José María de Fuentes

Security Models in Vehicular Ad-hoc Networks: A Survey

ABSTRACT The security and privacy issues of vehicular ad-hoc networks (VANETs) must be addressed before they are implemented. For this purpose, several academic and industrial proposals have been developed. Given that several of them are intended to co-exist, it is necessary that they consider compatible security models. This study presents a survey of the underlying security models of 41 recent proposals. Four key aspects in VANET security are studied, namely trust on vehicles, trust on infrastructure entities, existence of trusted third parties and attacker features. Based on the survey analysis, a basic mechanism to compare VANET security models is also proposed, thus highlighting their similarities and differences.

Use of the Plasma Spectrum RMS Signal for Arc-Welding Diagnostics

A new spectroscopic parameter is used in this paper for on-line arc-welding quality monitoring. Plasma spectroscopy applied to welding diagnostics has typically relied on the estimation of the plasma electronic temperature, as there is a known correlation between this parameter and the quality of the seams. However, the practical use of this parameter gives rise to some uncertainties that could provoke ambiguous results. For an efficient on-line welding monitoring system, it is essential to prevent the appearance of false alarms, as well as to detect all the possible defects. In this regard, we propose the use of the root mean square signal of the welding plasma spectra, as this parameter will be proven to exhibit a good correlation with the quality of the resulting seams. Results corresponding to several arc-welding field tests performed on Inconel and titanium specimens will be discussed and compared to non-destructive evaluation techniques.

A taxonomy and survey of attacks on digital signatures

Non-repudiation is a desired property of current electronic transactions, by which a further repudiation of the commitments made by any involved party is prevented. Digital signatures are recognized by current standards and legislation as non-repudiation evidence that can be used to protect the parties involved in a transaction against the others false denial about the occurrence of a certain event. However, the reliability of a digital signature should determine its capability to be used as valid evidence. The inevitability of vulnerabilities in technology and the non-negligible probability of an occurrence of security threats would make non-repudiation of evidence difficult to achieve. We consider that it is of the utmost importance to develop appropriate tools and methods to assist in designing and implementing secure systems in a way that reliable digital signatures can be produced. In this paper, a comprehensive taxonomy of attacks on digital signatures is presented, covering both the signature generation and verification phases. The taxonomy will enable a rigorous and systematic analysis of the causes that may subvert the signature reliability, allowing the identification of countermeasures of general applicability. In addition, an intensive survey of attacks classified under our taxonomy is given.

Probabilistic yoking proofs for large scale IoT systems

Abstract Yoking (or grouping) proofs were introduced in 2004 as a security construction for RFID applications in which it is needed to build an evidence that several objects have been scanned simultaneously or, at least, within a short time. Such protocols were designed for scenarios where only a few tags (typically just two) are involved, so issues such as preventing an object from abandoning the proof right after being interrogated simply do not make sense. The idea, however, is very interesting for many Internet of Things (IoT) applications where a potentially large population of objects must be grouped together. In this paper we address this issue by presenting the notion of Probabilistic Yoking Proofs (PYP) and introducing three main criteria to assess their performance: cost, security, and fairness. Our proposal combines the message structure found in classical grouping proof constructions with an iterative Poisson sampling process where the probability of each object being sampled varies over time. We introduce a number of mechanisms to apply fluctuations to each object’s sampling probability and present different sampling strategies. Our experimental results confirm that most strategies achieve good security and fairness levels while keeping the overall protocol cost down.

A framework for avoiding steganography usage over HTTP

Steganographic techniques allow users to covertly transmit information, hiding the existence of the communication itself. These can be used in several scenarios ranging from evading censorship to discreetly extracting sensitive information from an organization. In this paper, we consider the problem of using steganography through a widely used network protocol (i.e. HTTP). We analyze the steganographic possibilities of HTTP, and propose an active warden model to hinder the usage of covert communication channels. Our framework is meant to be useful in many scenarios. It could be employed to ensure that malicious insiders are not able to use steganography to leak information outside an organization. Furthermore, our model could be used by web servers administrators to ensure that their services are not being abused, for example, as anonymous steganographic mailboxes. Our experiments show that steganographic contents can be successfully eliminated, but that dealing with high payload carriers such as large images may introduce notable delays in the communication process.

Applying Information Hiding in VANETs to Covertly Report Misbehaving Vehicles

Vehicular ad hoc networks (VANETs) are a new communication scenario in which vehicles take an active part. Real-time reporting of misbehaving vehicles by surrounding ones is enabled by in-vehicle sensors and VANETs. Thus, sensors allow detecting the misbehavior whereas VANETs allow sending the report to the authority. Nevertheless, these reports should pass unnoticed by the reported driver to avoid his/her potential reprisals. Information hiding techniques could be used to allow vehicles to transmit information covertly. In this work, two mechanisms for vehicle reporting are proposed based on two information hiding techniques—subliminal channels and steganography. The approach is to embed information into beacon messages either in the signature process (subliminal channel) or altering the least significant bits of selected sensorial fields (steganography). Results show that the proposal is computationally feasible for current vehicular devices and that it is possible to configure the system to operate in highways, secondary roads, and urban maps.

SoNeUCONABC, an expressive usage control model for Web-Based Social Networks

Abstract In the era of hyper-connectivity Web-Based Social Networks (WBSNs) are demanding applications. They facilitate the interaction of huge amounts of users and the development of appropriate Access Control Models (ACMs) is an arising necessity. Particularly, the development of WBSNs ACMs with expressive power and capable of managing access control along the whole usage process is the challenge pursued. To contribute on this issue, first, 23 proposals have been analysed and second, SoNeUCON ABC , an expressive usage control model for WBSNs, is proposed. It extends UCON ABC ( Park, 2003 ) including relationships management and it is formally defined, specifying entities and elements involved and an access control policy language. Moreover, policy construction is carefully detailed by using regular expressions and access control enforcement functions are described. Finally, the evaluation shows, theoretically, the significant expressive power of SoNeUCON ABC and, empirically, the feasibility of its implementation by the development of a proof of concept system.

PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing

Abstract Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 104 incidents can be carried out in just 2.1 s, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.

PAgIoT - Privacy-preserving Aggregation protocol for Internet of Things

Modern society highly relies on the use of cyberspace to perform a huge variety of activities, such as social networking or e-commerce, and new technologies are continuously emerging. As such, computer systems may store a huge amount of information, which makes data analysis and storage a challenge. Information aggregation and correlation are two basic mechanisms to reduce the problem size, for example by filtering out redundant data or grouping similar one. These processes require high processing capabilities, and thus their application in Internet of Things (IoT) scenarios is not straightforward due to resource constraints. Furthermore, privacy issues may arise when the data at stake is personal. In this paper we propose PAgIoT, a Privacy-preserving Aggregation protocol suitable for IoT settings. It enables multi-attribute aggregation for groups of entities while allowing for privacy-preserving value correlation. Results show that PAgIoT is resistant to security attacks, it outperforms existing proposals that provide with the same security features, and it is feasible in resource-constrained devices and for aggregation of up to 10 attributes in big networks.

FRIDA, the diffraction limited NIR imager and IFS for the Gran Telescopio Canarias: status report

FRIDA is a diffraction limited imager and integral field spectrometer that is being built for the Gran Telescopio Canarias. FRIDA has been designed and is being built as a collaborative project between institutions from México, Spain and the USA. In imaging mode FRIDA will provide scales of 0.010, 0.020 and 0.040 arcsec/pixel and in IFS mode spectral resolutions R ~ 1000, 4,500 and 30,000. FRIDA is starting systems integration and is scheduled to complete fully integrated system tests at the laboratory by the end of 2015 and be delivered to GTC shortly after. In this contribution we present a summary of its design, fabrication, current status and potential scientific applications.