Graphic summary
  • Show / hide key
  • Information


Scientific and technological production
  •  

1 to 50 of 275 results
  • Reconciling privacy and efficient utility management in smart cities

     Rebollo Monedero, David; Bartoli, Andrea; Hernández Serrano, Juan Bautista; Forné, Jordi; Soriano Ibáñez, Miguel
    European transactions on telecommunications
    Date of publication: 2014-01-01
    Journal article

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    A key aspect in the design of smart cities is, undoubtedly, a plan for the efficient management of utilities, enabled by technologies such as those entailing smart metering of the residential consumption of electricity, water or gas. While one cannot object to the appealing advantages of smart metering, the privacy risks posed by the submission of frequent, data-rich measurements cannot simply remain overlooked. The objective of this paper is to provide a general perspective on the contrasting issues of privacy and efficient utility management, by surveying the main requirements and tools, and by establishing exploitable connections. Copyright (c) 2013 John Wiley & Sons, Ltd.

  • UBIQUITOUS SECURE ELECTRONIC VOTING (u-SEV): Sistema de voto electrónico seguro para entornos sin infraestructuras de telecomunica.

     León Abarca, Olga; Muñoz Tapia, Jose Luis; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share

  • WiMAX-based robust localization in the presence of misbehaving and/or malicious base stations

     Hernández Serrano, Juan Bautista; León Abarca, Olga; Soriano Ibáñez, Miguel
    Computers and electrical engineering
    Date of publication: 2013-10
    Journal article

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    The use of WiMAX cellular networks has arisen as a promising solution in order to provide broadband access over large, often shadowed, areas. As in other cellular networks, localization of users is extremely useful for many services and even essential for some civilian and/or military logistic operations. In a cellular WiMAX network, a node can obtain its position from beacons received by several cell base stations. Therefore, securing the localization method against potential false or erroneous feedback is of paramount importance in order to allow the nodes to get reliable position estimations. This fact implies not only making the localization method robust against erroneous or forged measurements, but also identifying which WiMAX base stations are providing such measurements. In this paper, we propose a robust localization method that can identify up to k malicious or misbehaving base stations and provide with an accurate estimation of the node position even in their presence. Simulation results prove that this proposal outperforms other existing detection techniques.

  • Rights and Services Interoperability for Multimedia Content Management

     Maroñas Borras, Xavier
    Defense's date: 2013-12-04
    Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract  Share Reference managers Reference managers Open in new window

    El objetivo principal del trabajo presentado en esta tesis es el de describir la definición de mecanismos de interoperabilidad entre lenguajes de expresión de derechos y lenguajes de políticas. Empezando con la interoperabilidad entre lenguajes, se quiere ir un paso más allá y definir cómo servicios para la gestión de contenidos multimedia pueden interoperar por medio de arquitecturas estándares orientadas a servicios.Para conseguir este objetivo, varios estándares e iniciativas existentes se van a analizar y ser tenidas en cuenta. Respecto a los lenguajes de expresión de derechos y de políticas, se han considerado estándares tales como MPEG-21 Rights Expression Language (REL), Open Digital Rights Language (ODRL) y eXtensible Access Control Markup Language (XACML). Respecto a los servicios para la gestión del contenido multimedia, se han considerado la plataforma Multimedia Information Protection And Management System (MIPAMS), una implementación de una arquitectura basada en estándares, y el estándar Multimedia Service Platform Technologies (MSPT), también conocido como el estándar MPEG-M. La contribución de esta tesis se divide en dos partes, una dedicada a la interoperabilidad entre lenguajes y la otra dedicada a la interoperabilidad entre services, ambas dirigidas a la gestión de contenido multimedia. Se describen a continuación.La primera parte de la contribución describe cómo MPEG-21 REL, ODRL y XACML pueden interoperar, definiendo los mecanismos para traducir expresiones de lenguaje a lenguaje. Los mapeos proporcionan distintos niveles de granularidad, empezando por un mapeo basado en una solución programática basada en diagramas realizados con lenguajes de modelado de alto nivel como pueden ser Unified Modelling Language (UML) y Entity-Relationship (ER). El siguiente nivel de mapeo incluye mapeos específicos entre MPEG-21 REL y XACML y ODRL y XACML. Finalmente, se plantea una solución más general con el uso de un bróker. Parte de este trabajo se ha realizado en el contexto de la Red de Excelencia VISNET-II y del Proyecto Integrado AXMEDIS. Los resultados obtenidos avalan la validez de los métodos de interoperabilidad descritos.La segunda parte de la contribución describe cómo definir standards based building blocks (SB3) para proporcionar interoperabilidad entre servicios para la gestión del contenido multimedia. Esta definición se basa en el análisis de casos de uso existente para la gestión de contenido, desde los que necesitan menos seguridad sobre el contenido gestionado hasta los que requiere una gestión completa de los derechos digitales (DRM, digital rights management), incluyendo técnicas de control de acceso y cifrado, para soportar gestión segura del contenido. En esta sección también se presenta el trabajo realizado en los proyectos de investigación AXMEDIS, Musiteca y Culturalive. Además, se describe el trabajo de estandarización realizado en MPEG-M, especialmente en Elementary Services y Service Aggregation. Para demostrar el uso de ambas tecnologías se presenta una aplicación móvil que integra MPEG-M y MIPAMS.Además, se presentan las conclusiones y las líneas de trabajo futuro en la sección correspondiente, junto con las publicaciones asociadas a esta tesis, que se describen en el documento. En resumen, el trabajo presentado puede seguir diversas líneas de investigación. Por un lado, es necesario estudiar las nuevas versiones de los lenguajes de expresión de derechos y políticas aparecidos recientemente. Además, también habrá que tener en cuenta el lenguaje de expresión de contratos, MPEG-21 CEL, estandarizado recientemente, con el objetivo de evaluar la interoperabilidad con los lenguajes de expresión de derechos y políticas. Por otro lado, se deben seguir distintas iniciativas de estandarización para completar el mapa de SB3¿s, considerando estándares MPEG y otros no sólo relacionados con multimedia sino también con otros escenarios de aplicación como e-salud y e-gobierno.

  • Privacy protection of user profiles in personalized information systems.

     Parra Arnau, Javier
    Defense's date: 2013-12-02
    Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract  Share Reference managers Reference managers Open in new window

    Recientemente estamos siendo testigos del surgimiento de una amplia variedad de sistemas de información que adaptan la funcionalidad del intercambio de información para satisfacer los intereses específicos de sus usuarios. Muchos de estos sistemas de información personalizados se basan en la construcción de perfiles, especificados por el propio usuario, o inferidos a partir de su actividad pasada. La habilidad de estos sistemas para perfilar a los usuarios es, por tanto, lo que permite dicha inteligente funcionalidad, pero al mismo tiempo es la fuente de serios problemas de privacidad.Aunque disponemos de una amplia gama de tecnologías para mitigar algunos de esos problemas, lo cierto es que el uso de estas tecnologías está lejos de ser generalizado. La principal razón es la ambigüedad que existe entre estas tecnologías y su eficacia en términos de protección de la privacidad. Además, puesto que estas tecnologías normalmente vienen a costa de funcionalidad del sistema y utilidad, es crucial evaluar si la ganancia en privacidad compensa el coste en utilidad. Por tanto, medir la privacidad que proporciona una cierta tecnología es esencial para determinar su beneficio global, comparar su eficacia con otras tecnologías, y optimizarla en términos del compromiso entre privacidad y utilidad que plantean.Se ha dedicado un gran esfuerzo a investigar métricas tanto de privacidad como de utilidad. Sin embargo, muchas de estas métricas están ligadas a escenarios y modelos de adversario concretos, y por tanto son difíciles de generalizar o trasladar a otros contextos. Además, en aplicaciones que se prestan a la construcción de perfiles de usuario, hay pocas propuestas para evaluar la privacidad y las existentes no son justificadas de una manera apropiada o simplemente yerran al justificar la elección.La primera parte de esta tesis aborda el problema de cuantificar la privacidad de usuario. Primeramente, presentamos un marco teórico para sistemas de preservación de la privacidad, dotado de una visión unificadora de privacidad en términos del error de estimación incurrido por un atacante que tiene como objetivo revelar la información privada que el sistema debe encubrir. Nuestro análisis teórico muestra cómo un gran número de métricas de privacidad surgidas de aplicaciones diversas están relacionadas biyectivamente con este error de estimación, lo que permite interpretar y comparar estas métricas bajo una misma perspectiva.En segundo lugar, estudiamos cómo medir la privacidad en los sistemas de información personalizados. En concreto, proponemos dos métricas de privacidad de perfiles, y las justificamos basándonos, por un lado, en el argumento de Jaynes detrás de los métodos de maximización de la entropía, y por otro lado, en resultados fundamentales del método de tipos y test de hipótesis.Dotados de medidas cuantificables de privacidad y de utilidad, la segunda parte de esta tesis investiga mecanismos de perturbación de los datos para la mejora de la privacidad en dos tipos de sistemas de información personalizados. En particular, estudiamos la eliminación de etiquetas en aplicaciones de la Web semántica, y la combinación de la falsificación y la supresión de puntuaciones en sistemas de recomendación. Diseñamos estos mecanismos para que alcancen el compromiso óptimo entre privacidad y utilidad, en el sentido de maximizar la privacidad para un nivel de utilidad deseado, o viceversa. Procedemos de una manera sistemática, utilizando la metodología de optimización multiobjetivo. Nuestro análisis teórico encuentra una solución cerrada al problema de eliminación óptima de etiquetas, y al problema de falsificación y supresión óptima de puntuaciones.Además, presentamos una extensa caracterización teórica del compromiso entre privacidad y utilidad. Los experimentos llevados a cabo en aplicaciones reales muestran la eficacia de nuestros mecanismos en términos de protección de privacidad, funcionalidad del sistema y utilidad de los datos.

  • Contribution to design a communication framework for Vehicular Ad hoc Networks in urban scenarios  Open access

     Tripp Barba, Carolina
    Defense's date: 2013-06-20
    Department of Telematics Engineering, Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    The constant mobility of people, the growing need to be always connected, the large number of vehicles that nowadays can be found in the roads and the advances in technology make Vehicular Ad hoc Networks (VANETs) be a major area of research. Vehicular Ad hoc Networks are a special type of wireless Mobile Ad hoc Networks (MANETs), which allow a group of mobile nodes configure a temporary network and maintain it without the need of a fixed infrastructure. A vehicular network presents some specific characteristics, as the very high speed of nodes. Due to this high speed the topology changes are frequent and the communication links may last only a few seconds. Smart cities are now a reality and have a direct relationship with vehicular networks. With the help of existing infrastructure such as traffic lights, we propose a scheme to update and analyse traffic density and a warning system to spread alert messages. With this, traffic lights assist vehicular networks to take proper decisions. This would ensure less congested streets. It would also be possible that the routing protocol forwards data packets to vehicles on streets with enough neighbours to increase the possibility of delivering the packets to destination. Sharing updated, reliable and real-time information, about traffic conditions, weather or security alerts, increases the need of algorithms for the dissemination of information that take into account the main beneffits and constraints of these networks. For all this, routing protocols for vehicular networks have the difficult task to select and establish transmission links to send the data packets from source to destination through multiple nodes using intermediate vehicles efficiently. The main objective of this thesis is to provide improvements in the communication framework for vehicular networks to improve decisions to select next hops in the moment to send information, in this way improving the exchange of information to provide suitable communication to minimize accidents, reduce congestion, optimize resources for emergencies, etc. Also, we include intelligence to vehicles at the moment to take routing decisions. Making them map-aware, being conscious of the presence of buildings and other obstacles in urban environments. Furthermore, our proposal considers the decision to store packets for a maximum time until finding other neighbouring nodes to forward the packets before discarding them. For this, we propose a protocol that considers multiple metrics that we call MMMR (A Multimetric, Map-Aware Routing Protocol ). MMMR is a protocol based on geographical knowledge of the environment and vehicle location. The metrics considered are the distance, the density of vehicles in transmission range, the available bandwidth and the future trajectory of the neighbouring nodes. This allows us to have a complete view of the vehicular scenario to anticipate the driver about possible changes that may occur. Thus, a node can select a node among all its neighbours, which is the best option to increase the likelihood of successful packet delivery, minimizing time and offering a level of quality and service. In the same way, being aware of the increase of information in wireless environments, we analyse the possibility of offering anonymity services. We include a mechanism of anonymity in routing protocols based on the Crowd algorithm, which uses the idea of hiding the original source of a packet. This allowed us to add some level of anonymity on VANET routing protocols. The analytical modeling of the available bandwidth between nodes in a VANET, the use of city infrastructure in a smart way, the forwarding selection in data routing byvehicles and the provision of anonymity in communications, are issues that have been addressed in this PhD thesis. In our research work we provide contributions to improve the communication framework for Vehicular Ad hoc Networks obtaining benefits toenhance the everyday of the population.

    La movilidad constante de las personas y la creciente necesidad de estar conectados en todo momento ha hecho de las redes vehiculares un área cuyo interés ha ido en aumento. La gran cantidad de vehículos que hay en la actualidad, y los avances tecnológicos han hecho de las redes vehiculares (VANETS, Vehicular Ad hoc Networks) un gran campo de investigación. Las redes vehiculares son un tipo especial de redes móviles ad hoc inalámbricas, las cuales, al igual que las redes MANET (Mobile Ad hoc Networks), permiten a un grupo de nodos móviles tanto configurar como mantener una red temporal por si mismos sin la necesidad de una infraestructura fija. Las redes vehiculares presentan algunas características muy representativas, por ejemplo, la alta velocidad que pueden alcanzar los nodos, en este caso vehículos. Debido a esta alta velocidad la topología cambia frecuentemente y la duración de los enlaces de comunicación puede ser de unos pocos segundos. Estas redes tienen una amplia área de aplicación, pudiendo tener comunicación entre los mismos nodos (V2V) o entre los vehículos y una infraestructura fija (V2I). Uno de los principales desafíos existentes en las VANET es la seguridad vial donde el gobierno y fabricantes de automóviles han centrado principalmente sus esfuerzos. Gracias a la rápida evolución de las tecnologías de comunicación inalámbrica los investigadores han logrado introducir las redes vehiculares dentro de las comunicaciones diarias permitiendo una amplia variedad de servicios para ofrecer. Las ciudades inteligentes son ahora una realidad y tienen una relación directa con las redes vehiculares. Con la ayuda de la infraestructura existente, como semáforos, se propone un sistema de análisis de densidad de tráfico y mensajes de alerta. Con esto, los semáforos ayudan a la red vehicular en la toma de decisiones. Así se logrará disponer de calles menos congestionadas para hacer una circulación más fluida (lo cual disminuye la contaminación). Además, sería posible que el protocolo de encaminamiento de datos elija vehículos en calles con suficientes vecinos para incrementar la posibilidad de entregar los paquetes al destino (minimizando pérdidas de información). El compartir información actualizada, confiable y en tiempo real sobre el estado del tráfico, clima o alertas de seguridad, aumenta la necesidad de algoritmos de difusión de la información que consideren los principales beneficios y restricciones de estas redes. Así mismo, considerar servicios críticos que necesiten un nivel de calidad y servicio es otro desafío importante. Por todo esto, un protocolo de encaminamiento para este tipo de redes tiene la difícil tarea de seleccionar y establecer enlaces de transmisión para enviar los datos desde el origen hacia el destino vía múltiples nodos utilizando vehículos intermedios de una manera eficiente. El principal objetivo de esta tesis es ofrecer mejoras en los sistemas de comunicación vehicular que mejoren la toma de decisiones en el momento de realizar el envío de la información, con lo cual se mejora el intercambio de información para poder ofrecer comunicación oportuna que minimice accidentes, reduzca atascos, optimice los recursos destinados a emergencias, etc. Así mismo, incluimos más inteligencia a los coches en el momento de tomar decisiones de encaminamiento de paquetes. Haciéndolos conscientes de la presencia de edificios y otros obstáculos en los entornos urbanos. Así como tomar la decisión de guardar paquetes durante un tiempo máximo de modo que se encuentre otros nodos vecinos para encaminar paquetes de información antes de descartarlo. Para esto, proponemos un protocolo basado en múltiples métricas (MMMR, A Multimetric, Map-aware Routing Protocol ) que es un protocolo geográfio basado en el conocimiento del entorno y localización de los vehículos. Las métricas consideradas son la distancia, la densidad de vehículos en el área de transmisión, el ancho de banda disponible y la trayectoria futura de los nodos vecinos. Esto nos permite tener una visión completa del escenario vehicular y anticiparnos a los posibles cambios que puedan suceder. Así, un nodo podrá seleccionar aquel nodo entre todos sus vecinos posibles que sea la mejor opción para incrementar la posibilidad de entrega exitosa de paquetes, minimizando tiempos y ofreciendo un cierto nivel de calidad y servicio. De la misma manera, conscientes del incremento de información que circula por medios inalámbricos, se analizó la posibilidad de servicios de anonimato. Incluimos pues un mecanismo de anonimato en protocolos de encaminamiento basado en el algoritmo Crowd, que se basa en la idea de ocultar la fuente original de un paquete. Esto nos permitió añadir cierto nivel de anonimato que pueden ofrecer los protocolos de encaminamiento. El modelado analítico del ancho de banda disponible entre nodos de una VANET, el uso de la infraestructura de la ciudad de una manera inteligente, la adecuada toma de decisiones de encaminamiento de datos por parte de los vehículos y la disposición de anonimato en las comunicaciones, son problemas que han sido abordados en este trabajo de tesis doctoral que ofrece contribuciones a la mejora de las comunicaciones en redes vehiculares en entornos urbanos aportando beneficios en el desarrollo de la vida diaria de la población.

  • Certificate Status Information Distribution and Validation in Vehicular Networks

     Hernandez Gañan, Carlos
    Defense's date: 2013-09-04
    Universitat Politècnica de Catalunya
    Theses

     Share Reference managers Reference managers Open in new window

  • UBIQUITOUS SECURE ELECTRONIC VOTING (u-SEV): Sistema de voto electrónico seguro para entornos sin infraestructuras de telecomunica.

     León Abarca, Olga; Muñoz Tapia, Jose Luis; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share

  • Optimizing energy-efficiency of PHY-layer authentication in machine-to-machine networks

     Bartoli, Andrea; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel; Dohler, Mischa; Kountouris, Apostolous; Barthel, Dominique
    IEEE Global Communications Conference
    Presentation's date: 2012-12
    Presentation of work at congresses

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    Security issues are gaining in importance for machine-to-machine (M2M) networks, mainly because thousands of devices are left unattended for years of operation without the possibility of human intervention. One of the most critical security issues is the prevention of denial of service (DoS) attacks, given the limited capabilities of the M2M devices and the wireless communication settings. To this end, we had earlier introduced a novel recursive PHY-Layer security scheme which was shown to yield enormous benefits with regards to DoS attacks [1]. Recognizing the importance of the thus required synchronization window and the possibility of desynchronization because of poor channel conditions, we introduce a novel synchronization process...

  • Access to the full text
    Parallelization of the interpolation process in the Koetter-Vardy soft-decision list decoding algorithm  Open access

     Moreira Sanchez, Jose; Fernandez Muñoz, Marcel; Soriano Ibáñez, Miguel
    International Conference on Computational and Mathematical Methods in Science and Engineering
    Presentation's date: 2012-07-02
    Presentation of work at congresses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    List decoding is a decoding strategy that provides a set of codewords at the output of the channel decoder. Since this technique corrects errors beyond the correcting bound of the code, upper layers in the application or in the communications protocol can choose the appropriate candidate codeword among the elements of the set. The Koetter-Vardy algorithm is a soft-decision decoding algorithm for Reed-Solomon codes. It is based on two sequential processes: interpolation and factorization. In most applications it is interesting to efficiently decode in real time. This paper discusses some parallelization results about the interpolation process, which is the highest time-consuming part of the Koetter-Vardy algorithm.

  • On the relationship between the traceability properties of Reed-Solomon codes

     Moreira Sanchez, Jose; Fernandez Muñoz, Marcel; Soriano Ibáñez, Miguel
    Advances in mathematics of communications
    Date of publication: 2012-11
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Decentralized certification scheme for secure admission in on-the-fly peer-to-peer systems

     Touceda, D.S.; Cámara, J.M.S.; Soriano Ibáñez, Miguel
    Peer-to-peer networking and applications
    Date of publication: 2012-06
    Journal article

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    Several alternative schemes have been presented in the literature to try to solve the users’ admission problem in P2P systems when it is not possible to include a logically centralized authority (either online or offline) in the system. However,most of them are not suitable for on-the-fly P2P systems and the most typical ones (IP based, shared secret and threshold cryptography) have several security and performance drawbacks. From the deficiencies of the existing schemes, in this paper we present a new decentralized certification scheme for on-the-fly P2P systems which is based on the recently published Internet Attribute Certificate Profile for Authorization. Our proposal greatly improves the security and flexibility of IP based and shared secret D. Suárez Touceda (B) Evalues - IT Security Evaluation, Parque Leganés Tecnológico, Avda. Gregorio Peces Barba 1, 28918 Leganés (Madrid), Spain e-mail: diego.suarez@uc3m.es J. M. Sierra Cámara Computer Science Department, Universidad Carlos III de Madrid, Avda. de la Universidad 30, 28911 Leganés (Madrid), Spain e-mail: sierra@inf.uc3m.es M. Soriano Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), 08034 Barcelona, Spain e-mail: soriano@entel.upc.edu M. Soriano Centre Tecnolgic de Telecomunicacions de Catalunya (CTTC), 08860 Castelldefels (Barcelona), Spain schemes with no infrastructure cost and with a minimal performance charge. Also, it achieves a similar level of security than threshold cryptography while highly reducing its computational and communicational cost. All these facts position our certification proposal as a users’ admission alternative for on-the-fly P2P systems in non very hostile environments where performance and security are key factors.

  • Design of a P2P content recommendation system using affinity networks

     Vera Del Campo, Juan Victoriano; Pegueroles Valles, Josep Rafel; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    Computer communications
    Date of publication: 2012-08
    Journal article

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    The success and intensive use of social networks makes strategies for efficient document location a hot topic of research. In this paper, we propose a common vector space to describe documents and users to create a social network based on affinities, and explore epidemic routing to recommend documents according to the user’s interests. Furthermore, we propose the creation of a SoftDHT structure to improve the recommendation results. Using these mechanisms, an efficient document recommender system with a fast organization of clusters of users based on their affinity can be provided, preventing the creation of unlinked communities. We show through simulations that the proposed system has a short convergence time and presents a high recall ratio.

  • Cooperative detection of primary user emulation attacks in CRNs

     León Abarca, Olga; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    Computer networks
    Date of publication: 2012
    Journal article

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    Cognitive radio networks (CRNs) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. With such purpose, coexistence mechanisms among CRN nodes or secondary users and legitimate users of the spectrum or primary users are defined. However, due to the particular features of CRNs, new security threats arise, such as the primary user emulation (PUE) attack, which is the most challenging among all. With the aim of detecting such kind of attacks, in this paper we propose a cooperative localization method specifically suited to CRNs which relies on TDoA measurements and Taylor-series estimations. Simulations results show the goodness of the proposed method and its suitability to typical CRN scenarios.

  • Contributions to security and privacy protection in recommendation systems  Open access

     Vera Del Campo, Juan Victoriano
    Defense's date: 2012-10-29
    Department of Telematics Engineering, Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    A recommender system is an automatic system that, given a customer model and a set of available documents, is able to select and offer those documents that are more interesting to the customer. From the point of view of security, there are two main issues that recommender systems must face: protection of the users' privacy and protection of other participants of the recommendation process. Recommenders issue personalized recommendations taking into account not only the profile of the documents, but also the private information that customers send to the recommender. Hence, the users' profiles include personal and highly sensitive information, such as their likes and dislikes. In order to have a really useful recommender system and improve its efficiency, we believe that users shouldn't be afraid of stating their preferences. The second challenge from the point of view of security involves the protection against a new kind of attack. Copyright holders have shifted their targets to attack the document providers and any other participant that aids in the process of distributing documents, even unknowingly. In addition, new legislation trends such as ACTA or the ¿Sinde-Wert law¿ in Spain show the interest of states all over the world to control and prosecute these intermediate nodes. we proposed the next contributions: 1.A social model that captures user's interests into the users' profiles, and a metric function that calculates the similarity between users, queries and documents. This model represents profiles as vectors of a social space. Document profiles are created by means of the inspection of the contents of the document. Then, user profiles are calculated as an aggregation of the profiles of the documents that the user owns. Finally, queries are a constrained view of a user profile. This way, all profiles are contained in the same social space, and the similarity metric can be used on any pair of them. 2.Two mechanisms to protect the personal information that the user profiles contain. The first mechanism takes advantage of the Johnson-Lindestrauss and Undecomposability of random matrices theorems to project profiles into social spaces of less dimensions. Even if the information about the user is reduced in the projected social space, under certain circumstances the distances between the original profiles are maintained. The second approach uses a zero-knowledge protocol to answer the question of whether or not two profiles are affine without leaking any information in case of that they are not. 3.A distributed system on a cloud that protects merchants, customers and indexers against legal attacks, by means of providing plausible deniability and oblivious routing to all the participants of the system. We use the term DocCloud to refer to this system. DocCloud organizes databases in a tree-shape structure over a cloud system and provide a Private Information Retrieval protocol to avoid that any participant or observer of the process can identify the recommender. This way, customers, intermediate nodes and even databases are not aware of the specific database that answered the query. 4.A social, P2P network where users link together according to their similarity, and provide recommendations to other users in their neighborhood. We defined an epidemic protocol were links are established based on the neighbors similarity, clustering and randomness. Additionally, we proposed some mechanisms such as the use SoftDHT to aid in the identification of affine users, and speed up the process of creation of clusters of similar users. 5.A document distribution system that provides the recommended documents at the end of the process. In our view of a recommender system, the recommendation is a complete process that ends when the customer receives the recommended document. We proposed SCFS, a distributed and secure filesystem where merchants, documents and users are protected

    Este documento explora c omo localizar documentos interesantes para el usuario en grandes redes distribuidas mediante el uso de sistemas de recomendaci on. Se de fine un sistema de recomendaci on como un sistema autom atico que, dado un modelo de cliente y un conjunto de documentos disponibles, es capaz de seleccionar y ofrecer los documentos que son m as interesantes para el cliente. Las caracter sticas deseables de un sistema de recomendaci on son: (i) ser r apido, (ii) distribuido y (iii) seguro. Un sistema de recomendaci on r apido mejora la experiencia de compra del cliente, ya que una recomendaci on no es util si es que llega demasiado tarde. Un sistema de recomendaci on distribuido evita la creaci on de bases de datos centralizadas con informaci on sensible y mejora la disponibilidad de los documentos. Por ultimo, un sistema de recomendaci on seguro protege a todos los participantes del sistema: usuarios, proveedores de contenido, recomendadores y nodos intermedios. Desde el punto de vista de la seguridad, existen dos problemas principales a los que se deben enfrentar los sistemas de recomendaci on: (i) la protecci on de la intimidad de los usuarios y (ii) la protecci on de los dem as participantes del proceso de recomendaci on. Los recomendadores son capaces de emitir recomendaciones personalizadas teniendo en cuenta no s olo el per l de los documentos, sino tambi en a la informaci on privada que los clientes env an al recomendador. Por tanto, los per les de usuario incluyen informaci on personal y altamente sensible, como sus gustos y fobias. Con el n de desarrollar un sistema de recomendaci on util y mejorar su e cacia, creemos que los usuarios no deben tener miedo a la hora de expresar sus preferencias. Para ello, la informaci on personal que est a incluida en los per les de usuario debe ser protegida y la privacidad del usuario garantizada. El segundo desafi o desde el punto de vista de la seguridad implica un nuevo tipo de ataque. Dado que la prevenci on de la distribuci on ilegal de documentos con derechos de autor por medio de soluciones t ecnicas no ha sido efi caz, los titulares de derechos de autor cambiaron sus objetivos para atacar a los proveedores de documentos y cualquier otro participante que ayude en el proceso de distribuci on de documentos. Adem as, tratados y leyes como ACTA, la ley SOPA de EEUU o la ley "Sinde-Wert" en España ponen de manfi esto el inter es de los estados de todo el mundo para controlar y procesar a estos nodos intermedios. Los juicios recientes como MegaUpload, PirateBay o el caso contra el Sr. Pablo Soto en España muestran que estas amenazas son una realidad.

  • Design of Secure Mobile Payment Protocols for Restricted Connectivity Scenarios  Open access

     Téllez Isaac, Jesús Augusto
    Defense's date: 2012-09-12
    Department of Telematics Engineering, Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    The emergence of mobile and wireless networks made posible the extensión of electronic commerce to a new area of research: mobile commerce called m-commerce, which includes mobile payment), that refers to any e-commerce transaction made from a mobile device using wireless networks. Most of the mobile payment systems found in the literatura are based on the full connectivity scenario where all the entities are directly connected one to another but do not support business models with direct communication restrictions between the entities of the system is not a impediment to perform comercial transactions. It is for this reason that mobile payment systems that consider those situations where direct communications between entities of the system is not posible (temporarily or permanently) basically due to the impossibility of one of the entities connected to the Internet are required. In order to solve the current shortage in the scientific world of previous research works that address the problema of on-line payment from mobile devices in connectivity restricted scenarios, in this thesis we propose a set of secure payment protocols (that use both symmetric and non-traditional asymmetric cryptography), which have low computational power requirements, are fit for scenarios with communications restrictions (where at least two of the entities of the system cannot exchange information in a direct way and must do it through another entity) and offer the same security capabilities as those protocols designed for full connectivity scenarios. The proposed protocols are applicable to other types of networks, such as vehicular ad hoc network (VANETs), where services exist which require on-line payment and scenarios with communication restrictions.On the other hand, the implementation (in a multiplatform programming language) of the designed protocols shows that their performance is suitable for devices with limited computational power.

  • Contributions to the Security of Cognitive Radio Networks

     León Abarca, Olga
    Defense's date: 2012-01-31
    Department of Telematics Engineering, Universitat Politècnica de Catalunya
    Theses

     Share Reference managers Reference managers Open in new window

  • Códigos para la protección de la propiedad industrial

     Rico Novella, Francisco Jose; Soriano Ibáñez, Miguel; Fernandez Muñoz, Marcel
    Participation in a competitive project

     Share

  • Use of turbo codes with low-rate convolutional constituent codes in fingerprinting scenarios

     Tomas Buliart, Joan; Gómez Muro, Ana; Fernandez Muñoz, Marcel; Soriano Ibáñez, Miguel
    Information Forensics and Security
    Presentation's date: 2011-11-29
    Presentation of work at congresses

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    We discuss the use of turbo codes in fingerprinting schemes. More precisely, we present a family of turbo codes that are secure against attacking coalitions of size 2. This family is build upon a class of low-rate convolutional codes with maximum free distance. Low rate convolutional codes are commonly used in code-spread CDMA applications. Moreover, we show how efficient traitor tracing can be performed by means of the turbo decoding algorithm.

  • Private audio streaming for an automated phone assistance system

     Vera Del Campo, Juan Victoriano; Gómez Muro, Ana; Soriano Ibáñez, Miguel
    International Conference on P2P, Parallel, Grid, Cloud and Internet Computing
    Presentation's date: 2011-10-26
    Presentation of work at congresses

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    In a question-driven phone assistance system, if the answer to one question decides the next one, hiding user's answers is not enough to protect her privacy. In this work, we explore an audio streaming mechanism where the assistance system is not aware of the questions that the user retrieves. In addition, we discuss the deployment of these mechanisms on a real system, using VoIP schemes and cloud computing.

  • Access to the full text
    Robust detection of primary user emulation attacks in IEEE 802.22 networks  Open access

     León Abarca, Olga; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    International Conference on Cognitive Radio and Advanced Spectrum Management
    Presentation's date: 2011-10-27
    Presentation of work at congresses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    Cognitive Radio (CR) technology constitutes a new paradigm where wireless devices can access the spectrum left unused by licensed or primary users in an opportunistic way. This feature opens the door to a main new threat: the Primary User Emulation (PUE) attack, in which a malicious user transmits a fake primary signal preventing a Cognitive Radio Network (CRN) from using the available spectrum. Cooperative location of a primary source can be a valuable tool for distinguishing between a legitimate transmission and a PUE attack whenever the position of primary users is known, as it is the case of TV towers in the IEEE 802.22 standard. However, the location process can be undermined due to false data provided by malicious or faulty nodes. In this paper, we analyze the effect of forged reports on the location process of a given emitter and provide a set of countermeasures in order to make it robust to undesired behaviors.

  • Access to the full text
    Secure lossless aggregation over fading and shadowing channels for smart grid M2M networks  Open access

     Bartoli, Andrea; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel; Dohler, Mischa; Kountouris, Apostolous; Barthel, Dominique
    IEEE Transactions on Smart Grid
    Date of publication: 2011-12
    Journal article

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    Whilst security is generally perceived as an important constituent of communication systems, this paper offers a viable security-communication-tradeoff particularly tailored to Advanced Metering Infrastructures (AMIs) in Smart Grid systems. These systems, often composed of embedded nodes with highly constrained resources, require e.g. metering data to be delivered efficiently whilst neither jeopardizing communication nor security. Data aggregation is a natural choice in such settings, where the challenge is to facilitate per-hop as well as end-to-end security. The prime contribution of this paper is to propose a secure aggregation protocol that meets the requirements of Smart Grids, and to analyze its efficiency considering various system configurations as well as the impact of the wireless channel through packet error rates. Relying on analysis and corroborative simulations, unprecedented design guidelines are derived which determine the operational point beyond which aggregation is useful as well quantifying the superiority of our protocol w.r.t. non-aggregated solutions.

  • An Algorithm for k-Anonymous Microaggregation and Clustering Inspired by the Design of Distortion-Optimized Quantizers

     Rebollo Monedero, David; Forné, Jordi; Soriano Ibáñez, Miguel
    Data and knowledge engineering
    Date of publication: 2011-10-01
    Journal article

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    We present a multidisciplinary solution to the problems of anonymous microaggregation and clustering, illustrated with two applications, namely privacy protection in databases, and private retrieval of location-based information. Our solution is perturbative, is based on the same privacy criterion used in microdata k-anonymization, and provides anonymity through a substantial modification of the Lloyd algorithm, a celebrated quantization design algorithm, endowed with numerical optimization techniques. Our algorithm is particularly suited to the important problem of k-anonymous microaggregation of databases, with a small integer k representing the number of individual respondents indistinguishable from each other in the published database. Our algorithm also exhibits excellent performance in the problem of clustering or macroaggregation, where k may take on arbitrarily large values. We illustrate its applicability in this second, somewhat less common case, by means of an example of location-based services. Specifically, location-aware devices entrust a third party with accurate location information. This party then uses our algorithm to create distortion-optimized, size-constrained clusters, where k nearby devices share a common centroid location, which may be regarded as a distorted version of the original one. The centroid location is sent back to the devices, which use it when contacting untrusted location-based information providers, in lieu of the exact home location, to enforce k-anonymity. We compare the performance of our novel algorithm to the state-of-the-art microaggregation algorithm MDAV, on both synthetic and standardized real data, which encompass the cases of small and large values of k. The most promising aspect of our proposed algorithm is its capability to maintain the same k-anonymity constraint, while outperforming MDAV by a significant reduction in data distortion, in all the cases considered.

  • Security in Peer-to-Peer Communication Systems  Open access

     Suárez Touceda, Diego
    Defense's date: 2011-07-26
    Department of Telematics Engineering, Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.

  • WoO : Web of Objetcs

     Soriano Ibáñez, Miguel; Pegueroles Valles, Josep Rafel
    Participation in a competitive project

     Share

  • Access to the full text
    Modeling the lion attack in cognitive radio networks  Open access

     Hernández Serrano, Juan Bautista; León Abarca, Olga; Soriano Ibáñez, Miguel
    Eurasip journal on wireless communication and networking
    Date of publication: 2011
    Journal article

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    Cognitive radio is a promising technology aiming to improve the utilization of the radio electromagnetic spectrum. A cognitive radio is a smart device which runs radio applications software to perform signal processing. The use of this software enables the device to sense and understand its environment and actively change itsmode of operation based on its observations. Unfortunately, this solution entails new security challenges. In this paper, we present a cross-layer attack to TCP connections in cognitive radio networks, analyze its impact on TCP throughput via analytical model and simulation, and propose potential countermeasures to mitigate it.

  • Access to the full text
    An infrastructure for detecting and punishing malicious hosts using mobile agent watermarking  Open access

     Esparza Martin, Oscar; Muñoz Tapia, Jose Luis; Tomas Buliart, Joan; Soriano Ibáñez, Miguel
    Wireless communications and mobile computing
    Date of publication: 2011-11-01
    Journal article

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    Mobile agents are software entities consisting of code, data, and state that can migrate autonomously from host to host executing their code. In such scenario there are some security issues that must be considered. In particular, this paper deals with the protection of mobile agents against manipulation attacks performed by the host, which is one of the main security issues to solve in mobile agent systems. This paper introduces an infrastructure for mobile agent watermarking (MAW). MAW is a lightweight approach that can efficiently detect manipulation attacks performed by potentially malicious hosts that might seek to subvert the normal agent operation. MAW is the first proposal in the literature that adapts software watermarks to verify the execution integrity of an agent. The second contribution of this paper is a technique to punish a malicious host that performed a manipulation attack by using a trusted third party (TTP) called host revocation authority (HoRA). A proof-of-concept has also been developed and we present some performance evaluation results that demonstrate the usability of the proposed mechanisms.

  • Identifying traitors using the Koetter - Vardy algorithm

     Fernandez Muñoz, Marcel; Moreira Sanchez, Jose; Soriano Ibáñez, Miguel
    IEEE transactions on information theory
    Date of publication: 2011-02
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Procédé de traitement d'un paquet de données à l'émission, procédé de traitement d'un paquet de données à la réception, dispositifs et équipements n¿uds associés

     Kountouris, Apostolous; Barthel, Dominique; Dohler, Mischa; Bartoli, Andrea; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    Date of request: 2011-06-17
    Invention patent

     Share Reference managers Reference managers Open in new window

  • Access to the full text
    Secure lossless aggregation for Smart Grid M2M networks  Open access

     Bartoli, Andrea; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel; Dohler, Mischa; Kountouris, Apostolous; Barthel, Dominique
    IEEE International Conference on Smart Grid Communications
    Presentation's date: 2010-10
    Presentation of work at congresses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    Whilst security is generally perceived as an important constituent of communication systems, this paper offers a viable security-communication-tradeoff particularly tailored to Advanced Metering Infrastructures (AMIs) in Smart Grid systems. These systems, often composed of embedded nodes with highly constrained resources, require e.g. metering data to be delivered efficiently whilst neither jeopardizing communication nor security. Data aggregation is a natural choice in such settings, where the challenge is to facilitate per-hop as well as end-to-end security. The prime contribution of this paper is to propose a secure aggregation protocol that meets the requirements of Smart Grids, and to analyze its efficiency considering various system configurations as well as the impact of the wireless channel through packet error rates. Relying on analysis and corroborative simulations, unprecedented design guidelines are derived which determine the operational point beyond which aggregation is useful as well quantifying the superiority of our protocol w.r.t. non-aggregated solutions.

  • Securing cognitive radio networks

     León Abarca, Olga; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    International journal of communication systems
    Date of publication: 2010-05
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Traitor tracing over YouTube video service-proof of concept

     Tomas Buliart, Joan; Fernandez Muñoz, Marcel; Soriano Ibáñez, Miguel
    Telecommunication systems
    Date of publication: 2010-09
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Genetic algorithms for designing network security protocols

     Zarza, Luis; Forné, Jordi; Pegueroles Valles, Josep Rafel; Soriano Ibáñez, Miguel
    Date of publication: 2010
    Book chapter

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    The design of cryptographic and security protocols for new scenarios and applications can be computationally expensive. Examples of these can be sensor or mobile ad-hoc networks where thousands of nodes can be involved. In such cases, the aid of an automated tool generating protocols for a predefined problem can be of great utility. This work uses the genetic algorithms (GA) techniques for the automatic design of security networked protocols. When using GA for optimizing protocols two aspects are critical: the genome definition and the evaluation function. We discuss how security protocols can be represented as binary strings and can be interpreted as security protocols; moreover we define several basic criteria for evaluating security protocols. Finally, we present the software we developed for generating secure communications protocols and show some examples and obtained results.

  • Distributed group security for wireless sensor networks

     Hernández Serrano, Juan Bautista; Vera Del Campo, Juan Victoriano; Pegueroles Valles, Josep Rafel; Soriano Ibáñez, Miguel
    Date of publication: 2010
    Book chapter

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Seguridad en redes de computación ubicua: contribución a la validación de credenciales  Open access

     Hinarejos Campos, M. Francisca
    Defense's date: 2010-06-30
    Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    Technology progress in both user devices and networks allows communications anytime and anywhere. New communication environments offer a wide range of possibilities to users, but also generate new threats. For this reason, it is necessary to establish measures to find out who is establishing a communication and what actions is authorized to do. Currently proposed solutions in the literature are not completely adapted to the new features such as user mobility, network disconnections and constraints of devices and networks. Many of the existing proposals have focused in providing specific solutions to particular scenarios, but they do not consider a global heterogeneous scenario. Therefore, it is necessary to design security mechanisms able to adapt themselves to new scenarios. In this sense, digital certificates are a standardized and widely used solution. Digital certificates enable performing user authentication and authorization in a distributed way. The problem is that ubiquitous environments complicate the process of digital certificates validation. This complexity could result in a service being not accessible. The goal of this thesis is to contribute in making ubiquitous scenarios more secure. More specifically, the work proposes solutions for reducing the credential validation cost and for improving the availability of authentication and authorization services. In first place, we propose a solution for credential validation that works properly in environments with connection to on-line servers and also in environments where the connection to servers is sometimes not possible. In second place, we propose a cascade revocation system where the delegation is partially centralized. Delegation provides high flexibility to authorization systems, but adds complexity to the system. Our proposal reduces the burden on the verifier-side. In third place, we propose a revocation system for delegation chains based on prefix codes. This proposal deals with the problem of centralization of the previous proposal. In particular, the decentralized solution presented keeps the load reduction achieved in the partially centralized proposal, and also enables dynamic delegation and distribution of revocation data. While the user is connected, revocation data distribution can be done with a certificate revocation list. However, in scenarios where the connection can be lost temporally, this might not be possible. To address this issue, we have proposed a system in which users can perform the functions of revocation servers without being trusted entities. This will allow increasing the availability of validation service, and reduce resource consumption. Each proposal has been analyzed and compared with existing solutions to verify the improvements achieved.

    El avance tecnológico tanto de los dispositivos de usuario como de las redes permite que se puedan establecer comunicaciones en cualquier momento y en cualquier lugar. Si bien estos entornos ofrecen un gran abanico de posibilidades a los usuarios, también es cierto que generan nuevas amenazas. Por este motivo, son necesarias medidas que permitan saber con quién se está estableciendo la comunicación y qué acciones se pueden autorizar. Las soluciones propuestas en la literatura no se adaptan completamente a las nuevas características de movilidad, desconexión y limitaciones tanto de los dispositivos como de las redes. De hecho, muchas de las propuestas existentes se han centrado en ofrecer soluciones concretas a escenarios particulares, sin tener en cuenta que el usuario puede entrar a formar parte de entornos heterogéneos. Por lo tanto, se hace necesario diseñar mecanismos de seguridad que conviviendo con los estándares vigentes, se adapten a los nuevos escenarios. En este sentido, los certificados digitales son una solución estandarizada y ampliamente extendida. Los certificados digitales permiten llevar a cabo tanto la autenticación como la autorización de un usuario de forma distribuida. Sin embargo, las características de los entornos ubicuos complican el proceso de validación de certificados. Esta complejidad podría llevar a que no se puediera acceder a los servicios. El objetivo de esta tesis es contribuir a aumentar la seguridad en entornos ubicuos. Más concretamente, se proporcionan soluciones para reducir la carga en la validación de credenciales y aumentar la disponibilidad de los servicios de autenticación y autorización. En primer lugar se propone un sistema de verificación de credenciales que se adapta para funcionar tanto en entornos con conexión a servidores on-line, como en sistemas off-line. Por otra parte, el proceso de delegación en sistemas de autorización, aporta una gran flexibilidad a estos entornos, pero a su vez añade complejidad al sistema. Para reducir esta carga sobre el verificador se propone un sistema de revocación en cascada con delegación centralizada. Sin embargo, esta centralización del servicio limita la escalabilidad y flexibilidad de la solución. Para dar solución a ese inconveniente, se ha propuesto un sistema de revocación en cadenas de delegación basado en códigos prefijo. Esta solución permite mantener la reducción de la carga en la validación lograda en la propuesta centralizada, y además, hace posible la delegación dinámica y la distribución de la información de revocación. Esta distribución puede realizarse a través de listas de revocación de credenciales. En redes con desconexión temporal esta información podría no estar accesible. Para solventarlo, se ha propuesto un sistema en el que los usuarios pueden realizar las funciones de servidores de revocación sin ser entidades de confianza. De esta forma se permite aumentar la disponibilidad del servicio de validación, y reducir el consumo de los recursos. Cada una de las propuestas realizadas se ha analizado para verificar las mejoras proporcionadas frente a las soluciones existentes. Para ello, se han evaluado de forma analítica, por simulación y/o implementación en función de cada caso. Los resultados del análisis verifican el funcionamiento esperado y muestran las mejoras de las propuestas frente a las soluciones existentes.

  • Transmisión de datos: problemas resueltos

     Aguilar Igartua, Mónica; Forné, Jordi; Mata Diaz, Jorge; Rico Novella, Francisco Jose; Rojas Espinosa, Alfonso; Soriano Ibáñez, Miguel
    Date of publication: 2010-11
    Book

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • 12th International Conference on Information and Comunications Security

     Forné, Jordi; Fernandez Muñoz, Marcel; Muñoz Tapia, Jose Luis; Pegueroles Valles, Josep Rafel; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share

  • TELEVOTE

     Hernández Serrano, Juan Bautista; Esparza Martin, Oscar; Yufera Gomez, Jose Manuel; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share

  • Private location-based information retrieval via k-anonymous clustering

     Rebollo Monedero, David; Forné, Jordi; Soriano Ibáñez, Miguel
    The internet of things
    Date of publication: 2010
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • A note about the identifier parent property in Reed-Solomon codes

     Fernandez Muñoz, Marcel; Cotrina Navau, Josep; Soriano Ibáñez, Miguel; Domingo, Neus
    Computers and security
    Date of publication: 2010-07
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • New voter verification scheme using pre-encrypted ballots

     Morales-Rocha, V; Soriano Ibáñez, Miguel; Puiggalí, Jordi
    Computer communications
    Date of publication: 2009-05
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • On the IPP Properties of Reed-Solomon Codes

     Fernandez Muñoz, Marcel; Cotrina Navau, Josep; Soriano Ibáñez, Miguel; Domingo, N
    IFIP Advances in Information and Communication Technology
    Date of publication: 2009-01
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Seguridad en los procesos de voto electrónico remoto:registro,votación,consolidación de resultados y auditoria.  Open access

     Morales Rocha, Víctor Manuel
    Defense's date: 2009-03-13
    Department of Telematics Engineering, Universitat Politècnica de Catalunya
    Theses

    Read the abstract Read the abstract Access to the full text Access to the full text Open in new window  Share Reference managers Reference managers Open in new window

    En los últimos años se han estado utilizando medios electrónicos para automatizar y hacer más eficientes los diferentes procesos de una elección. Aún cuando esta automatización se ha presentado de manera gradual, el propósito final es utilizar medios electrónicos en cada uno de los procesos:registro de votantes, autenticación de los votantes, emisión del voto y escrutinio y publicación de resultados. Los sistemas de votación electrónica han generado controversia debido a diferentes problemas que han surgido con su uso, especialmente en el aspecto de seguridad. La complejidad en la seguridad aumenta cuando se utilizan medios electrónicos remotos como Internet. Por otro lado, el voto electrónico remoto aporta grandes ventajas y por esta razón se continúa con la búsqueda de soluciones que permitan la automatización de los procesos de una elección de una manera fiable.Esta tesis contribuye en la seguridad relacionada con los diferentes procesos de elecciones, principalmente cuando se llevan a cabo a través de medios electrónicos remotos. Se proponen diferentes mecanismos de seguridad enfocados a los procesos de registro remoto de votantes, de votación y verificación individual, de consolidación de resultados de votación y de auditoria. Cada uno de esos mecanismos, además de proporcionar seguridad a los procesos, tienen en cuenta la transparencia frente a los votantes y demás participantes en una elección. Adicionalmente, se considera la facilidad de implementación y uso de dichos mecanismos.Se analizan los diferentes sistemas de voto remoto así como los requisitos de seguridad que se deben considerar en dichos sistemas. Se describe también la dificultad para satisfacer algunos de esos requisitos, especialmente en el voto electrónico remoto. También se analizan algunas de las principales amenazas de seguridad que afrontan los sistemas de voto electrónico remoto. Además se lleva a cabo un estudio comparativo de los diferentes sistemas de voto remoto y se describe un esquema de votación que permite una transición gradual hacia el voto remoto por Internet. Por otra parte, se describen los diferentes esquemas criptográficos de voto electrónico remoto, se analizan sus ventajas y desventajas y se presenta una comparación de dichos esquemas para determinar su factibilidad de implementación en escenarios reales.También se analiza la complejidad en el proceso de generación de un censo electoral a través de medios remotos de comunicación. Se propone en esta tesis un sistema de registro remoto de votantes que logra constituir un censo electoral de una manera fiable. Para lograrlo, se hace uso de técnicas criptográficas y biométricas.Parte esencial de esta tesis es la posibilidad de verificación del voto por parte del votante (verificación individual). Se analizan diferentes propuestas y se proponen dos esquemas de votación por Internet que incluyen mecanismos para que el votante pueda verificar el correcto tratamiento de su voto.Adicionalmente se propone un método de consolidación de resultados de una elección. El método propuesto se puede aplicar al voto electrónico remoto e incluso a los casos en los que la elección se lleva a cabo por distintos canales de votación (presenciales o remotos). Se utilizan técnicas criptográficas para proteger los resultados generados en cada uno de los canales de votación o unidades electorales y para una transferencia segura de dichos resultados hacia un servidor de consolidación. Finalmente, se describen los diferentes procesos de auditoria utilizados para los sistemas de voto electrónico. Se propone un mecanismo de auditoria que permite corroborar el correcto funcionamiento de un sistema de voto electrónico remoto, especialmente para detectar la inserción de votos ilegítimos. El mecanismo se basa en el uso de criptografía para la protección de los votos una vez que estos han sido recibidos por el servidor de votación.

    In the last few years, electronic means have been used to improve the efficiency of the different processes of an election as well as to automate them.Though this automation may have happened in a gradual way, its final purpose is to utilize electronic means for each process: voter registration, voter authentication, vote casting, and tallying and publication of results. The usage of electronic voting systems has been a highly controversial issue, especially concerning security. The difficulty in reaching an expected level of security increases when the Internet is used as the voting channel. Even with these difficulties, the Internet poses considerable advantages and it is necessary to provide mechanisms that allow this automation in election processes in a secure and reliable way.The purpose of this thesis is to analyze the security aspects related to the different processes of an election, specifically when those processes are carried out by remote electronic means. Several possible security mechanisms are proposed, which focus on the processes of remote voter registration, individual verification, results consolidation, and auditing. Along with its security aspect, each mechanism takes into account transparency in order to verify reliability. Additionally, the ease of use and the implementation are also considered.Various remote voting systems are analyzed as well as the corresponding security requirements of those systems. The difficulty in satisfying some of those requirements will be described and particular attention will be paid to systems of remote electronic voting. The main threats that those systems face are analyzed as well. Moreover, a comparative study of the different remote voting systems is carried out and a voting scheme, in order to implement Internet voting, is proposed. The different voting cryptographic schemes are also described. Then, advantages and disadvantages of each of them are analyzed in order to determine their feasibility to be used in a real environment.The complexity to shape an electoral roll through remote communication means is also analyzed in this study. A remote voter registration system is proposed in order to constitute an electoral roll in a reliable manner. This system employs cryptographic and biometric mechanisms.An essential part of this thesis is the potential for independent voter verification. After analyzing several proposals, two schemes that include mechanisms to allow voter verification are proposed, resulting in the possibility of verifying that votes are properly included in the election results.Additionally, a method for consolidating results is presented. This method can be used in remote electronic voting. However, it can also be used in elections that use different voting channels. In order to protect the voting results generated through each voting channel, cryptographic techniques are employed. The voting results are also protected during their transference to the consolidation server.Finally, several audit process for electronic voting systems are described. An audit mechanism is proposed that allows verification that a remote electronic voting system is working properly; it focuses on the detection of illegitimate votes. This mechanism is based on cryptographic techniques to protect the votes once they have been received by the voting server.

  • Un nuevo ataque a TCP para redes de radios cognitivas

     León Abarca, Olga; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    Jornadas de Ingeniería Telemática1
    Presentation's date: 2009-09-15
    Presentation of work at congresses

    Read the abstract Read the abstract View View Open in new window  Share Reference managers Reference managers Open in new window

    Los dispositivos de radios cognitivas emergen como una prometedora tecnología que ha de permitir un mejor uso del espectro electro-magnético. Estos dispositivos se caracterizan por ser capaces de observar y entender su entorno, y cambiar consecuentemente su modo de operación. Sin embargo, estas propiedades “cognitivas” conllevan nuevos retos de seguridad. En este artículo se presenta un nuevo ataque a las conexiones TCP en redes de radios cognitivas, se proponen soluciones para mitigarlo y se evalúa el impacto del mismo con y sin contramedidas.

  • A new cross-layer attack to TCP in cognitive radio networks

     León Abarca, Olga; Hernández Serrano, Juan Bautista; Soriano Ibáñez, Miguel
    International workshop on cross-layer design
    Presentation's date: 2009-06
    Presentation of work at congresses

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • Improvement of Collusion Secure Convolutional Fingerprinting Information Codes

     Tomas Buliart, Joan; Fernandez Muñoz, Marcel; Soriano Ibáñez, Miguel
    Lecture notes in computer science
    Date of publication: 2009
    Journal article

    View View Open in new window  Share Reference managers Reference managers Open in new window

  • VICOMO: MODELADO DE CONTECTO VISUAL

     Soriano Ibáñez, Miguel; Pegueroles Valles, Josep Rafel
    Participation in a competitive project

     Share

  • GRUP SEGURETAT DE LA INFORMACIÓ (ISG)

     Pallares Segarra, Esteve; Fernandez Muñoz, Marcel; León Abarca, Olga; Hernández Serrano, Juan Bautista; Forné, Jordi; Pegueroles Valles, Josep Rafel; Esparza Martin, Oscar; Muñoz Tapia, Jose Luis; Parra Arnau, Javier; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share

  • PROVISION SEGURA DE SERVICIOS SOBRE EL P2P (P2PSEC)

     Pegueroles Valles, Josep Rafel; Fernandez Muñoz, Marcel; Mata Diaz, Jorge; Martin Faus, Isabel Victoria; León Abarca, Olga; Esparza Martin, Oscar; Forga Alberich, Jordi; Hernández Serrano, Juan Bautista; Rico Novella, Francisco Jose; Cruz Llopis, Luis Javier de La; Alins Delgado, Juan Jose; Muñoz Tapia, Jose Luis; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share

  • SBV SECURE BIOMETRIC VOTING: SISTEMA BIOMETRICO PARA PROCESOS ELECTORALES SEGUROS

     Esparza Martin, Oscar; Hernández Serrano, Juan Bautista; Muñoz Tapia, Jose Luis; Soriano Ibáñez, Miguel
    Participation in a competitive project

     Share