28th IEEE Computer Security Foundations Symposium, IEEE Computer Society, pp. 290-301, 07/2015. DOI
Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ``plain'' IND-CPA to ``full'' IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ``CCA1- secure'' scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.
International Conference on Information Systems Education and Research (AIS SIGED 2019), 12/2019.
IX Reunión Española sobre Criptología y Seguridad de la información (RECSI’06), pp. 311-322, Septiembre, 2006.
Computers & Security, vol. 39 (B), Elsevier, pp. 117-126, 11/2013. DOI (I.F.: 1.172)
Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.
Accountability and Security in the Cloud, M. Felici, and C. Fernandez-Gago Eds., Lecture Notes in Computer Science 8937, Springer International Publishing, pp. 114-125, 2015. DOI
In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.
|"Procedings of the 10th European Workshop on Public Key Infrastructures, Services and Applications",
10th European Workshop on Public Key Infrastructures, Services and Applications, LNCS, vol. 8341, Springer, 2014. DOI
Journal of Network and Computer Applications, vol. 87, Elsevier, pp. 193-209, 06/2017. DOI (I.F.: 3.991)
This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.
XIV Jornadas de Ingeniería Telemática, pp. 50-53, 10/2019. DOI
Este trabajo pretende analizar el paradigma de la Computación Segura Multiparte y sus posibles aplicaciones en el campo de la criptografía. Se plantea como modelo alternativo, mas escalable y seguro al uso de módulos hardware de seguridad para aplicaciones que requieran de Terceras Partes Confiables. Concretamente, se ha integrado un protocolo de criptografía RSA multiparte con la librería certbuilder, para la creación de certificados X.509. De esta forma se asegura que la creación de los certificados raíz de la Infraestructura de Clave Publica se realiza de forma que la generación de claves y firma de este se ejecute íntegramente sobre el sistema multiparte, con un modelo de tres partes que trabaja con circuitos aritméticos, sin que ninguna de ellas, de forma aislada, tenga posibilidad de comprometer la clave privada correspondiente. Para comprobar la viabilidad del sistema se han realizado pruebas de generación de certificados con diferentes longitudes de clave, siendo el proceso determinante la creación de las claves. Los elevados tiempos hacen que una aplicación como esta no sea asumible en otros escenarios, pero creemos que para el caso de la creación de los certificados raíz de una infraestructura de clave pública las garantías avanzadas de seguridad compensan el tiempo extra.