Publications - Pervasive Computing Laboratory

 Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT magos Pervasive computing privacy Protocols Qursa raudo2 Security servicioseguridad Smart Card Trust management Ubisec VANETs 
Show all
2018
 Hinajeros, Francisca;  Almenares-Mendoza, Florina;  Gomila, Patricia Arias-Cabarcos Josep-Lluis Ferrer;  Marín-López, Andrés
RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security.  Journal Article 
In: IEEE Transactions on Information Forensics and Security , vol. 13, iss. 8, pp. 1975-1988, 2018, ISSN: 1556-6013.
Abstract | Links | BibTeX | Tags: certificate validation, mobile applications, risk assessment, trust validation
@article{almenarez009b,

title = {RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security. },

author = {Francisca Hinajeros and Florina Almenares-Mendoza and Patricia Arias-Cabarcos Josep-Lluis Ferrer Gomila and Andrés Marín-López},

doi = {https://doi.org/10.1109/tifs.2018.2807788},

issn = {1556-6013},

year  = {2018},

date = {2018-02-19},

urldate = {2018-02-19},

journal = {IEEE Transactions on Information Forensics and Security },

volume = {13},

issue = {8},

pages = {1975-1988},

abstract = {Digital certificates, based on X.509 PKI standard, are located at the core of many security mechanisms implemented in services and applications. However, the usage of certificates has revealed flaws in the certificate validation process (e.g., possibility of unavailable or non-updated data). This fact implies security risks that are not assessed. In order to address these issues that such flaws entail, we propose a novel probabilistic approach for quantitative risk assessment in X.509 PKI, together with trust management when there is uncertainty. We have evaluated our risk assessment approach and demonstrated its usage, considering as a use case the secure installation of mobile applications. The results show that our approach provides more granularity, appropriate values according to the impact, and relevant information in the risk calculation than other approaches.},

keywords = {certificate validation, mobile applications, risk assessment, trust validation},

pubstate = {published},

tppubtype = {article}

}

Close
Digital certificates, based on X.509 PKI standard, are located at the core of many security mechanisms implemented in services and applications. However, the usage of certificates has revealed flaws in the certificate validation process (e.g., possibility of unavailable or non-updated data). This fact implies security risks that are not assessed. In order to address these issues that such flaws entail, we propose a novel probabilistic approach for quantitative risk assessment in X.509 PKI, together with trust management when there is uncertainty. We have evaluated our risk assessment approach and demonstrated its usage, considering as a use case the secure installation of mobile applications. The results show that our approach provides more granularity, appropriate values according to the impact, and relevant information in the risk calculation than other approaches.
Close
doi:https://doi.org/10.1109/tifs.2018.2807788
Close
2008
 Almenarez, Florina;  Marín, Andres;  Diaz, Daniel;  Cortes, Alberto;  Campo, Celeste;  García-Rubio, Carlos
Building an Open Toolkit of Digital Certificate Validation for Mobile Web Services Proceedings Article 
In: 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom), Institute of Electrical and Electronics Engineers (IEEE), 2008, ISBN: 978-0-7695-3113-7.
Abstract | Links | BibTeX | Tags: certificate validation, open toolkit, prototipomiddleware, X.509 certificates
@inproceedings{pa043,

title = {Building an Open Toolkit of Digital Certificate Validation for Mobile Web Services},

author = {Florina Almenarez and Andres Marín and Daniel Diaz and Alberto Cortes and Celeste Campo and Carlos García-Rubio},

url = {https://ieeexplore.ieee.org/document/4517456},

doi = {https://doi.org/10.1109/PERCOM.2008.97},

isbn = {978-0-7695-3113-7},

year  = {2008},

date = {2008-05-12},

urldate = {2008-05-12},

booktitle = {2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom)},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

abstract = {Mobile devices can both consume and provide services. They act indeed as a peer, according to the OMA mobile Web services specification. It is a move from simple data sharing to full deliver of application services down to mobile devices. The use of digital certificates to ensure the provision of services is suitable because devices can belong to different trust domains without having previously an established relationship. Besides, by interoperability issues, the use of PKI continues to grow and move into diverse environments. However, applications making use of such certificates are burdened with the overhead of constructing and validating the certification paths. These processes can become more complex and costly than fixed-infrastructure networks due to the wireless communications and restricted processing and power capabilities. The IETF PKIX WG has specified different mechanisms for delegating the certificate validation and making lighter the status information obtaining. However, these are not supported currently by mobile devices. For these reasons, we propose to develop an open toolkit for X.509 public key certificate validating based on OpenSSL. This toolkit is being developed and tested successfully in PDAs.},

keywords = {certificate validation, open toolkit, prototipomiddleware, X.509 certificates},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Mobile devices can both consume and provide services. They act indeed as a peer, according to the OMA mobile Web services specification. It is a move from simple data sharing to full deliver of application services down to mobile devices. The use of digital certificates to ensure the provision of services is suitable because devices can belong to different trust domains without having previously an established relationship. Besides, by interoperability issues, the use of PKI continues to grow and move into diverse environments. However, applications making use of such certificates are burdened with the overhead of constructing and validating the certification paths. These processes can become more complex and costly than fixed-infrastructure networks due to the wireless communications and restricted processing and power capabilities. The IETF PKIX WG has specified different mechanisms for delegating the certificate validation and making lighter the status information obtaining. However, these are not supported currently by mobile devices. For these reasons, we propose to develop an open toolkit for X.509 public key certificate validating based on OpenSSL. This toolkit is being developed and tested successfully in PDAs.
Close
https://ieeexplore.ieee.org/document/4517456
doi:https://doi.org/10.1109/PERCOM.2008.97
Close