Antonio Ruiz-Martínez | Universidad de Murcia (original) (raw)
articles by Antonio Ruiz-Martínez
IEEE Access, 2023
The clinical environment is one of the most important sources of sensitive patient data in health... more The clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case's security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented. INDEX TERMS Clinical scenario, patient data, privacy, security, threat model.
Journal of Information Security and Applications, 2023
In our society, protecting users' privacy is of utmost importance, especially when users access w... more In our society, protecting users' privacy is of utmost importance, especially when users access websites. Increased awareness of privacy concerns has led web browsers to implement new mechanisms to improve privacy while browsing the Internet. In each new version of web browsers, it is claimed that they provide better improvements to protect our privacy. However, there is no analysis of these improvements. To cope with this issue, in this paper, we present an analysis of the privacy of different versions of the Chrome web browser. This analysis is based on the PrivacyScanner tool, which we have improved with the detection of additional tracking techniques. Our findings reveal that tracking protection has seen modest enhancements (namely, between Chrome version 83 and 90, we observed a 7.55% reduction in trackers and 4.76% decrease in Google Analytics elements). Therefore, despite these improvements, there is still ample room for further enhancement.
Sustainability, 2022
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
ACM Computing Surveys, 2023
Currently, healthcare is critical environment in our society, which attracts attention to malicio... more Currently, healthcare is critical environment in our society, which attracts attention to malicious activities and has caused an important number of damaging attacks. In parallel, the recent advancements in technologies, computing systems, and wireless communications are changing healthcare environment by adding different improvements and complexity to it. This article reviews the current state of the literature and provides a holistic view of cybersecurity in healthcare. With this purpose in mind, the article enumerates the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare. In this context, this work maps the threats collected with a widely used knowledge-based framework, MITRE ATT&CK, building a contribution not seen so far. This article also enumerates the security mechanisms created to protect healthcare, identifying the principal research lines addressed in the literature, and listing the available public security-focused datasets used in machinelearning to provide security in the medical domain. To conclude, the research challenges that need to be addressed for future research works in this area are presented. CCS Concepts: • General and reference → Surveys and overviews; • Applied computing → Health care information systems; • Social and professional topics → Patient privacy; • Security and privacy → Security requirements;
Sustainability, 2021
The availability of multiple (mobile) electronic payment systems ((M)EPS) has led to the developm... more The availability of multiple (mobile) electronic payment systems ((M)EPS) has led to the development of web browser payment interfaces that support various payment systems, facilitate the transaction, the choice of the payment system, and perform the payment. However, so far, no in-depth study on user satisfaction determinants with these interfaces has been conducted. Our work aims to cope with this issue. Thus, based on the analysis of payment literature and Google Chrome web browser (GCWB) payment interface, we propose a new web browser payment interface that considers users’ preferences to support multiple payment systems. Furthermore, we have developed a theoretical model to determine users’ preferences to support multiple payment systems. Our model is based on the extension of technology acceptance models. Finally, we evaluated both the theoretical and proposed payment interface through a survey research approach (n = 266); data were collected, and the hypotheses were tested via statistical analysis (chi-square test, regression coefficients). Our experimental results revealed that our proposed interface is accepted, easy to use, and satisfies users’ needs. The key factors for accepting a new web browser payment interface are ease of use, usefulness, security, confidentiality, privacy, payment method preferences, visual interface design, and credibility.
Journal of Cybersecurity and Privacy, 2021
Anonymous communications networks were created to protect the privacy of communications, preventi... more Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advances regarding Tor hidden services, limitations found, and future issues to be investigated.
Future Generation Computer Systems, 2021
Botnets are causing severe damages to users, companies, and governments through information theft... more Botnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques.
IEEE Access, 2020
Some lecturers start their sessions by reviewing or summarizing the main contents covered in the ... more Some lecturers start their sessions by reviewing or summarizing the main contents covered in the previous session. In general, this review involves the teacher exposing the main concepts and, in some cases, asking about them. This approach, which could be called Check-Reinforce Introduction (CRI), might be seen as having one main drawback; namely, the restricted feedback that lecturers may receive from students due to shyness. Bearing in mind this limitation, we have created what we have called the Classroom Response System CRI (C2RI), which takes advantage of a smartphone-based Classroom Response System (CRS) to obtain more feedback from students during the CRI. We conducted a five-year study on teaching related to technological issues in order to obtain empirical data on whether students consider the use of CRI useful. This is, to our knowledge, the first study involving empirical quantitative data. For this purpose, during the study, we applied the new method (C2RI) to assess whether students prefer C2RI or CRI and whether students' level of attention, motivation, and performance improved or not. Our findings show that the majority of students consider both methods useful, but the scores are higher in C2RI and they perceive higher level of attention with this method. We have also discovered that their motivation to study between lectures decreased using C2RI, which correlates with a slight decrease in student performance on exams, concluding that this method has to be designed in a way that does not create a false sense of confidence in the students. INDEX TERMS Classroom response system, CRS, reinforcement, attention, performance.
IEEE Access, 2019
The online payment for products or for the access to payment-based services can be made by means ... more The online payment for products or for the access to payment-based services can be made by means of a range of (mobile) electronic payment systems – (M)EPS. Both the industrial sector and research community, mainly World Wide Web Consortium (W3C), are working on facilitating these payment methods on Web and supporting the multiple users on how they can select the suitable (M)EPS. However, to the best of our knowledge, there were no thorough studies considering consumer’s preferences when they support multiple (M)EPS. To address this issue, we have performed a survey on an international participants (n=272) aiming to (i) developed a theoretical model to determine their preferences when they are supporting more than one (M)EPS, (ii) find the most valuable option according to them and (iii) determine the surrounding conditions that support their decision to use a specific (M)EPS. The theoretical framework of this study was based on the Technology Acceptance Model (TAM). According to our statistical analysis (Chi-square test), consumers that can pay using different (M)EPS during their online payment transaction, have a preferred payment system based on its security, fees, usefulness, and ease of use as well as on their favorite Web browser for these transactions. Factor analysis was also performed to identify factors that much influence the (M)EPS. Results revealed that the factors influencing online payment preferences differ from those involved in traditional payment methods. Our findings allowed, therefore, providing practical suggestions for supporting payment processes with Web browsers and the W3C payment Application Program Interface (API).
Abstract Working with specific m-learning apps is useful for learning/teaching purposes. However,... more Abstract Working with specific m-learning apps is useful for learning/teaching purposes. However, its development requires advanced knowledge in programming mobile devices. We present a case study that evaluates the usefulness of App Inventor as a visual, blocks platform that allows teachers, without any advanced programming knowledge, to develop customized m-learning apps.
Privacy is an important research topic due to its implications in society. Among the topics cover... more Privacy is an important research topic due to its implications in society. Among the topics covered by privacy, we can highlight how to establish anonymous communications. During the latest years we have seen an important research in this field. In order to know what the state of the art in the research in anonymous communication systems (ACS) is, we have developed a systematic literature review (SLR). Namely, our SLR analyzes several issues: activity performed in the field, major research purposes, findings, what the most ACS study, the limitations of current research, how is leading the research in this field and the most highly-cited articles. Our SLR provides an analysis on 203 papers found in conferences and journals focused on anonymous communications systems between 2011 and 2016. Thus, our SLR provides an updated view on the status of the research in the field and the different future topics to be addressed.
End users' demand for electronic contents and services is increasing dramatically. Vendors and se... more End users' demand for electronic contents and services is increasing dramatically. Vendors and service providers might want to obtain benefits by charging for their electronic contents and services. Thus, they might need to offer different payment protocols to make the payment. Payment frameworks appeared for this purpose. However, currently, none of them provides a comprehensive solution that facilitates the negotiation and the choice of the payment protocol to perform the purchase. In this paper, we present the general approach we have followed for the design of different payment frameworks that facilitate these processes. This approach is built upon the base of a set of generic components that we have defined. Namely, a generic payment protocol for supporting payments with different protocols; a payment schema that allows the description of payment information and the definition of payment extensions to some protocols; a generic wallet Application Programming Interface (API) to support the definition of wallets for different protocols, and a payment ontology for the semantic annotation and description of payment information. These generic components can be utilized in different scenarios and provide a uniform way to make purchases, which generates user trust and simplifies its use.
The Semantic Web has emerged as an extension of the current Web, in which Web content has well-de... more The Semantic Web has emerged as an extension of the current Web, in which Web content has well-defined meaning through the addition of logic-based metadata. However, current mechanisms for information retrieval from semantic knowledge bases restrict their use to only experienced users. To address this gap, the natural language processing (NLP) is deemed to be very intuitive from a use point of view, due to it hides the formality of a knowledge base as well as the executable query language. This paper presents a novel ontology-based information retrieval system for DBpedia called ONLI (Ontology-based Natural Language Interface). ONLI proposes the use of an ontology model in order to represent both the syntactic question’s structure and the question’s context. This model allows inferring the answer type expected by the user through an established question’s classification. These features allow reducing the search space thus increasing the probability of providing the correct answer. From this perspective, ONLI was evaluated in terms of their ability to find the correct answer into DBpedia’s content, achieving promising results and proving to be very useful to non-experienced users.
Security and Communication Networks, Feb 9, 2015
The increase of the capacity of processing units and the growth of distributed computing make eas... more The increase of the capacity of processing units and the growth of distributed computing make easy to collect and process information of Internet traffic flows. This information, however, can be used to perform attacks in anonymous communications that could compromise privacy. With the aim of preventing these attacks, we propose a scheme that implements a multimodal behavior using the random walk theory and crypto-types. The random walk mechanism is responsible for generating network patterns, and the cryptotype performs the micro-encryption tasks using series of quantum-resistant cryptography methods through the anonymous channel. The result shows that using this technique, we can prevent network analysis attacks by means of the generation of a different pattern in each execution for the same set of data. Namely, the experiments we have developed indicate that the average rate of true detections of application behaviors made by intruders does not exceed 24%. Thus, this multimodal pattern gives a high level of immunity against data analysis attacks because the intruders could consider the generated patterns as the typical patterns.
In Next Generation Networks, Kerberos is becoming a key component to support authentication and k... more In Next Generation Networks, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.
The growth of users connected to the Internet with a high bandwidth connection hasfavored the inc... more The growth of users connected to the Internet with a high bandwidth connection hasfavored the increase of multimedia services. As many of these services are provided by means of SIP, adding support for payment to SIP might benefit vendors. Payments in SIP have been proposed for accessing services, for microbilling and even as a solution to SPAM in VoIP systems. Current proposals have some limitations such as either not being suitable for low payments or micropayments, or not supporting the use of different payment protocols or the payment is always made for the whole session or they do not take into account that streams of different quality could have different prices. In response to these limitations, we propose a new SIP extension for supporting any kind of payments (both micropayments and macropayments) on SIP. In addition to being payment-independent, our proposal solves interoperability problems. Our proposal is based in an standard extension of SDP and SIP in order to maximize the compatibility. This facilitates the deployment of payment in SIP-based services. Moreover, our SIP extension supports an offer/answer model that allows the choice of the quality of the streams as well as the payment options to use. Furthermore, it is flexible and not only supports payment but also more complex business models such as loyalty models, credentials and subscriptions. In this paper, we provide a generic way to incorporate new payment methods and business models in the vendor's software. Using some application scenarios, we make a comparison between our proposal and previous work to show some of the advantages of using our proposal.
Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many user... more Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many users are aware that when they are accessing Web sites, these Web sites can track them and create profiles on the elements they access, the advertisements they see, the different links they visit, from which Web sites they come from and to which sites they exit, and so on. In order to maintain user privacy, several techniques, methods and solutions have appeared. In this paper we present an analysis of both these solutions and the main tools that are freely distributed or can be used freely and that implement some of these techniques and methods to preserve privacy when users and surfing on the Internet. This work, unlike previous reviews, shows in a comprehensive way, all the different risks when a user navigates on the Web, the different solutions proposed that finally have being implemented and being used to achieve Web privacy goal. Thus, users can decide which tools to use when they want navigate privately and what kind of risks they are assuming.
Low value electronic content is not being offered following a model in which the content is acces... more Low value electronic content is not being offered following a model in which the content is accessed clicking in a new sort of links called per-fee-links. The goal of these links is making the (micro)payment of a web content as simple as possible: just by clicking on a link. Despite this model has been proposed as an approach to pay low-value content on the web, we do not find any existing framework following that model. As a response to this need, we propose a new framework based on three main components. First, a session-oriented protocol that is independent of the application protocol used (HTTP, FTP ...). It does not only support the per-fee-links model but also other models such as pay-per-data, pay-per-time, etc. Second, we describe how to define a per-fee-link. Finally, we mention the set of functions that should be supported by a wallet in this framework.
EURASIP Journal on Wireless …, Jan 1, 2012
In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obt... more In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obtain profit from the services they provide. Payments in SIP have also been proposed for microbilling and even as a solution to SPAM in VoIP systems. Although several proposals exist for making payments in SIP, they present some limitations when we want to pay for access to real-time services: either they are not suitable for micropayments or they do not consider security in the payment information exchanged. As a response to these limitations, we propose a new SIP payment protocol, LP-SIP, that supports the payment according to different models like pay-per-time, session-based, etc. It also performs payments in SIP efficiently and takes into account the secure exchange of payment information, unlike other existing proposals. Thus, we provide a lightweight payment protocol that can be used for the payment of real-time services.
Journal of Theoretical …, Jan 1, 2007
The development of electronic signature in mobile devices is an essential issue for the advance a... more The development of electronic signature in mobile devices is an essential issue for the advance and expansion of the mobile electronic commerce since it provides security and trust in the system. E-signatures provide security for the transactions with authenticity and integrity characteristics that make non-repudiation of the transactions possible.
IEEE Access, 2023
The clinical environment is one of the most important sources of sensitive patient data in health... more The clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case's security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented. INDEX TERMS Clinical scenario, patient data, privacy, security, threat model.
Journal of Information Security and Applications, 2023
In our society, protecting users' privacy is of utmost importance, especially when users access w... more In our society, protecting users' privacy is of utmost importance, especially when users access websites. Increased awareness of privacy concerns has led web browsers to implement new mechanisms to improve privacy while browsing the Internet. In each new version of web browsers, it is claimed that they provide better improvements to protect our privacy. However, there is no analysis of these improvements. To cope with this issue, in this paper, we present an analysis of the privacy of different versions of the Chrome web browser. This analysis is based on the PrivacyScanner tool, which we have improved with the detection of additional tracking techniques. Our findings reveal that tracking protection has seen modest enhancements (namely, between Chrome version 83 and 90, we observed a 7.55% reduction in trackers and 4.76% decrease in Google Analytics elements). Therefore, despite these improvements, there is still ample room for further enhancement.
Sustainability, 2022
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
ACM Computing Surveys, 2023
Currently, healthcare is critical environment in our society, which attracts attention to malicio... more Currently, healthcare is critical environment in our society, which attracts attention to malicious activities and has caused an important number of damaging attacks. In parallel, the recent advancements in technologies, computing systems, and wireless communications are changing healthcare environment by adding different improvements and complexity to it. This article reviews the current state of the literature and provides a holistic view of cybersecurity in healthcare. With this purpose in mind, the article enumerates the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare. In this context, this work maps the threats collected with a widely used knowledge-based framework, MITRE ATT&CK, building a contribution not seen so far. This article also enumerates the security mechanisms created to protect healthcare, identifying the principal research lines addressed in the literature, and listing the available public security-focused datasets used in machinelearning to provide security in the medical domain. To conclude, the research challenges that need to be addressed for future research works in this area are presented. CCS Concepts: • General and reference → Surveys and overviews; • Applied computing → Health care information systems; • Social and professional topics → Patient privacy; • Security and privacy → Security requirements;
Sustainability, 2021
The availability of multiple (mobile) electronic payment systems ((M)EPS) has led to the developm... more The availability of multiple (mobile) electronic payment systems ((M)EPS) has led to the development of web browser payment interfaces that support various payment systems, facilitate the transaction, the choice of the payment system, and perform the payment. However, so far, no in-depth study on user satisfaction determinants with these interfaces has been conducted. Our work aims to cope with this issue. Thus, based on the analysis of payment literature and Google Chrome web browser (GCWB) payment interface, we propose a new web browser payment interface that considers users’ preferences to support multiple payment systems. Furthermore, we have developed a theoretical model to determine users’ preferences to support multiple payment systems. Our model is based on the extension of technology acceptance models. Finally, we evaluated both the theoretical and proposed payment interface through a survey research approach (n = 266); data were collected, and the hypotheses were tested via statistical analysis (chi-square test, regression coefficients). Our experimental results revealed that our proposed interface is accepted, easy to use, and satisfies users’ needs. The key factors for accepting a new web browser payment interface are ease of use, usefulness, security, confidentiality, privacy, payment method preferences, visual interface design, and credibility.
Journal of Cybersecurity and Privacy, 2021
Anonymous communications networks were created to protect the privacy of communications, preventi... more Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advances regarding Tor hidden services, limitations found, and future issues to be investigated.
Future Generation Computer Systems, 2021
Botnets are causing severe damages to users, companies, and governments through information theft... more Botnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques.
IEEE Access, 2020
Some lecturers start their sessions by reviewing or summarizing the main contents covered in the ... more Some lecturers start their sessions by reviewing or summarizing the main contents covered in the previous session. In general, this review involves the teacher exposing the main concepts and, in some cases, asking about them. This approach, which could be called Check-Reinforce Introduction (CRI), might be seen as having one main drawback; namely, the restricted feedback that lecturers may receive from students due to shyness. Bearing in mind this limitation, we have created what we have called the Classroom Response System CRI (C2RI), which takes advantage of a smartphone-based Classroom Response System (CRS) to obtain more feedback from students during the CRI. We conducted a five-year study on teaching related to technological issues in order to obtain empirical data on whether students consider the use of CRI useful. This is, to our knowledge, the first study involving empirical quantitative data. For this purpose, during the study, we applied the new method (C2RI) to assess whether students prefer C2RI or CRI and whether students' level of attention, motivation, and performance improved or not. Our findings show that the majority of students consider both methods useful, but the scores are higher in C2RI and they perceive higher level of attention with this method. We have also discovered that their motivation to study between lectures decreased using C2RI, which correlates with a slight decrease in student performance on exams, concluding that this method has to be designed in a way that does not create a false sense of confidence in the students. INDEX TERMS Classroom response system, CRS, reinforcement, attention, performance.
IEEE Access, 2019
The online payment for products or for the access to payment-based services can be made by means ... more The online payment for products or for the access to payment-based services can be made by means of a range of (mobile) electronic payment systems – (M)EPS. Both the industrial sector and research community, mainly World Wide Web Consortium (W3C), are working on facilitating these payment methods on Web and supporting the multiple users on how they can select the suitable (M)EPS. However, to the best of our knowledge, there were no thorough studies considering consumer’s preferences when they support multiple (M)EPS. To address this issue, we have performed a survey on an international participants (n=272) aiming to (i) developed a theoretical model to determine their preferences when they are supporting more than one (M)EPS, (ii) find the most valuable option according to them and (iii) determine the surrounding conditions that support their decision to use a specific (M)EPS. The theoretical framework of this study was based on the Technology Acceptance Model (TAM). According to our statistical analysis (Chi-square test), consumers that can pay using different (M)EPS during their online payment transaction, have a preferred payment system based on its security, fees, usefulness, and ease of use as well as on their favorite Web browser for these transactions. Factor analysis was also performed to identify factors that much influence the (M)EPS. Results revealed that the factors influencing online payment preferences differ from those involved in traditional payment methods. Our findings allowed, therefore, providing practical suggestions for supporting payment processes with Web browsers and the W3C payment Application Program Interface (API).
Abstract Working with specific m-learning apps is useful for learning/teaching purposes. However,... more Abstract Working with specific m-learning apps is useful for learning/teaching purposes. However, its development requires advanced knowledge in programming mobile devices. We present a case study that evaluates the usefulness of App Inventor as a visual, blocks platform that allows teachers, without any advanced programming knowledge, to develop customized m-learning apps.
Privacy is an important research topic due to its implications in society. Among the topics cover... more Privacy is an important research topic due to its implications in society. Among the topics covered by privacy, we can highlight how to establish anonymous communications. During the latest years we have seen an important research in this field. In order to know what the state of the art in the research in anonymous communication systems (ACS) is, we have developed a systematic literature review (SLR). Namely, our SLR analyzes several issues: activity performed in the field, major research purposes, findings, what the most ACS study, the limitations of current research, how is leading the research in this field and the most highly-cited articles. Our SLR provides an analysis on 203 papers found in conferences and journals focused on anonymous communications systems between 2011 and 2016. Thus, our SLR provides an updated view on the status of the research in the field and the different future topics to be addressed.
End users' demand for electronic contents and services is increasing dramatically. Vendors and se... more End users' demand for electronic contents and services is increasing dramatically. Vendors and service providers might want to obtain benefits by charging for their electronic contents and services. Thus, they might need to offer different payment protocols to make the payment. Payment frameworks appeared for this purpose. However, currently, none of them provides a comprehensive solution that facilitates the negotiation and the choice of the payment protocol to perform the purchase. In this paper, we present the general approach we have followed for the design of different payment frameworks that facilitate these processes. This approach is built upon the base of a set of generic components that we have defined. Namely, a generic payment protocol for supporting payments with different protocols; a payment schema that allows the description of payment information and the definition of payment extensions to some protocols; a generic wallet Application Programming Interface (API) to support the definition of wallets for different protocols, and a payment ontology for the semantic annotation and description of payment information. These generic components can be utilized in different scenarios and provide a uniform way to make purchases, which generates user trust and simplifies its use.
The Semantic Web has emerged as an extension of the current Web, in which Web content has well-de... more The Semantic Web has emerged as an extension of the current Web, in which Web content has well-defined meaning through the addition of logic-based metadata. However, current mechanisms for information retrieval from semantic knowledge bases restrict their use to only experienced users. To address this gap, the natural language processing (NLP) is deemed to be very intuitive from a use point of view, due to it hides the formality of a knowledge base as well as the executable query language. This paper presents a novel ontology-based information retrieval system for DBpedia called ONLI (Ontology-based Natural Language Interface). ONLI proposes the use of an ontology model in order to represent both the syntactic question’s structure and the question’s context. This model allows inferring the answer type expected by the user through an established question’s classification. These features allow reducing the search space thus increasing the probability of providing the correct answer. From this perspective, ONLI was evaluated in terms of their ability to find the correct answer into DBpedia’s content, achieving promising results and proving to be very useful to non-experienced users.
Security and Communication Networks, Feb 9, 2015
The increase of the capacity of processing units and the growth of distributed computing make eas... more The increase of the capacity of processing units and the growth of distributed computing make easy to collect and process information of Internet traffic flows. This information, however, can be used to perform attacks in anonymous communications that could compromise privacy. With the aim of preventing these attacks, we propose a scheme that implements a multimodal behavior using the random walk theory and crypto-types. The random walk mechanism is responsible for generating network patterns, and the cryptotype performs the micro-encryption tasks using series of quantum-resistant cryptography methods through the anonymous channel. The result shows that using this technique, we can prevent network analysis attacks by means of the generation of a different pattern in each execution for the same set of data. Namely, the experiments we have developed indicate that the average rate of true detections of application behaviors made by intruders does not exceed 24%. Thus, this multimodal pattern gives a high level of immunity against data analysis attacks because the intruders could consider the generated patterns as the typical patterns.
In Next Generation Networks, Kerberos is becoming a key component to support authentication and k... more In Next Generation Networks, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.
The growth of users connected to the Internet with a high bandwidth connection hasfavored the inc... more The growth of users connected to the Internet with a high bandwidth connection hasfavored the increase of multimedia services. As many of these services are provided by means of SIP, adding support for payment to SIP might benefit vendors. Payments in SIP have been proposed for accessing services, for microbilling and even as a solution to SPAM in VoIP systems. Current proposals have some limitations such as either not being suitable for low payments or micropayments, or not supporting the use of different payment protocols or the payment is always made for the whole session or they do not take into account that streams of different quality could have different prices. In response to these limitations, we propose a new SIP extension for supporting any kind of payments (both micropayments and macropayments) on SIP. In addition to being payment-independent, our proposal solves interoperability problems. Our proposal is based in an standard extension of SDP and SIP in order to maximize the compatibility. This facilitates the deployment of payment in SIP-based services. Moreover, our SIP extension supports an offer/answer model that allows the choice of the quality of the streams as well as the payment options to use. Furthermore, it is flexible and not only supports payment but also more complex business models such as loyalty models, credentials and subscriptions. In this paper, we provide a generic way to incorporate new payment methods and business models in the vendor's software. Using some application scenarios, we make a comparison between our proposal and previous work to show some of the advantages of using our proposal.
Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many user... more Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many users are aware that when they are accessing Web sites, these Web sites can track them and create profiles on the elements they access, the advertisements they see, the different links they visit, from which Web sites they come from and to which sites they exit, and so on. In order to maintain user privacy, several techniques, methods and solutions have appeared. In this paper we present an analysis of both these solutions and the main tools that are freely distributed or can be used freely and that implement some of these techniques and methods to preserve privacy when users and surfing on the Internet. This work, unlike previous reviews, shows in a comprehensive way, all the different risks when a user navigates on the Web, the different solutions proposed that finally have being implemented and being used to achieve Web privacy goal. Thus, users can decide which tools to use when they want navigate privately and what kind of risks they are assuming.
Low value electronic content is not being offered following a model in which the content is acces... more Low value electronic content is not being offered following a model in which the content is accessed clicking in a new sort of links called per-fee-links. The goal of these links is making the (micro)payment of a web content as simple as possible: just by clicking on a link. Despite this model has been proposed as an approach to pay low-value content on the web, we do not find any existing framework following that model. As a response to this need, we propose a new framework based on three main components. First, a session-oriented protocol that is independent of the application protocol used (HTTP, FTP ...). It does not only support the per-fee-links model but also other models such as pay-per-data, pay-per-time, etc. Second, we describe how to define a per-fee-link. Finally, we mention the set of functions that should be supported by a wallet in this framework.
EURASIP Journal on Wireless …, Jan 1, 2012
In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obt... more In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obtain profit from the services they provide. Payments in SIP have also been proposed for microbilling and even as a solution to SPAM in VoIP systems. Although several proposals exist for making payments in SIP, they present some limitations when we want to pay for access to real-time services: either they are not suitable for micropayments or they do not consider security in the payment information exchanged. As a response to these limitations, we propose a new SIP payment protocol, LP-SIP, that supports the payment according to different models like pay-per-time, session-based, etc. It also performs payments in SIP efficiently and takes into account the secure exchange of payment information, unlike other existing proposals. Thus, we provide a lightweight payment protocol that can be used for the payment of real-time services.
Journal of Theoretical …, Jan 1, 2007
The development of electronic signature in mobile devices is an essential issue for the advance a... more The development of electronic signature in mobile devices is an essential issue for the advance and expansion of the mobile electronic commerce since it provides security and trust in the system. E-signatures provide security for the transactions with authenticity and integrity characteristics that make non-repudiation of the transactions possible.
IEEE Access, 2019
The online payment for products or for the access to payment-based services can be made by means ... more The online payment for products or for the access to payment-based services can be made by means of a range of (mobile) electronic payment systems-(M)EPS. Both the industrial sector and research community, mainly World Wide Web Consortium (W3C), are working on facilitating these payment methods on Web and supporting the multiple users on how they can select the suitable (M)EPS. However, to the best of our knowledge, there were no thorough studies considering consumer's preferences when they support multiple (M)EPS. To address this issue, we have performed a survey on an international participants (n=272) aiming to (i) developed a theoretical model to determine their preferences when they are supporting more than one (M)EPS, (ii) find the most valuable option according to them and (iii) determine the surrounding conditions that support their decision to use a specific (M)EPS. The theoretical framework of this study was based on the Technology Acceptance Model (TAM). According to our statistical analysis (Chi-square test), consumers that can pay using different (M)EPS during their online payment transaction, have a preferred payment system based on its security, fees, usefulness, and ease of use as well as on their favorite Web browser for these transactions. Factor analysis was also performed to identify factors that much influence the (M)EPS. Results revealed that the factors influencing online payment preferences differ from those involved in traditional payment methods. Our findings allowed, therefore, providing practical suggestions for supporting payment processes with Web browsers and the W3C payment Application Program Interface (API). INDEX TERMS Electronic payment systems, mobile payment systems, payment preference, ease of use, perceived security, technology acceptance model (TAM).
Mobile Internet Protocol (MIP) enables a mobile node to be recognized via a single IP address whi... more Mobile Internet Protocol (MIP) enables a mobile node to be recognized via a single IP address while the node moves between different networks. MIP attains the connectivity to nodes everywhere without user intervention. One general improvement in Mobile IPv6 (MIPv6) compared to MIPv4 is the enhanced security. However, there are areas still susceptible to various kinds of attacks. Security approaches for the MIPv6 are still in progress and there are few unsolved concerns and problems. This chapter focuses on MIPv6 security considerations, potential threats, and possible defense mechanisms. The authors discuss and analyze in detail the MIPv6 mobility management and security approaches with respect to the efficiency and complexity and bring forward some constructive recommendations.
Information Security Education. Information Security in Action, 2020
Cyber security MOOCs (Massive Open Online Courses) can enable lifelong learning and increase the ... more Cyber security MOOCs (Massive Open Online Courses) can enable lifelong learning and increase the cyber security competence of experts and citizens. This paper contributes with a review of existing cyber security MOOCs and MOOC quality assurance frameworks. It then presents quality criteria, which we elicited for evaluating whether cyber security MOOCs are worthy to be awarded with a quality seal. Finally, an exemplary evaluation of six selected European MOOCs is presented to exercise the quality seal awarding process. Additionally, the evaluation revealed that criteria for assuring privacy, ethics, meeting professional expectations and openness were on average not clearly met.
Communications in Computer and Information Science, 2019
Bullying is the deliberate physical and psychological abuse that a child receives from other chil... more Bullying is the deliberate physical and psychological abuse that a child receives from other children. The term cyberbullying has recently emerged to denote a new type of bullying that takes place over digital platforms, where the stalkers can perform their crimes on the vulnerable victims. In severe cases, the harassment has lead the victims to the extreme causing irreparable damage or leading them to suicide. In order to stop cyberbullying, the scientific community is developing effective tools capable of detecting the harassment as soon as possible; however, these detection systems are still in an early stage and must be improved. Our contribution is CyberDect, an online-tool that seeks on Social Networks indications of harassment. In a nutshell, our proposal combines Open Source Intelligence tools with Natural Language Processing techniques to analyse posts seeking for abusive language towards the victim. The evaluation of our proposal has been performed with a case-study that consisted in monitor two real high school accounts from Spain.
This chapter presents what an electronic payment framework is, its main features and benefits, wh... more This chapter presents what an electronic payment framework is, its main features and benefits, what the main electronic payment frameworks proposed so far are, and the current initiatives that are being developed. For each framework developed so far, the chapter presents its key features and differences with previous works. The presentation of the different frameworks proposed so far will allow the reader to understand the evolution of these frameworks and how different features have been incorporated along the time. Once previous works have been presented, the chapter introduces the most recent work in this field, that is, the work that is being developed by W3C with its web payment activity initiative. The chapter covers the different specifications that have been defined in this initiative and it analyzes the main challenges to be addressed. Thus, the reader will have a broad vision of electronic payment frameworks.
La adquisicion de competencias relacionadas con los temas de arquitectura de redes tales como el ... more La adquisicion de competencias relacionadas con los temas de arquitectura de redes tales como el enrutamiento es un aspecto fundamental en un grado de informatica. Para la adquisicion de estas competencias se necesita disponer de escenarios de red con un numero considerable de componentes fisicos tales como routers, switches, etc. Sin embargo, en la mayoria de los casos no resulta sencillo debido al coste economico o a la gestion de estos componentes. Una posible solucion a este problema es la virtualizacion. En este articulo presentamos la experiencia docente llevada a cabo en la facultad de informatica de la universidad de Murcia para formar a los estudiantes en temas de enrutamiento por medio de este tipo de herramientas. En el articulo presentamos la metodologia seguida a lo largo de estos anos, los problemas a los que nos hemos enfrentado y como los hemos ido solucionando para facilitar el proceso de ensenanza-aprendizaje. Esta experiencia puede resultar de utilidad para los in...
IEEE Access, 2020
Some lecturers start their sessions by reviewing or summarizing the main contents covered in the ... more Some lecturers start their sessions by reviewing or summarizing the main contents covered in the previous session. In general, this review involves the teacher exposing the main concepts and, in some cases, asking about them. This approach, which could be called Check-Reinforce Introduction (CRI), might be seen as having one main drawback; namely, the restricted feedback that lecturers may receive from students due to shyness. Bearing in mind this limitation, we have created what we have called the Classroom Response System CRI (C2RI), which takes advantage of a smartphone-based Classroom Response System (CRS) to obtain more feedback from students during the CRI. We conducted a five-year study on teaching related to technological issues in order to obtain empirical data on whether students consider the use of CRI useful. This is, to our knowledge, the first study involving empirical quantitative data. For this purpose, during the study, we applied the new method (C2RI) to assess whether students prefer C2RI or CRI and whether students' level of attention, motivation, and performance improved or not. Our findings show that the majority of students consider both methods useful, but the scores are higher in C2RI and they perceive higher level of attention with this method. We have also discovered that their motivation to study between lectures decreased using C2RI, which correlates with a slight decrease in student performance on exams, concluding that this method has to be designed in a way that does not create a false sense of confidence in the students.
Computers & Electrical Engineering, 2018
Privacy is an important research topic due to its implications in society. Among the topics cover... more Privacy is an important research topic due to its implications in society. Among the topics covered by privacy, we can highlight how to establish anonymous communications. During the latest years we have seen an important research in this field. In order to know what the state of the art in the research in anonymous communication systems (ACS) is, we have developed a systematic literature review (SLR). Namely, our SLR analyzes several issues: activity performed in the field, major research purposes, findings, what the most ACS study, the limitations of current research, how is leading the research in this field and the most highly-cited articles. Our SLR provides an analysis on 203 papers found in conferences and journals focused on anonymous communications systems between 2011 and 2016. Thus, our SLR provides an updated view on the status of the research in the field and the different future topics to be addressed.
Journal of Information Science, 2016
Financial news plays a significant role with regard to predicting the behaviour of financial mark... more Financial news plays a significant role with regard to predicting the behaviour of financial markets. However, the exponential growth of financial news on the Web has led to a need for new technologies that automatically collect and categorise large volumes of information in a fast and easy manner. Sentiment analysis, or opinion mining, is the field of study that analyses people’s opinions, moods and evaluations using written text on Web platforms. In recent research, a substantial effort has been made to develop sophisticated methods with which to classify sentiments in the financial domain. However, there is a lack of approaches that analyse the positive or negative orientation of each aspect contained in a document. In this respect, we propose a new sentiment analysis method for feature and news polarity classification. The method presented is based on an ontology-driven approach that makes it possible to semantically describe relations between concepts in the financial news doma...
Novática, revista fundada en 1975, es el órgano oficial de expresión y formación continua de ATI ... more Novática, revista fundada en 1975, es el órgano oficial de expresión y formación continua de ATI (Asociación de Técnicos de Informática). Novática edita también Upgrade, revista digital de CEPIS (Council of European Professional Informatics Societies), en lengua inglesa. <http://www.ati.es/novatica/> <http://www.upgrade-cepis.org/> ATI es miembro de CEPIS (Council of European Professional Informatics Societies) y tiene un acuerdo de colaboración con ACM (Association for Computing Machinery). Tiene asimismo acuerdos de vinculación o colaboración con AdaSpain, AI 2 y ASTIC CONSEJO EDITORIAL
Journal of Cybersecurity and Privacy, 2021
Anonymous communications networks were created to protect the privacy of communications, preventi... more Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advan...
Proceedings of the International Conference on Security and Cryptography, 2006
Investigación en Ciberseguridad, 2021
J. Res. Pract. Inf. Technol., 2014
Ontologies and semantics have emerged as a fundamental research topic in the information systems ... more Ontologies and semantics have emerged as a fundamental research topic in the information systems area to knowledge representation, making explicit the meaning of information, to share information and to achieve interoperability between. Thus, ontologies and semantics are being used in diff erent fi elds such as Semantic Web, e-Business, information integration, data mining, database design, etc. But its use can be extended beyond information systems and can be applied in networked systems. In these systems ontologies can provide the basis for the automation of information exchanges, dynamic confi guration of systems, detecting att acks into the systems, reasoning on behaviour and context that allow dynamic and context-aware applications, etc. The purpose of this Special Collection was to collect innovative and high-quality research contributions regarding the role played by ontologies and semantics in networked systems. This special collection aims to investigate the synergies betwe...
Communications in Computer and Information Science, 2019
Future Generation Computer Systems, 2021
Abstract Botnets are causing severe damages to users, companies, and governments through informat... more Abstract Botnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques.
Bullying is the deliberate physical and psychological abuse that a child receives from other chil... more Bullying is the deliberate physical and psychological abuse that a child receives from other children. The term cyberbullying has recently emerged to denote a new type of bullying that takes place over digital platforms, where the stalkers can perform their crimes on the vulnerable victims. In severe cases, the harassment has lead the victims to the extreme causing irreparable damage or leading them to suicide. In order to stop cyberbullying, the scientific community is developing effective tools capable of detecting the harassment as soon as possible; however, these detection systems are still in an early stage and must be improved. Our contribution is CyberDect, an online-tool that seeks on Social Networks indications of harassment. In a nutshell, our proposal combines Open Source Intelligence tools with Natural Language Processing techniques to analyse posts seeking for abusive language towards the victim. The evaluation of our proposal has been performed with a case-study that consisted in monitor two real high school accounts from Spain.
Internet users progressively have realized that due to our online activities our privacy can be c... more Internet users progressively have realized that due to our online activities our privacy can be compromised and that much personal information can be gathered. To cope with this problem, both technological solutions and regulations have emerged which are steadily being improved. But, apart from these privacy-preserving tools, we need tools to show privacy risks and that end-users be aware the risks they might be exposed to when they access a website. Currently, there are some tools of this kind. However, they are not oriented to end-users (users with not a high/moderate knowledge on technical issues related to tracking). To address this issue, we have started the development of a Web scanner, named Privacy Web Scanner, that is, in charge of analyzing a website and provide in a simple and graphical way the privacy implications of accessing that site for end-users. In the paper, we present the main issues that should be considered in this kind of scanner, its design and the features of the current beta version.
Information Security Education. Information Security in Action - 13th IFIP WG 11.8 World Conference, WISE 13
Cyber security MOOCs (Massive Open Online Courses) can enable lifelong learning and increase the ... more Cyber security MOOCs (Massive Open Online Courses) can enable lifelong learning and increase the cyber security competence of experts and citizens. This paper contributes with a review of existing cyber security MOOCs and MOOC quality assurance frameworks. It then presents quality criteria, which we elicited for evaluating whether cyber security MOOCs are worthy to be awarded with a quality seal. Finally, an exemplary evaluation of six selected European MOOCs is presented to exercise the quality seal awarding process. Additionally, the evaluation revealed that criteria for assuring privacy, ethics, meeting professional expectations and openness were on average not clearly met.
6th International Technology, Education and Development Conference (INTEND2012) Proceedings
SSCC, 2018
Automotive systems are widely upgraded with Internet-based applications. In these applications, w... more Automotive systems are widely upgraded with Internet-based applications. In these applications, we could be interested in preserving anonymity of communications and that senders (automotive system) could communicate in an anonymous way. For this purpose, we need to introduce the model of an anonymous communication system in automotive systems. The design of this system requires a workload model in the system. In this paper, we present how to distribute this workload in a Controller Area Network (CAN)-based automotive system so that anonymous communications are feasible at the same time we make sure sensitive jobs meet their deadlines. We proposed a systematic method in order to deal with incorporating anonymity service into the automotive system. The proposed system has been modelled and simulated using RTaW-Sim for a VOLVO XC90 car. The results show that this model can be applied successfully to automotive systems.