Josep Pegueroles

Balanced batch LKH: new proposal, implementation and performance evaluation

Perfect secrecy can only be achieved in multicast groups by ciphering data sent to the group with a different key every time a member joins or leaves the group. A key server must send the new key to all the remaining members so bandwidth efficiency concerns appear. Logical key tree algorithms reduce the number of messages to be sent, but in many scenarios, rekeying after each membership change has no sense. Batch rekeying algorithms are proposed as a solution to these problems. However such methods need to maintain the logical key tree balanced all the time on order to achieve maximum bandwidth efficiency. This paper presents a new technique for multicast batch rekeying. This technique reallocates the tree nodes in order to keep the tree balanced all the time.

Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks

The ease with which nodes may join or leave a Mobile Ad-hoc Network (MANET) implies changing trust relationships among them and problems to build certification paths. Peer-to-peer Public Key Infrastructures (PKIs) are quite dynamic and certification paths can be built although part of the infrastructure is temporarily unreachable. However, path discovery is difficult because trust relationships are bidirectional. On the contrary, in hierarchical PKIs, there is only one path between two entities and certification paths are easy to find. We propose a protocol that establishes a virtual hierarchy in a peer-to-peer PKI. This protocol is suitable for dynamic environments such as MANETs since it is executed in a short time. In addition, our protocol does not require to issue new certificates among PKI entities, facilitates the certification path discovery process and the maximum path length can be adapted to the characteristics of users with limited processing and storage capacity.

GKM over large MANET

Group key management in mobile wireless networks faces new challenges due to the mobility of group members. Current proposed mobile GKM algorithms assume parts of fixed backbone and are completely centralized. This does not fit pure MANET requirements, that are decentralized and infrastructureless networks. To overcome this weakness, we present a protocol designed to provide a virtual backbone in order to use current mobile GKM protocols in MANET. Simulation results are presented, and the performance evaluation shows that the presented protocol quickly adapts to dynamic topologies.

Improved LKH for batch rekeying in multicast groups

Storage, delivery and update of cryptographic keys are the most important items to study in multicast security. Traditionally a centralized trusted third party called the key server (KS) performs these actions. Different works have been presented that address the issue of minimizing storage for KS and required bandwidth for updating keys. Our research group has been working in a method for multicast rekeying using a broadcast encryption technique and pseudo-random functions in order to reduce number of sent messages for rekeying and minimize the number of keys to store by the KS. We apply this technique to batch rekeying and present performance evaluation for different benchmark scenarios. We conclude that the technique is suitable for group joining and leaving and in some cases performs better behavior than other existing methods.

Group Rekeying Algorithm Using Pseudo-random Functions and Modular Reduction

The grid is one of the most evident examples of cooperation between a group of network entities. If secure transactions want to be supported within this group a secret key shared by all these entities is needed. The session key should be sent to all authorized users and updated every time the grid group changes. This is the only way of achieving perfect forward and backward secrecy. Traditionally these actions are performed by a centralized trusted third party called the Key Server (KS). Different works for minimizing the storage need for KS and reducing the required bandwidth for updating keys have been presented. We present a method for group rekeying using pseudo-random functions and modular reduction. This method minimizes the number of keys to store by the KS and reduces the required bandwidth for updating the keying material.

DocCloud: A document recommender system on cloud computing with plausible deniability

Recommender systems select the most interesting products for costumers based on their interests. The move of a recommender system to a cloud faces many challenges from the perspective of the protection of the participants. Little work has been done regarding secure recommender systems or how to cope with the legal liability of the cloud provider and any virtual machine inside the cloud. We propose DocCloud, a recommender system that focused on the protection of all participants against legal attacks. We present the architecture of DocCloud and analyze the security mechanisms that the system includes. Specifically, we study the properties of plausible deniability and anonymity of the recommenders and intermediate nodes. This way, nodes can recommend products to the customers while deny any knowledge about the product they are recommending or their participation in the recommendation process.

Interpretation of Binary Strings as Security Protocols for their Evolution by means of Genetic Algorithms

The design of cryptographic and security protocols for new scenarios and applications can be computationally expensive. Examples of these can be sensor or mobile ad-hoc networks and electronic voting or auctions applications. In such cases, the aid of an automated tool generating protocols for a predefined problem can be of great utility. This work uses the Genetic Algorithms (GA) techniques for the automatic design of security networked protocols. When using GA for optimizing protocols the genome definition is critical. We discuss how security protocols can be represented as binary strings. Arbitrary criteria can lead to improper strings for our GA tools. We explain and justify the steps to define genome interpretation in our optimization method. Analysis of the proposal attending is also presented as part of our contribution.Multimedia data concern visual, audio, textual, information involving voice, gestures and others, so there are several challenges related to their storage and retrieval. Context awareness and personalization are key aspects to consider to manage any information-related content. In this paper we propose a general profiling model to define the user and context profiles in order to preserve and use their interrelationships. This general profiling model can be used to filter the user query in a more precise and selective way and to filter the multimedia contents in the repository that match the user query. In this paper the personalization relies on the combined use of the user profiles and context profiles, and the combination driving in particular the choice of the interaction mode in order to make relevant information available to people in the appropriate form.

A methodology to introduce sustainability into the final year project to foster sustainable engineering projects

The introduction of sustainability skills into higher education curricula is a natural effect of the increasing importance of sustainability in our daily lives. Topics like green computing, sustainable design or environmental engineering have become part of the knowledge required by todays engineers. Furthermore, we strongly believe that the introduction of this skill will eventually enable future engineers to develop sustainable products, services and projects. The Final Year Project is the last academic stage facing students and a step towards their future professional engineering projects. As such, it constitutes a rehearsal for their professional future and an ideal opportunity for reflecting on whether their Final Year Project is sustainable or not, and to what extent. It also provides a good tool for reviewing the lessons learned about sustainability during the degree course and for applying them in a holistic and integrated way. In this paper, we present a guide that allows both students and advisors to think carefully about the sustainability of engineering projects, in particular the Final Year Project.

Evaluation Function for Synthesizing Security Protocols by means of Genetic Algorithms

The design of cryptographic and security protocols for new scenarios and applications can be computationally expensive. Examples of these can be sensor or mobile ad-hoc networks and electronic voting or auctions applications. In such cases, the aid of an automated tool generating protocols for a predefined problem can be of great utility. This work uses the genetic algorithms (GA) techniques for the automatic design of security networked protocols. When using GA for optimizing protocols the evaluation function is critical. We discuss how can be defined several basic criteria for evaluating security protocols and present some examples for evaluation of different protocols

Processing Diabetes Mellitus Composite Events in MAGPIE

The focus of this research is in the definition of programmable expert Personal Health Systems (PHS) to monitor patients affected by chronic diseases using agent oriented programming and mobile computing to represent the interactions happening amongst the components of the system. The paper also discusses issues of knowledge representation within the medical domain when dealing with temporal patterns concerning the physiological values of the patient. In the presented agent based PHS the doctors can personalize for each patient monitoring rules that can be defined in a graphical way. Furthermore, to achieve better scalability, the computations for monitoring the patients are distributed among their devices rather than being performed in a centralized server. The system is evaluated using data of 21 diabetic patients to detect temporal patterns according to a set of monitoring rules defined. The system’s scalability is evaluated by comparing it with a centralized approach. The evaluation concerning the detection of temporal patterns highlights the system’s ability to monitor chronic patients affected by diabetes. Regarding the scalability, the results show the fact that an approach exploiting the use of mobile computing is more scalable than a centralized approach. Therefore, more likely to satisfy the needs of next generation PHSs. PHSs are becoming an adopted technology to deal with the surge of patients affected by chronic illnesses. This paper discusses architectural choices to make an agent based PHS more scalable by using a distributed mobile computing approach. It also discusses how to model the medical knowledge in the PHS in such a way that it is modifiable at run time. The evaluation highlights the necessity of distributing the reasoning to the mobile part of the system and that modifiable rules are able to deal with the change in lifestyle of the patients affected by chronic illnesses.