Jose A. Montenegro
Computer Science Department, University of Malaga
Campus de Teatinos s/n,29071 - Malaga (Spain)
Phone: +34-952-132898 Fax: +34-952-131397
Domain of interest and research
- Delegation of privileges
- Authorization and Authentication Infrastructures
- July 2007 - PhD in Computer Science – University of Malaga
- 2005-2007 Master in Business Administration (MBA). National Distance Education University. UNED.
- 2001 - Master in Computer Science. University of Malaga
- 1994 - Bachelor in Computer Science. University of Malaga
- "Pervasive Authentication and Authorization Infrastructures for Mobile Users",
Computer and Security, vol. 29, elsevier, pp. 501-514, 2010. DOI (I.F.: 0.889)
Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.Impact Factor: 0.889Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
- "Enabling Attribute Delegation in Ubiquitous Environments",
Mobile Networks and Applications, vol. 13, no. 3-4, Springer, pp. 398-410, August, 2008. DOI (I.F.: 1.619)
When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.Impact Factor: 1.619Journal Citation Reports® Science Edition (Thomson Reuters, 2008)
- "Grid Security Architecture: Requirements, Fundamentals, Standards and Models",
Security in Distributed, Grid, Mobile, and Pervasive Computing, Y.. Xiao Eds., Auerbach Publications, pp. 255-288, April, 2007.
- "PKI Design Based on the Use of On-line Certification Authorities",
International Journal of Information Security (IJIS), vol. 2, no. 2, Springer, pp. 91-102, 2004.
Public-Key Infrastructures (PKIs) are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert’eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert’eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. Because we have considered the revocation problem as priority in the design process, and with a big influence in the rest of the PKI components, we have developed an alternative solution to the use of Certificate Revocation Lists (CRLs), which has become one of the strongest points in this new scheme.
Attended courses and seminars
- 2007- 2008 - PostDoctoral Fulbright Grant- Computer Security Division (ITL) NIST
- Jul. 2002 - Fifth European Intensive Programme on Information and Communication Technologies Security (IPICS 2002) 8-19 July Karlovassi, Samos Island, Greece
- Program committee member:
- 1st International Conference on Cloud Computing and Services Science, CLOSER 2011, Noordwijkerhout, The Netherlands 7-9 May 2011
- 6th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC 2011), Barcelona, Spain. October 26-28, 2011.
- The 2nd International Conference on Cloud Computing, CloudCom 2010, November 30- December 3, 2010, Indianapolis,USA
- 13th Conference on Information Security and Cryptology ICISC'10, December 1-3, 2010, Seoul, Korea
The First International Workshop on Cloud Computing Interoperability and Services (InterCloud 2010), June 28 - July 2, 2010 Caen, Normandy, France
- 12th Conference on Information Security and Cryptology ICISC'09, December 2-4, 2009, Seoul, Korea
2nd International Workshop on Computational Intelligence in Security for Information Systems CISIS'09, September 23-26, 2009, Burgos, Spain
- The 1st International Conference on Cloud Computing, CloudCom 2009, December 1-4, 2009, Beijing, China
- Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proofs, 2008 NIST Sigma Xi Postdoctoral Poster Presentation