PKIX Certificate Status in Hybrid MANETs

Certificate status validation is a hard problem in general but it is particularly complex in Mobile Ad-hoc Networks (MANETs) because we require solutions to manage both the lack of fixed infrastructure inside the MANET and the possible absence of onnectivity to trusted authorities when the certification validation has to be performed. In this sense, certificate acquisition is usually assumed as an initialization phase. However, certificate validation is a critical operation since the node needs to check the validity of certificates in real-time, that is, when a particular certificate is going to be used. In such MANET environments, it may happen that the node is placed in a part of the network that is disconnected from the source of status data at the moment the status checking is required. Proposals in the literature suggest the use of caching mechanisms so that the node itself or a neighbour node has some status checking material (typically on-line status responses or lists of revoked certificates). Howeve to the best of our knowledge the only criterion to evaluate the cached (obsolete) material is the time. In this paper, we analyse how to deploy a certificate status checking PKI service for hybrid MANET and we propose a new criterion based on risk to evaluate cached status data that is much more appropriate and absolute than time because it takes into account the revocation process.Peer ReviewedPostprint (author’s final draft

DEFS - Data exchange with Free Sample Protocol

Distrust between data providers and data consumers is one of the main obstacles hampering digital-data commerce to take off. Data providers want to get paid for what they offer, while data consumers want to know exactly what are they paying for before actually paying for it. In this article, we present a protocol that overcomes this obstacle by building trust based on two main ideas. First, a probabilistic verification protocol, where some random samples of the real dataset are shown to buyers in order to allow them to make an assessment before committing any payment; and second a guaranteed, protected payment process, enforced with smart contracts on a public blockchain, that guarantees the payment of the data if and only if the data provided meets the agreed terms, and that refunds honest players otherwise.The architecture presented in this paper is supported and developed in the context of the i3-MARKET project [?]. The i3-MARKET project is an active European H2020 project focused on developing solutions for building an European data market economy by enhancing current marketplace platforms with innovative technologies (call H2020-ICT-2019-2 with grant agreement number 871754). This work is also supported by the TCO-RISEBLOCK (PID2019-110224RBI00), MINECO/FEDER funded project ARPASAT TEC2015-70197-R and by the Generalitat de Catalunya grant 2014-SGR-1504.Postprint (author's final draft

A protocol for data exchange with free samples using smart contracts

Distrust between data providers and data consumers is one of the main obstacles hampering digitaldata commerce to take off. Data providers want to get paid for what they offer, while data consumers want to know exactly what are they paying for before actually paying for it. In this paper, we summarize a protocol that overcomes this obstacle by building trust based on two main ideas. First, a probabilistic verification protocol, where some random samples of the real dataset are shown to buyers in order to allow them to make an assessment before committing any payment; and second a guaranteed, protected payment process, enforced with smart contracts on a public blockchain, that guarantees the payment of the data if and only if the data provided meets the agreed terms, and that refunds honest players otherwise.This research has been funded by i3Market (H2020- ICT-2019-2 grant number 871754). This work is also supported by the TCO-RISEBLOCK (PID2019-110224RBI00), ARPASAT (TEC2015-70197-R), Project RTI2018- 102112-B-I00 (AEI/FEDER,UE) and by the Generalitat de Catalunya grant 2014-SGR-1504Postprint (author's final draft

Impact of the revocation service in PKI prices

The ability to communicate securely is needed for many network applications. Public key infrastructure (PKI) is the most extended solution to verify and confirm the identity of each party involved in any secure transaction and transfer trust over the network. One of the hardest tasks of a certification infrastructure is to manage revocation. Research on this topic has focused on the trade-offs that different revocation mechanisms offer. However, less effort has been paid to understand the benefits of improving the revocation policies. In this paper, we analyze the behavior of the oligopoly of certificate providers that issue digital certificates to clients facing identical independent risks. We found the prices in the equilibrium, and we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs. In addition, we show that our model is able to explain the actual tendency of the SSL market where providers with worst QoS are suffering loses.Postprint (published version

Implementacion de Ipsec en una arquitectura TCP splitting

El rendimiento de las aplicaciones que utilizan el protocolo de transporte TCP (Transmission Control Protocol) sobre enlaces vía satélite tiene una degradación significativa. Esto se debe principalmente a que el algoritmo de control de congestión estándar de TCP no es adecuado para superar las deficiencias de las redes satelitales. TCP splitting es una solución prometedora para mejorar el rendimiento general de TCP, incluso en el segmento satelital. La división de la conexión TCP se logra mediante la instalación de dos PEPs (Performance Enhancement Proxies) en los extremos del segmento satelital. Sin embargo, la división de TCP entra en conflicto con IPsec. Si el cifrado y/o la autenticación son aplicados sobre los datagramas IP, el PEP no puede manipular las correspondientes cabeceras IP y TCP para dividir las conexiones TCP. En este trabajo presentamos tres propuestas para implementar IPsec en un escenario TCP splitting, proporcionando los servicios de seguridad habituales y un buen rendimiento en la conexión vía satélite. La idea básica es permitir a los PEPs manipular las cabeceras IP y TCP en función del nivel de confianza que los usuarios tengan en ellos.Peer ReviewedPostprint (published version

Introducció a les Xarxes Telemàtiques: problemes amb solució

Col·lecció de problemes resolts d'IXT (Introducció a les Xarxes Telemàtiques) amb solució, 1er curs dels graus de l'ETSETB.2022/20232n quadrimestr

Introducció a les Xarxes Telemàtiques: problemes amb solució

Col·lecció de problemes resolts d'IXT (Introducció a les Xarxes Telemàtiques) amb solució, 1er curs dels graus de l'ETSETB.2022/20232n quadrimestr

Introducció a les Xarxes Telemàtiques: problemes amb solució

Col·lecció de problemes resolts d'IXT (Introducció a les Xarxes Telemàtiques) amb solució, 1er curs dels graus de l'ETSETB2022/20232n quadrimestr