Contact information
| Name | Patricia Arias-Cabarcos |
| Phone | |
| public_email_address | |
| Address | KIT, Fakultät für Informatik, Am Fasanengarten 5 Geb 50.34, 76131 Karlsruhe |
| displayName | Dr. Patricia Arias Cabarcos |
Academic
| OrcidURL | |
| jobline | Postdoctoral researcher at KIT |
| itWebPage | https://scholar.google.com/citations?user=vGhH7RQAAAAJ&hl=en&oi=ao |
| LinkedInURL | |
| TwitterURL | |
| ResearchGateURL |
Bio Information
| Biography | Since November 2019, I am part of the academic staff at KIT within the “Practical IT-Security” research group. Previously, I got the PhD in Telematic Engineering from University Carlos III of Madrid (Spain) in 2013 and worked there as Assistant Professor (2013-2018). I have also been a Humboldt Fellow at Universität Mannheim, visiting postdoctoral researcher at TU Darmstadt, and intern at NEC Laboratories Europe in Heidelberg. My research interests lie in the area of information security and privacy, with a special focus on identity management, authentication, and usable security, applied to different computing paradigms and scenarios (e.g., cloud, IoT). |
Since November 2019, I am part of the academic staff at KIT within the "Practical IT-Security" research group. Previously, I got the PhD in Telematic Engineering from University Carlos III of Madrid (Spain) in 2013 and worked there as Assistant Professor (2013-2018). I have also been a Humboldt Fellow at Universität Mannheim, visiting postdoctoral researcher at TU Darmstadt, and intern at NEC Laboratories Europe in Heidelberg. My research interests lie in the area of information security and privacy, with a special focus on identity management, authentication, and usable security, applied to different computing paradigms and scenarios (e.g., cloud, IoT).
Contact
Phone
Address
KIT, Fakultät für Informatik, Am Fasanengarten 5 Geb 50.34, 76131 Karlsruhe
Publications
Díaz-Sánchez, Daniel; Guerrero, Rosa Sánchez; López, Andrés Marín; Almenares, Florina; Arias, Patricia
A H.264 SVC distributed content protection system with flexible key stream generation Proceedings Article
In: 2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin), IEEE, 2022, ISSN: 2166-6814.
@inproceedings{PA012,
title = {A H.264 SVC distributed content protection system with flexible key stream generation},
author = {Daniel Díaz-Sánchez and Rosa Sánchez Guerrero and Andrés Marín López and Florina Almenares and Patricia Arias},
url = {https://ieeexplore.ieee.org/document/6336520},
doi = {https://doi.org/10.1109/ICCE-Berlin.2012.6336520},
issn = {2166-6814},
year = {2022},
date = {2022-10-22},
urldate = {2022-10-22},
booktitle = {2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin)},
publisher = {IEEE},
abstract = {Modern scalable coding techniques, as H264 SVC, are adequate to save processing power and bandwidth. Moreover, if the enhancements of a SVC encoded content are protected, it is possible to enable pay-per-quality systems. Transcoding and protection entail huge doses of processing power at provider side and should be distributed. Moreover, processing key streams to decrypt enhancements that were encrypted separately can increase the complexity at receiver side. This abstract describes a distributed system for content encoding and protection that generates a flexible key stream that simplifies the receiver.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Modern scalable coding techniques, as H264 SVC, are adequate to save processing power and bandwidth. Moreover, if the enhancements of a SVC encoded content are protected, it is possible to enable pay-per-quality systems. Transcoding and protection entail huge doses of processing power at provider side and should be distributed. Moreover, processing key streams to decrypt enhancements that were encrypted separately can increase the complexity at receiver side. This abstract describes a distributed system for content encoding and protection that generates a flexible key stream that simplifies the receiver.
AGUILAR-IGARTUA, MÓNICA; ALMENARES-MENDOZA, FLORINA; DÍAZ-REDONDO, REBECA; MARTÍN-VICENTE, MANUELA; FORNÉ, JORDI; CAMPO, CELESTE; FERNÁNDEZ-VILAS, ANA; CRUZ-LLOPIS, LUIS; GARCÍA-RUBIO, CARLOS; MARÍN-LÓPEZ, ANDRÉS; MOHAMAD-MEZHER, AHMAD; DÍAZ-SÁNCHEZ, DANIEL; CEREZO-COSTAS, HÉCTOR; REBOLLO-MONEDERO, DAVID; ARIAS-CABARCOS, PATRICIA; RICO-NOVELLA, FRANCISCO JOSÉ
INRISCO: INcident monitoRing in Smart COmmunities Journal Article
In: IEEE Access, vol. 8, pp. 72435 - 72460, 2020, ISSN: 2169-3536.
@article{almenarez006,
title = {INRISCO: INcident monitoRing in Smart COmmunities},
author = {MÓNICA AGUILAR-IGARTUA AND FLORINA ALMENARES-MENDOZA AND REBECA DÍAZ-REDONDO AND MANUELA MARTÍN-VICENTE AND JORDI FORNÉ AND CELESTE CAMPO AND ANA FERNÁNDEZ-VILAS AND LUIS CRUZ-LLOPIS AND CARLOS GARCÍA-RUBIO AND ANDRÉS MARÍN-LÓPEZ AND AHMAD MOHAMAD-MEZHER AND DANIEL DÍAZ-SÁNCHEZ AND HÉCTOR CEREZO-COSTAS AND DAVID REBOLLO-MONEDERO AND PATRICIA ARIAS-CABARCOS AND FRANCISCO JOSÉ RICO-NOVELLA
},
url = {https://ieeexplore.ieee.org/document/9064504
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9064504},
doi = {https://doi.org/10.1109/ACCESS.2020.2987483},
issn = {2169-3536},
year = {2020},
date = {2020-04-13},
urldate = {2020-04-13},
journal = {IEEE Access},
volume = {8},
pages = {72435 - 72460},
abstract = {Major advances in information and communication technologies (ICTs) make citizens to be considered as sensors in motion. Carrying their mobile devices, moving in their connected vehicles or actively participating in social networks, citizens provide a wealth of information that, after properly processing, can support numerous applications for the benefit of the community. In the context of smart communities, the INRISCO [1] proposal intends for (i) the early detection of abnormal situations in cities (i.e., incidents), (ii) the analysis of whether, according to their impact, those incidents are really adverse for the community; and (iii) the automatic actuation by dissemination of appropriate information to citizens and authorities. Thus, INRISCO will identify and report on incidents in traffic (jam, accident) or public infrastructure (e.g., works, street cut), the occurrence of specific events that affect other citizens' life (e.g., demonstrations, concerts), or environmental problems (e.g., pollution, bad weather). It is of particular interest to this proposal the identification of incidents with a social and economic impact, which affects the quality of life of citizens.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Major advances in information and communication technologies (ICTs) make citizens to be considered as sensors in motion. Carrying their mobile devices, moving in their connected vehicles or actively participating in social networks, citizens provide a wealth of information that, after properly processing, can support numerous applications for the benefit of the community. In the context of smart communities, the INRISCO [1] proposal intends for (i) the early detection of abnormal situations in cities (i.e., incidents), (ii) the analysis of whether, according to their impact, those incidents are really adverse for the community; and (iii) the automatic actuation by dissemination of appropriate information to citizens and authorities. Thus, INRISCO will identify and report on incidents in traffic (jam, accident) or public infrastructure (e.g., works, street cut), the occurrence of specific events that affect other citizens' life (e.g., demonstrations, concerts), or environmental problems (e.g., pollution, bad weather). It is of particular interest to this proposal the identification of incidents with a social and economic impact, which affects the quality of life of citizens.
Díaz-Sánchez, Daniel; Marín-Lopez, Andrés; Mendoza, Florina Almenárez; Cabarcos, Patricia Arias
DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT † Journal Article
In: Sensors, vol. 19, iss. 15, pp. 1-23, 2019, ISSN: 1424-8220.
@article{Diaz_Sanchez_2019,
title = {DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT †},
author = {Daniel Díaz-Sánchez and Andrés Marín-Lopez and Florina Almenárez Mendoza and Patricia Arias Cabarcos},
url = {http://dx.doi.org/10.3390/s19153292
/download/DNS_DANE_Collision-Based_Distributed_and_Dynamic_Authentication_for_Microservices_in_IoT.pdf},
doi = {https://doi.org/10.3390/s19153292},
issn = {1424-8220},
year = {2019},
date = {2019-07-26},
urldate = {2019-07-26},
journal = {Sensors},
volume = {19},
issue = {15},
pages = {1-23},
publisher = {MDPI AG},
abstract = {IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.
Díaz-Sánchez, Daniel; Marín-López, Andrés; Almenárez-Mendoza, Florina; Arias-Cabarcos, Patricia; Simon-Sherratt, R.
TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications Journal Article
In: IEEE Communications Surveys and Tutorials, vol. 21, iss. 4, pp. 3502-3531, 2019, ISSN: 1553-877X.
@article{8704893,
title = {TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications},
author = {Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenárez-Mendoza and Patricia Arias-Cabarcos and R. Simon-Sherratt},
url = {https://doi.org/10.1109/COMST.2019.2914453
https://ieeexplore.ieee.org/document/8704893
https://phpmyadmin.pervasive.it.uc3m.es/download/TLC-PKI-challenges-certificate-pinning.pdf},
doi = {10.1109/COMST.2019.2914453},
issn = {1553-877X},
year = {2019},
date = {2019-05-02},
urldate = {2019-05-02},
journal = {IEEE Communications Surveys and Tutorials},
volume = {21},
issue = {4},
pages = {3502-3531},
abstract = {Transport layer security (TLS) is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential problems that should be addressed.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Transport layer security (TLS) is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential problems that should be addressed.
Seiler-Hwang, Sunyoung; Arias-Cabarcos, Patricia; Marín, Andrés; Almenares, Florina; Díaz-Sánchez, Daniel; Becker, Christian
I Don'T See Why I Would Ever Want to Use It: Analyzing the Usability of Popular Smartphone Password Managers Proceedings Article
In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1937–1953, The 26th ACM Conference on Computer and Communications Security ACM, London, United Kingdom, 2019, ISBN: 978-1-4503-6747-9.
@inproceedings{Seiler-Hwang:2019:DSW:3319535.3354192,
title = {I Don'T See Why I Would Ever Want to Use It: Analyzing the Usability of Popular Smartphone Password Managers},
author = {Sunyoung Seiler-Hwang and Patricia Arias-Cabarcos and Andrés Marín and Florina Almenares and Daniel Díaz-Sánchez and Christian Becker},
url = {http://doi.acm.org/10.1145/3319535.3354192},
doi = {10.1145/3319535.3354192},
isbn = {978-1-4503-6747-9},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1937--1953},
publisher = {ACM},
address = {London, United Kingdom},
organization = {The 26th ACM Conference on Computer and Communications Security},
series = {CCS '19},
abstract = {Passwords are an often unavoidable authentication mechanism, despite the availability of additional alternative means. In the case of smartphones, usability problems are aggravated because interaction happens through small screens and multilayer keyboards. While password managers (PMs) can improve this situation and contribute to hardening security, their adoption is far from widespread. To understand the underlying reasons, we conducted the first empirical usability study of mobile PMs, covering both quantitative and qualitative evaluations. Our findings show that popular PMs are barely acceptable according to the standard System Usability Scale, and that there are three key areas for improvement: integration with external applications, security, and user guidance and interaction. We build on the collected evidence to suggest recommendations that can fill this gap.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Passwords are an often unavoidable authentication mechanism, despite the availability of additional alternative means. In the case of smartphones, usability problems are aggravated because interaction happens through small screens and multilayer keyboards. While password managers (PMs) can improve this situation and contribute to hardening security, their adoption is far from widespread. To understand the underlying reasons, we conducted the first empirical usability study of mobile PMs, covering both quantitative and qualitative evaluations. Our findings show that popular PMs are barely acceptable according to the standard System Usability Scale, and that there are three key areas for improvement: integration with external applications, security, and user guidance and interaction. We build on the collected evidence to suggest recommendations that can fill this gap.
Almenarez, Florina; Alonso, Lucía; Marín, Andrés; Díaz-Sánchez, Daniel; Arias, Patricia
Assessment of fitness tracker security: a case of study Proceedings Article
In: 2018, ISSN: 2504-3900.
@inproceedings{pa058,
title = {Assessment of fitness tracker security: a case of study},
author = {Florina Almenarez and Lucía Alonso and Andrés Marín and Daniel Díaz-Sánchez and Patricia Arias},
url = {https://www.mdpi.com/2504-3900/2/19/1235},
doi = {https://doi.org/10.3390/proceedings2191235},
issn = {2504-3900},
year = {2018},
date = {2018-10-26},
abstract = {The wearable industry has experienced a notable growth over the last decade, especially in fitness or e-health trackers. These trackers bring new functionalities that require collecting a great amount of sensitive information about the user. This fact has made fitness trackers the target of deliberate attacks, e.g., eavesdropping, unauthorized account access, fake firmware update, and so on. For this reason, this paper describes a vulnerability study on one of the most popular fitness trackers in 2017, together with the mobile application associated to the tracker. The study results show what vulnerabilities of the communications among agents (i.e., wearable device, mobile application and server) could put at risk users sensitive information and privacy.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The wearable industry has experienced a notable growth over the last decade, especially in fitness or e-health trackers. These trackers bring new functionalities that require collecting a great amount of sensitive information about the user. This fact has made fitness trackers the target of deliberate attacks, e.g., eavesdropping, unauthorized account access, fake firmware update, and so on. For this reason, this paper describes a vulnerability study on one of the most popular fitness trackers in 2017, together with the mobile application associated to the tracker. The study results show what vulnerabilities of the communications among agents (i.e., wearable device, mobile application and server) could put at risk users sensitive information and privacy.
Díaz-Sánchez, Daniel; Marín-López, Andrés; Almenares-Mendoza, Florina; Arias-Cabarcos, Patricia
DNS-Based Dynamic Authentication for Microservices in IoT Proceedings Article
In: pp. 1-11, 2018, ISSN: 2504-3900.
@inproceedings{pa055,
title = {DNS-Based Dynamic Authentication for Microservices in IoT},
author = {Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenares-Mendoza and Patricia Arias-Cabarcos},
url = {https://www.mdpi.com/2504-3900/2/19/1233},
doi = {https://doi.org/10.3390/proceedings2191233},
issn = {2504-3900},
year = {2018},
date = {2018-10-25},
pages = {1-11},
abstract = {IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.
Sánchez-Guerrero, Rosa; Almenárez-Mendoza, Florina; Díaz-Sánchez, Daniel; Arias-Cabarcos, Patricia; Marín-López, Andrés
Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management Journal Article
In: IEEE Journal of Biomedical and Health Informatics, vol. 21, iss. 6, pp. 1741-1749, 2017, ISSN: 2168-2194 .
@article{8003467,
title = {Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management},
author = {Rosa Sánchez-Guerrero and Florina Almenárez-Mendoza and Daniel Díaz-Sánchez and Patricia Arias-Cabarcos and Andrés Marín-López},
url = {/download/Collaborative_eHealth_meets_Security_Privacy-Enhancing_Patient_Profile_Management.pdf
https://ieeexplore.ieee.org/document/8003467},
doi = {10.1109/JBHI.2017.2655419},
issn = {2168-2194 },
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {IEEE Journal of Biomedical and Health Informatics},
volume = {21},
issue = {6},
pages = {1741-1749},
abstract = {Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.
Rubio-Drosdov, E; Díaz-Sánchez, D; Almenárez, F; Arias-Cabarcos, P; Marín, A
Seamless human-device interaction in the internet of things Journal Article
In: IEEE Transactions on Consumer Electronics, vol. 63, iss. 4, pp. 490-498, 2017, ISSN: 1558-4127.
@article{8246828,
title = {Seamless human-device interaction in the internet of things},
author = {E Rubio-Drosdov and D Díaz-Sánchez and F Almenárez and P Arias-Cabarcos and A Marín},
url = {/download/Seamless_Human-Device_Interaction_in_the_Internet_of_Things.pdf
https://ieeexplore.ieee.org/document/8246828},
doi = {10.1109/TCE.2017.015076},
issn = {1558-4127},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {IEEE Transactions on Consumer Electronics},
volume = {63},
issue = {4},
pages = {490-498},
abstract = {The Internet of Things will bring a scenario in which interaction between humans and devices will be critical to allow people to use, monitor or configure Internet of Things devices. Interactions in such applications are based on traditional graphical interfaces. Devices that accept interaction based on Natural Language, e.g., through voice commands, can understand basic human orders or answering questions whenever user expressions fit into a known language pattern. Some devices can understand natural language voice commands but require sophisticated voice assistants located in the cloud, which raises significant privacy concerns. Others devices which handle voice-processing locally can perform a very limited local recognition system, requiring users to be familiar with words the system can process. The purpose of this work is to diminish the complexity of Natural Language processing in the context of IoT. The solution posited in this article allows Internet of Things devices to offload Natural Language processing to a system that improves the use of Natural Language and alleviates the need to learn or remember specific words or terms intended for triggering device actions. We have evaluated the feasibility of the design with a proof-of-concept implemented in a home environment and it was tested by real users.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things will bring a scenario in which interaction between humans and devices will be critical to allow people to use, monitor or configure Internet of Things devices. Interactions in such applications are based on traditional graphical interfaces. Devices that accept interaction based on Natural Language, e.g., through voice commands, can understand basic human orders or answering questions whenever user expressions fit into a known language pattern. Some devices can understand natural language voice commands but require sophisticated voice assistants located in the cloud, which raises significant privacy concerns. Others devices which handle voice-processing locally can perform a very limited local recognition system, requiring users to be familiar with words the system can process. The purpose of this work is to diminish the complexity of Natural Language processing in the context of IoT. The solution posited in this article allows Internet of Things devices to offload Natural Language processing to a system that improves the use of Natural Language and alleviates the need to learn or remember specific words or terms intended for triggering device actions. We have evaluated the feasibility of the design with a proof-of-concept implemented in a home environment and it was tested by real users.
Díaz-Sánchez, Daniel; Simon-Sherratt, R.; Almenarez, Florina; Arias, Patricia; Marín, Andrés
Secure store and forward proxy for dynamic IoT applications over M2M networks Journal Article
In: IEEE Transactions on Consumer Electronics, vol. 62, iss. 4, pp. 389-397, 2016, ISSN: 0098-3063.
@article{7838091,
title = {Secure store and forward proxy for dynamic IoT applications over M2M networks},
author = {Daniel Díaz-Sánchez and R. Simon-Sherratt and Florina Almenarez and Patricia Arias and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/7838091
https://phpmyadmin.pervasive.it.uc3m.es/download/Secure__Store_and_Forward_Proxy_for_Dynamic_IoT_Applications_over_M2M_Networks.pdf},
doi = {10.1109/TCE.2016.7838091},
issn = {0098-3063},
year = {2016},
date = {2016-11-01},
urldate = {2016-11-01},
journal = {IEEE Transactions on Consumer Electronics},
volume = {62},
issue = {4},
pages = {389-397},
abstract = {Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality.
Arias-Cabarcos, Patricia; Marín, Andrés; Palacios, Diego; Almenárez, Florina; Díaz-Sánchez, Daniel
Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication Journal Article
In: IT Professional, vol. 18, iss. 5, pp. 34-40, 2016, ISSN: 1941-045X.
@article{7579116,
title = {Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication},
author = {Patricia Arias-Cabarcos and Andrés Marín and Diego Palacios and Florina Almenárez and Daniel Díaz-Sánchez},
url = {https://ieeexplore.ieee.org/document/7579116
https://doi.org/10.1109/MITP.2016.81
/download/ComparingPasswordManagementSoftware.pdf},
doi = {10.1109/MITP.2016.81},
issn = {1941-045X},
year = {2016},
date = {2016-09-01},
urldate = {2016-09-01},
journal = {IT Professional},
volume = {18},
issue = {5},
pages = {34-40},
abstract = {In today's corporate IT systems, employees routinely repeat an undeniable pattern: accessing a huge number of password-protected services. In this regard, although deploying a strong enterprise password policy can increase security against online breaches and data leaks, it also imposes a significant usability burden on users. To alleviate this problem, password managers (PMs) are considered user-friendly tools that automate password generation and login processes. But how secure and usable are these tools? The authors analyze the four most popular PMs with free versions from both security and usability perspectives. The comparison leads to recommendations on enterprise PM selection, as well as to the identification of new lines of research and development on usable authentication.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In today's corporate IT systems, employees routinely repeat an undeniable pattern: accessing a huge number of password-protected services. In this regard, although deploying a strong enterprise password policy can increase security against online breaches and data leaks, it also imposes a significant usability burden on users. To alleviate this problem, password managers (PMs) are considered user-friendly tools that automate password generation and login processes. But how secure and usable are these tools? The authors analyze the four most popular PMs with free versions from both security and usability perspectives. The comparison leads to recommendations on enterprise PM selection, as well as to the identification of new lines of research and development on usable authentication.
Marín-López, Andrés; Almenáres-Mendoza, Florina; Arias-Cabarcos, Patricia; Díaz-Sánchez, Daniel
Wi-Fi Direct: Lessons learned Proceedings Article
In: 2016 Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net), Institute of Electrical and Electronics Engineers (IEEE), 2016, ISBN: 978-1-5090-1984-7.
@inproceedings{pa002,
title = {Wi-Fi Direct: Lessons learned},
author = {Andrés Marín-López and Florina Almenáres-Mendoza and Patricia Arias-Cabarcos and Daniel Díaz-Sánchez},
url = {https://ieeexplore.ieee.org/document/7528493
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7528493},
doi = {10.1109/MedHocNet.2016.7528493},
isbn = {978-1-5090-1984-7},
year = {2016},
date = {2016-08-04},
urldate = {2016-08-04},
booktitle = {2016 Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Adhoc networking was initially designed for military application area. But adhoc networks have been found also appealing for autonomous computing. The adhoc mode of IEEE 802.11 (Independent Basic Service Set (IBSS) has not been successful due to several reasons. Within this article we explore and compare two alternatives for adhoc network formation in heterogeneous environments: Wi-Fi P2P also known as Wi-Fi Direct, and Wi-Fi Hotspot. The comparison shows that there are usability, security and performance reasons to favor Hotspot for application development.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Adhoc networking was initially designed for military application area. But adhoc networks have been found also appealing for autonomous computing. The adhoc mode of IEEE 802.11 (Independent Basic Service Set (IBSS) has not been successful due to several reasons. Within this article we explore and compare two alternatives for adhoc network formation in heterogeneous environments: Wi-Fi P2P also known as Wi-Fi Direct, and Wi-Fi Hotspot. The comparison shows that there are usability, security and performance reasons to favor Hotspot for application development.
Khaled, Omar; Marín, Andrés; Almenares, Florina; Arias, Patricia; Díaz, Daniel
Analysis of Secure TCP/IP Profile in 61850 Based Substation Automation System for Smart Grids Journal Article
In: International Journal of Distributed Sensor Networks, vol. 12, iss. 4, pp. 1-11, 2016, ISSN: 1550-1477.
@article{khaled001,
title = {Analysis of Secure TCP/IP Profile in 61850 Based Substation Automation System for Smart Grids},
author = {Omar Khaled and Andrés Marín and Florina Almenares and Patricia Arias and Daniel Díaz},
url = {https://journals.sagepub.com/doi/10.1155/2016/5793183},
doi = {https://doi.org/10.1155/2016/5793183},
issn = {1550-1477},
year = {2016},
date = {2016-04-18},
urldate = {2016-04-18},
journal = {International Journal of Distributed Sensor Networks},
volume = {12},
issue = {4},
pages = {1-11},
abstract = {Smart grid is the term used to describe modern power grids. It aims at achieving efficient, sustainable, economic, and secure delivery of electricity supplies. In order to achieve these goals, communication between different components within the grid and control centers is required. In a rapidly growing world, the demands for substation automation are increasing. Recently, two trends have been changing Substation Automation Systems: IEC 61850 and the need for cybersecurity. IEC 61850 specifies very strict performance requirements for message transfer time. The security for the smart grid must be designed to satisfy both performance and reliability requirements. In this paper, we address a study about secure communication in the substation real-time environment, complying with the IEC 61850 specifications. We mainly focus on analyzing the proposed Secure TCP/IP profile for MMS, testing different cipher suite combinations and examining whether by applying TLS we can still achieve the strict performance requirements of IEC 61850 or not. As a result of the study, we propose a list of cipher suite combinations that should be used. The importance of this study lies mainly on future scenarios, because IEC 61850 is thought to support smart metering communications.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Smart grid is the term used to describe modern power grids. It aims at achieving efficient, sustainable, economic, and secure delivery of electricity supplies. In order to achieve these goals, communication between different components within the grid and control centers is required. In a rapidly growing world, the demands for substation automation are increasing. Recently, two trends have been changing Substation Automation Systems: IEC 61850 and the need for cybersecurity. IEC 61850 specifies very strict performance requirements for message transfer time. The security for the smart grid must be designed to satisfy both performance and reliability requirements. In this paper, we address a study about secure communication in the substation real-time environment, complying with the IEC 61850 specifications. We mainly focus on analyzing the proposed Secure TCP/IP profile for MMS, testing different cipher suite combinations and examining whether by applying TLS we can still achieve the strict performance requirements of IEC 61850 or not. As a result of the study, we propose a list of cipher suite combinations that should be used. The importance of this study lies mainly on future scenarios, because IEC 61850 is thought to support smart metering communications.
Díaz-Sánchez, Daniel; Sherratt, Simon; Arias, Patricia; Almenares, Florina; Marín-López, Andrés
Proxy re-encryption schemes for IoT and crowd sensing Proceedings Article
In: IEEE, 2016, ISSN: 2158-4001.
@inproceedings{pa004,
title = {Proxy re-encryption schemes for IoT and crowd sensing},
author = {Daniel Díaz-Sánchez and Simon Sherratt and Patricia Arias and Florina Almenares and Andrés Marín-López},
url = {https://ieeexplore.ieee.org/document/7430505},
doi = {https://doi.org/10.1109/ICCE.2016.7430505},
issn = {2158-4001},
year = {2016},
date = {2016-04-01},
urldate = {2016-04-01},
publisher = {IEEE},
abstract = {IoT, crowd sensing and smart cities will be a traffic challenge. New communication paradigms as asynchronous messaging carry and forward, scheduled delivery and temporary storage will be needed to manage network resources dynamically. Since traditional end to end security will require keeping security associations among devices for a long time draining valuable resources, we propose and evaluate the use of proxy re-encryption protocols in these scenarios as a solution for reliable and flexible security.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
IoT, crowd sensing and smart cities will be a traffic challenge. New communication paradigms as asynchronous messaging carry and forward, scheduled delivery and temporary storage will be needed to manage network resources dynamically. Since traditional end to end security will require keeping security associations among devices for a long time draining valuable resources, we propose and evaluate the use of proxy re-encryption protocols in these scenarios as a solution for reliable and flexible security.
Díaz-Sánchez, Daniel; Sherratt, Simon; Almenares, Florina; Arias, Patricia; López, Andrés Marín-
Distributed access control and privacy for the internet of me Proceedings Article
In: 2016 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2016, ISSN: 2158-4001.
@inproceedings{pa003,
title = {Distributed access control and privacy for the internet of me},
author = {Daniel Díaz-Sánchez and Simon Sherratt and Florina Almenares and Patricia Arias and Andrés Marín- López},
url = {https://ieeexplore.ieee.org/document/7430506},
doi = {10.1109/ICCE.2016.7430506},
issn = {2158-4001},
year = {2016},
date = {2016-03-14},
booktitle = {2016 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {IEEE},
abstract = {This article presents an experimental scalable message driven IoT and its security architecture based on Decentralized Information Flow Control. The system uses a gateway that exports SoA (REST) interfaces to the internet simplifying external applications whereas uses DIFC and asynchronous messaging within the home environment.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This article presents an experimental scalable message driven IoT and its security architecture based on Decentralized Information Flow Control. The system uses a gateway that exports SoA (REST) interfaces to the internet simplifying external applications whereas uses DIFC and asynchronous messaging within the home environment.
Diaz-Sánchez, Daniel; Sherratt, Simon; Arias, Patricia; Almenarez, Florina; Marín, Andrés
Enabling actor model for crowd sensing and IoT Proceedings Article
In: IEEE, 2015, ISSN: 0747-668X.
@inproceedings{pa006,
title = {Enabling actor model for crowd sensing and IoT},
author = {Daniel Diaz-Sánchez and Simon Sherratt and Patricia Arias and Florina Almenarez and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/7177779},
doi = {https://doi.org/10.1109/ISCE.2015.7177779},
issn = {0747-668X},
year = {2015},
date = {2015-08-06},
urldate = {2015-08-06},
publisher = {IEEE},
abstract = {The cloud is playing a very important role in wireless sensor network, crowd sensing and IoT data collection and processing. However, current cloud solutions lack of some features that hamper the innovation a number of other new services. We propose a cloud solution that provides these missing features as multi-cloud and device multi-tenancy relying in a whole different fully distributed paradigm, the actor model.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The cloud is playing a very important role in wireless sensor network, crowd sensing and IoT data collection and processing. However, current cloud solutions lack of some features that hamper the innovation a number of other new services. We propose a cloud solution that provides these missing features as multi-cloud and device multi-tenancy relying in a whole different fully distributed paradigm, the actor model.
Rubio-Drosdov, Eugenio; Díaz-Sánchez, Daniel; Arias-Cabarcos, Patricia; Almenárez, Florina; Marín, Andrés
Towards a seamless human interaction in IoT Proceedings Article
In: IEEE, 2015, ISSN: 0747-668X.
@inproceedings{pa016,
title = {Towards a seamless human interaction in IoT},
author = {Eugenio Rubio-Drosdov and Daniel Díaz-Sánchez and Patricia Arias-Cabarcos and Florina Almenárez and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/7177781},
doi = {https://doi.org/10.1109/ISCE.2015.7177781},
issn = {0747-668X},
year = {2015},
date = {2015-08-06},
urldate = {2015-08-06},
publisher = {IEEE},
abstract = {This article describes our approach for facilitating the interaction among devices in IoT environments. Our solution provides mechanisms to complement current IoT ontologies with device language annotations to facilitate device communication. This is our first step towards comprehensive user to environment communication that would bring the Internet of Me concept.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This article describes our approach for facilitating the interaction among devices in IoT environments. Our solution provides mechanisms to complement current IoT ontologies with device language annotations to facilitate device communication. This is our first step towards comprehensive user to environment communication that would bring the Internet of Me concept.
Arias-Cabarcos, Patricia; Almenárez, Florina; Trapero, Rubén; Díaz-Sánchez, Daniel; Marín, Andrés
Blended Identity: Pervasive IdM for Continuous Authentication Journal Article
In: IEEE Xplore, vol. 13, iss. 3, pp. 32-39, 2015, ISSN: 1540-7993.
@article{ariascabarcos002,
title = {Blended Identity: Pervasive IdM for Continuous Authentication},
author = {Patricia Arias-Cabarcos and Florina Almenárez and Rubén Trapero and Daniel Díaz-Sánchez and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/7118079},
doi = {https://doi.org/10.1109/MSP.2015.62},
issn = {1540-7993},
year = {2015},
date = {2015-06-04},
urldate = {2015-06-04},
journal = {IEEE Xplore},
volume = {13},
issue = {3},
pages = {32-39},
abstract = {A proper identity management approach is necessary for pervasive computing to be invisible to users. Federated identity management is key to achieving efficient identity blending and natural integration in the physical and online layers where users, devices, and services are present.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A proper identity management approach is necessary for pervasive computing to be invisible to users. Federated identity management is key to achieving efficient identity blending and natural integration in the physical and online layers where users, devices, and services are present.
Díaz-Sanchez, Daniel; Arias-Cabarcos, Patricia; Almenarez, Florina; Marín-López, Andrés
P2P-based data layer for mobile Media Cloud Proceedings Article
In: IEEE, 2015, ISSN: 2158-3994.
@inproceedings{pa005,
title = {P2P-based data layer for mobile Media Cloud},
author = {Daniel Díaz-Sanchez and Patricia Arias-Cabarcos and Florina Almenarez and Andrés Marín-López},
url = {https://ieeexplore.ieee.org/document/7066362},
doi = {https://doi.org/10.1109/ICCE.2015.7066362},
issn = {2158-3994},
year = {2015},
date = {2015-03-26},
urldate = {2015-03-26},
publisher = {IEEE},
abstract = {This paper focus in an emerging concept called Elastic Personal Computing that is the ability to distribute data processing among multiple personal devices that constitute a mobile cloud. Among the most complex challenges is to provide data layer for the system to exchange input data transparently among nodes considering the data partitioning is application specific. Implementing data layers with replication and load distribution strategies is not feasible due to mobility, intermittent availability and the distributed character of mobile cloud systems. This article reasons about the problem and presents a P2P based data layer for distributed computing using personal devices.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper focus in an emerging concept called Elastic Personal Computing that is the ability to distribute data processing among multiple personal devices that constitute a mobile cloud. Among the most complex challenges is to provide data layer for the system to exchange input data transparently among nodes considering the data partitioning is application specific. Implementing data layers with replication and load distribution strategies is not feasible due to mobility, intermittent availability and the distributed character of mobile cloud systems. This article reasons about the problem and presents a P2P based data layer for distributed computing using personal devices.
Díaz-Sánchez, Daniel; Sánchez-Guerrero, Rosa; Arias, Patricia; Almenarez, Florina; Marín, Andrés
A distributed transcoding and content protection system: Enabling pay per quality using the cloud Journal Article
In: Telecommunication Systems, vol. 61, iss. 1, pp. 59 - 76, 2015, ISSN: 1572-9451.
@article{diazsanchez002,
title = {A distributed transcoding and content protection system: Enabling pay per quality using the cloud},
author = {Daniel Díaz-Sánchez and Rosa Sánchez-Guerrero and Patricia Arias and Florina Almenarez and Andrés Marín },
url = {https://link.springer.com/article/10.1007/s11235-014-9952-x},
doi = {https://doi.org/10.1007/s11235-014-9952-x},
issn = {1572-9451},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Telecommunication Systems},
volume = {61},
issue = {1},
pages = {59 - 76},
abstract = {Video coding is a process for adapting media content to the constraints of transmission networks delivery and terminal device visualization. Moreover, content protection is also necessary. Nowadays the heterogeneity of client devices is increasing leading to different resolutions, qualities and form factors. Due to this, transcoding and protection are essential processes to be conducted in modern video distribution networks to adapt video to devices and network constraints and to enable pay per quality schemas enforcing content licenses. Unfortunately, transcoding and protection can be no longer considered linear since every single content should be transcoded in several formats and sometimes protected, so it would require a long time to finish. Modern scalable coding techniques, as H264 SVC, can help to save processing power and bandwidth providing in a single stream several video versions. However, if the enhancements of a SVC encoded content are protected separately, it would possible to enable pay-per-quality providing an additional degree of freedom to content delivery industry. Unfortunatelly, transcoding and protection entail huge doses of processing power at provider side and should be distributed. Moreover, processing key streams to decrypt enhancements that were encrypted separately can increase the complexity at receiver side. Cloud computing emerges as a potential solution for coping with large population of users with heterogeneous visualization devices. The elastic nature of cloud computing can be an advantage given the difficulty to predict the computing resources video content would require to be distributed during the entire content life. This article describes a system that distributes and parallelizes the video transcoding process as well as the content encryption, following the SaaS approach in cloud computing. Moreover, the article describes an experimental approach for generating and processing a flexible key stream that would help to simplify key management at receiver side and would allow legacy receivers to consume SVC content with separate enhancement protection.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Video coding is a process for adapting media content to the constraints of transmission networks delivery and terminal device visualization. Moreover, content protection is also necessary. Nowadays the heterogeneity of client devices is increasing leading to different resolutions, qualities and form factors. Due to this, transcoding and protection are essential processes to be conducted in modern video distribution networks to adapt video to devices and network constraints and to enable pay per quality schemas enforcing content licenses. Unfortunately, transcoding and protection can be no longer considered linear since every single content should be transcoded in several formats and sometimes protected, so it would require a long time to finish. Modern scalable coding techniques, as H264 SVC, can help to save processing power and bandwidth providing in a single stream several video versions. However, if the enhancements of a SVC encoded content are protected separately, it would possible to enable pay-per-quality providing an additional degree of freedom to content delivery industry. Unfortunatelly, transcoding and protection entail huge doses of processing power at provider side and should be distributed. Moreover, processing key streams to decrypt enhancements that were encrypted separately can increase the complexity at receiver side. Cloud computing emerges as a potential solution for coping with large population of users with heterogeneous visualization devices. The elastic nature of cloud computing can be an advantage given the difficulty to predict the computing resources video content would require to be distributed during the entire content life. This article describes a system that distributes and parallelizes the video transcoding process as well as the content encryption, following the SaaS approach in cloud computing. Moreover, the article describes an experimental approach for generating and processing a flexible key stream that would help to simplify key management at receiver side and would allow legacy receivers to consume SVC content with separate enhancement protection.
Díaz-Sanchez, Daniel; Arias-Cabarcos, Patricia; Sánchez-Guerrero, Rosa; Almenarez, Florina; Marín-Lopez, Andrés
Elastic participatory sensing systems enabling cooperative meta sensors with consumer devices Proceedings Article
In: 2014 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2014, ISSN: 2158-3994.
@inproceedings{pa007,
title = {Elastic participatory sensing systems enabling cooperative meta sensors with consumer devices},
author = {Daniel Díaz-Sanchez and Patricia Arias-Cabarcos and Rosa Sánchez-Guerrero and Florina Almenarez and Andrés Marín-Lopez},
url = {https://ieeexplore.ieee.org/document/6776058},
doi = {https://doi.org/10.1109/ICCE.2014.6776058},
issn = {2158-3994},
year = {2014},
date = {2014-03-20},
booktitle = {2014 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {IEEE},
abstract = {Participatory Sensing systems can take benefit of the distributed processing personal consumer devices can provide since sensors can be grouped in meta-sensors and measures can be processed in a distributed fashion saving costs and improving the coverage. This abstract presents a solution introducing the concept of personal meta-sensor and provides a lightweight framework to consume and process measures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Participatory Sensing systems can take benefit of the distributed processing personal consumer devices can provide since sensors can be grouped in meta-sensors and measures can be processed in a distributed fashion saving costs and improving the coverage. This abstract presents a solution introducing the concept of personal meta-sensor and provides a lightweight framework to consume and process measures.
Díaz-Sánchez, Daniel; Almenarez, Florina; Marín, Andrés; Sánchez-Guerrero, Rosa; Arias, Patricia
Media Gateway: bringing privacy to Private Multimedia Clouds connections Journal Article
In: Telecommunication Systems, vol. 55, iss. 2, pp. 315-330, 2014, ISSN: 1572-9451.
@article{diazsanchez001,
title = {Media Gateway: bringing privacy to Private Multimedia Clouds connections},
author = {Daniel Díaz-Sánchez and Florina Almenarez and Andrés Marín and Rosa Sánchez-Guerrero and Patricia Arias },
url = {https://link.springer.com/article/10.1007/s11235-013-9783-1},
doi = {https://doi.org/10.1007/s11235-013-9783-1},
issn = {1572-9451},
year = {2014},
date = {2014-02-01},
urldate = {2014-02-01},
journal = {Telecommunication Systems},
volume = {55},
issue = {2},
pages = {315-330},
abstract = {The growing interest in media sharing combined with the explosion of social applications have opened an opportunity window for cloud based applications for media management as Media Cloud, described in this article, that has brought the concept of Cloud Computing to home environments. Media Cloud provides a comprehensive and efficient solution for managing content among federated home environments. As part of the purpose of empowering the user role as well as to improve user experience, we placed significant efforts on interoperability and privacy protection when it comes to accessing cloud resources from other networks. This article describes a solution that enables limited devices to access contents located in private clouds, as Media Cloud, with the cooperation of network providers.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The growing interest in media sharing combined with the explosion of social applications have opened an opportunity window for cloud based applications for media management as Media Cloud, described in this article, that has brought the concept of Cloud Computing to home environments. Media Cloud provides a comprehensive and efficient solution for managing content among federated home environments. As part of the purpose of empowering the user role as well as to improve user experience, we placed significant efforts on interoperability and privacy protection when it comes to accessing cloud resources from other networks. This article describes a solution that enables limited devices to access contents located in private clouds, as Media Cloud, with the cooperation of network providers.
Arias-Cabarcos, Patricia; Almenares-Mendoza, Florina; Gómez-Mármol, Felix; López, Andrés Marín-
To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management Journal Article
In: Wireless Personal Communications, vol. 75, iss. 3, pp. 1769-1786, 2013, ISSN: 0929-6212.
@article{almenarez010,
title = {To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management },
author = {Patricia Arias-Cabarcos and Florina Almenares-Mendoza and Felix Gómez-Mármol and Andrés Marín- López },
doi = {https://doi.org/10.1007/s11277-013-1338-y},
issn = {0929-6212},
year = {2013},
date = {2013-08-01},
urldate = {2013-08-01},
journal = {Wireless Personal Communications},
volume = {75},
issue = {3},
pages = {1769-1786},
abstract = {Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes.
Almenares, Florina; Arias, Patricia; Marín, Andrés; Díaz-Sánchez, Daniel; Sánchez, Rosa
Overhead of using Secure Wireless Communications in Mobile Computing Journal Article
In: IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 59, iss. 2, pp. 335-342, 2013, ISSN: 0098-3063.
@article{almenarez004,
title = {Overhead of using Secure Wireless Communications in Mobile Computing},
author = {Florina Almenares and Patricia Arias and Andrés Marín and Daniel Díaz-Sánchez and Rosa Sánchez
},
url = {https://ieeexplore.ieee.org/document/6531115
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6531115},
doi = {https://doi.org/10.1109/TCE.2013.6531115},
issn = {0098-3063},
year = {2013},
date = {2013-05-06},
urldate = {2013-05-06},
journal = {IEEE TRANSACTIONS ON CONSUMER ELECTRONICS},
volume = {59},
issue = {2},
pages = {335-342},
abstract = {Secure wireless communications are fundamental in any interaction in order to avoid security and privacy breaches, especially from mobile devices. The use of this kind of communications is far more frequent and the number of users increases day after day. This paper shows and analyzes the support, performance and consumption of cryptographic algorithms and cipher suites in terms of time and energy when secure communications (i.e., using SSL) are established according to different security levels. This study has been performed in distinct operating systems, and using different browsers and libraries.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure wireless communications are fundamental in any interaction in order to avoid security and privacy breaches, especially from mobile devices. The use of this kind of communications is far more frequent and the number of users increases day after day. This paper shows and analyzes the support, performance and consumption of cryptographic algorithms and cipher suites in terms of time and energy when secure communications (i.e., using SSL) are established according to different security levels. This study has been performed in distinct operating systems, and using different browsers and libraries.
Díaz-Sánchez, Daniel; Marín-López, Andres; Almenares, Florina; Sánchez, Rosa; Arias, Patricia
Flexible Computing for personal electronic devices Proceedings Article
In: 2013 IEEE International Conference on Consumer Electronics (ICCE), IEEE, 2013, ISSN: 2158-3994.
@inproceedings{pa008,
title = {Flexible Computing for personal electronic devices},
author = {Daniel Díaz-Sánchez and Andres Marín-López and Florina Almenares and Rosa Sánchez and Patricia Arias},
url = {https://ieeexplore.ieee.org/document/6486863},
doi = {https://doi.org/10.1109/ICCE.2013.6486863},
issn = {2158-3994},
year = {2013},
date = {2013-03-28},
booktitle = {2013 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {IEEE},
abstract = {This article describes an experimental framework for Android called Light Weight Map Reduce that pursues enabling Elastic Personal Computing, a refinement of the Elastic Computing concept that allows personal electronics to automatically distribute the load among devices constituting a computing fabric seamlessly.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This article describes an experimental framework for Android called Light Weight Map Reduce that pursues enabling Elastic Personal Computing, a refinement of the Elastic Computing concept that allows personal electronics to automatically distribute the load among devices constituting a computing fabric seamlessly.
Almenares, Florina; Arias, Patricia; Marín-López, Andrés; Díaz-Sánchez, Daniel; Sánchez, Rosa
How costly are secure transactions on handheld devices? Proceedings Article
In: IEEE, 2013, ISSN: 2158-3994.
@inproceedings{pa010,
title = {How costly are secure transactions on handheld devices?},
author = {Florina Almenares and Patricia Arias and Andrés Marín-López and Daniel Díaz-Sánchez and Rosa Sánchez},
url = {https://ieeexplore.ieee.org/document/6486865},
doi = {https://doi.org/10.1109/ICCE.2013.6486865},
issn = {2158-3994},
year = {2013},
date = {2013-03-08},
publisher = {IEEE},
abstract = {Handheld devices are more and more powerful allowing to do most things people do on a desktop. Nevertheless, mobile device security follows being an open issue. We have performed the first study of the security support between native and OpenSSL-based libraries, in terms of energy consumption and time, about secure communication performance.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Handheld devices are more and more powerful allowing to do most things people do on a desktop. Nevertheless, mobile device security follows being an open issue. We have performed the first study of the security support between native and OpenSSL-based libraries, in terms of energy consumption and time, about secure communication performance.
Díaz-Sánchez, Daniel; Marín-López, Andrés; Almenarez, Florina; Sánchez-Guerrero, Rosa; Arias, Patricia
A distributed transcoding system for mobile video delivery Proceedings Article
In: Institute of Electrical and Electronics Engineers (IEEE), 2013, ISBN: 978-1-4673-2993-4.
@inproceedings{pa019,
title = {A distributed transcoding system for mobile video delivery},
author = {Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenarez and Rosa Sánchez-Guerrero and Patricia Arias},
url = {https://ieeexplore.ieee.org/document/6416151},
doi = {https://doi.org/10.1109/WMNC.2012.6416151},
isbn = {978-1-4673-2993-4},
year = {2013},
date = {2013-01-24},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {The heterogeneity of client devices is increasing leading to different resolutions, qualities and form factors. Due to the amount of multimedia to be processed, transcoding and protection can be no longer performed linearly. For that reason, this article describes a solution to distribute and parallelize the transcoding process as well as the content encryption relying on cloud computing. Moreover, this article shows the benefits of this approach showing several experimental results.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The heterogeneity of client devices is increasing leading to different resolutions, qualities and form factors. Due to the amount of multimedia to be processed, transcoding and protection can be no longer performed linearly. For that reason, this article describes a solution to distribute and parallelize the transcoding process as well as the content encryption relying on cloud computing. Moreover, this article shows the benefits of this approach showing several experimental results.
Sánchez-Guerrero, Rosa; Almenárez, Florina; Díaz-Sánchez, Daniel; Arias, Patricia; Marín, Andrés
A model for dimensioning a secure event-driven health care system Proceedings Article
In: 2012 5th Joint IFIP Wireless and Mobile Networking Conference (WMNC), Institute of Electrical and Electronics Engineers (IEEE), 2013, ISBN: 978-1-4673-2993-4.
@inproceedings{pa020,
title = {A model for dimensioning a secure event-driven health care system},
author = {Rosa Sánchez-Guerrero and Florina Almenárez and Daniel Díaz-Sánchez and Patricia Arias and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/6416152},
doi = {https://doi.org/10.1109/WMNC.2012.6416152},
isbn = {978-1-4673-2993-4},
year = {2013},
date = {2013-01-24},
urldate = {2013-01-24},
booktitle = {2012 5th Joint IFIP Wireless and Mobile Networking Conference (WMNC)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Privacy is close to the user information and thus, present in any ubiquitous computing scenario. In this sense, privacy in identity management is gaining more importance, since IdM systems deal with services that requires sharing attributes belonging to users' identity with different entities across security domains. However, the effective revocation consent -considered as a privacy rule in sensitive scenarios- has not been fully addressed. This article builds on the flexible event-based user consent-revocation mechanism defined in [4] for health care scenarios. In this article we analyze the network dimensioning to calculate the overhead of activating/deactivating attributes and privileges, as subscription and notification event messages exchanged. We consider two main simulation scenarios: a large hospital, and a small-medium hospital.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Privacy is close to the user information and thus, present in any ubiquitous computing scenario. In this sense, privacy in identity management is gaining more importance, since IdM systems deal with services that requires sharing attributes belonging to users' identity with different entities across security domains. However, the effective revocation consent -considered as a privacy rule in sensitive scenarios- has not been fully addressed. This article builds on the flexible event-based user consent-revocation mechanism defined in [4] for health care scenarios. In this article we analyze the network dimensioning to calculate the overhead of activating/deactivating attributes and privileges, as subscription and notification event messages exchanged. We consider two main simulation scenarios: a large hospital, and a small-medium hospital.
Arias-Cabarcos, Patricia; Almenárez-Mendoza, Florina; Sánchez-Guerrero, Rosa; Marín-López, Andrés; Díaz-Sánchez, Daniel
SuSSo: Seamless and Ubiquitous Single Sign-on for Cloud Service Continuity across devices Journal Article
In: IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 58, iss. 4, pp. 1425-1433, 2012, ISSN: 0098-3063.
@article{ariascabarcos004,
title = {SuSSo: Seamless and Ubiquitous Single Sign-on for Cloud Service Continuity across devices},
author = {Patricia Arias-Cabarcos and Florina Almenárez-Mendoza and Rosa Sánchez-Guerrero and Andrés Marín-López and Daniel Díaz-Sánchez},
url = {https://ieeexplore.ieee.org/document/6415016
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6415016},
doi = {https://doi.org/10.1109/TCE.2012.6415016},
issn = {0098-3063},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
journal = {IEEE TRANSACTIONS ON CONSUMER ELECTRONICS},
volume = {58},
issue = {4},
pages = {1425-1433},
abstract = {The great variety of consumer electronic devices with support of wireless communications combined with the emerging Cloud Computing paradigm is paving the way to real anytime/anywhere computing. In this context, many services, such as music or video streaming, are delivered to the clients using Cloud-based providers. However, service continuity when moving across different terminals is still a major challenge. This paper proposes SuSSo, a novel middleware architecture that allows sessions initiated from one device to be seamlessly transferred to a second one, as might be desirable in the enjoyment of long running media.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The great variety of consumer electronic devices with support of wireless communications combined with the emerging Cloud Computing paradigm is paving the way to real anytime/anywhere computing. In this context, many services, such as music or video streaming, are delivered to the clients using Cloud-based providers. However, service continuity when moving across different terminals is still a major challenge. This paper proposes SuSSo, a novel middleware architecture that allows sessions initiated from one device to be seamlessly transferred to a second one, as might be desirable in the enjoyment of long running media.
Marín-López, Andrés; Díaz-Sánchez, Daniel; Almenárez-Mendoza, Florina; Arias-Cabarcos, Patricia; Sánchez-Guerrero, Rosa; Sanvido, Fabio
Private cloud and media privacy in social networks Proceedings Article
In: 2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin), IEEE, 2012, ISSN: 2166-6814.
@inproceedings{pa011,
title = {Private cloud and media privacy in social networks},
author = {Andrés Marín-López and Daniel Díaz-Sánchez and Florina Almenárez-Mendoza and Patricia Arias-Cabarcos and Rosa Sánchez-Guerrero and Fabio Sanvido},
url = {https://ieeexplore.ieee.org/document/6336476},
doi = {https://doi.org/10.1109/ICCE-Berlin.2012.6336476},
issn = {2166-6814},
year = {2012},
date = {2012-10-22},
booktitle = {2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin)},
publisher = {IEEE},
abstract = {Privacy rules imposed by social networks (SNs) impose several restrictions to user privacy. Though they usually offer the user some control to limit access to his own data, the social network may share uploaded data with other partners and marketing companies. Pictures and videos may have a second life, even after being deleted by the user, and consequently storage and access must take place in the user home domain or facilities managed by the user, following an end to end approach. We propose to combine the usage of private clouds, specialized in media contents, in cooperation with SNs, offering the user complete control over his data, while benefiting from the SNs visibility to announce and spread the data. To achieve transparency, we propose a plug-in system to embed links as annotations in reduced media replacement uploaded in the SN. These links point to the real resource stored in the private cloud, now under complete user control. We perform validation tests which show important improvements in uploading time and user experience.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Privacy rules imposed by social networks (SNs) impose several restrictions to user privacy. Though they usually offer the user some control to limit access to his own data, the social network may share uploaded data with other partners and marketing companies. Pictures and videos may have a second life, even after being deleted by the user, and consequently storage and access must take place in the user home domain or facilities managed by the user, following an end to end approach. We propose to combine the usage of private clouds, specialized in media contents, in cooperation with SNs, offering the user complete control over his data, while benefiting from the SNs visibility to announce and spread the data. To achieve transparency, we propose a plug-in system to embed links as annotations in reduced media replacement uploaded in the SN. These links point to the real resource stored in the private cloud, now under complete user control. We perform validation tests which show important improvements in uploading time and user experience.
Arias-Cabarcos, Patricia; Almenárez-Mendoza, Florina; Marín-López, Andrés; Díaz-Sánchez, Daniel; Sánchez-Guerrero, Rosa
A Metric-Based Approach to Assess Risk for "On Cloud" Federated Identity Management Journal Article
In: Journal of Network and Systems Management, vol. 20, iss. 4, pp. 513-533, 2012, ISSN: 1573-7705.
@article{ariascabarcos001,
title = {A Metric-Based Approach to Assess Risk for "On Cloud" Federated Identity Management},
author = {Patricia Arias-Cabarcos and Florina Almenárez-Mendoza and Andrés Marín-López and Daniel Díaz-Sánchez and Rosa Sánchez-Guerrero },
url = {https://link.springer.com/article/10.1007/s10922-012-9244-2},
doi = {https://doi.org/10.1007/s10922-012-9244-2},
issn = {1573-7705},
year = {2012},
date = {2012-07-04},
urldate = {2012-07-04},
journal = {Journal of Network and Systems Management},
volume = {20},
issue = {4},
pages = {513-533},
abstract = {The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidence-based trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidence-based trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.
Sánchez-Guerrero, Rosa; Almenárez, Florina; Díaz-Sánchez, Daniel; Marín, Andrés; Arias, Patricia; Sanvido, Fabio
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health Journal Article
In: Sensors , vol. 12, iss. 5, pp. 6129-6154, 2012, ISSN: 1424-8220.
@article{sanchezguerrero001,
title = {An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health},
author = {Rosa Sánchez-Guerrero and Florina Almenárez and Daniel Díaz-Sánchez and Andrés Marín and Patricia Arias and Fabio Sanvido
},
url = {https://www.mdpi.com/1424-8220/12/5/6129
https://www.mdpi.com/1424-8220/12/5/6129/pdf?version=1403317529},
doi = {https://doi.org/10.3390/s120506129},
issn = {1424-8220},
year = {2012},
date = {2012-05-10},
urldate = {2012-05-10},
journal = {Sensors },
volume = {12},
issue = {5},
pages = {6129-6154},
abstract = {Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
Sanvido, F.; Díaz-Sánchez, D.; Sánchez-Guerrero, R.; Almenares, F.; Arias, P.
Privacy enhanced cloud services home aggregator Proceedings Article
In: 2012 IEEE International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2012, ISSN: 2158-3994.
@inproceedings{pa014,
title = {Privacy enhanced cloud services home aggregator},
author = {F. Sanvido and D. Díaz-Sánchez and R. Sánchez-Guerrero and F. Almenares and P. Arias},
url = {https://ieeexplore.ieee.org/document/6162012},
doi = {https://doi.org/10.1109/ICCE.2012.6162012},
issn = {2158-3994},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {2012 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {During the past years we have assisted to the huge diffusion of Cloud based Services, but security and privacy are still an issue in the Cloud due to a problem of trust endemic in the Cloud paradigm; users who have subscribed some kind of Cloud service must fully trust their providers. In this paper we propose a new, yet simple way to guarantee privacy for end user's data and operations. We propose to use an application inside an STB as single point of concentration for user's Cloud services accounts. Thus, a higher degree of privacy could be achieved by splitting user's data and operations over multiple identities and even over multiple providers' networks. In this article we depict, as example, the case of on-line storage and synchronization service.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the past years we have assisted to the huge diffusion of Cloud based Services, but security and privacy are still an issue in the Cloud due to a problem of trust endemic in the Cloud paradigm; users who have subscribed some kind of Cloud service must fully trust their providers. In this paper we propose a new, yet simple way to guarantee privacy for end user's data and operations. We propose to use an application inside an STB as single point of concentration for user's Cloud services accounts. Thus, a higher degree of privacy could be achieved by splitting user's data and operations over multiple identities and even over multiple providers' networks. In this article we depict, as example, the case of on-line storage and synchronization service.
Sánchez-Guerrero, Rosa; Arias-Cabarcos, Patricia; Almenares-Mendoza, Florina; Díaz-Sanchez, Daniel
Trust-aware federated IdM in consumer cloud computing Proceedings Article
In: 2012 IEEE International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2012, ISSN: 2158-3994.
@inproceedings{pa015,
title = {Trust-aware federated IdM in consumer cloud computing},
author = {Rosa Sánchez-Guerrero and Patricia Arias-Cabarcos and Florina Almenares-Mendoza and Daniel Díaz-Sanchez},
url = {https://ieeexplore.ieee.org/document/6161734},
doi = {https://doi.org/10.1109/ICCE.2012.6161734},
issn = {2158-3994},
year = {2012},
date = {2012-03-01},
booktitle = {2012 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Cloud computing paradigm has emerged as the natural evolution and integration of advances in several areas including distributed computing and consumer electronics. In this complex ecosystem, security and identity management challenges have arisen, given their dynamism and heterogeneity. As a direct consequence, dynamic federated identity management has arisen as an indispensable mechanism to enable the global scalability that is required for the successful implantation of Cloud technologies. With this requirement in mind, we present a trust-aware IdM architecture based on privacy and reputation extensions compliant with the SAMLv2 standard media.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud computing paradigm has emerged as the natural evolution and integration of advances in several areas including distributed computing and consumer electronics. In this complex ecosystem, security and identity management challenges have arisen, given their dynamism and heterogeneity. As a direct consequence, dynamic federated identity management has arisen as an indispensable mechanism to enable the global scalability that is required for the successful implantation of Cloud technologies. With this requirement in mind, we present a trust-aware IdM architecture based on privacy and reputation extensions compliant with the SAMLv2 standard media.
Arias-Cabarcos, Patricia; Almenares, Florina; Sánchez-Guerrero, Rosa; Marin, Andrés; Díaz-Sánchez, Daniel
Multi-device Single Sign-on for cloud service continuity Proceedings Article
In: 2012 IEEE International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2012, ISSN: 2158-3994.
@inproceedings{pa018,
title = {Multi-device Single Sign-on for cloud service continuity},
author = {Patricia Arias-Cabarcos and Florina Almenares and Rosa Sánchez-Guerrero and Andrés Marin and Daniel Díaz-Sánchez},
url = {https://ieeexplore.ieee.org/document/6162011},
doi = {https://doi.org/10.1109/ICCE.2012.6162011},
issn = {2158-3994},
year = {2012},
date = {2012-03-01},
booktitle = {2012 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {The great variety of consumer electronic devices with support of wireless communications combined with the emerging Cloud Computing paradigm is paving the way to real anytime/anywhere computing. In this context, many services, such as music or video streaming, are delivered to the clients using Cloud-based providers. However, service continuity when moving across different terminals is still a major challenge. This paper proposes a novel middleware architecture that allows security sessions initiated from one device to be seamlessly transferred to a second one, as might be desirable in the enjoyment of long running media.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The great variety of consumer electronic devices with support of wireless communications combined with the emerging Cloud Computing paradigm is paving the way to real anytime/anywhere computing. In this context, many services, such as music or video streaming, are delivered to the clients using Cloud-based providers. However, service continuity when moving across different terminals is still a major challenge. This paper proposes a novel middleware architecture that allows security sessions initiated from one device to be seamlessly transferred to a second one, as might be desirable in the enjoyment of long running media.
Sánchez, Rosa; Almenares, Florina; Arias, Patricia; Díaz-Sánchez, Daniel; Marín, Andrés
Enhancing privacy and dynamic federation in IdM for consumer cloud computing Journal Article
In: IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 58, iss. 1, pp. 95-103, 2012, ISSN: 0098-3063.
@article{almenarez003,
title = {Enhancing privacy and dynamic federation in IdM for consumer cloud computing},
author = {Rosa Sánchez and Florina Almenares and Patricia Arias and Daniel Díaz-Sánchez and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/6170060
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6170060},
doi = {https://doi.org/10.1109/TCE.2012.6170060},
issn = {0098-3063},
year = {2012},
date = {2012-02-01},
urldate = {2012-02-01},
journal = {IEEE TRANSACTIONS ON CONSUMER ELECTRONICS},
volume = {58},
issue = {1},
pages = {95-103},
abstract = {Consumer cloud computing paradigm has emerged as the natural evolution and integration of advances in several areas including distributed computing, service oriented architecture and consumer electronics. In this complex ecosystem, security and identity management challenges have cropped up, given their dynamism and heterogeneity. As a direct consequence, dynamic federated identity management with privacy improvements has arisen as an indispensable mechanism to enable the global scalability and usability that are required for the successful implantation of Cloud technologies. With these requirements in mind, we present an IdM architecture based on privacy and reputation extensions compliance with the SAMLv2/ID-FF standards.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Consumer cloud computing paradigm has emerged as the natural evolution and integration of advances in several areas including distributed computing, service oriented architecture and consumer electronics. In this complex ecosystem, security and identity management challenges have cropped up, given their dynamism and heterogeneity. As a direct consequence, dynamic federated identity management with privacy improvements has arisen as an indispensable mechanism to enable the global scalability and usability that are required for the successful implantation of Cloud technologies. With these requirements in mind, we present an IdM architecture based on privacy and reputation extensions compliance with the SAMLv2/ID-FF standards.
Sánchez-Guerrero, Rosa; Díaz-Sánchez, Daniel; Marín-López, Andrés; Arias-Cabarcos, Patricia; Almenares-Mendoza, Florina
Improving privacy in identity management systems for health care scenarios Proceedings Article
In: Proceedings of the 5th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAMI 2011), December 5-8th, 2011, Riviera Maya, Mexico, UCAMI, 2011, ISBN: 978-84-694-9677-0.
@inproceedings{pa033,
title = {Improving privacy in identity management systems for health care scenarios},
author = {Rosa Sánchez-Guerrero and Daniel Díaz-Sánchez and Andrés Marín-López and Patricia Arias-Cabarcos and Florina Almenares-Mendoza},
url = {http://hdl.handle.net/10016/13102},
isbn = {978-84-694-9677-0},
year = {2011},
date = {2011-12-27},
urldate = {2011-12-27},
booktitle = {Proceedings of the 5th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAMI 2011), December 5-8th, 2011, Riviera Maya, Mexico},
publisher = {UCAMI},
abstract = {Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.
Sánchez-Guerrero, Rosa; Díaz-Sánchez, Daniel; Almenares-Mendoza, Florina; López, Andrés Marín-; Arias-Cabarcos, Patricia; Proserpio, Davide
An identity aware wimax personalization for pervasive computing services Proceedings Article
In: Proceedings of the 5th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAMI 2011), December 5-9th, 2011, Riviera Maya, Mexico., UCAMI, 2011, ISBN: 978-84-694-9677-0.
@inproceedings{pa034,
title = {An identity aware wimax personalization for pervasive computing services},
author = {Rosa Sánchez-Guerrero and Daniel Díaz-Sánchez and Florina Almenares-Mendoza and Andrés Marín- López and Patricia Arias-Cabarcos and Davide Proserpio },
url = {http://hdl.handle.net/10016/13098
https://e-archivo.uc3m.es/bitstreams/685697a7-32a6-45e9-b60c-913dad70d44e/download},
isbn = {978-84-694-9677-0},
year = {2011},
date = {2011-12-27},
urldate = {2011-12-27},
booktitle = {Proceedings of the 5th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAMI 2011), December 5-9th, 2011, Riviera Maya, Mexico.},
publisher = {UCAMI},
abstract = {Mobile Internet access is becoming more and more pervasive in the new 4G scenarios, where WiMAX is to play a crucial role. WiMax has advantages when considering both energy consumption and bandwidth, when compared with HSDPA and LTE. However, we have found some limitations in IEEE 802.16 security support, which may limit authentication and authorization mechanisms for ubiquitous service development. In this article we analyze weaknesses and vulnerabilities we have found in WiMAX security. WiMax, with the adequate identity management support, could be invaluable for developing new pervasive computing services. We propose the introduction of identity management in WiMAX, as a pervious step to the definition of identity aware WiMax personalization of pervasive computing services.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mobile Internet access is becoming more and more pervasive in the new 4G scenarios, where WiMAX is to play a crucial role. WiMax has advantages when considering both energy consumption and bandwidth, when compared with HSDPA and LTE. However, we have found some limitations in IEEE 802.16 security support, which may limit authentication and authorization mechanisms for ubiquitous service development. In this article we analyze weaknesses and vulnerabilities we have found in WiMAX security. WiMax, with the adequate identity management support, could be invaluable for developing new pervasive computing services. We propose the introduction of identity management in WiMAX, as a pervious step to the definition of identity aware WiMax personalization of pervasive computing services.
Sánchez-Guerrero, Rosa; Díaz-Sánchez, Daniel; Almenarez, Florina; Arias, Patricia; Proserpio, Davide; Marín, Andrés
Introducing identity management in WiMAX to enable secure and personalized services Proceedings Article
In: 2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011), Institute of Electrical and Electronics Engineers (IEEE), 2011, ISBN: 978-1-4577-1192-3.
@inproceedings{pa022,
title = {Introducing identity management in WiMAX to enable secure and personalized services},
author = {Rosa Sánchez-Guerrero and Daniel Díaz-Sánchez and Florina Almenarez and Patricia Arias and Davide Proserpio and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/6097228},
doi = {https://doi.org/10.1109/WMNC.2011.6097228},
isbn = {978-1-4577-1192-3},
year = {2011},
date = {2011-12-12},
urldate = {2011-12-12},
booktitle = {2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {The increasing popularity of broadband Internet and the widespread penetration of full-featured mobile devices have signaled WiMAX importance. IEEE 802.16 standard has focused on security from the beginning, being security support a fundamental aspect in wireless communication. We have found some limitations concerning authentication and authorization mechanisms at user level. To overcome those limitations we consider necessary to provide a proper identity management support for WiMAX for enhancing users' experience whereas delivering services in a secure fashion. In this article we analyze several weaknesses and vulnerabilities in WiMAX security and propose the introduction of identity management in WiMAX for a better provision of secure personalized services.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The increasing popularity of broadband Internet and the widespread penetration of full-featured mobile devices have signaled WiMAX importance. IEEE 802.16 standard has focused on security from the beginning, being security support a fundamental aspect in wireless communication. We have found some limitations concerning authentication and authorization mechanisms at user level. To overcome those limitations we consider necessary to provide a proper identity management support for WiMAX for enhancing users' experience whereas delivering services in a secure fashion. In this article we analyze several weaknesses and vulnerabilities in WiMAX security and propose the introduction of identity management in WiMAX for a better provision of secure personalized services.
Díaz-Sánchez, Daniel; Almenarez, Florina; Marín, Andrés; Arias, Patricia; Sánchez-Guerrero, Rosa; Sanvido, Fabio
A privacy aware media gateway for connecting private multimedia clouds to limited devices Proceedings Article
In: 2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011), Institute of Electrical and Electronics Engineers (IEEE), 2011, ISBN: 978-1-4577-1192-3.
@inproceedings{pa023,
title = {A privacy aware media gateway for connecting private multimedia clouds to limited devices},
author = {Daniel Díaz-Sánchez and Florina Almenarez and Andrés Marín and Patricia Arias and Rosa Sánchez-Guerrero and Fabio Sanvido},
url = {https://ieeexplore.ieee.org/document/6097259},
doi = {https://doi.org/10.1109/WMNC.2011.6097259},
isbn = {978-1-4577-1192-3},
year = {2011},
date = {2011-12-12},
urldate = {2011-12-12},
booktitle = {2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Multimedia availability is exceeding our capacity of management in home environment and outside it. For that reason, solutions as Media Cloud have brought the concept of Cloud Computing to home environments. Media Cloud provides a comprehensive and efficient solution for managing content among federated home environments. However, when consuming those contents outside a home environment some problems should be addressed as dealing with limited devices and protecting user generated and commercial contents from eavesdroppers. This article describes a solution that enables limited devices to access contents located in private clouds, as Media Cloud, with the cooperation of network providers.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Multimedia availability is exceeding our capacity of management in home environment and outside it. For that reason, solutions as Media Cloud have brought the concept of Cloud Computing to home environments. Media Cloud provides a comprehensive and efficient solution for managing content among federated home environments. However, when consuming those contents outside a home environment some problems should be addressed as dealing with limited devices and protecting user generated and commercial contents from eavesdroppers. This article describes a solution that enables limited devices to access contents located in private clouds, as Media Cloud, with the cooperation of network providers.
Díaz-Sánchez, Daniel; Sánchez, Rosa; Arias, Patricia; Sánchez, Iván Bernabé; Almenares, Florina
Family Personalization Service Proceedings Article
In: 2011 IEEE International Conference on Consumer Electronics -Berlin (ICCE-Berlin), pp. 145-149, Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 2166-6814.
@inproceedings{pa026,
title = {Family Personalization Service},
author = {Daniel Díaz-Sánchez and Rosa Sánchez and Patricia Arias and Iván Bernabé Sánchez and Florina Almenares},
url = {https://ieeexplore.ieee.org/document/6031878},
doi = {https://doi.org/10.1109/ICCE-Berlin.2011.6031878},
issn = {2166-6814},
year = {2011},
date = {2011-09-29},
urldate = {2011-09-29},
booktitle = {2011 IEEE International Conference on Consumer Electronics -Berlin (ICCE-Berlin)},
pages = {145-149},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {User centricity is important when designing new products and services. Automatic personalization emerges as key feature to prevent users from being bothered by complex management tasks, allowing them to get the most from their devices. However, devices within home environments are shared among family members, making personalization complex. This article describes a system that uses presence detection through several low cost cameras. It uses a centralized repository for personalization and an event based protocol for configuring devices surrounding users. The system addresses privacy-based filtering and group preference modeling.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
User centricity is important when designing new products and services. Automatic personalization emerges as key feature to prevent users from being bothered by complex management tasks, allowing them to get the most from their devices. However, devices within home environments are shared among family members, making personalization complex. This article describes a system that uses presence detection through several low cost cameras. It uses a centralized repository for personalization and an event based protocol for configuring devices surrounding users. The system addresses privacy-based filtering and group preference modeling.
Marin, Andres; Díaz-Sánchez, Daniel; Almenárez-Mendoza, Florina; Arias-Cabarcos, Patricia; Sánchez-Guerrero, Rosa; Sanvido, Fabio
Consumer electronics for social video services Proceedings Article
In: 2011 IEEE International Conference on Consumer Electronics -Berlin (ICCE-Berlin), Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 2166-6814.
@inproceedings{pa027,
title = {Consumer electronics for social video services},
author = {Andres Marin and Daniel Díaz-Sánchez and Florina Almenárez-Mendoza and Patricia Arias-Cabarcos and Rosa Sánchez-Guerrero and Fabio Sanvido
},
url = {https://ieeexplore.ieee.org/document/6031884},
doi = {https://doi.org/10.1109/ICCE-Berlin.2011.6031884},
issn = {2166-6814},
year = {2011},
date = {2011-09-29},
booktitle = {2011 IEEE International Conference on Consumer Electronics -Berlin (ICCE-Berlin)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Video conference services have been there for quite a long time. First commercial services, enabled by ISDN, where mainly operated by Telcos, then IP enabled video conference and multiconference through the session description protocol (IETF RFC 4566). The common explanation why these services were not massively adopted was price, bandwidth limitation and poor usability. Today bandwidth has greatly improved thanks to ADSL penetration, and many free and commercial providers offer more usable video conference services. Still these services are not massively adopted by domestic users. We also base on the hypothesis that video conference integration with social networks and home networks, will dramatically improve usability and market, but we consider that both integration and usability will be greatly increased through flexible consumer electronics. In this article we explain the requirements of such a device, its architecture, and the advantages for users and technology adoption.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Video conference services have been there for quite a long time. First commercial services, enabled by ISDN, where mainly operated by Telcos, then IP enabled video conference and multiconference through the session description protocol (IETF RFC 4566). The common explanation why these services were not massively adopted was price, bandwidth limitation and poor usability. Today bandwidth has greatly improved thanks to ADSL penetration, and many free and commercial providers offer more usable video conference services. Still these services are not massively adopted by domestic users. We also base on the hypothesis that video conference integration with social networks and home networks, will dramatically improve usability and market, but we consider that both integration and usability will be greatly increased through flexible consumer electronics. In this article we explain the requirements of such a device, its architecture, and the advantages for users and technology adoption.
Díaz-Sánchez, Daniel; Almenarez, Florina; Marín, Andrés; Proserpio, Davide; Cabarcos., Patricia Arias
Media Cloud: An Open Cloud Computing Middleware for Content Management Journal Article
In: IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 57, iss. 2, pp. 970 - 978, 2011, ISSN: 0098-3063.
@article{diazsanchez008,
title = {Media Cloud: An Open Cloud Computing Middleware for Content Management},
author = {Daniel Díaz-Sánchez and Florina Almenarez and Andrés Marín and Davide Proserpio and Patricia Arias Cabarcos.},
url = {https://ieeexplore.ieee.org/document/5955247
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5955247},
doi = {https://doi.org/10.1109/TCE.2011.5955247},
issn = {0098-3063},
year = {2011},
date = {2011-05-03},
urldate = {2011-05-03},
journal = {IEEE TRANSACTIONS ON CONSUMER ELECTRONICS},
volume = {57},
issue = {2},
pages = {970 - 978},
abstract = {Cloud computing allows accessing resources across Internet transparently: requiring no expertise in, or control over the underlying infrastructure. There is an increasing interest in sharing media files with family and friends. However, UPnP or DLNA were not designed for media distribution beyond the boundaries of a local network and manage media files through web applications can be tedious. To overcome this problem, we propose Media Cloud, a middleware for Set-top boxes for classifying, searching, and delivering media inside home network and across the cloud that interoperates with UPnP and DLNA.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cloud computing allows accessing resources across Internet transparently: requiring no expertise in, or control over the underlying infrastructure. There is an increasing interest in sharing media files with family and friends. However, UPnP or DLNA were not designed for media distribution beyond the boundaries of a local network and manage media files through web applications can be tedious. To overcome this problem, we propose Media Cloud, a middleware for Set-top boxes for classifying, searching, and delivering media inside home network and across the cloud that interoperates with UPnP and DLNA.
Almenárez, Florina; Arias, Patricia; Díaz-Sánchez, Daniel; Marín, Andrés; Sánchez., Rosa
fedTV: Personal Networks Federation for IdM in Mobile DTV Journal Article
In: IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 57, iss. 2, pp. 499 - 506, 2011, ISSN: 0098-3063.
@article{almenarez002,
title = {fedTV: Personal Networks Federation for IdM in Mobile DTV},
author = {Florina Almenárez and Patricia Arias and Daniel Díaz-Sánchez and Andrés Marín and Rosa Sánchez.},
url = {https://ieeexplore.ieee.org/document/5955185
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5955185},
doi = {https://doi.org/10.1109/TCE.2011.5955185},
issn = {0098-3063},
year = {2011},
date = {2011-05-03},
urldate = {2011-05-03},
journal = {IEEE TRANSACTIONS ON CONSUMER ELECTRONICS},
volume = {57},
issue = {2},
pages = {499 - 506},
abstract = {Mobile Social TV and Mobile Video Blogging are new challenging scenarios arising from mobile and online DTV. They will allow for new interactions, and dynamically share content and delegate services. That requires the dynamic discovery, joining, and establishing new federations, emerging the trust management as an important facet for that. Such trust management should be autonomous, user-centric, and dynamic to cope with forthcoming applications. We propose an enhanced mobile client to support federated environments for cooperation in mobile DTV scenarios. Our proposal extends the Enhanced Client Profile defined in SAML v2, incorporating a trust management layer inside user's consumer electronic devices' software.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Mobile Social TV and Mobile Video Blogging are new challenging scenarios arising from mobile and online DTV. They will allow for new interactions, and dynamically share content and delegate services. That requires the dynamic discovery, joining, and establishing new federations, emerging the trust management as an important facet for that. Such trust management should be autonomous, user-centric, and dynamic to cope with forthcoming applications. We propose an enhanced mobile client to support federated environments for cooperation in mobile DTV scenarios. Our proposal extends the Enhanced Client Profile defined in SAML v2, incorporating a trust management layer inside user's consumer electronic devices' software.
Arias-Cabarcos, Patricia; Sánchez-Guerrero, Rosa; Almenárez-Mendoza, Florina; Díaz-Sánchez, Daniel
Presence-aware personalized television Proceedings Article
In: 2011 IEEE International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 2158-3994.
@inproceedings{pa030,
title = {Presence-aware personalized television},
author = {Patricia Arias-Cabarcos and Rosa Sánchez-Guerrero and Florina Almenárez-Mendoza and Daniel Díaz-Sánchez},
url = {https://ieeexplore.ieee.org/document/5722854},
doi = {https://doi.org/10.1109/ICCE.2011.5722854},
issn = {2158-3994},
year = {2011},
date = {2011-03-03},
urldate = {2011-03-03},
booktitle = {2011 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Since the advent of the digital era, the traditional TV scenario has rapidly evolved towards an ecosystem comprised of a myriad of services, applications, channels, and contents. As a direct consequence, the amount of available information and configuration options targeted at today's end consumers have become unmanageable. Thus, personalization and usability emerge as indispensable elements to improve our content-overloaded digital homes. With these requirements in mind, we present a way to combine content adaptation paradigms together with presence detection in order to allow a seamless and personalized entertainment experience when watching TV.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Since the advent of the digital era, the traditional TV scenario has rapidly evolved towards an ecosystem comprised of a myriad of services, applications, channels, and contents. As a direct consequence, the amount of available information and configuration options targeted at today's end consumers have become unmanageable. Thus, personalization and usability emerge as indispensable elements to improve our content-overloaded digital homes. With these requirements in mind, we present a way to combine content adaptation paradigms together with presence detection in order to allow a seamless and personalized entertainment experience when watching TV.
Almenares, Florina; Marin, Andrés; Diaz-Sanchez, Daniel; Arias, Patricia
Personal networks federation in mobile DTV Proceedings Article
In: 2011 IEEE International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 2158-3994.
@inproceedings{pa031,
title = {Personal networks federation in mobile DTV},
author = {Florina Almenares and Andrés Marin and Daniel Diaz-Sanchez and Patricia Arias},
url = {https://ieeexplore.ieee.org/document/5722641},
doi = {https://doi.org/10.1109/ICCE.2011.5722641},
issn = {2158-3994},
year = {2011},
date = {2011-03-03},
urldate = {2011-03-03},
booktitle = {2011 IEEE International Conference on Consumer Electronics (ICCE)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {Mobile and online DTV encourages new scenarios and applications to dynamically share content or delegate services between user's personal devices and networks. This requires the establishment of federations in a dynamic way, emerging the trust management as an important facet for that. Such trust management should be autonomous, user-centric, and dynamic to cope with forthcoming applications. This article addresses the mentioned requirements, by defining a SAML-compliant enhanced client to support federated environments for cooperation in mobile DTV scenarios. Such client is extended with a trust layer inside consumer electronic devices' software.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mobile and online DTV encourages new scenarios and applications to dynamically share content or delegate services between user's personal devices and networks. This requires the establishment of federations in a dynamic way, emerging the trust management as an important facet for that. Such trust management should be autonomous, user-centric, and dynamic to cope with forthcoming applications. This article addresses the mentioned requirements, by defining a SAML-compliant enhanced client to support federated environments for cooperation in mobile DTV scenarios. Such client is extended with a trust layer inside consumer electronic devices' software.
Cabarcos, Patricia Arias; Guerrero, Rosa Sánchez; Mendoza, Florina Almenárez; Díaz-Sánchez, Daniel; López, Andrés Marín
FamTV: An Architecture for Presence-Aware Personalized Television Journal Article
In: IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 57, iss. 1, pp. 6-13, 2011, ISSN: 0098-3063.
@article{ariascabarcos003,
title = {FamTV: An Architecture for Presence-Aware Personalized Television},
author = {Patricia Arias Cabarcos and Rosa Sánchez Guerrero and Florina Almenárez Mendoza and Daniel Díaz-Sánchez and Andrés Marín López},
url = {https://ieeexplore.ieee.org/document/5735473
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5735473},
doi = {https://doi.org/10.1109/TCE.2011.5735473},
issn = {0098-3063},
year = {2011},
date = {2011-02-01},
urldate = {2011-02-01},
journal = {IEEE TRANSACTIONS ON CONSUMER ELECTRONICS},
volume = {57},
issue = {1},
pages = {6-13},
abstract = {Since the advent of the digital era, the traditional TV scenario has rapidly evolved towards an ecosystem comprised of a myriad of services, applications, channels, and contents. As a direct consequence, the amount of available information and configuration options targeted at today's end consumers have become unmanageable. Thus, personalization and usability emerge as indispensable elements to improve our content-overloaded digital homes. With these requirements in mind, we present a way to combine content adaptation paradigms together with presence detection in order to allow a seamless and personalized entertainment experience when watching TV.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Since the advent of the digital era, the traditional TV scenario has rapidly evolved towards an ecosystem comprised of a myriad of services, applications, channels, and contents. As a direct consequence, the amount of available information and configuration options targeted at today's end consumers have become unmanageable. Thus, personalization and usability emerge as indispensable elements to improve our content-overloaded digital homes. With these requirements in mind, we present a way to combine content adaptation paradigms together with presence detection in order to allow a seamless and personalized entertainment experience when watching TV.
Proserpio, Davide; Sanvido, Fabio; Arias-Cabarcos, Patricia; Sánchez-Guerrero, Rosa; Almenárez-Mendoza, Florina; Díaz-Sánchez, Daniel; Marín-López, Andrés
Introducing Infocards in NGN to Enable User-Centric Identity Management Proceedings Article
In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 1930-529X.
@inproceedings{pa024,
title = {Introducing Infocards in NGN to Enable User-Centric Identity Management},
author = {Davide Proserpio and Fabio Sanvido and Patricia Arias-Cabarcos and Rosa Sánchez-Guerrero and Florina Almenárez-Mendoza and Daniel Díaz-Sánchez and Andrés Marín-López },
url = {https://ieeexplore.ieee.org/document/5683383},
doi = {https://doi.org/10.1109/GLOCOM.2010.5683383},
issn = {1930-529X},
year = {2011},
date = {2011-01-10},
booktitle = {2010 IEEE Global Telecommunications Conference GLOBECOM 2010},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {With the rapid evolution of networks and the widespread penetration of mobile devices with increasing capabilities, that have already become a commodity, we are getting a step closer to ubiquity. Thus, we are moving a great part of our lives from the physical world to the online world, i.e. social interactions, business transactions, relations with government administrations, etc. However, while identity verification is easy to handle in the real world, there are many unsolved challenges when dealing with digital identity management, especially due to the lack of user awareness when it comes to privacy. Thus, with the aim to enhance the navigation experience and security in multiservice and multiprovider environments the user must be empowered to control how her attributes are shared and disclosed between different domains.With these goals on mind, we leverage the benefits of the Infocard technology and introduce this usercentric paradigm into the emerging NGN architectures. This paper proposes a way to combine the gains of a SAML federation between service and identity providers with the easiness for the final user of the Inforcard System using the well known architectural schema of IP Multimedia Subsystem.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
With the rapid evolution of networks and the widespread penetration of mobile devices with increasing capabilities, that have already become a commodity, we are getting a step closer to ubiquity. Thus, we are moving a great part of our lives from the physical world to the online world, i.e. social interactions, business transactions, relations with government administrations, etc. However, while identity verification is easy to handle in the real world, there are many unsolved challenges when dealing with digital identity management, especially due to the lack of user awareness when it comes to privacy. Thus, with the aim to enhance the navigation experience and security in multiservice and multiprovider environments the user must be empowered to control how her attributes are shared and disclosed between different domains.With these goals on mind, we leverage the benefits of the Infocard technology and introduce this usercentric paradigm into the emerging NGN architectures. This paper proposes a way to combine the gains of a SAML federation between service and identity providers with the easiness for the final user of the Inforcard System using the well known architectural schema of IP Multimedia Subsystem.
Almenarez, Florina; Arias, Patricia; Marín, Andrés; Díaz, Daniel
Towards dynamic trust establishment for identity federation Proceedings Article
In: EATIS '09: Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship, pp. 1-4, 2009, ISBN: 9781605583983.
@inproceedings{pa040,
title = {Towards dynamic trust establishment for identity federation},
author = {Florina Almenarez and Patricia Arias and Andrés Marín and Daniel Díaz },
url = {https://dl.acm.org/doi/10.1145/1551722.1551747
https://dl.acm.org/doi/pdf/10.1145/1551722.1551747},
doi = {https://doi.org/10.1145/1551722.1551747},
isbn = {9781605583983},
year = {2009},
date = {2009-06-17},
urldate = {2009-06-17},
booktitle = {EATIS '09: Proceedings of the 2009 Euro American Conference on Telematics and Information Systems: New Opportunities to increase Digital Citizenship},
number = {25},
pages = {1-4},
abstract = {Federation has emerged as a key concept for identity management, as it is the basis to reduce complexity in the companies and improve user experience. However, the problem of establishing identity federations in dynamic open environments, where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper reviews the existing frameworks for identity federation, analyzing the underlying trust mechanisms and its suitability to be applied in the mentioned environments. Finally, we propose a generic extension for the Security Assertion Markup Language (SAML) standard in order to facilitate the creation of federation relationships in a secure dynamic way between prior unknown parties.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Federation has emerged as a key concept for identity management, as it is the basis to reduce complexity in the companies and improve user experience. However, the problem of establishing identity federations in dynamic open environments, where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper reviews the existing frameworks for identity federation, analyzing the underlying trust mechanisms and its suitability to be applied in the mentioned environments. Finally, we propose a generic extension for the Security Assertion Markup Language (SAML) standard in order to facilitate the creation of federation relationships in a secure dynamic way between prior unknown parties.
Arias-Cabarcos, Patricia; Almenárez-Mendoza, Florina; Marín-López, Andrés; Díaz-Sánchez, Daniel
Enabling SAML for Dynamic Identity Federation Management Book Chapter
In: vol. 308, pp. 173 - 184, Springer Berlin Heidelberg, 2009, ISBN: 978-3-642-03840-2.
@inbook{bc003,
title = {Enabling SAML for Dynamic Identity Federation Management},
author = {Patricia Arias-Cabarcos and Florina Almenárez-Mendoza and Andrés Marín-López and Daniel Díaz-Sánchez },
url = {https://link.springer.com/chapter/10.1007/978-3-642-03841-9_16
https://link.springer.com/content/pdf/10.1007/978-3-642-03841-9.pdf},
doi = {https://doi.org/10.1007/978-3-642-03841-9_16},
isbn = {978-3-642-03840-2},
year = {2009},
date = {2009-01-07},
urldate = {2009-01-07},
volume = {308},
pages = {173 - 184},
publisher = {Springer Berlin Heidelberg},
abstract = {Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments that form part of Next Generation Networks (NGNs), where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. This analysis is mainly focused on the Single Sign On (SSO) profile. We propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we give some details of implementation and compatibility issues.},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments that form part of Next Generation Networks (NGNs), where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. This analysis is mainly focused on the Single Sign On (SSO) profile. We propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we give some details of implementation and compatibility issues.