Juan J. Ortega

@article{JavierLopez2005b,

title = {Security Protocols Analysis: A SDL-based Approach},

author = {Javier Lopez and Juan J. Ortega and Jose M. Troya},

url = {/wp-content/papers/JavierLopez2005b.pdf},

issn = {0920-5489},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {Computer Standards \& Interfaces},

volume = {27},

number = {3},

pages = {489-499},

publisher = {Elsevier},

abstract = {Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JavierLopez2004b,

title = {PKI Design Based on the Use of On-line Certification Authorities},

author = {Javier Lopez and Antonio Mana and Jose A. Montenegro and Juan J. Ortega},

url = {/wp-content/papers/JavierLopez2004b.pdf},

issn = {1615-5262},

year  = {2004},

date = {2004-01-01},

urldate = {2004-01-01},

journal = {International Journal of Information Security (IJIS)},

volume = {2},

number = {2},

pages = {91-102},

publisher = {Springer},

abstract = {Public-Key Infrastructures (PKIs) are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert’eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert’eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. Because we have considered the revocation problem as priority in the design process, and with a big influence in the rest of the PKI components, we have developed an alternative solution to the use of Certificate Revocation Lists (CRLs), which has become one of the strongest points in this new scheme.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}