Juanjo Alins

Bio: Juanjo Alins is an academic researcher from Polytechnic University of Catalonia. The author has contributed to research in topics: Revocation list & Revocation. The author has an hindex of 8, co-authored 29 publications receiving 228 citations.

Toward revocation data handling efficiency in VANETs

Abstract: Vehicular Ad Hoc Networks (VANETs) require some mechanism to authenticate messages, identify valid vehicles, and remove misbehaving ones. A Public Key Infrastructure (PKI) can provide this functionality using digital certificates, but needs an efficient mechanism to revoked misbehaving/compromised vehicles. The IEEE 1609.2 standard states that VANETs will rely on the use of certificate revocation lists (CRLs) to achieve revocation. However, despite their simplicity, CRLs present two major disadvantages that are highlighted in a vehicular network: CRL size and CRL request implosion. In this paper, we point out the problems when using CRLs in this type of networks. To palliate these issues, we propose the use of Authenticated Data Structures (ADS) that allow distributing efficiently revocation data. By using ADS, network entities can check the status of a certificate decreasing the peak bandwidth load in the distribution points.

Cross-layer packet scheduler for QoS support over Digital Video Broadcasting-Second Generation broadband satellite systems

Abstract: This article presents a cross-layer packet scheduler to provide end-to-end QoS guarantees for Digital Video Broadcasting-Second Generation (DVB-S2) broadband satellite systems. The scheduler design is based on a cross-layer mechanism defined between the physical and the network layer. It includes an algorithm to guarantee the required QoS specifications established in the service level agreement. The algorithm calculation depends basically on two parameters: the available bandwidth present in a DVB-S2 satellite link and the QoS requirements of each traffic class defined by the satellite operator. The cross-layer scheduler's operation is demonstrated using the NS-2 simulator tool. The results show that the proposed mechanism maximizes the bandwidth utilization while enforcing the priority level of each service class when an extreme reduction of bandwidth caused by rain events is experienced.

Web Services Architecture

Abstract: Microsoft has promoted ASP.NET’s new web services more than almost any other part of the.NET Framework. But despite their efforts, confusion is still widespread about what a web service is and, more importantly, what it’s meant to accomplish. This chapter introduces web services and explains their role in Microsoft’s vision of the programmable web. Along the way, you’ll learn about the open standards plumbing that allows web services to work and removes some of the confusion surrounding technical terms like WSDL (Web Service Description Language), SOAP, and UDDI (universal description, discovery, and integration).

Satellite Communications in the New Space Era: A Survey and Future Challenges

Abstract: Satellite communications (SatComs) have recently entered a period of renewed interest motivated by technological advances and nurtured through private investment and ventures. The present survey aims at capturing the state of the art in SatComs, while highlighting the most promising open research topics. Firstly, the main innovation drivers are motivated, such as new constellation types, on-board processing capabilities, non-terrestrial networks and space-based data collection/processing. Secondly, the most promising applications are described, i.e., 5G integration, space communications, Earth observation, aeronautical and maritime tracking and communication. Subsequently, an in-depth literature review is provided across five axes: i) system aspects, ii) air interface, iii) medium access, iv) networking, v) testbeds & prototyping. Finally, a number of future challenges and the respective open research topics are described.

A Security and Privacy Review of VANETs

Abstract: Vehicular ad hoc networks (VANETs) have stimulated interest in both academic and industry settings because, once deployed, they would bring a new driving experience to drivers. However, communicating in an open-access environment makes security and privacy issues a real challenge, which may affect the large-scale deployment of VANETs. Researchers have proposed many solutions to these issues. We start this paper by providing background information of VANETs and classifying security threats that challenge VANETs. After clarifying the requirements that the proposed solutions to security and privacy problems in VANETs should meet, on the one hand, we present the general secure process and point out authentication methods involved in these processes. Detailed survey of these authentication algorithms followed by discussions comes afterward. On the other hand, privacy preserving methods are reviewed, and the tradeoff between security and privacy is discussed. Finally, we provide an outlook on how to detect and revoke malicious nodes more efficiently and challenges that have yet been solved.

Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security

Abstract: Online programming discussion platforms such as Stack Overflow serve as a rich source of information for software developers. Available information include vibrant discussions and oftentimes ready-to-use code snippets. Previous research identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that software developers copy and paste code snippets from those information sources for convenience reasons. Such behavior results in a constant flow of community-provided code snippets into production software. To date, the impact of this behaviour on code security is unknown. We answer this highly important question by quantifying the proliferation of security-related code snippets from Stack Overflow in Android applications available on Google Play. Access to the rich source of information available on Stack Overflow including ready-to-use code snippets provides huge benefits for software developers. However, when it comes to code security there are some caveats to bear in mind: Due to the complex nature of code security, it is very difficult to provide ready-to-use and secure solutions for every problem. Hence, integrating a security-related code snippet from Stack Overflow into production software requires caution and expertise. Unsurprisingly, we observed insecure code snippets being copied into Android applications millions of users install from Google Play every day. To quantitatively evaluate the extent of this observation, we scanned Stack Overflow for code snippets and evaluated their security score using a stochastic gradient descent classifier. In order to identify code reuse in Android applications, we applied state-of-the-art static analysis. Our results are alarming: 15.4% of the 1.3 million Android applications we analyzed, contained security-related code snippets from Stack Overflow. Out of these 97.9% contain at least one insecure code snippet.