http://hdl.handle.net/2117/1935 2013-05-25T14:31:56Z http://hdl.handle.net/2117/18153 Title: COACH: COllaborative certificate stAtus CHecking mechanism for VANETs Authors: Hernández Gañán, Carlos; Muñoz Tapia, José Luis; Esparza Martín, Óscar; Mata Diaz, Jorge; Hernández Serrano, Juan; Alins Delgado, Juan José Abstract: Vehicular Ad Hoc Networks (VANETs) require mechanisms to authenticate messages, identify valid vehicles, and remove misbehaving vehicles. A public key infrastructure (PKI) can be used to provide these functionalities using digital certificates. However, if a vehicle is no longer trusted, its certificates have to be revoked and this status information has to be made available to other vehicles as soon as possible. In this paper, we propose a collaborative certificate status checking mechanism called COACH to efficiently distribute certificate revocation information in VANETs. In COACH, we embed a hash tree in each standard Certificate Revocation List (CRL). This dual structure is called extended-CRL. A node possessing an extended-CRL can respond to certificate status requests without having to send the complete CRL. Instead, the node can send a short response (less than 1 kB) that fits in a single UDP message. Obviously, the substructures included in the short responses are authenticated. This means that any node possessing an extended-CRL can produce short responses that can be authenticated (including Road Side Units or intermediate vehicles). We also propose an extension to the COACH mechanism called EvCOACH that is more efficient than COACH in scenarios with relatively low revocation rates per CRL validity period. To build EvCOACH, we embed an additional hash chain in the extended-CRL. Finally, by conducting a detailed performance evaluation, COACH and EvCOACH are proved to be reliable, efficient, and scalable. 2013-03-08T18:53:14Z http://hdl.handle.net/2117/18044 Title: On the measurement of privacy as an attacker's estimation error Authors: Rebollo Monedero, David; Parra Arnau, Javier; Diaz, Claudia; Forné Muñoz, Jorge Abstract: A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist system designers in selecting the most appropriate metric for a given application. In this work we propose a theoretical framework for privacypreserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability and Bayes decision. 2013-03-04T12:09:21Z http://hdl.handle.net/2117/17447 Title: Leveraging 802.11n frame aggregation to enhance QoS and power consumption in Wi-Fi networks Authors: Camps Mur, Daniel; Gomony, M.D.; Pérez Costa, Xavier; Sallent Ribes, Sebastián Abstract: The Wi-Fi technology, driven by its tremendous success, is expanding into a wide variety of devices and applications. However, many of these new devices, like handheld devices, pose new challenges in terms of QoS and energy efficiency. In order to address these challenges, in this paper we study how the novel MAC aggregation mechanisms developed in the 802.11n standard can be used to enhance the current 802.11 QoS and power saving protocols. Our contribution is twofold. First, we present a simulation study that illustrates the interactions between 802.11n and the current 802.11 QoS and power saving protocols. This study reveals that the 802.11n MAC aggregation mechanisms perform better when combined with the power save mode included in the original 802.11 standard than with the 802.11e U-APSD protocol. Second, we design CA-DFA, an algorithm that, using only information available at layer two, adapts the amount of 802.11n aggregation used by a Wi-Fi station according to the level of congestion in the network. A detailed performance evaluation demonstrates the benefits of CA-DFA in terms of QoS, energy efficiency and network capacity with respect to state of the art alternatives. 2013-01-21T16:37:51Z http://hdl.handle.net/2117/17262 Title: Optimal mapping of virtual networks with hidden hops Authors: Botero Vega, Juan Felipe; Hesselbach Serra, Xavier; Fischer, Andreas; de Meer, Hermann Abstract: Network virtualization has emerged as a solution for the Internet inability to address the required challenges caused by the lack of coordination among Internet service providers for the deployment of new services. The allocation of resources is one of the main problems in network virtualization, mainly in the mapping of virtual nodes and links to specific substrate nodes and paths, also known as the virtual network embedding problem. This paper proposes an algorithm based on optimization theory, to map the virtual links and nodes requiring a specific demand, looking for the maximization of the spare bandwidth and spare CPU in the substrate network, taking into account the CPU demanded by the hidden hops when a virtual link is mapped. The components of the virtual networks (nodes and links) that do not ask for an specific demand are then allocated following a fairness criteria 2013-01-10T13:11:39Z http://hdl.handle.net/2117/17181 Title: On centralized schedulers for 802.11e WLANs distribution versus grouping of resources allocation Authors: Mur, D.C.; Pérez Costa, Xavier; Marchenko, V.; Sallent Ribes, Sebastián Abstract: Wireless LAN is becoming a pervasive wireless access technology that can be found in almost any mobile device such as laptops, PDAs, portable game consoles and mobile phones. Each of these groups of devices have a different set of requirements according to their intended use and applications but most of them share two main requirements: QoS support to satisfy applications’ demands and power saving functionality to achieve an operating time according to users’ expectations. IEEE 802.11e defines two centralized solutions in order to address these problems: Hybrid Coordination Channel Access (HCCA) for QoS and Scheduled Automatic Power Save Delivery (S-APSD) for power saving. The focus of our work in this paper is the analysis and evaluation of a proposed centralized scheduler that makes use of both aforementioned IEEE 802.11e QoS and power saving solutions. Our contributions are as follows: (i) Design and analytical modeling of a proposed centralized scheduler (DRA) that maximizes the minimum distance between the resource allocations with pseudopolynomial complexity, (ii) Extensive performance evaluation of the QoS and power saving benefits of the Distribution proposal (DRA) as compared to a generic Grouping one (GRA), and (iii) Evaluation of the complexity and scalability of the proposal to assess its feasibility in practice. 2012-12-20T15:40:48Z http://hdl.handle.net/2117/17176 Title: Magnetic induction for underwater wireless communication networks Authors: Domingo Aladrén, Mari Carmen Abstract: Although acoustic waves are the most versatile and widely used physical layer technology for underwater wireless communication networks (UWCNs), they are adversely affected by ambient noise, multipath propagation, and fading. The large propagation delays, low bandwidth, and high bit error rates of the underwater acoustic channel hinder communication as well. These operational limits call for complementary technologies or communication alternatives when the acoustic channel is severely degraded. Magnetic induction (MI) is a promising technique for UWCNs that is not affected by large propagation delays, multipath propagation, and fading. In this paper, the MI communication channel has been modeled. Its propagation characteristics have been compared to the electromagnetic and acoustic communication systems through theoretical analysis and numerical evaluations. The results prove the feasibility of MI communication in underwater environments. The MI waveguide technique is developed to reduce path loss. The communication range between source and destination is considerably extended to hundreds of meters in fresh water due to its superior bit error rate performance. 2012-12-20T14:03:51Z http://hdl.handle.net/2117/17166 Title: Energy efficient virtual network embedding Authors: Botero Vega, Juan Felipe; Hesselbach Serra, Xavier; Duelli, Michael; Schlosser, Daniel; Fischer, A.; de Meer, Hermann Abstract: Waste of energy due to over-provisioning and overdimensioning of network infrastructures has recently stimulated the interest on energy consumption reduction by Internet Service Providers (ISPs). By means of resource consolidation, network virtualization based architectures will enable energy saving. In this letter, we extend the well-known virtual network embedding problem (VNE) to energy awareness and propose a mixed integer program (MIP) which provides optimal energy efficient embeddings. Simulation results show the energy gains of the proposed MIP over the existing cost-based VNE approach. 2012-12-19T19:13:45Z http://hdl.handle.net/2117/17159 Title: Throughput efficiency in body sensor networks: a clean-slate approach Authors: Domingo Aladrén, Mari Carmen Abstract: In this paper, a flexible role-based architecture for Body Sensor Networks (BSNs) is introduced. The proposed non-layered context-aware architecture is application-oriented and able to incorporate future applications. Particular applications have certain requirements. Functional units (roles) instead of protocol layers are designed to perform the required tasks for applications to work properly. The role data of an application is inserted in the role headers of the container and is available for other applications with the same basic, specific or particular roles. Furthermore, the performance of Automatic Repeat Request (ARQ), Forward Error Correction (FEC) block codes and FEC convolutional codes with respect to the throughput efficiency has also been analyzed for a BSN following the proposed role-based architecture. The numerical results show that the proposed role-based architecture outperforms the traditional layered architecture with respect to the throughput efficiency for all error control schemes. FEC block codes are able to maintain a high throughput efficiency over longer distances because the hop length extension technique is applied. 2012-12-19T17:00:29Z http://hdl.handle.net/2117/16590 Title: Cooperative detection of primary user emulation attacks in CRNs Authors: León Abarca, Olga; Hernández Serrano, Juan; Soriano Ibáñez, Miguel Abstract: Cognitive radio networks (CRNs) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. With such purpose, coexistence mechanisms among CRN nodes or secondary users and legitimate users of the spectrum or primary users are defined. However, due to the particular features of CRNs, new security threats arise, such as the primary user emulation (PUE) attack, which is the most challenging among all. With the aim of detecting such kind of attacks, in this paper we propose a cooperative localization method specifically suited to CRNs which relies on TDoA measurements and Taylor-series estimations. Simulations results show the goodness of the proposed method and its suitability to typical CRN scenarios. 2012-09-27T16:00:01Z http://hdl.handle.net/2117/16579 Title: Query profile obfuscation by means of optimal query exchange between users Authors: Rebollo Monedero, David; Forné Muñoz, Jorge; Domingo Ferrer, Josep Abstract: Abstract—We address the problem of query profile obfuscation by means of partial query exchanges between two users, in order for their profiles of interest to appear distorted to the information provider (database, search engine, etc.). We illustrate a methodology to reach mutual privacy gain, that is, a situation where both users increase their own privacy protection through collaboration in query exchange. To this end, our approach starts with a mathematical formulation, involving the modeling of the users’ apparent profiles as probability distributions over categories of interest, and the measure of their privacy as the corresponding Shannon entropy. The question of which query categories to exchange translates into finding optimization variables representing exchange policies, for various optimization objectives based on those entropies, possibly under exchange traffic constraints. 2012-09-26T09:32:52Z http://hdl.handle.net/2117/16578 Title: A modeling of certificate revocation and its application to synthesis of revocation traces Authors: Hernández Gañán, Carlos; Mata Diaz, Jorge; Muñoz Tapia, José Luis; Hernández Serrano, Juan; Esparza Martín, Óscar; Alins Delgado, Juan José Abstract: One of the hardest tasks of a public key infrastructure (PKI) is to manage revocation. New communication paradigms push the revocation system to the limit and an accurate resource assessment is necessary before implementing a particular revocation distribution system. In this context, a precise modeling of certificate revocation is necessary. In this article, we analyze empirical data from real CAs to develop an accurate and rigorous model for certificate revocation. One of the key findings of our analysis is that the certificate revocation process is statistically self-similar. The proposed model is based on an autoregressive fractionally integrated moving average (ARFIMA) process. Then, using this model, we show how to build a synthetic revocation generator that can be used in simulations for resource assessment. Finally, we also show that our model produces synthetic revocation traces that are indistinguishable for practical purposes from those corresponding to actual revocations. 2012-09-26T09:21:41Z http://hdl.handle.net/2117/16576 Title: Design of a P2P content recommendation system using affinity networks Authors: Vera del Campo, Juan; Pegueroles Vallés, Josep R.; Hernández Serrano, Juan; Soriano Ibáñez, Miguel Abstract: The success and intensive use of social networks makes strategies for efficient document location a hot topic of research. In this paper, we propose a common vector space to describe documents and users to create a social network based on affinities, and explore epidemic routing to recommend documents according to the user’s interests. Furthermore, we propose the creation of a SoftDHT structure to improve the recommendation results. Using these mechanisms, an efficient document recommender system with a fast organization of clusters of users based on their affinity can be provided, preventing the creation of unlinked communities. We show through simulations that the proposed system has a short convergence time and presents a high recall ratio. 2012-09-25T18:42:57Z http://hdl.handle.net/2117/16575 Title: Low-cost group rekeying for unattended wireless sensor networks Authors: Hernández Serrano, Juan; Vera del Campo, Juan; Pegueroles Vallés, Josep R.; Gañán, Carlos Abstract: Wireless sensor networks (WSNs) are made up of large groups of nodes that perform distributed monitoring services. Since sensor measurements are often sensitive data acquired in hostile environments, securing WSN becomes mandatory. However, WSNs consists of low-end devices and frequently preclude the presence of a centralized security manager. Therefore, achieving security is even more challenging. State-of-the-art proposals rely on: (1) attended and centralized security systems; or (2) establishing initial keys without taking into account how to efficiently manage rekeying. In this paper we present a scalable group key management proposal for unattended WSNs that is designed to reduce the rekeying cost when the group membership changes. 2012-09-25T18:32:22Z http://hdl.handle.net/2117/16473 Title: Decentralized certification scheme for secure admission in on-the-fly peer-to-peer systems Authors: Touceda, D.S.; Cámara, J.M.S.; Soriano Ibáñez, Miguel Abstract: Several alternative schemes have been presented in the literature to try to solve the users’ admission problem in P2P systems when it is not possible to include a logically centralized authority (either online or offline) in the system. However,most of them are not suitable for on-the-fly P2P systems and the most typical ones (IP based, shared secret and threshold cryptography) have several security and performance drawbacks. From the deficiencies of the existing schemes, in this paper we present a new decentralized certification scheme for on-the-fly P2P systems which is based on the recently published Internet Attribute Certificate Profile for Authorization. Our proposal greatly improves the security and flexibility of IP based and shared secret D. Suárez Touceda (B) Evalues - IT Security Evaluation, Parque Leganés Tecnológico, Avda. Gregorio Peces Barba 1, 28918 Leganés (Madrid), Spain e-mail: diego.suarez@uc3m.es J. M. Sierra Cámara Computer Science Department, Universidad Carlos III de Madrid, Avda. de la Universidad 30, 28911 Leganés (Madrid), Spain e-mail: sierra@inf.uc3m.es M. Soriano Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), 08034 Barcelona, Spain e-mail: soriano@entel.upc.edu M. Soriano Centre Tecnolgic de Telecomunicacions de Catalunya (CTTC), 08860 Castelldefels (Barcelona), Spain schemes with no infrastructure cost and with a minimal performance charge. Also, it achieves a similar level of security than threshold cryptography while highly reducing its computational and communicational cost. All these facts position our certification proposal as a users’ admission alternative for on-the-fly P2P systems in non very hostile environments where performance and security are key factors. 2012-09-12T11:43:18Z http://hdl.handle.net/2117/16081 Title: Presence-based architecture for wireless sensor networks using publish/subscribe paradigm Authors: García Davis, Ernesto; Calveras Augé, Anna M. Abstract: Ubiquitous communication is a key component of Ambient Intelligence, enabling objects to communicate with each-other by means of a wireless ad-hoc network. A presence service allows knowing the availability or responsiveness status of elements in a communication (entities). Traditionally, only human use this service, however all smart devices or objects (with embedded wireless sensor nodes) could interact with each other thus a presence service could also enhance communication among them. To achieve this objective we look into existing protocols to propose the requirements needed to provide presence service on Wireless Sensor Networks (WSN). The main contribution of this paper is the discussion of requirements for presence services on WSN and the new proposed architecture to cope with presence services in WSN. 2012-06-18T14:39:06Z