliver power to consumers has helped enhance the reliability and efficiency of conventional electricity systems. At the same time, this digitally enabled technology called the Smart Grid has brought new challenges to businesses and consumers alike. A key component of such a grid is the smart-metering technology, which is used to collect energy consumption data from homes and transmitting it back to power distributors. A crucial concern is the privacy related to the collection and use of energy consumption data. We present an analysis of Smart Grid privacy issues and discuss recently proposed solutions that can protect the privacy of Smart Grid users.

}, keywords = {Computer architecture, Data privacy, Electricity, Home appliances, privacy, security, Smart grids}, isbn = {978-1-4673-1543-2}, doi = {10.1109/ICCCN.2012.6289304}, url = {http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=\&arnumber=6289304\&contentType=Conference+Publications\&openedRefinements\%3D*\%26pageNumber\%3D7\%26rowsPerPage\%3D100\%26queryText\%3D\%28smart+grid\%29}, author = {F. Siddiqui and S. Zeadally and Cristina Alcaraz and S. Galvao} } @inproceedings {6059235, title = {OSAMI Commons: An open dynamic services platform for ambient intelligence}, booktitle = {IEEE 16th Conference on Emerging Technologies Factory Automation (ETFA 2011)}, year = {2011}, month = {Sep 2011}, pages = {1-10}, publisher = {IEEE}, organization = {IEEE}, address = {Toulouse, France}, abstract = {

Today we live in an environment surrounded with networked converging devices. Human computer interactions are becoming personalized and a new concept of a global and cross-domain platform is emerging to exploit the full potential of the network in all business areas. In this convergence process, the software platform should be able to personalize itself dynamically in devices according to the context. OSAmI-Commons, an ITEA2 project for developing an open-source common approach to such a dynamic service-based platform, allows any type of device to connect and exchange information and services. OSAMI consortium is contributing to defining the foundations of a cross-platform open-services ecosystem. The sustainability of this platform is an objective beyond the project duration.

}, isbn = {978-1-4577-0016-3}, issn = {1946-0740}, doi = {10.1109/ETFA.2011.6059235}, author = {Naci Dai and Jesus Bermejo and Felix Cuadrado Latasa and Alejandra Ruiz L{\'o}pez and Isaac Agudo and Elmar Zeeb and Jan Krueger and Oliver Dohndorf and Wolfgang Thronicke and Christoph Fiehe and Anna Litvina} } @inproceedings {1702, title = {An Asynchronous Node Replication Attack in Wireless Sensor Networks}, booktitle = {23rd International Information Security Conference (SEC 2008)}, volume = {278}, year = {2008}, pages = {125-139}, isbn = {978-0-387-09699-5}, author = {J. Zhou and T. Kanti Das and Javier Lopez} } @inproceedings {MildreyCarbonell2007a, title = {Estimation of TTP Features in Non-repudiation Service}, booktitle = {7th International Conference on Computational Science and Its Applications (ICCSA{\textquoteright}07)}, series = {LNCS}, volume = {4706}, year = {2007}, pages = {549-558}, publisher = {Springer}, organization = {Springer}, abstract = {In order to achieve a high performance in a real implementation of the non-repudiation service it is necessary to estimate timeouts, TTP features, publication key time, number of originators and recipients, and other relevant parameters. An initial work of the authors focused on a basic event-oriented simulation model for the estimation of timeouts. In the actual work, we present a set of extensions to that basic model for the estimation of the TTP features (storage capacity and ftp connection capacity). We present and analyze the new and valuable results obtained.}, author = {Mildrey Carbonell and Jose Maria Sierra and Jose A. Onieva and Javier Lopez and Jianying Zhou} } @inproceedings {Roman2006, title = {Applying Intrusion Detection Systems to Wireless Sensor Networks}, booktitle = {IEEE Consumer Communications \& Networking Conference (CCNC 2006)}, year = {2006}, month = {January}, pages = {640-644}, publisher = {IEEE}, organization = {IEEE}, address = {Las Vegas (USA)}, abstract = {

The research of Intrusion Detection Systems (IDS) is a mature area in wired networks, and has also attracted many attentions in wireless ad hoc networks recently. Nevertheless, there is no previous work reported in the literature about IDS architectures in wireless sensor networks. In this paper, we discuss the general guidelines for applying IDS to static sensor networks, and introduce a novel technique to optimally watch over the communications of the sensors{\textquoteright} neighborhood on certain scenarios.

}, isbn = {1-4244-0085-6}, doi = {10.1109/CCNC.2006.1593102}, author = {Rodrigo Roman and Jianying Zhou and Javier Lopez} } @inproceedings {JoseA.Onieva2006a, title = {Extension de una plataforma DRM basada en OMA con servicios de No Repudio}, booktitle = {IX Reunion Espa{\~n}ola sobre Criptologia y Seguridad de la Informacion (RECSI{\textquoteright}06)}, year = {2006}, pages = {129-141}, publisher = {UOC S.L.}, organization = {UOC S.L.}, abstract = {

Digital Rights Management (DRM) es un t\érmino general para cualesquiera de las soluciones que permite a un vendedor de contenido en forma electr\ónica controlar el material y restringir su uso de distintas maneras. Estas soluciones son posibles, por un lado gracias a t\écnicas de la Seguridad de la Informaci\ón, principalmente cifrado de datos, y por otro a la distribuci\ón, de manera independiente, de contenido y derechos digitales. Esto permite que los consumidores puedan acceder libremente al contenido, pero s\ólo aquellos que adquieran el derecho digital apropiado (RO) podr\án procesarlo. Como servicio de seguridad considerado en diversas capas del marco de seguridad definido por la recomendaci\ón ITU X.805, casi todas las aplicaciones necesitan considerar la propiedad de no repudio en las etapas iniciales de su dise\ño. Desafortunadamente, esto no ha sido as\í en general, y m\ás concretamente en especificaciones DRM; debido a consideraciones en la pr\áctica y al tipo de contenido a distribuir. Analizamos este servicio para un marco de DRM y proporcionamos una soluci\ón que permita que la adquisici\ón de derechos digitales sea un operaci\ón que no pueda repudiarse.

}, keywords = {aplicaciones moviles, comercio electronico seguro, digital rights management, no repudio}, author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou} } @inproceedings {JianyingZhou2006, title = {A Synchronous Multi-Party Contract Signing Protocol Improving Lower Bound of Steps}, booktitle = {21st International Information Security Conference (IFIP SEC{\textquoteright}06)}, series = {LNCS}, number = {201}, year = {2006}, month = {May}, pages = {221-232}, publisher = {Springer}, organization = {Springer}, abstract = {

Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. A number of two-party contract signing protocols have been proposed with various features. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we propose a new synchronous multi-party contract signing protocol that, with n parties, it reaches a lower bound of 3(n \− 1) steps in the all-honest case and 4n \− 2 steps in the worst case (i.e., all parties contact the trusted third party). This is so far the most efficient synchronous multi-party contract signing protocol in terms of the number of messages required. We further consider the additional features like timeliness and abuse-freeness in the improved version.

}, author = {Jianying Zhou and Jose A. Onieva and Javier Lopez} } @inproceedings {R.Roman2005, title = {An{\'a}lisis de Seguridad en Redes Inal{\'a}mbricas de Sensores}, booktitle = {V Jornadas de Ingener{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}05)}, year = {2005}, month = {Septiembre}, pages = {335-343}, address = {Vigo (Spain)}, abstract = {

The design and development of security infrastructures and protocols for Wireless Sensor Networks is a difficult task, due to several factors like the constraints of the sensor nodes and the public nature of the communication channels. The intrinsic features of these networks create numerous security problems. In this paper, we analyze and put into perspective those problems.

}, author = {Rodrigo Roman and Javier Lopez and Jianying Zhou} } @inproceedings {Roman2005b, title = {Aplicaci{\'o}n de Sistemas de Detecci{\'o}n de Intrusiones en Redes de Sensores}, booktitle = {Simposio sobre Computaci{\'o}n Ubicua e Inteligencia Ambiental (UCAmI{\textquoteright}05)}, year = {2005}, month = {September}, pages = {113-120}, address = {Granada (Spain)}, abstract = {

Los sistemas de detecci{\'o}n de intrusiones (IDS) son una herramienta imprescindible de seguridad a la hora de proteger una red. Recientemente se han investigado y desarrollado arquitecturas de IDS para redes inal{\'a}mbricas, en concreto para redes "Ad Hoc". No obstante, no existe un trabajo previo que desarrolle una arquitectura de IDS para una red de sensores. En este art{\'\i}culo, analizamos porque los sistemas IDS de redes "Ad Hoc" no pueden aplicarse a redes de sensores, e introducimos una arquitectura de IDS para redes de sensores que incorpora una nueva t{\'e}cnica para vigilar las comunicaciones de la red en ciertos escenarios.

}, author = {Rodrigo Roman and Javier Lopez and Jianying Zhou} } @inproceedings {Onieva2005a, title = {Attacking an asynchronous multi-party contract signing protocol}, booktitle = {Proceedings of 6th International Conference on Cryptology in India}, series = {LNCS}, volume = {3797}, year = {2005}, month = {Decemeber}, pages = {311{\textendash}321}, publisher = {Springer}, organization = {Springer}, abstract = {

Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. From a designing point of view, digital contract signing is a particular form of electronic fair exchange. Protocols for generic exchange of digital signatures exist. There are also specific protocols for two-party contract signing. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we analyze an optimistic N-party contract signing protocol, and point out its security problem, thus demonstrating further work needs to be done on the design and analysis of secure and optimistic multi-party contract signing protocols.

}, keywords = {multi-party contract signing, Secure electronic commerce, security protocol analysis}, author = {Jose A. Onieva and Jianying Zhou and Javier Lopez} } @inproceedings {Onieva2005, title = {Extending an OMA-based DRM Framework with Non-Repudiation Services}, booktitle = {5th Symposium on Signal Processing and Information Technology (ISSPIT{\textquoteright}05)}, year = {2005}, pages = {472-477}, publisher = {IEEE}, organization = {IEEE}, abstract = {

Digital Rights Management (DRM) is an umbrella term for any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in various ways that can be specified by the vendor. These arrangements are provided through security techniques, mainly encryption, and the distribution, in a detached manner, of content and rights. This allows free access to the content by the consumers, but only those carrying the proper Right Object (RO) will be able to process such content. As a security service considered in different layers of the security framework defined by ITU X.805, almost all applications need to consider non-repudiation in the very beginning of their design. Unfortunately this has not been done so far in DRM specifications due to practical issues and the type of content distributed. We analyze this service for the a DRM framework and provide a solution which allows the right objects acquisition to be undeniable.

}, keywords = {digital rights management, Mobile applications, Non-repudiation, Secure electronic commerce}, author = {Jose A. Onieva and Jianying Zhou and Javier Lopez and Rodrigo Roman} } @inproceedings {MildreyCarbonell2005, title = {Modelo de Simulacion para la Estimacion de Parametros en los protocolos de no Repudio}, booktitle = {III Simposio Espa{\~n}ol de Comercio Electronico (SCE{\textquoteright}05)}, year = {2005}, pages = {151-164}, publisher = {Universitat de les Illes Balears}, organization = {Universitat de les Illes Balears}, abstract = {

El no repudio es un requisito de seguridad cuya importancia se ha hecho evidente con el crecimiento del comercio electr\ónico. Muchos protocolos se han desarrollado como soluci\ón a este requisito. La gran mayor\ía incluye en su especificaci\ón par\ámetros cuyos valores no son f\áciles de especificar pues dependen de las condiciones reales de implementaci\ón del mismo como los tiempos l\ímites, las caracter\ísticas de la TTP, tiempo de publicaci\ón de las claves, etc. En este trabajo proponemos un modelo que nos ayudar\á en la estimaci\ón de esos par\ámetros basado en la simulaci\ón del escenario real. Para la explicaci\ón y prueba del modelo mostramos un conjunto de experimentos.

}, author = {Mildrey Carbonell and Jose A. Onieva and Javier Lopez and Jianying Zhou} } @inproceedings {Roman2005a, title = {Protecci{\'o}n contra el Spam Utilizando Desaf{\'\i}os a Priori}, booktitle = {V Jornadas de Ingenier{\'\i}a Telem{\'a}tica (JITEL{\textquoteright}05)}, year = {2005}, month = {September}, pages = {375-382}, address = {Vigo (Spain)}, abstract = {

Spam is considered to be one of the biggest problems in messaging systems. In the area of email Spam, A high number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. In this paper, we introduce a new scheme, called pre-challenge scheme, which avoids problems that exists in other schemes such as delay of service and denial of service. Some new mechanisms are employed to reach a good balance between security against Spam and convenience to email users. In addition, our scheme can be used for protecting other types of messaging systems, such as Instant Messaging (IM) and Blogs, against Spam.

}, author = {Rodrigo Roman and Javier Lopez and Jianying Zhou} } @inproceedings {Roman2005d, title = {Protection Against Spam using Pre-Challenges}, booktitle = {20th IFIP International Information Security Conference (IFIP-SEC{\textquoteright}05)}, year = {2005}, month = {May}, pages = {281-294}, publisher = {Springer}, organization = {Springer}, address = {Chiba (Japan)}, abstract = {

Spam turns out to be an increasingly serious problem to email users. A number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge is imposed on an email sender. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service attacks. In this paper, we introduce a pre-challenge scheme that avoids those problems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver{\textquoteright}s email address and challenge before sending an email in the first contact. Some new mechanisms are employed to reach a good balance between security against spam and convenience to email users.

}, isbn = {0-387-25658-X}, author = {Rodrigo Roman and Jianying Zhou and Javier Lopez}, editor = {Ry{\^o}ichi Sasaki and Sihan Qing and Eiji Okamoto and Hiroshi Yoshiura} } @inproceedings {Roman2005e, title = {On the Security of Wireless Sensor Networks}, booktitle = {Computational Science and Its Applications (ICCSA{\textquoteright}05)}, series = {LNCS}, volume = {3482}, year = {2005}, month = {May}, pages = {681-690}, publisher = {Springer}, organization = {Springer}, address = {Singapore}, abstract = {

Wireless Sensor Networks are extremely vulnerable against any kind of internal or external attacks, due to several factors such as resource-constrained nodes and lack of tamper-resistant packages. As a result, security must be an important factor to have in mind when designing the infrastructure and protocols of sensor networks. In this paper we survey the state-of-the-art security issues in sensor networks and highlight the open areas of research.security issues in sensor networks and highlight the open areas of research.

}, isbn = {978-3-540-25862-9}, issn = {0302-9743 (Print) 1611-3349 (Online)}, doi = {10.1007/11424857_75}, url = {http://www.springerlink.com/content/pvnd4eu8b7acgtpe/}, author = {Rodrigo Roman and Jianying Zhou and Javier Lopez} } @inproceedings {JianyingZhou2004, title = {Analysis of a Free Roaming Agent Result-Truncation Defense Scheme}, booktitle = {6th Conference on E-Commerce (CEC{\textquoteright}04)}, year = {2004}, month = {June}, pages = {221-226}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, abstract = {

Mobile agents play an important role in electronic commerce. Security in free-roaming agents is especially hard to achieve when the mobile code is executed in hosts that may behave maliciously. Some schemes have been proposed to protect agent data (or computation results). However, a known vulnerability of these techniques is the truncation attack where two visited hosts (or one revisited host) can collude to discard the partial results collected between their respective visits. Cheng and Wei proposed a scheme in ICICS{\textquoteright}02 to defense against the truncation of computation results of free-roaming agents. Cheng-Wei scheme is effective against such an attack in most cases. However, we demonstrate that it still suffers from the truncation attack when a special loop is established on the path of a free-roaming agent. We further propose two amendments to Cheng-Wei scheme to avoid such an attack.

}, author = {Jianying Zhou and Jose A. Onieva and Javier Lopez} } @inproceedings {Onieva2004b, title = {Enhancing Certified Email Service for Timeliness and Multicast}, booktitle = {Fourth International Network Conference}, year = {2004}, pages = {327-335}, publisher = {University of Plymouth}, organization = {University of Plymouth}, abstract = {

Certified email is a value-added service of ordinary email, in which a sender wants to obtain a receipt from a recipient. Fair exchange protocols are a key component for certified email service to ensure fairness, i.e., the items held by two parties are exchanged without one party obtaining an advantage. We can find in the literature simple and fast optimistic protocols for fair electronic exchange and, more specifically, for certified electronic mail (CEM) and electronic contract signing (ECS). We have observed that some aspects of those protocols could be substantially improved. This paper presents two major contributions. Firstly, we provide a solution that allows both parties to end the protocol timely in an asynchronous way. Then, we extend the certified email service to the multicast scenario.

}, keywords = {Asynchronous timeliness, Certified Email, fair exchange, Multiparty protocol}, author = {Jose A. Onieva and Jianying Zhou and Javier Lopez} } @inproceedings {JoseA.Onieva2004d, title = {Mejorando Servicios de Correo Electronico Certificado con Prontitud Temporal y Multicasting}, booktitle = {VIII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la informaci{\'o}n (RECSI{\textquoteright}04). Avances en Criptologia y Seguridad de la Informacion}, year = {2004}, pages = {537-546}, publisher = {Diaz de Santos}, organization = {Diaz de Santos}, abstract = {

El correo electr\ónico certificado es un servicio a\ñadido al correo electr\ónico est\ándar, en el cual el remitente desea obtener un recibo procedente del destinatario. Para este servicio, encontramos que los protocolos de intercambio (justo) son un componente principal para asegurar la correcci\ón en la ejecuci\ón de los servicios de correo electr\ónico certificado, ya que los \ítems que ambas partes presentan (en este caso espec\ífico, el mensaje de correo y el recibo del mismo) deben ser intercambiados sin que ninguna de las partes obtenga una ventaja durante el proceso sobre la otra. Podemos encontrar en esta l\ínea de investigaci\ón protocolos optimistas eficientes para el intercambio electr\ónico, y mas concretamente para Correo Electr\ónico Certificado (CEC) y Firma Electr\ónica de Contratos (FEC). Realizando un estudio adecuado hemos observado que algunos aspectos de dichos protocolos podr\ían ser mejorados. En este art\ículo proponemos una soluci\ón que permite a ambas entidades terminar el protocolo de forma as\íncrona. Tambi\én extendemos el protocolo a m\últiples usuarios.

}, author = {Jose A. Onieva and Javier Lopez and Jianying Zhou} } @inproceedings {Zhou2004, title = {Protecting Free Roaming Agents against Result-Truncation Attack}, booktitle = {60th IEEE Vehicular Technology Conference (VTC{\textquoteright}04)}, year = {2004}, pages = {3271-3274}, publisher = {IEEE Vehicular Technology Society Press}, organization = {IEEE Vehicular Technology Society Press}, abstract = {

Mobile agents are especially useful in electronic commerce, for both wired and wireless environments. Nevertheless, there are still many security issues on mobile agents to be addressed, for example, data confidentiality, non-repudiability, forward privacy, publicly verifiable forward integrity, insertion defense, truncation defense, etc. One of the hardest security problems for free roaming agents is truncation defense where two visited hosts (or one revisited host) can collude to discard the partial results collected between their respective visits. We present a new scheme satisfying those security requirements, especially protecting free roaming agents against result-truncation attack.

}, keywords = {cryptographic protocol, mobile agent, Secure electronic commerce}, author = {Jianying Zhou and Jose A. Onieva and Javier Lopez} } @inproceedings {MildreyCarbonell2004, title = {Timeout Estimation using a Simulation Model for Non-repudiation Protocols}, booktitle = {2nd Workshop on Internet Communications Security (WICS{\textquoteright}04), (within Computational Science and its Applications International Conference)}, series = {LNCS}, volume = {3043}, year = {2004}, month = {May}, pages = {903-914}, publisher = {Springer}, organization = {Springer}, abstract = {

An essential issue for the best operation of non-repudiation protocols is to figure out their timeouts. In this paper, we propose a simulation model for this purpose since timeouts depend on specific scenario features such as network speed, TTP characteristics, number of originators and recipients, etc. Based on a one-to-many Markowicth{\textquoteright}s protocol simulation model as a specific example, we have worked out various simulation experiments.

}, author = {Mildrey Carbonell and Jose A. Onieva and Javier Lopez and Deborah Galpert and Jianying Zhou} } @inproceedings {Onieva2003b, title = {Intermediary Non-Repudiation Protocols}, booktitle = {5th Conference on Electronic Commerce}, year = {2003}, month = {June}, pages = {207-214}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, abstract = {

n commercial transactions, an intermediary might be involved to help transacting parties to conduct their business. Nevertheless, the intermediary may not be fully trusted. In this paper, we introduce the concept of intermediary (or agent) in a non-repudiation protocol, define the aims of intermediary non-repudiation protocols, and analyze their security requirements. We present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible.

}, author = {Jose A. Onieva and Jianying Zhou and Mildrey Carbonell and Javier Lopez} } @inproceedings {Onieva2003, title = {A Multi-Party Non-Repudiation Protocol for Exchange of Different Messages}, booktitle = {18th IFIP International Information Security Conference. Security and Privacy in the Age of Uncertainty (IFIP SEC{\textquoteright}03)}, year = {2003}, month = {May}, pages = {37-48}, publisher = {IFIP}, organization = {IFIP}, abstract = {

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of multi-party non-repudiation protocols, and analyze the previous work where one originator is able to send the same message to many recipients. We propose a new multi-party non-repudiation protocol for sending different messages to many recipients. We also discuss the improvements achieved with respect to the multiple instances of a two-party non-repudiation protocol, and present some applications that would benefit from them.

}, keywords = {fair exchange, group communications, Non-repudiation}, author = {Jose A. Onieva and Jianying Zhou and Mildrey Carbonell and Javier Lopez} } @inproceedings {Onieva2003a, title = {Practical Service Charge for P2P Content Distribution}, booktitle = {Fifth International Conference on Information and Communications Security}, series = {LNCS}, volume = {2836}, year = {2003}, month = {October}, pages = {112 - 123}, publisher = {Springer}, organization = {Springer}, abstract = {

With emerging decentralized technologies, peer-to-peer (P2P) content distribution arises as a new model for storage and transmission of data. In this scenario, one peer can be playing different roles, either as a distributor or as a receiver of digital contents. In order to incentivize the legal distribution of these contents and prevent the network from free riders, we propose a charging model where distributors become merchants and receivers become customers. To help in the advertisement of digital contents and collection of payment details, an intermediary agent is introduced. An underlying P2P payment protocol presented in [1] is applied to this scenario without total trust on the intermediary agent.

}, author = {Jose A. Onieva and Jianying Zhou and Javier Lopez} }