Antonio Izquierdo

Advances in network smart cards authentication

Smart cards have been widely used as simple token hardware in authenticationn processes. Nevertheless, a new trend indicates a shift towards more enhanced cards with networking capabilities. We propose revising the usual focus on smart card authentication protocol designs, as well as highlighting the need to adapt to new trends. Our main objective is to define an authentication model that uses the card as a stand-alone supplicant in a mutual end-to-end authentication schema. We also propose a protocol architecture which allows us to integrate the smart card within the network in the authentication plane. Finally, this new approach to network smart cards authentication processes is applied to a practical electronic payment scenario.

Survey of Attacks and Defenses on P2PSIP Communications

As with any other emerging system, the analysis of the security of Peer-to-Peer Session Initiation Protocol systems is of crucial importance for its secure development and future standardization. In this survey, we analyze the security of these systems by studying the attacks that can be launched against them. After an overview of the services that conform its architecture (access control, bootstrap, routing, storage and communication) we present the different attacks that can be launched against each of the services described. Also, for each presented attack, we review the defense mechanisms that can be used to prevent the attack, summarizing their advantages and drawbacks. This analysis presents a clear picture of the new security challenges which must be considered for the development of a Peer-to-Peer Session Initialization Protocol system and a revision of the security mechanisms that can be used to secure them.

Towards self-authenticable smart cards

Traditionally, the smart cards have been seen as security devices, but as soon as they could be integrated into distributed and networked environments their vulnerabilities could be attempted and countermeasures against new security threats in an open-access internet were required. In this work, our target could be represented by an end-to-end mutual authentication scenario where the smart card could authenticate by itself to a Network Access Server by means of link layer protocols and therefore in absence of IP connectivity. Some previous related models based on the Extensible Authentication Protocol are presented. However, in these works the smart card and terminal implement jointly the supplicant functionality (split supplicant). We consider the native EAP multiplexing model specified by the IETF to propose a new approach in order to avoid this split and to achieve an autonomous and highly independent smart card in the authentication scheme: a self-authenticable smart card.

New E-Payment Scenarios in an Extended Version of the Traditional Model

Most of the security proposals in commerce scenarios have been based on a classical e-payment system definition. This definition basically represents a client who sends a payment order to obtain some goods/services from the merchant, which the intentions of the real money transaction carry on between his financial institutions. Nevertheless, these definitions are not sufficiently robust when new aspects appear in the electronic payment transaction. We can identify some of those new aspects (such as: smart card with network capabilities, business mediator with advantage services, handheld devices with constrained connectivity, and multiparty scenarios) that could subordinate the design of current and future commerce scenarios. In this paper we extended the traditional e-payment system definition, in order to include these new aspects. Additionally, we describe two new payment models, where such aspects are involved, and where the secure solution needs to consider new security requirements.

Secure electronic payments in heterogeneous networking: new authentication protocols approach

Recent research efforts have been addressed towards maintain the heterogeneous networking transparent under the powerful all-IP concept. As example, current global standarization initiative specifies the 3G cellular system to wireless LAN inter-working. On the other hand, smart cards are presented as enough powerful devices capable to perform a strong authentication at lower layers of the protocol stack. Our work proposes a novel model reference and a scenario of applicability for secure electronic payment in this environment. Impact on the trust relations are assesed and a set of authentication requirements are provided. Finally, a new approach based on end-to-end layer 2 authentication protocols is adjusted to this proposal, considering the most interesting improvements in the authentication mechanisms applicable to this context.

Interoperability and Information Mobility Issues in Industrial Ecosystems

Communication protocols used in industrial ecosystems provide the information with mobility and ubiquitous capabilities. As industrial ecosystems expand to embrace new devices, services or communication technologies, and also due to the increase of the information being exchanged, the interoperability and mobility issues are starting to show up. These issues prevent the interconnection among ecosystems, thus, limiting information mobility. We review these problems arisen from non-standard implementations of communication protocols, and will point out other common problems for these implementations. Finally, we will remark the aspects that should be taken into account when designing methodologies to validate the information exchange mechanisms.

A formal analysis of fairness and non-repudiation in the RSA-CEGD protocol

Recently, Nenadic et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we illustrate how an extended logic of beliefs can be helpful to analyze in a formal manner these security properties. This approach requires the previous definition of some novel constructions to deal with evidences exchanged by parties during the protocol execution. The study performed within this framework reveals the lack of non-repudiation in RSA-CEGD and points out some other weaknesses.

Security Issues in Network File Systems

This paper studies network file system’s security requirements, and focuses on security performance constraints. We review security implementations in both, distributed file systems and pure network-based file systems, focusing on security services included in NFSv4’s proposed standard. Finally, we evaluate the tools being used to preserve data confidentiality, integrity and availability in computer communications, in order to evaluate whether they would be suitable for their use in network file systems.

Network smart card performing U(SIM) functionalities in AAA protocol architectures

This paper reviews the way in which the security protocolsEAP-SIM/AKA are used in 3G/WLAN network interworking from thepoint of wiew of the U(SIM). As result, a new AAA protocol architectureis derived from the integration of a Network Smart Card, NSC, that implementsU(SIM) functionalities within the scheme. The implementationin a testbed shows the robustness and feasibility of such an architecture.

Using adaptative encryption for ubiquitous environments

One of the most important issues for ubiquitous computing is the problem of encrypting content in the devices, as the heterogeneity in the devices nature, capabilities, mobility and necessities make it very difficult to find a solution that may be applied to all of these devices for the encryption and decryption of data. Although this is an important issue in todays computing, there are not proposals that suit the specific needs of the ubiquitous devices regarding power consumption and computing capabilities, as well as flexibility. In this paper we show how adaptative encryption is the base for encryption of the stored data in ubiquitous environments.