Candelaria Hernández-Goya

Strong Solutions to the Identification Problem

This work proposes two identification algorithms based on some difficult problems. The first scheme is an extremely simple combination of the idea of one-time passwords and the use of public keys. The second proposal allows identification to be implemented without leaking any secret information during the interaction because it combines the two mentioned concepts with a zero-knowledge proof of the possession of a solution to a difficult graph problem through a challenge-response technique.

Cooperation Enforcement Schemes in Vehicular Ad-Hoc Networks

Vehicular Ad-hoc NETworks (VANETs) will provide many interesting services in the near future. One of the most promising is commercial application. In such a case, there will be necessary to motivate drivers to cooperate and contribute to packet forwarding in Vehicle-TO-Vehicle and Vehicle-TO-Roadside communications. This paper examines the problem, analyzes the drawbacks of known schemes, and proposes a new secure incentive scheme to stimulate cooperation in VANETs.

Flexible authentication in vehicular ad hoc networks

A Vehicular Ad-Hoc Network (VANET) is a form of Mobile ad-hoc network, to provide communications among nearby vehicles and between vehicles and nearby fixed roadside equipment. The key operation in VANETs is the broadcast of messages. Consequently, the vehicles need to make sure that the information has been sent by an authentic node in the network. VANETs present unique challenges such as high node mobility, real-time constraints, scalability, gradual deployment and privacy. No existent technique addresses all these requirements. In particular, both inter-vehicle and vehicle-to-roadside wireless communications present different characteristics that should be taken into account when defining node authentication services. That is exactly what is done in this paper, where the features of inter-vehicle and vehicle-to-roadside communications are analyzed to propose differentiated services for node authentication, according to privacy and efficiency needs.

Stimulating cooperation in self-organized vehicular networks

A Vehicular Ad-hoc NETwork (VANET) is a special form of Mobile Ad-hoc Network designed to provide communications among nearby vehicles and between vehicles and nearby fixed roadside equipment. Its main goal is to improve safety and comfort for passengers, but it can also be used for commercial applications. In this latter case, it will be necessary to motivate drivers to cooperate and contribute to packet forwarding in Vehicle-to-Vehicle and Vehicle-to-Roadside communications. This paper examines the problem, analyzes the drawbacks of known schemes and proposes a new secure incentive scheme to stimulate cooperation in VANETs, taking into account factors such as time and distance.

Self-organized authentication in mobile ad-hoc networks

This work proposes a new distributed and self-organized authentication scheme for mobile ad-hoc networks (MANETs). Apart from describing all its components, special emphasis is placed on proving that the proposal fulfils most requirements derived from the special characteristics of MANETs, including limited physical protection of broadcast medium, frequent route changes caused by mobility, and lack of structured hierarchy. Interesting conclusions are obtained from an analysis of simulation experiments in different scenarios.

Self-organized authentication architecture for Mobile Ad-hoc Networks

This work proposes a new architecture, called Global Authentication Scheme for Mobile Ad-hoc Networks (GASMAN), for fully distributed and self-organized authentication. In this paper apart from describing all the GASMAN components, special emphasis is placed on proving that it fulfils every requirement of a secure distributed authentication scheme, including limited physical protection of broadcast medium, frequent route changes caused by mobility, lack of structured hierarchy, etc. Furthermore, an extensive analysis through simulation experiments in different scenarios is described and discussed.

Zero-Knowledge Hierarchical Authentication in MANETs*Research partly supported by the Spanish Ministry of Education and Science and the European FEDER Fund under Project SEG2004-04352-C04-03.

This work addresses the critical problem of authentication in mobile ad hoc networks. It includes a new approach based on the Zero-Knowledge cryptographic paradigm where two different security levels are defined. The first level is characterized by the use of an NP-complete graph problem to describe an Access Control Protocol, while the highest level corresponds to a Group Authentication Protocol based on a hard-on-average graph problem. The main goal of the proposal is to balance security strength and network performance. Therefore, both protocols are scalable and decentralized, and their requirements of communication, storage and computation are limited.

Designing communication-oriented node authentication for VANETs

Vehicular Ad-hoc NETworks (VANETs) present unique challenges such as high node mobility, real-time constraints, scalability, gradual deployment and privacy. No existent node authentication technique addresses all these requirements. In particular, both inter-vehicle and vehicle-to-roadside wireless communications have different privacy and efficiency needs that must be taken into account when defining node authentication services.

A Zero-Knowledge Identification Scheme Based on an Average-Case NP-Complete Problem

The present work investigates the possibility of designing zero-knowledge identification schemes based on hard-on-average problems. It includes a new two-party identification protocol whose security relies on a problem classified as DistNP-Complete under the average-case analysis, the so-called Distributional Matrix Representability Problem. One of the most critical questions in cryptography is referred to the misunderstanding equivalence between using a difficult problem as basis of a cryptographic application and its security. Problems belonging to NP according to the worst-case analysis are frequently used in cryptography, but when random generated instances are used, in most cases there exist efficient algorithms to solve them that make useless their worst-case difficulty. So, by using the search version of the mentioned distributional problem, the security of the proposed scheme is actually guaranteed. Also, with the proposal of a new zero-knowledge proof based on a problem not used before for this purpose, the set of tools for designing cryptographic protocols is enlarged.

Patients' Data Management System Protected by Identity-Based Authentication and Key Exchange

A secure and distributed framework for the management of patients’ information in emergency and hospitalization services is proposed here in order to seek improvements in efficiency and security in this important area. In particular, confidentiality protection, mutual authentication, and automatic identification of patients are provided. The proposed system is based on two types of devices: Near Field Communication (NFC) wristbands assigned to patients, and mobile devices assigned to medical staff. Two other main elements of the system are an intermediate server to manage the involved data, and a second server with a private key generator to define the information required to protect communications. An identity-based authentication and key exchange scheme is essential to provide confidential communication and mutual authentication between the medical staff and the private key generator through an intermediate server. The identification of patients is carried out through a keyed-hash message authentication code. Thanks to the combination of the aforementioned tools, a secure alternative mobile health (mHealth) scheme for managing patients’ data is defined for emergency and hospitalization services. Different parts of the proposed system have been implemented, including mobile application, intermediate server, private key generator and communication channels. Apart from that, several simulations have been performed, and, compared with the current system, significant improvements in efficiency have been observed.