Manel Medina

Geolocation-Based Trust for Vanet's Privacy

Research in vehicular ad hoc networks (VANETs) has evolved considerably over the last years. Security and privacy in VANETs have recently appealed special interest in the research community. In this paper we overview the main privacy concepts and explain why this concept is fundamental for wide adoption of VANETs. A set of privacy requirements for VANETs are established and studied, towards proposing a novel mechanism beyond the use of pseudonyms. In particular, this research demonstrates that there are still several challenges concerning privacy which solution is feasible to be extrapolated from highly demanding environments like e-Health. This paper reports our work in progress mainly describing the basis of a privacy mechanism that uses an authorization paradigm based on a Mandatory Access Control model and a novel mechanism that propagates trust information based on a vehicles geolocation.

Interoperable grid PKIs among untrusted domains: an architectural proposal

In the last years several Grid Virtual Organizations -VOs- have been proliferating, each one usually installing its own Certification Authority and thus giving birth to a large set of different and possibly untrusted security domains. Nevertheless, despite the fact that the adoption of Grid Certification Authorities (CAs) has partially solved the problem of identification and authentication between the involved parties, and that Public Key Infrastructure (PKI) technologies are mature enough, we cannot make the same assumptions when untrusted domains are involved. In this paper we propose an architecture to face the problem of secure interoperability among untrusted Grid-domains. Our approach is based on building a dynamic federation of CAs, formed thorough the quantitative and automatic evaluation of their Certificate Policies. In this paper we describe the proposed architecture and its integration into Globus Toolkit 4.

Static evaluation of Certificate Policies for GRID PKIs interoperability

Validating an end-entity X.509 digital certificate prior to authorizing it for using a resource into the computational grid has become a widely studied topic due to its importance for security. A more comprehensive validation process involves not only a real-time check on the credentials status, but also an evaluation of the trust level applicable to its certification authority. Nowadays policy management authorities (PMAs) gather grid CAs fulfilling a minimum set of requirements defined in an authentication profile thus guaranteeing a trusted interoperability environment for grid projects. Currently this is a manual process that only results in a binary decision (the CA is able to become part of the PMA or not), however in practice, different CAs offer different security levels. In this paper we present ways to apply the reference evaluation methodology (REM) to automatically obtain the security level of a CA. The described process is based on the building of a formalized policy template for grid certificate policies. This methodology has been used to evaluate the security level offered by a set of EUGridPMAs CAs; the obtained results are then conveyed to relying parties using an infrastructure composed of CertiVeRs validation service and the Open GRid Ocsp (OGRO) middleware for the Globus Toolkit 4, thus providing enough information for a comprehensive certificate validation decision

OCSP for Grids: Comparing Prevalidation versus Caching

Nowadays the computational grid uses X.509 digital certificates for a wide variety of security-related tasks, ranging from user authentication to job executions delegation. However to ensure a comprehensive security framework such credentials need to be validated so that revoked, suspended and any other compromised certificate will not be allowed to access grid resources. To achieve such tasks great interest is being given to the online certificate status protocol (OCSP) in security workgroups from the global grid forum. In order to better understand the special requirements related with its use in previous work we introduced the Open GRid Ocsp API (OGRO), which provides OCSP support to the Globus toolkit 4. However that research concluded that the grid introduces some special requisites for OCSPs performance and security. As a follow-up to that work, this paper provides a comprehensive performance comparison between the novel prevalidation and caching mechanisms proposed by the authors to further improve Grid-OCSP. In addition, research about security compliance of both mechanisms around the newest proxy revocation concept is also presented in this work

Using OGRO and certiver to improve OCSP validation for grids

Authentication and authorization in many distributed systems rely on the use of cryptographic credentials that in most of the cases have a defined lifetime. This feature mandates the use of mechanisms able to determine whether a particular credential can be trusted at a given moment. This process is commonly named validation. Among available validation mechanisms, the Online Certificate Status Protocol (OCSP) stands out due to its ability to carry near real time certificate status information. Despite its importance for security, OCSP faces considerable challenges in the computational Grid (i.e. Proxy Certificates validation) that are being studied at the Global Grid Forums CA Operations Work Group (CAOPS-WG). As members of this group, we have implemented an OCSP validation infrastructure for the Globus Toolkit 4, composed of the CertiVeR Validation Service and our Open GRid Ocsp (OGRO) client library, which introduced the Grid Validation Policy. This paper summarizes our experiences on that work and the results obtained up to now. Furthermore we introduce the pre-validation concept, a mechanism analogous to the Authorization Push-Model, capable of improving OCSP validation performance in Grids. This paper also reports the results obtained with OGROs pre-validation rules for Grid Services as a proof of concept.

Factores asociados con la presentación de reacciones adversas a medicamentos en pacientes que acuden al servicio de urgencia de un hospital general: estudio de casos y controles

Objetivo Describir las reacciones adversas a medicamentos (RAM) y analizar los factores que se asociaron con su presentacion en pacientes que acuden al servicio de urgencia de un hospital general. Diseno Estudio epidemiologico de casos controles. Emplazamiento Servicio de urgencia del Hospital Universitario San Cecilio de Granada. Pacientes Un total de 654 pacientes, de ambos sexos y mayores de 15 anos, de los que 354 presentaban una RAM (casos) y otros 300 no tenian RAM (controles), que acudieron al servicio de urgencia entre octubre y diciembre de 1997. Mediciones y resultados Un 60% de los casos fueron mujeres, con una edad media de 53 ± 20 anos; el 68% de las RAM fueron del tipo A (esperadas). Los organos y sistemas mas afectados fueron: tubo digestivo (41,8%) y piel (31,6%). Los grupos farmacologicos mas implicados en la presentacion de RAM fueron los hipnosedantes y los salicilatos usados como analgesicosantitermicos (28,2%) y los betalactamicos y macrolidos (22,6%). La mayoria de las RAM fueron catalogadas como probables (52%) y moderadas (62%). El medico de familia fue el mayor prescriptor (49%) de farmacos. Por una RAM grave se hospitalizo un 13% de los pacientes y se registraron 2 muertes (0,5%). Segun la odds ratio, el tratamiento con citostaticos, psicofarmacos, AINE, amoxicilina, digoxina, IECA, antagonistas del calcio, el genero femenino, la automedicacion, la edad menor de 65 anos y la historia previa de RAM se asociaron con la presencia de una RAM en nuestros pacientes (casos). Conclusiones El tipo de farmaco, el genero femenino, la historia previa de RAM, la automedicacion y presentar una sintomatologia digestiva y dermatologica fueron factores fuertemente asociados con una RAM en pacientes que acudieron al servicio de urgencia.

A professional view on ebanking authentication: Challenges and recommendations

In current e-banking systems, millions of consumers are now able to conduct financial transactions using a wide range of mobile devices; this growth exposes the system not only to the set of known threats that are now migrating from traditional PC-based e-banking to the mobile-based scenario, but, to emerging threats specifically targeting mobile devices. Considering the sensitive nature of the financial information managed, security in mobile devices has become a major issue. Thus, to be able to provide transaction security, and minimize the potential threats, e-banking systems must implement robust identification and authentication systems (eIDAS). Therefore, this paper analyzes current threats in e-banking. It presents a brief review on the current state of the art analyzing the most popular eIDAS implemented in Europe, through a survey launched by ENISA addressed to security professionals of the financial sector. The most common eIDAS approaches for e-banking, and their suitability against the known threats in terms of related incidents and financial loss, are therefore assessed. Finally, a set of challenges and recommendations to be considered in any eIDAS implementation is introduced.

Performance Analysis of an OCSP-Based Authentication Protocol for VANETs

Vehicular Ad-Hoc NETworks VANETs improve road safety by preventing and reducing traffic accidents, but VANETs also raise important security and privacy issues. A common approach widely adopted in VANETs is the use of Public Key Infrastructures PKI and digital certificates in order to enable authentication and confidentiality, usually relying on a large set of regional Certification Authorities CAs. Despite the advantages of the latter approach, it raises new problems related with the secure interoperability among the different -and usually unknown-issuing CAs. This paper addresses authentication and interoperability issues in vehicular communications, considering an interregional scenario where mutual authentication between all the nodes is needed. The use of an Authentication Service AS is proposed, which supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service via the well-known Online Certificate Status Protocol OCSP. The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-fly if an interoperability relationship can be created. The feasibility and performance of the proposed mechanisms are demonstrated via simulations and quantitative analyses by providing a set of communication measurements considering an urban scenario.

Using OGRO and CertiVeR to improve OCSP validation for Grids

Abstract Authentication and authorization in many distributed systems rely on the use of cryptographic credentials that in most of the cases have a defined lifetime. This feature mandates the use of mechanisms able to determine whether a particular credential can be trusted at a given moment. This process is commonly named validation. Among available validation mechanisms, the Online Certificate Status Protocol (OCSP) stands out due to its ability to carry near real time certificate status information. Despite its importance for security, OCSP faces considerable challenges in the computational Grid (i.e. Proxy Certificate’s validation) that are being studied at the Global Grid Forum’s CA Operations Work Group (CAOPS-WG). As members of this group, we have implemented an OCSP validation infrastructure for the Globus Toolkit 4, composed of the CertiVeR Validation Service and our Open GRid Ocsp (OGRO) client library, which introduced the Grid Validation Policy. This paper summarizes our experiences on that work and the results obtained up to now. Furthermore we introduce the prevalidation concept, a mechanism analogous to the Authorization Push-Model, capable of improving OCSP validation performance in Grids. This paper also reports the results obtained with OGRO’s prevalidation rules for Grid Services as a proof of concept.

Fidelity: Federated Identity Management Security based on Liberty Alliance on European Ambit

On the Federated Digital Identity ambit, the Fidelity project will put in practice a system defined by Liberty Alliance specifications into a pan-European context, focusing on solving the problems that can be found in an international environment, and that can be subject to regulation(s) addressing the user data confidentiality. Currently, user identification and authentication are the key enablers for Internet business but until now the user’s personal information and authentication remain inside the organization’s boundaries. To solve this problem, the Liberty Alliance Project (LAP) has defined a Federated Identity Management environment that allow independent service/attribute providers, to hold user attributes relevant to the service they provide, to the end-user meeting always the personal data protection legal requirements. LAP proposes the creation of Circles of Trust (CoT), which associate identity and service providers, through the adequate service agreements, allowing them to share user information. The Fidelity Project implements an interoperability proof of concept in a pan-European context of the Liberty Alliance protocols and framework by setting up 4 CoT in four different EU countries. Each CoT is led by a telecom operator and has access to all the users’ attributes. This environment will allow testing the federation of identities and the sharing of the users’ attributes by different services with different authentication levels.