http://hdl.handle.net/2117/3675 2013-06-19T22:38:10Z http://hdl.handle.net/2117/19464 Title: On collaborative anonymous communications in lossy networks Authors: Rebollo-Monedero, David; Forné Muñoz, Jorge; Pallarès Segarra, Esteve; Parra-Arnau, Javier; Tripp Barba, Carolina; Urquiza Aguiar, Luis; Aguilar Igartua, Mónica Abstract: Message encryption does not prevent eavesdroppers from unveiling who is communicating with whom, when, or how frequently, a privacy risk wireless networks are particularly vulnerable to. The Crowds protocol, a well-established anonymous communication system, capitalizes on user collaboration to enforce sender anonymity. This work formulates a mathematical model of a Crowd-like protocol for anonymous communication in a lossy network, establishes quantifiable metrics of anonymity and quality of service (QoS), and theoretically characterizes the trade-off between them. The anonymity metric chosen follows the principle of measuring privacy as an attacker's estimation error. By introducing losses, we extend the applicability of the protocol beyond its original proposal. We quantify the intuition that anonymity comes at the expense of both delay and end-to-end losses. Aside from introducing losses in our model, another main difference with respect to the traditional Crowds is the focus on networks with stringent QoS requirements, for best effort anonymity, and the consequent elimination of the initial forwarding step. Beyond the mathematical solution, we illustrate a systematic methodology in our analysis of the protocol. This methodology includes a series of formal steps, from the establishment of quantifiable metrics all the way to the theoretical study of the privacy QoS trade-off. Copyright © 2013 John Wiley & Sons, Ltd. 2013-05-30T17:26:32Z http://hdl.handle.net/2117/18153 Title: COACH: COllaborative certificate stAtus CHecking mechanism for VANETs Authors: Hernández Gañán, Carlos; Muñoz Tapia, José Luis; Esparza Martín, Óscar; Mata Diaz, Jorge; Hernández Serrano, Juan; Alins Delgado, Juan José Abstract: Vehicular Ad Hoc Networks (VANETs) require mechanisms to authenticate messages, identify valid vehicles, and remove misbehaving vehicles. A public key infrastructure (PKI) can be used to provide these functionalities using digital certificates. However, if a vehicle is no longer trusted, its certificates have to be revoked and this status information has to be made available to other vehicles as soon as possible. In this paper, we propose a collaborative certificate status checking mechanism called COACH to efficiently distribute certificate revocation information in VANETs. In COACH, we embed a hash tree in each standard Certificate Revocation List (CRL). This dual structure is called extended-CRL. A node possessing an extended-CRL can respond to certificate status requests without having to send the complete CRL. Instead, the node can send a short response (less than 1 kB) that fits in a single UDP message. Obviously, the substructures included in the short responses are authenticated. This means that any node possessing an extended-CRL can produce short responses that can be authenticated (including Road Side Units or intermediate vehicles). We also propose an extension to the COACH mechanism called EvCOACH that is more efficient than COACH in scenarios with relatively low revocation rates per CRL validity period. To build EvCOACH, we embed an additional hash chain in the extended-CRL. Finally, by conducting a detailed performance evaluation, COACH and EvCOACH are proved to be reliable, efficient, and scalable. 2013-03-08T18:53:14Z http://hdl.handle.net/2117/18044 Title: On the measurement of privacy as an attacker's estimation error Authors: Rebollo Monedero, David; Parra Arnau, Javier; Diaz, Claudia; Forné Muñoz, Jorge Abstract: A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist system designers in selecting the most appropriate metric for a given application. In this work we propose a theoretical framework for privacypreserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability and Bayes decision. 2013-03-04T12:09:21Z http://hdl.handle.net/2117/16590 Title: Cooperative detection of primary user emulation attacks in CRNs Authors: León Abarca, Olga; Hernández Serrano, Juan; Soriano Ibáñez, Miguel Abstract: Cognitive radio networks (CRNs) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. With such purpose, coexistence mechanisms among CRN nodes or secondary users and legitimate users of the spectrum or primary users are defined. However, due to the particular features of CRNs, new security threats arise, such as the primary user emulation (PUE) attack, which is the most challenging among all. With the aim of detecting such kind of attacks, in this paper we propose a cooperative localization method specifically suited to CRNs which relies on TDoA measurements and Taylor-series estimations. Simulations results show the goodness of the proposed method and its suitability to typical CRN scenarios. 2012-09-27T16:00:01Z http://hdl.handle.net/2117/16579 Title: Query profile obfuscation by means of optimal query exchange between users Authors: Rebollo Monedero, David; Forné Muñoz, Jorge; Domingo Ferrer, Josep Abstract: Abstract—We address the problem of query profile obfuscation by means of partial query exchanges between two users, in order for their profiles of interest to appear distorted to the information provider (database, search engine, etc.). We illustrate a methodology to reach mutual privacy gain, that is, a situation where both users increase their own privacy protection through collaboration in query exchange. To this end, our approach starts with a mathematical formulation, involving the modeling of the users’ apparent profiles as probability distributions over categories of interest, and the measure of their privacy as the corresponding Shannon entropy. The question of which query categories to exchange translates into finding optimization variables representing exchange policies, for various optimization objectives based on those entropies, possibly under exchange traffic constraints. 2012-09-26T09:32:52Z http://hdl.handle.net/2117/16578 Title: A modeling of certificate revocation and its application to synthesis of revocation traces Authors: Hernández Gañán, Carlos; Mata Diaz, Jorge; Muñoz Tapia, José Luis; Hernández Serrano, Juan; Esparza Martín, Óscar; Alins Delgado, Juan José Abstract: One of the hardest tasks of a public key infrastructure (PKI) is to manage revocation. New communication paradigms push the revocation system to the limit and an accurate resource assessment is necessary before implementing a particular revocation distribution system. In this context, a precise modeling of certificate revocation is necessary. In this article, we analyze empirical data from real CAs to develop an accurate and rigorous model for certificate revocation. One of the key findings of our analysis is that the certificate revocation process is statistically self-similar. The proposed model is based on an autoregressive fractionally integrated moving average (ARFIMA) process. Then, using this model, we show how to build a synthetic revocation generator that can be used in simulations for resource assessment. Finally, we also show that our model produces synthetic revocation traces that are indistinguishable for practical purposes from those corresponding to actual revocations. 2012-09-26T09:21:41Z http://hdl.handle.net/2117/16576 Title: Design of a P2P content recommendation system using affinity networks Authors: Vera del Campo, Juan; Pegueroles Vallés, Josep R.; Hernández Serrano, Juan; Soriano Ibáñez, Miguel Abstract: The success and intensive use of social networks makes strategies for efficient document location a hot topic of research. In this paper, we propose a common vector space to describe documents and users to create a social network based on affinities, and explore epidemic routing to recommend documents according to the user’s interests. Furthermore, we propose the creation of a SoftDHT structure to improve the recommendation results. Using these mechanisms, an efficient document recommender system with a fast organization of clusters of users based on their affinity can be provided, preventing the creation of unlinked communities. We show through simulations that the proposed system has a short convergence time and presents a high recall ratio. 2012-09-25T18:42:57Z http://hdl.handle.net/2117/16575 Title: Low-cost group rekeying for unattended wireless sensor networks Authors: Hernández Serrano, Juan; Vera del Campo, Juan; Pegueroles Vallés, Josep R.; Gañán, Carlos Abstract: Wireless sensor networks (WSNs) are made up of large groups of nodes that perform distributed monitoring services. Since sensor measurements are often sensitive data acquired in hostile environments, securing WSN becomes mandatory. However, WSNs consists of low-end devices and frequently preclude the presence of a centralized security manager. Therefore, achieving security is even more challenging. State-of-the-art proposals rely on: (1) attended and centralized security systems; or (2) establishing initial keys without taking into account how to efficiently manage rekeying. In this paper we present a scalable group key management proposal for unattended WSNs that is designed to reduce the rekeying cost when the group membership changes. 2012-09-25T18:32:22Z http://hdl.handle.net/2117/16473 Title: Decentralized certification scheme for secure admission in on-the-fly peer-to-peer systems Authors: Touceda, D.S.; Cámara, J.M.S.; Soriano Ibáñez, Miguel Abstract: Several alternative schemes have been presented in the literature to try to solve the users’ admission problem in P2P systems when it is not possible to include a logically centralized authority (either online or offline) in the system. However,most of them are not suitable for on-the-fly P2P systems and the most typical ones (IP based, shared secret and threshold cryptography) have several security and performance drawbacks. From the deficiencies of the existing schemes, in this paper we present a new decentralized certification scheme for on-the-fly P2P systems which is based on the recently published Internet Attribute Certificate Profile for Authorization. Our proposal greatly improves the security and flexibility of IP based and shared secret D. Suárez Touceda (B) Evalues - IT Security Evaluation, Parque Leganés Tecnológico, Avda. Gregorio Peces Barba 1, 28918 Leganés (Madrid), Spain e-mail: diego.suarez@uc3m.es J. M. Sierra Cámara Computer Science Department, Universidad Carlos III de Madrid, Avda. de la Universidad 30, 28911 Leganés (Madrid), Spain e-mail: sierra@inf.uc3m.es M. Soriano Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), 08034 Barcelona, Spain e-mail: soriano@entel.upc.edu M. Soriano Centre Tecnolgic de Telecomunicacions de Catalunya (CTTC), 08860 Castelldefels (Barcelona), Spain schemes with no infrastructure cost and with a minimal performance charge. Also, it achieves a similar level of security than threshold cryptography while highly reducing its computational and communicational cost. All these facts position our certification proposal as a users’ admission alternative for on-the-fly P2P systems in non very hostile environments where performance and security are key factors. 2012-09-12T11:43:18Z http://hdl.handle.net/2117/16000 Title: A privacy-protecting architecture for collaborative filtering via forgery and suppression of ratings Authors: Parra Arnau, Javier; Rebollo Monedero, David; Forné Muñoz, Jorge Abstract: Recommendation systems are information-filtering systems that help users deal with information overload. Unfortunately, current recommendation systems prompt serious privacy concerns. In this work, we propose an architecture that protects user privacy in such collaborative-filtering systems, in which users are profiled on the basis of their ratings. Our approach capitalizes on the combination of two perturbative techniques, namely the forgery and the suppression of ratings. In our scenario, users rate those items they have an opinion on. However, in order to avoid privacy risks, they may want to refrain from rating some of those items, and/or rate some items that do not reflect their actual preferences. On the other hand, forgery and suppression may degrade the quality of the recommendation system. Motivated by this, we describe the implementation details of the proposed architecture and present a formulation of the optimal trade-off among privacy, forgery rate and suppression rate. Finally, we provide a numerical example that illustrates our formulation. 2012-06-09T17:27:44Z http://hdl.handle.net/2117/15997 Title: A privacy-protecting architecture for recommendation systems via the suppression of ratings Authors: Parra Arnau, Javier; Rebollo Monedero, David; Forné Muñoz, Jorge Abstract: Recommendation systems are information-filtering systems that help users deal with information overload. Unfortunately, current recommendation systems prompt serious privacy concerns. In this work, we propose an architecture that enables users to enhance their privacy in those systems that profile users on the basis of the items rated. Our approach capitalizes on a conceptually-simple perturbative technique, namely the suppression of ratings. In our scenario, users rate those items they have an opinion on. However, in order to avoid being accurately profiled, they may want to refrain from rating certain items. Consequently, this technique protects user privacy to a certain extent, but at the cost of a degradation in the accuracy of the recommendation. We measure privacy risk as the Kullback-Leibler divergence between the user's and the population's rating distribution, a privacy criterion that we proposed in previous work. The justification of such a criterion is our second contribution. Concretely, we thoroughly interpret it by elaborating on the intimate connection between the celebrated method of entropy maximization and the use of entropies and divergences as measures of privacy. The ultimate purpose of this justification is to attempt to bridge the gap between the privacy and the information-theoretic communities by substantially adapting some technicalities of our original work to reach a wider audience, not intimately familiar with information theory and the method of types. Lastly, we present a formulation of the optimal trade-o_ between privacy and suppression rate, what allows us to formally specify one of the functional blocks of the proposed architecture. 2012-06-09T11:03:13Z http://hdl.handle.net/2117/15823 Title: Load splitting in clusters of video servers Authors: Cruz Llopis, Luis Javier de la; Vázquez Rodas, Andrés; Sanvicente Gargallo, Emilio; Aguilar Igartua, Mónica Abstract: Nowadays, video on demand is one of the services more highly appreciated and demanded by customers. As the number of users increases, the capacity of the system that provides these services must also be increased to guarantee the required quality of service. An approach to that end is to have available several videoservers at various distribution points in order to satisfy the different incoming demands (videoservercluster). When a movie demand arrives to such a cluster, a load balancing device must assign the request to a specific server according to a procedure that must be fast, easy to implement and scalable. In this article we consider the problem of appropriately splitting this load to improve on the system performance. After an analysis of the video packet generation, we point out the similarity between this problem and that of optimally routing packets in data networks. With this similarity in mind, a new mechanism to select the appropriate videoserver is proposed. The purpose of this mechanism is to minimize the average packet transfer time (waiting time plus transmission time) at the videoservercluster. In this way, we are able to obtain a dynamic load balancing policy that performs satisfactorily and that is very easy to implement in practice. The results of several experiments run with real data are shown and commented to substantiate our claims. A description of a practical implementation of the system is also included. 2012-05-10T17:51:59Z http://hdl.handle.net/2117/15655 Title: XPLIT: A cross-layer architecture for TCP services over DVB-S2/ETSI QoS BSM Authors: Alins Delgado, Juan José; Mata Diaz, Jorge; Muñoz Tapia, José Luis; Rendón Morales, Elizabeth; Esparza Martín, Óscar Abstract: This article proposes XPLIT, a new architecture based on TCP cross-layering and splitting for optimizing the transport layer performance in a DVB-S2 satellite link that employs the ETSI QoS Broadband Satellite Multimedia Services (BSM) standard. The main novelty of our proposal is a complete architecture that perfectly fits this new DVB-S2/ETSI QoS BSM scenario. Our architecture includes the design of satellite-optimized cross-layer TCP protocol, called XPLIT-TCP that uses two control loops to properly manage the system load. The proposal has been implemented to be tested in the NS-2 simulator and we include the most interesting performance evaluation results, which show the excellent performance of our architecture for the intended scenario 2012-03-23T19:23:52Z http://hdl.handle.net/2117/13052 Title: An Algorithm for k-Anonymous Microaggregation and Clustering Inspired by the Design of Distortion-Optimized Quantizers Authors: Forné Muñoz, Jorge; Soriano Ibáñez, Miguel Abstract: We present a multidisciplinary solution to the problems of anonymous microaggregation and clustering, illustrated with two applications, namely privacy protection in databases, and private retrieval of location-based information. Our solution is perturbative, is based on the same privacy criterion used in microdata k-anonymization, and provides anonymity through a substantial modification of the Lloyd algorithm, a celebrated quantization design algorithm, endowed with numerical optimization techniques. Our algorithm is particularly suited to the important problem of k-anonymous microaggregation of databases, with a small integer k representing the number of individual respondents indistinguishable from each other in the published database. Our algorithm also exhibits excellent performance in the problem of clustering or macroaggregation, where k may take on arbitrarily large values. We illustrate its applicability in this second, somewhat less common case, by means of an example of location-based services. Specifically, location-aware devices entrust a third party with accurate location information. This party then uses our algorithm to create distortion-optimized, size-constrained clusters, where k nearby devices share a common centroid location, which may be regarded as a distorted version of the original one. The centroid location is sent back to the devices, which use it when contacting untrusted location-based information providers, in lieu of the exact home location, to enforce k-anonymity. We compare the performance of our novel algorithm to the state-of-the-art microaggregation algorithm MDAV, on both synthetic and standardized real data, which encompass the cases of small and large values of k. The most promising aspect of our proposed algorithm is its capability to maintain the same k-anonymity constraint, while outperforming MDAV by a significant reduction in data distortion, in all the cases considered. 2011-07-26T17:14:26Z http://hdl.handle.net/2117/12962 Title: A game-theoretic multipath routing for video-streaming services over mobile Ad Hoc networks Authors: Aguilar Igartua, Mónica; Cruz Llopis, Luis Javier de la; Carrascal Frías, Víctor; Sanvicente Gargallo, Emilio Abstract: The number of portable devices capable of maintaining wireless communications has increased considerably in the last decade. Such mobile nodes may form a spontaneous self-configured network connected by wireless links to constitute a Mobile Ad Hoc Network (MANET). As the number of mobile end users grows the demand of multimedia services, such as video-streaming, in such networks is envisioned to increase as well. One of the most appropriate video coding technique for MANETs is layered MPEG-2 VBR, which used with a proper multipath routing scheme improves the distribution of video streams. In this article we introduce a proposal called g-MMDSR (game theoretic-Multipath Multimedia Dynamic Source Routing), a cross-layer multipath routing protocol which includes a game theoretic approach to achieve a dynamic selection of the forwarding paths. The proposal seeks to improve the own benefits of the users whilst using the common scarce resources efficiently. It takes into account the importance of the video frames in the decoding process, which outperforms the quality of the received video. Our scheme has proved to enhance the performance of the framework and the experience of the end users. Simulations have been carried out to show the benefits of our proposal under different situations where high interfering traffic and mobility of the nodes are present. 2011-07-13T13:45:38Z