This page has only limited features, please log in for full access.
Colombia government wants to implement electronic voting. However, the existing electronic voting protocols only include some of the required security features and Colombia needs a protocol with all these features to ensure fraud-free elections. In this paper, we present the design of SIVP (Secure Internet Voting Protocol), a new voting protocol for electoral processes, based on blind signatures and public key cryptography. This protocol has six phases and provides: eligibility, democracy, privacy, verifiability, accuracy, fairness, robustness, receipt-freeness and coercion-resistant. Also, we compare the number of cryptographic operations per phase of SIVP with other four protocols and conclude that the computational load of our protocol is not excessively high despite including more security features.
Cristina Satizábal; Rafael Páez; Jordi Forné. Secure Internet Voting Protocol (SIVP): A secure option for electoral processes. Journal of King Saud University - Computer and Information Sciences 2021, 1 .
AMA StyleCristina Satizábal, Rafael Páez, Jordi Forné. Secure Internet Voting Protocol (SIVP): A secure option for electoral processes. Journal of King Saud University - Computer and Information Sciences. 2021; ():1.
Chicago/Turabian StyleCristina Satizábal; Rafael Páez; Jordi Forné. 2021. "Secure Internet Voting Protocol (SIVP): A secure option for electoral processes." Journal of King Saud University - Computer and Information Sciences , no. : 1.
This paper proposes an architecture for biometric electronic identification document (e-ID) system based on Blockchain for citizens identity verification in transactions corresponding to the notary, registration, tax declaration and payment, basic health services and registration of economic activities, among others. To validate the user authentication, a biometric e-ID system is used to avoid spoofing and related attacks. Also, to validate the document a digital certificate is used with the corresponding public and private key for each citizen by using a user’s PIN. The proposed transaction validation process was implemented on a Blockchain system in order to record and verify the transactions made by all citizens registered in the electoral census, which guarantees security, integrity, scalability, traceability, and no-ambiguity. Additionally, a Blockchain network architecture is presented in a distributed and decentralized way including all the nodes of the network, database and government entities such as national register and notary offices. The results of the application of a new consensus algorithm to our Blockchain network are also presented showing mining time, memory and CPU usage when the number of transactions scales up.
Rafael Páez; Manuel Pérez; Gustavo Ramírez; Juan Montes; Lucas Bouvarel. An Architecture for Biometric Electronic Identification Document System Based on Blockchain †. Future Internet 2020, 12, 10 .
AMA StyleRafael Páez, Manuel Pérez, Gustavo Ramírez, Juan Montes, Lucas Bouvarel. An Architecture for Biometric Electronic Identification Document System Based on Blockchain †. Future Internet. 2020; 12 (1):10.
Chicago/Turabian StyleRafael Páez; Manuel Pérez; Gustavo Ramírez; Juan Montes; Lucas Bouvarel. 2020. "An Architecture for Biometric Electronic Identification Document System Based on Blockchain †." Future Internet 12, no. 1: 10.
A wide range of IDS implementations with anomaly detection modules have been deployed. In general, those modules depend on intrusion knowledge databases, such as Knowledge Discovery Dataset (KDD99), Center for Applied Internet Data Analysis (CAIDA) or Community Resource for Archiving Wireless Data at Dartmouth (CRAWDAD), among others. Once the database is analyzed and a machine learning method is employed to generate detectors, some classes of new detectors are created. Thereafter, detectors are supposed to be deployed in real network environments in order to achieve detection with good results for false positives and detection rates. Since the traffic behavior is quite different according to the user’s network activities over available services, restrictions and applications, it is supposed that behavioral-based detectors are not well suited to all kind of networks. This paper presents the differences of detection results between some network scenarios by applying traditional detectors that were calculated with artificial neural networks. The same detector is deployed in different scenarios to measure the efficiency or inefficiency of static training detectors.
Edward Guillen; Jeisson Sanchez; Rafael Páez. Inefficiency of IDS Static Anomaly Detectors in Real-World Networks. Future Internet 2015, 7, 94 -109.
AMA StyleEdward Guillen, Jeisson Sanchez, Rafael Páez. Inefficiency of IDS Static Anomaly Detectors in Real-World Networks. Future Internet. 2015; 7 (4):94-109.
Chicago/Turabian StyleEdward Guillen; Jeisson Sanchez; Rafael Páez. 2015. "Inefficiency of IDS Static Anomaly Detectors in Real-World Networks." Future Internet 7, no. 4: 94-109.
In order to analyze results of anomaly detection methods for Network Intrusion Detection Systems, the DARPA KDD data set have been widely analyzed but their data are outdated for most kinds of attacks. A software called Spleen designed to get data from a tested network with the same structure of DARPA data set is introduced. The application is used to complete the data set with additional features according to an attack analysis. Finally, to show advantages of an extended data set, two genetic methods in the detection of non-content based attacks are tested.
Edward Paul Guillén; Jhordany Rodríguez Parra; Rafael Vicente Paéz Mendez. Improving Network Intrusion Detection with Extended KDD Features. Lecture Notes in Electrical Engineering 2013, 431 -445.
AMA StyleEdward Paul Guillén, Jhordany Rodríguez Parra, Rafael Vicente Paéz Mendez. Improving Network Intrusion Detection with Extended KDD Features. Lecture Notes in Electrical Engineering. 2013; ():431-445.
Chicago/Turabian StyleEdward Paul Guillén; Jhordany Rodríguez Parra; Rafael Vicente Paéz Mendez. 2013. "Improving Network Intrusion Detection with Extended KDD Features." Lecture Notes in Electrical Engineering , no. : 431-445.
Digital T.V., adaptation processes and social networks are tools that have not been used at maximum as a whole, in special to offer adapted services to users, using features such as the distributed system of the T.V. network, different interactions of users within a social network and its data. These features and the state of digital T.V. in Colombia and its applications, offer a huge opportunity of development and innovation in this context. Based on THESE reasons, the design of an architecture is presented, relating topics about the its type, applications and services, enshrined them in its own models and methods as architecture of telecommunications system, that ends with its respective validations.
Mery Yolima Uribe-Rios; Rafael Páez. Architecture of information services adaptation over digital TV, supported in a social network. 2012 7th Colombian Computing Congress (CCC) 2012, 1 -6.
AMA StyleMery Yolima Uribe-Rios, Rafael Páez. Architecture of information services adaptation over digital TV, supported in a social network. 2012 7th Colombian Computing Congress (CCC). 2012; ():1-6.
Chicago/Turabian StyleMery Yolima Uribe-Rios; Rafael Páez. 2012. "Architecture of information services adaptation over digital TV, supported in a social network." 2012 7th Colombian Computing Congress (CCC) , no. : 1-6.
Edward Guillen; Rafael Páez. Artificial Immune Systems – AIS as Security Network Solution. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2012, 680 -681.
AMA StyleEdward Guillen, Rafael Páez. Artificial Immune Systems – AIS as Security Network Solution. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. 2012; ():680-681.
Chicago/Turabian StyleEdward Guillen; Rafael Páez. 2012. "Artificial Immune Systems – AIS as Security Network Solution." Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering , no. : 680-681.
Intrusion Detection Systems (IDS) based on autonomous agents are important security tools that provide protection to hosts and distributed networks. They can be considered critical systems since they can also be target of attacks. For this reason; An innovative IDS architecture, Laocoonte is proposed, its focus of attention is oriented towards its internal security in order to minimize any attack to the system. Laocoonte is a hierarchical system and it has different levels to perform event correlation, also provides central nodes which perform control functions, it also includes a particular scheme of software watermarking and fingerprinting.
Rafael Páez; Miguel Torres. Laocoonte: An agent based Intrusion Detection System. 2009 International Symposium on Collaborative Technologies and Systems 2009, 217 -224.
AMA StyleRafael Páez, Miguel Torres. Laocoonte: An agent based Intrusion Detection System. 2009 International Symposium on Collaborative Technologies and Systems. 2009; ():217-224.
Chicago/Turabian StyleRafael Páez; Miguel Torres. 2009. "Laocoonte: An agent based Intrusion Detection System." 2009 International Symposium on Collaborative Technologies and Systems , no. : 217-224.
In an agent’s environment, the most difficult problem to solve is the attack from a platform against the agents. The use of software watermarking techniques is a possible solution to guarantee that the agents are properly executed. In this paper we propose these techniques in an Intrusion Detection System (IDS) based on agents. To achieve this goal, we propose to embed a matrix of marks in each transceiver of the IDS. Moreover, we include obfuscation techniques to difficult a possible code analysis by an unauthorized entity.
Rafael Páez; Joan Tomàs-Buliart; Jordi Forné; Miguel Soriano. Securing Agents against Malicious Host in an Intrusion Detection System. Transactions on Petri Nets and Other Models of Concurrency XV 2008, 5141, 94 -105.
AMA StyleRafael Páez, Joan Tomàs-Buliart, Jordi Forné, Miguel Soriano. Securing Agents against Malicious Host in an Intrusion Detection System. Transactions on Petri Nets and Other Models of Concurrency XV. 2008; 5141 ():94-105.
Chicago/Turabian StyleRafael Páez; Joan Tomàs-Buliart; Jordi Forné; Miguel Soriano. 2008. "Securing Agents against Malicious Host in an Intrusion Detection System." Transactions on Petri Nets and Other Models of Concurrency XV 5141, no. : 94-105.
Intrusion detection systems (IDS) based on autonomous agents are important security tools to protect distributed networks and they can be considered critical systems. For this reason; we have proposed a security scheme to verify the entities' integrity inside the IDS architecture named cooperative itinerant agent (CIA). The proposal includes software watermarking and fingerprinting techniques. Moreover, in this paper we infer a formula to calculate the time consumed by a CIA to perform entities' verification in a determined level of the infrastructure in order to evaluate the agent's scalability. The parameters of this formula are the network's throughput and delay
Rafael Páez; Cristina Satizábal; Jordi Forne. A performance model to Cooperative Itinerant Agents (CIA): a security scheme to IDS. The Second International Conference on Availability, Reliability and Security (ARES'07) 2007, 791 -798.
AMA StyleRafael Páez, Cristina Satizábal, Jordi Forne. A performance model to Cooperative Itinerant Agents (CIA): a security scheme to IDS. The Second International Conference on Availability, Reliability and Security (ARES'07). 2007; ():791-798.
Chicago/Turabian StyleRafael Páez; Cristina Satizábal; Jordi Forne. 2007. "A performance model to Cooperative Itinerant Agents (CIA): a security scheme to IDS." The Second International Conference on Availability, Reliability and Security (ARES'07) , no. : 791-798.
Rafael Páez; Joan Tomás; Jordi Forne; Miguel Soriano. MAIS: MOBILE AGENT INTEGRITY SYSTEM - A Security System to IDS based on Autonomous Agents. Proceedings of the 10th International Conference on Security and Cryptography 2007, 41 -47.
AMA StyleRafael Páez, Joan Tomás, Jordi Forne, Miguel Soriano. MAIS: MOBILE AGENT INTEGRITY SYSTEM - A Security System to IDS based on Autonomous Agents. Proceedings of the 10th International Conference on Security and Cryptography. 2007; ():41-47.
Chicago/Turabian StyleRafael Páez; Joan Tomás; Jordi Forne; Miguel Soriano. 2007. "MAIS: MOBILE AGENT INTEGRITY SYSTEM - A Security System to IDS based on Autonomous Agents." Proceedings of the 10th International Conference on Security and Cryptography , no. : 41-47.
The fast evolution of mobile communications and their convergence with internet make necessary to adapt the security services to this new environment. WPKI (Wireless Application Protocol Public Key Infrastructure) can provide these services, but the features of the mobile devices make it a difficult task, especially for complex processes such as the certification path validation that requires long time and resources. In this paper, we show the limitations of WPKI from the verifier's point of view and determine the computational cost and storage capacity required by a verifier, with a mobile terminal, to carry out a certification path validation process when different revocation mechanisms are used.
Cristina Satizábal; Rafael Páez; Jordi Forne. WAP PKI and certification path validation. International Journal of Internet Protocol Technology 2007, 2, 88 .
AMA StyleCristina Satizábal, Rafael Páez, Jordi Forne. WAP PKI and certification path validation. International Journal of Internet Protocol Technology. 2007; 2 (2):88.
Chicago/Turabian StyleCristina Satizábal; Rafael Páez; Jordi Forne. 2007. "WAP PKI and certification path validation." International Journal of Internet Protocol Technology 2, no. 2: 88.
Trust models provide a framework to create and manage trust relationships among the different entities of a Public Key Infrastructure (PKI). These trust relationships are verified through the certification path validation process, which involves: path discovery, signature verification and revocation status checking. When trust relationships are bidirectional, multiple paths can exist between two entities, which increase the runtime of the path discovery process. In addition, validation of long paths can be difficult, especially when storage and processing capacities of the verifier are limited. In this paper, we propose a protocol to establish a hierarchical trust model from a hybrid PKI. This protocol makes more efficient certification path discovery since in a hierarchical model, trust relationships are unidirectional and paths are easy to find. In addition, our protocol does not require issuing new certificates and allows setting a maximum path length, so it can be adapted to the features of users’ terminals.
Cristina Satizábal; Rafael Paez; Jordi Forné. Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture. Journal of Computers 2006, 1, 1 .
AMA StyleCristina Satizábal, Rafael Paez, Jordi Forné. Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture. Journal of Computers. 2006; 1 (7):1.
Chicago/Turabian StyleCristina Satizábal; Rafael Paez; Jordi Forné. 2006. "Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture." Journal of Computers 1, no. 7: 1.
Rafael Páez; Cristina Satizábal; Jordi Forné. Cooperative Itinerant Agents (CIA): Security Scheme for Intrusion Detection Systems. International Conference on Internet Surveillance and Protection (ICISP06) 2006, 1 .
AMA StyleRafael Páez, Cristina Satizábal, Jordi Forné. Cooperative Itinerant Agents (CIA): Security Scheme for Intrusion Detection Systems. International Conference on Internet Surveillance and Protection (ICISP06). 2006; ():1.
Chicago/Turabian StyleRafael Páez; Cristina Satizábal; Jordi Forné. 2006. "Cooperative Itinerant Agents (CIA): Security Scheme for Intrusion Detection Systems." International Conference on Internet Surveillance and Protection (ICISP06) , no. : 1.
Trust models provide a framework to create and manage trust relationships among the different entities of a public key infrastructure (PKI). These trust relationships are verified through the certification path validation process, which involves: path discovery, signature verification and revocation status checking. When trust relationships are bidirectional, multiple paths can exist between two entities, which increase the runtime of the path discovery process. In addition, validation of long paths can be difficult, especially when storage and processing capacities of the verifier are limited. In this paper, we propose a protocol to establish a hierarchical trust model from a PKI with unidirectional and bidirectional trust relationships. This protocol makes more efficient the path validation process since in a hierarchical model, trust relationships are unidirectional and paths are easy to find. In addition, our protocol allows setting a maximum path length, so it can be adapted to the features of users' terminals.
Cristina Satizábal; Rafael Páez; Jordi Forne. PKI trust relationships: from a hybrid architecture to a hierarchical model. First International Conference on Availability, Reliability and Security (ARES'06) 2006, 8 pp. -570.
AMA StyleCristina Satizábal, Rafael Páez, Jordi Forne. PKI trust relationships: from a hybrid architecture to a hierarchical model. First International Conference on Availability, Reliability and Security (ARES'06). 2006; ():8 pp.-570.
Chicago/Turabian StyleCristina Satizábal; Rafael Páez; Jordi Forne. 2006. "PKI trust relationships: from a hybrid architecture to a hierarchical model." First International Conference on Availability, Reliability and Security (ARES'06) , no. : 8 pp.-570.
Authentication is a strong requirement for critical information systems, and Public Key Infrastructure (PKI) is widely used to provide this service. Peer-to-peer PKIs are quite dynamic and certification paths can be built although part of the infrastructure is temporarily unreachable, which is quite common after disasters or network attacks. However, certification path discovery is one of the main drawbacks of peer-to-peer PKIs that strongly affects their scalability. We propose a protocol to build a virtual hierarchical PKI from a peer-to-peer PKI, since certification path construction in hierarchical PKIs is straightforward. Our protocol does not require to issue new certificates, facilitates the certification path discovery process and it is adaptable to the characteristics of users with limited processing and storage capacity. Results show that the execution time of this protocol is short in critical scenarios.
Cristina Satizábal; Rafael Páez; Jordi Forné. PROSEARCH: A Protocol to Simplify Path Discovery in Critical Scenarios. Computer Vision 2006, 4347, 151 -165.
AMA StyleCristina Satizábal, Rafael Páez, Jordi Forné. PROSEARCH: A Protocol to Simplify Path Discovery in Critical Scenarios. Computer Vision. 2006; 4347 ():151-165.
Chicago/Turabian StyleCristina Satizábal; Rafael Páez; Jordi Forné. 2006. "PROSEARCH: A Protocol to Simplify Path Discovery in Critical Scenarios." Computer Vision 4347, no. : 151-165.