Gregorio Martinez

New security services based on PKI

The basic job of a public key infrastructure (PKI) is to define the mechanisms used both to allow a recipient of a signed message to trust a digital signature and to allow a sender to find the encryption key for a recipient. It is comprised of those elements needed to manage and enable the effective use of public key cryptography technology, particularly in medium and large-scale. Nowadays, PKIs are considered to be a key element for providing security to new distributed application environments. However, the sole use of a PKI as a mechanism to create a link between an identifier and a public key is not enough to offer effective mechanisms to those environments. New security services based on PKI try to address some existing drawbacks of current distributed systems. On the one hand, they can provide mechanisms to alleviate the lack of support for decentralized and automated management of access control and authorization policies, which are usually configured using inefficient and error-prone methods. On the other hand, new security services can also be used to link authorization information to the public keys being certified by the PKI, therefore enabling new opportunities for distributed access control procedures. In this paper, we describe two of these innovative security services built over our own designed and implemented Java IPv6 PKI: a distributed security policy management architecture and a distributed credential management system.The basic job of a Public Key Infrastructure, PKI for short, is to define the mechanisms used both to allow a recipient of a signed message to trust a digital signature and to allow a sender to find the encryption key for a recipient. It is comprised of those elements needed to manage and enable the effective use of public key cryptography technology, particularly on a medium and large scale. Nowadays, PKIs are being considered as a key element for providing security to new distributed communication networks and services. In this paper, we describe two of these innovative security services built over our own designed and implemented Java IPv6 PKI: a distributed security policy management architecture and a distributed credential management system.

Securing Cyberspace in the 21st Century

Cybersecurity has emerged as an area of intense research activity that endeavors to protect cyberspace, enabling it to continue to function as required even when subjected to cyberattacks.

Cloud Computing, Networking, and Services

Welcome to the special issue of JNSM on Cloud Computing, Networking, and Services (CCNS). The concept of Cloud Computing (CC) is based on utilizing distributed (computing) resources for application and services that need massive amount of computing assets for a specific short period of time. The cost of procuring, deploying, and maintaining such massive amount of computing resources for a short time duration is prohibitively high. Therefore, the concept of virtualization has been developed over the last few years to enable sharing of computing resources from distributed clusters of resources (the ‘‘Cloud’’) over the Internet for a fraction of the cost. The early adopters of CC are small and medium Enterprises. Government

SPEED Protocol: Smartcard-Based Payment with Encrypted Electronic Delivery

In these times of the dawning of e-commerce, many issues and barriers still remain to be solved before electronic transactions over the Web can be expected to be really successful. One important unresolved problem is the issue of having efficient and secure payment models based on e-purses and including electronic product delivery and price negotiation. In response to this need, the SPEED protocol specification has been proposed. This specification, which is described in this paper, provides a high level of security for all parties involved in e-commerce transactions over the Internet; at the same time, we have combined this aim with the use of highly-recognised standards and all the advantages of using e-purses implemented on multiaplication smart cards. Our work has also been tested in a real environment, providing us an interesting feedback based on technical and user-friendly matters.

Self-Configuration of Grid Nodes Using a Policy-Based Management Architecture

During the past years, Grid Computing has emerged as an important research field concerning to large-scale resource sharing. Several research and academic institutions have widely adopted this technology as a mechanism able to integrate services across distributed, heterogeneous, and dynamic virtual organizations. However, this rapid expansion is exposing the need to provide effective means to manage virtual organizations, especially those questions related to the insertion and maintenance of grid nodes. This paper proposes a flexible and automated method based on policies to cope with these requirements. Policies constitute a mechanism for specifying the behaviour a grid node must exhibit. In this work we present a policy-based management architecture, which makes use of COPS-PR to exchange information about specific parameters related to grid nodes based on Globus Toolkit 2.4. Moreover, we have also added new classes to the Framework PIB (Policy Information Base) in order to represent configuration data about the different components of this toolkit.

Editorial: special issue on advances in security and privacy for future mobile communications

Recent advances in wireless communication technologies along with a proliferation of mobile devices have enabled a new, and expanded level of ubiquitous access to data and communications. Reliable, secure, and private communications are as essential in these product offerings as network availability, especially as the Internet presents enhanced opportunities for network breaches. Every day new security challenges surface, often a consequence of weak encryption and inherently open access to networks and in some cases lack of a pre-deployed infrastructure. This special issue advances the state-of-the-art research in the area of security, privacy, cryptography, and its applications to future mobile communications. Our special issue emphasizes potential contributions to security and privacy preserving applications and services in the mobile ecosystem. It contains seven papers, in print and online release, covering anonymous RA for trusted computing, cooperative security system for m-Health applications, security solutions for the IMS media plane, a comprehensive survey on Anonymous Voice over IP (VoIP) communication, and an untraceable authentication method for large-scale active-tag RFID systems. These papers will hopefully stimulate further research in this important topic.

Different Smartcard-Based Approaches to Physical Access Control

Although the basic function of physical access control can be considered simple, that is, to allow authorized personnel to gain access to buildings and deny unauthorized entry, the problem should not be so drastically simplified. In this work, we present two solutions to this problem that make use of special devices named TICA and smartcards. These proposals follow different approaches to manage permissions and authorizations. On the one hand, we present a centralized and on-line solution that makes use of one central database containing the privileges assigned to every user. On the other hand, we describe a system where the authorization-related information is managed in a distributed way. It is an off-line solution based on a RBAC (Role Based Access Control) model that has been designed using authorization certificates.