Publications - Pervasive Computing Laboratory

Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon Discovery emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT magos Pervasive computing privacy Protocols Qursa Ramones raudo2 Security Smart Card Trust management Ubisec VANETs 
Show all
2025
 Díaz-Sánchez, Daniel;  Almenárez-Mendoza, Florina;  Campo-Vázquez, Celeste;  García-Rubio, Carlos
Zero-trust token authorization with trapdoor hashes for scalable distributed firewalls Journal Article 
In: Elsevier, 2025, ISSN: 0167-739X.
Abstract | Links | BibTeX | Tags: Chamaleon hashes, decentralized authorization, delegation, Discovery, I-Shaper, IoT, Qursa, Ramones, zero trust
@article{danieldiaz032,

title = {Zero-trust token authorization with trapdoor hashes for scalable distributed firewalls},

author = {Daniel Díaz-Sánchez and Florina Almenárez-Mendoza and Celeste Campo-Vázquez and Carlos García-Rubio },

url = {https://www.sciencedirect.com/science/article/pii/S0167739X25005217?via%3Dihub},

doi = {https://doi.org/10.1016/j.future.2025.108227},

issn = {0167-739X},

year  = {2025},

date = {2025-11-06},

urldate = {2025-11-06},

journal = {Elsevier},

abstract = {Massive Internet of Things (IoT) deployments expose networks to severe risks, as a single compromised device can facilitate lateral movements across the entire infrastructure. Traditional firewalls, based on static rules, are fragile, difficult to synchronize across domains, and poorly suited for Zero Trust principles. In this work, we propose a scalable authorization architecture where each flow carries a cryptographically protected token that incorporates a signed and immutable policy, verifiable in a non-interactive manner. The tokens are issued based on attestation evidence, and the messages are reinforced using trapdoor chameleon hashes, which allows for flexible delegation and transferability without invalidating the original policy. Through key aggregation techniques, we enable collaborative issuance, optional anonymity, and multi-party governance. The experimental evaluation in a real testbed demonstrates that the verification of this embedded authorization incurs a fixed and predictable cost—higher than that of rule lookups, but constant regardless of network size, rule growth, or concurrency. This balance eliminates the burden of distributing and maintaining large rule tables while ensuring granular per-flow authorization, privacy preservation, and interoperability between providers. The proposal materializes a Zero Trust model resistant to impersonation, replay, and lateral attacks, and lays the groundwork for future optimizations through the progressive incorporation of post-quantum primitives.},

keywords = {Chamaleon hashes, decentralized authorization, delegation, Discovery, I-Shaper, IoT, Qursa, Ramones, zero trust},

pubstate = {published},

tppubtype = {article}

}

Close
Massive Internet of Things (IoT) deployments expose networks to severe risks, as a single compromised device can facilitate lateral movements across the entire infrastructure. Traditional firewalls, based on static rules, are fragile, difficult to synchronize across domains, and poorly suited for Zero Trust principles. In this work, we propose a scalable authorization architecture where each flow carries a cryptographically protected token that incorporates a signed and immutable policy, verifiable in a non-interactive manner. The tokens are issued based on attestation evidence, and the messages are reinforced using trapdoor chameleon hashes, which allows for flexible delegation and transferability without invalidating the original policy. Through key aggregation techniques, we enable collaborative issuance, optional anonymity, and multi-party governance. The experimental evaluation in a real testbed demonstrates that the verification of this embedded authorization incurs a fixed and predictable cost—higher than that of rule lookups, but constant regardless of network size, rule growth, or concurrency. This balance eliminates the burden of distributing and maintaining large rule tables while ensuring granular per-flow authorization, privacy preservation, and interoperability between providers. The proposal materializes a Zero Trust model resistant to impersonation, replay, and lateral attacks, and lays the groundwork for future optimizations through the progressive incorporation of post-quantum primitives.
Close
https://www.sciencedirect.com/science/article/pii/S0167739X25005217?via%3Dihub
doi:https://doi.org/10.1016/j.future.2025.108227
Close
2012
 Sánchez-Guerrero, Rosa;  Almenárez, Florina;  Díaz-Sánchez, Daniel;  Marín, Andrés;  Arias, Patricia;  Sanvido, Fabio
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health Journal Article 
In: Sensors , vol. 12, iss. 5, pp. 6129-6154, 2012, ISSN: 1424-8220.
Abstract | Links | BibTeX | Tags: delegation, event, federation, health care, identity management, privacy, revocation consent, servicioseguridad, theory queue, user-centric
@article{sanchezguerrero001,

title = {An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health},

author = {Rosa Sánchez-Guerrero and Florina Almenárez and Daniel Díaz-Sánchez and Andrés Marín and Patricia Arias and Fabio Sanvido

},

url = {https://www.mdpi.com/1424-8220/12/5/6129

https://www.mdpi.com/1424-8220/12/5/6129/pdf?version=1403317529},

doi = {https://doi.org/10.3390/s120506129},

issn = {1424-8220},

year  = {2012},

date = {2012-05-10},

urldate = {2012-05-10},

journal = {Sensors },

volume = {12},

issue = {5},

pages = {6129-6154},

abstract = {Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.},

keywords = {delegation, event, federation, health care, identity management, privacy, revocation consent, servicioseguridad, theory queue, user-centric},

pubstate = {published},

tppubtype = {article}

}

Close
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
Close
https://www.mdpi.com/1424-8220/12/5/6129
https://www.mdpi.com/1424-8220/12/5/6129/pdf?version=1403317529
doi:https://doi.org/10.3390/s120506129
Close
2011
 Sánchez-Guerrero, Rosa;  Díaz-Sánchez, Daniel;  Marín-López, Andrés;  Arias-Cabarcos, Patricia;  Almenares-Mendoza, Florina
Improving privacy in identity management systems for health care scenarios Proceedings Article 
In: Proceedings of the 5th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAMI 2011), December 5-8th, 2011, Riviera Maya, Mexico, UCAMI, 2011, ISBN: 978-84-694-9677-0.
Abstract | Links | BibTeX | Tags: anonymity, delegation, desarrollodespliegue, federation, health care, identity management, privacy, Pseudonymity, user-centric
@inproceedings{pa033,

title = {Improving privacy in identity management systems for health care scenarios},

author = {Rosa Sánchez-Guerrero and Daniel Díaz-Sánchez and Andrés Marín-López and Patricia Arias-Cabarcos and Florina Almenares-Mendoza},

url = {http://hdl.handle.net/10016/13102},

isbn = {978-84-694-9677-0},

year  = {2011},

date = {2011-12-27},

urldate = {2011-12-27},

booktitle = {Proceedings of the 5th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAMI 2011), December 5-8th, 2011, Riviera Maya, Mexico},

publisher = {UCAMI},

abstract = {Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.},

keywords = {anonymity, delegation, desarrollodespliegue, federation, health care, identity management, privacy, Pseudonymity, user-centric},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.
Close
http://hdl.handle.net/10016/13102
Close