Catálogo de publicaciones - libros

In this paper we propose the notion of , a mobile contract that an application carries with itself. The key idea of the framework is that a digital signature should not just certify the origin of the code but rather bind together the code with a contract. We provide a description of the overall life-cycle of mobile code in the setting of security-by-contract, describe a tentative structure for a contractual language and propose a number of algorithms for one of the key steps in the process, the issue. We argue that security-by-contract would provide a semantics for digital signatures on mobile code thus being a step in the transition from trusted code to trustworthy code.

Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of “PKC is too expensive for WSN” has changed partially due to the existence of new hardware and software prototypes based on Elliptic Curve Cryptography and other PKC primitives. Then, it is necessary to analyze whether it is both feasible and convenient to have a Public Key Infrastructure for sensor networks that would allow the creation of PKC-based services like Digital Signatures.

The recent development of location-based services has originated a set of new security services that address their particular security problems. Spatial-temporal certification services are among these new services. They have as main goal the generation of evidences about an entity’s spatial-temporal information and, in general, their life-cycle support. Currently there is still a lack of a general framework for spatial-temporal certification services. In this work it is presented such a framework and an extension of the X.509 attribute certificate framework and the SAML standard to represent spatial-temporal certificates.

Online electronic wallet with decentralized credential keepers is an architecture allowing users to leave most of the content of his electronic wallet at the security of his residential electronic keeper, while traveling with his mobile phone. This paper proposed a new security scheme for mobile payment using such architecture. The approach differs from the previous work in that it uses identity-based encryption for securing payment between the payer and payee, which takes full advantage of public-key cryptography while simplifies the authenticity requirements of the public keys.

An undeniable mobile billing system allows a mobile network service provider to bill its subscribers with trustworthy evidences. Chen, Jan and Chen proposed such a billing system by introducing a trusted third party – Observer and exploiting a hash chain mechanism. In their system, the Observer provides call time evidence to both cellular carriers and subscribers for billing. In this paper, we first identify some vulnerabilities in their mobile billing system. Then, we propose an undeniable billing scheme based on a proper combination of digital signature and hash chain mechanism. The proposed scheme can achieve authentication, non-repudiation, and fairness, which are desirable security requirements for an undeniable mobile billing system.

One of the challenges within public-key based cryptosystems is providing the user with a convenient interface, while retaining security. In the universal composability framework, we propose an ideal functionality for secure messaging, with a user-friendly interface. We also propose an ideal functionality for signcryption, and we show that, given a public key infrastructure and a secure signcryption protocol, we can construct a protocol that securely realizes the secure messaging functionality. Moreover, we show that a signcryption protocol realizes the signcryption functionality if and only if the corresponding signcryption scheme is secure.

Our goal in this paper is to provide authentication, encryption and non-repudiation services for nodes within Peer-to-Peer networks, in an efficient and scalable way. To accomplish this, we propose a distributed Public Key Infrastructure model, suitable for Peer-to-Peer networks and more particularly for the Chord protocol. Our solution integrates the PKI infrastructure within the Chord architecture. We use well known cryptographic techniques as building blocks, such as threshold cryptography and proactive updating.

Location-Based Services (LBS) can be accessed from a variety of mobile devices to obtain value added information related to the location of the user. Most of the times, these services are provided by a trusted company ( a telecommunications company). However, the massive use of mobile devices pave the way for the creation of ad hoc wireless networks that can be used to exchange information based on locations. In the latter case, these LBS could be provided by an untrusted party. Sending the location to an untrusted LBS provider could put the privacy of the user in jeopardy. In this paper we propose a novel technique to guarantee the privacy of users of LBS. Our technique consists of several modules, but the highest degree of security is achieved thanks to the use of a public-key privacy homomorphism. Unlike the existing approaches, our proposal does not need any trusted third party to anonymise the users and only makes use of a public-key infrastructure.

A Certification Practice Statement (CPS), as well as one or several Certificate Policies (CP) are important parts of a Public Key Infrastructure. The by far most important source of information for writing a CPS or CP was developed by an IETF working group and was published as RFC 3647 [1]. RFC 3647 can be thought of as a generic instruction set for creating a CPS and a CP. Yet, experience shows that working with RFC 3647 can be quite difficult. This is due to some fundamental issues, but also due to some shortcomings and faults in the standard. In addition, it is difficult to use RFC 3647 for a CPS/CP that is used outside the US. This paper names the main problems that a CPS/CP author has to face when following RFC 3647. It discusses possible solutions and reveals why the development of a new standard would be appropriate.