Seguridad en redes de computación ubicua: contribución a la validación de credenciales
- Autores: María Francisca Hinarejos Campos
- Directores de la Tesis: José Luis Muñoz Tapia (dir. tes.), Jordi Forné Muñoz (dir. tes.)
- Lectura: En la Universitat Politècnica de Catalunya (UPC) ( España ) en 2010
- Idioma: español
- Tribunal Calificador de la Tesis: Miquel Soriano Ibáñez (presid.), Óscar Esparza Martín (secret.), Francisco Javier López Muñoz (voc.), Josep Lluis Ferrer Gomila (voc.), Andrés Marín López (voc.)
- Materias:
- Enlaces
- Tesis en acceso abierto en: TDX
- Resumen
Technology progress in both user devices and networks allows communications anytime and anywhere. New communication environments offer a wide range of possibilities to users, but also generate new threats. For this reason, it is necessary to establish measures to find out who is establishing a communication and what actions is authorized to do. Currently proposed solutions in the literature are not completely adapted to the new features such as user mobility, network disconnections and constraints of devices and networks. Many of the existing proposals have focused in providing specific solutions to particular scenarios, but they do not consider a global heterogeneous scenario. Therefore, it is necessary to design security mechanisms able to adapt themselves to new scenarios. In this sense, digital certificates are a standardized and widely used solution. Digital certificates enable performing user authentication and authorization in a distributed way. The problem is that ubiquitous environments complicate the process of digital certificates validation. This complexity could result in a service being not accessible. The goal of this thesis is to contribute in making ubiquitous scenarios more secure. More specifically, the work proposes solutions for reducing the credential validation cost and for improving the availability of authentication and authorization services. In first place, we propose a solution for credential validation that works properly in environments with connection to on-line servers and also in environments where the connection to servers is sometimes not possible. In second place, we propose a cascade revocation system where the delegation is partially centralized. Delegation provides high flexibility to authorization systems, but adds complexity to the system. Our proposal reduces the burden on the verifier-side. In third place, we propose a revocation system for delegation chains based on prefix codes. This proposal deals with the problem of centralization of the previous proposal. In particular, the decentralized solution presented keeps the load reduction achieved in the partially centralized proposal, and also enables dynamic delegation and distribution of revocation data. While the user is connected, revocation data distribution can be done with a certificate revocation list. However, in scenarios where the connection can be lost temporally, this might not be possible. To address this issue, we have proposed a system in which users can perform the functions of revocation servers without being trusted entities. This will allow increasing the availability of validation service, and reduce resource consumption. Each proposal has been analyzed and compared with existing solutions to verify the improvements achieved.
