articles by Antonio Ruiz-Martínez
IEEE Access, 2023
The clinical environment is one of the most important sources of sensitive patient data in health... more The clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case's security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented. INDEX TERMS Clinical scenario, patient data, privacy, security, threat model.
Journal of Information Security and Applications, 2023
In our society, protecting users' privacy is of utmost importance, especially when users access w... more In our society, protecting users' privacy is of utmost importance, especially when users access websites. Increased awareness of privacy concerns has led web browsers to implement new mechanisms to improve privacy while browsing the Internet. In each new version of web browsers, it is claimed that they provide better improvements to protect our privacy. However, there is no analysis of these improvements. To cope with this issue, in this paper, we present an analysis of the privacy of different versions of the Chrome web browser. This analysis is based on the PrivacyScanner tool, which we have improved with the detection of additional tracking techniques. Our findings reveal that tracking protection has seen modest enhancements (namely, between Chrome version 83 and 90, we observed a 7.55% reduction in trackers and 4.76% decrease in Google Analytics elements). Therefore, despite these improvements, there is still ample room for further enhancement.
Sustainability, 2022
This article is an open access article distributed under the terms and conditions of the Creative... more This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY
ACM Computing Surveys, 2023
Currently, healthcare is critical environment in our society, which attracts attention to malicio... more Currently, healthcare is critical environment in our society, which attracts attention to malicious activities and has caused an important number of damaging attacks. In parallel, the recent advancements in technologies, computing systems, and wireless communications are changing healthcare environment by adding different improvements and complexity to it. This article reviews the current state of the literature and provides a holistic view of cybersecurity in healthcare. With this purpose in mind, the article enumerates the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare. In this context, this work maps the threats collected with a widely used knowledge-based framework, MITRE ATT&CK, building a contribution not seen so far. This article also enumerates the security mechanisms created to protect healthcare, identifying the principal research lines addressed in the literature, and listing the available public security-focused datasets used in machinelearning to provide security in the medical domain. To conclude, the research challenges that need to be addressed for future research works in this area are presented. CCS Concepts: • General and reference → Surveys and overviews; • Applied computing → Health care information systems; • Social and professional topics → Patient privacy; • Security and privacy → Security requirements;
Sustainability, 2021
The availability of multiple (mobile) electronic payment systems ((M)EPS) has led to the developm... more The availability of multiple (mobile) electronic payment systems ((M)EPS) has led to the development of web browser payment interfaces that support various payment systems, facilitate the transaction, the choice of the payment system, and perform the payment. However, so far, no in-depth study on user satisfaction determinants with these interfaces has been conducted. Our work aims to cope with this issue. Thus, based on the analysis of payment literature and Google Chrome web browser (GCWB) payment interface, we propose a new web browser payment interface that considers users’ preferences to support multiple payment systems. Furthermore, we have developed a theoretical model to determine users’ preferences to support multiple payment systems. Our model is based on the extension of technology acceptance models. Finally, we evaluated both the theoretical and proposed payment interface through a survey research approach (n = 266); data were collected, and the hypotheses were tested via statistical analysis (chi-square test, regression coefficients). Our experimental results revealed that our proposed interface is accepted, easy to use, and satisfies users’ needs. The key factors for accepting a new web browser payment interface are ease of use, usefulness, security, confidentiality, privacy, payment method preferences, visual interface design, and credibility.
Journal of Cybersecurity and Privacy, 2021
Anonymous communications networks were created to protect the privacy of communications, preventi... more Anonymous communications networks were created to protect the privacy of communications, preventing censorship and traffic analysis. The most famous anonymous communication network is Tor. This anonymous communication network provides some interesting features. Among them, we can mention that Tor can hide a user’s IP address when accessing to a service such as the Web, and it also supports Tor hidden services (THS) (now named onion services) as a mechanism to conceal the server’s IP address, used mainly to provide anonymity to websites. THS is an important research field in Tor. However, there is a lack of reviews that sum up the main findings and research challenges. In this article, we present a systematic literature review that aims to offer a comprehensive overview of the research made on THS by presenting the state-of-the-art and the different research challenges to be addressed. This review has been developed from a selection of 57 articles and presents main findings and advances regarding Tor hidden services, limitations found, and future issues to be investigated.
Future Generation Computer Systems, 2021
Botnets are causing severe damages to users, companies, and governments through information theft... more Botnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques.
IEEE Access, 2020
Some lecturers start their sessions by reviewing or summarizing the main contents covered in the ... more Some lecturers start their sessions by reviewing or summarizing the main contents covered in the previous session. In general, this review involves the teacher exposing the main concepts and, in some cases, asking about them. This approach, which could be called Check-Reinforce Introduction (CRI), might be seen as having one main drawback; namely, the restricted feedback that lecturers may receive from students due to shyness. Bearing in mind this limitation, we have created what we have called the Classroom Response System CRI (C2RI), which takes advantage of a smartphone-based Classroom Response System (CRS) to obtain more feedback from students during the CRI. We conducted a five-year study on teaching related to technological issues in order to obtain empirical data on whether students consider the use of CRI useful. This is, to our knowledge, the first study involving empirical quantitative data. For this purpose, during the study, we applied the new method (C2RI) to assess whether students prefer C2RI or CRI and whether students' level of attention, motivation, and performance improved or not. Our findings show that the majority of students consider both methods useful, but the scores are higher in C2RI and they perceive higher level of attention with this method. We have also discovered that their motivation to study between lectures decreased using C2RI, which correlates with a slight decrease in student performance on exams, concluding that this method has to be designed in a way that does not create a false sense of confidence in the students. INDEX TERMS Classroom response system, CRS, reinforcement, attention, performance.
IEEE Access, 2019
The online payment for products or for the access to payment-based services can be made by means ... more The online payment for products or for the access to payment-based services can be made by means of a range of (mobile) electronic payment systems – (M)EPS. Both the industrial sector and research community, mainly World Wide Web Consortium (W3C), are working on facilitating these payment methods on Web and supporting the multiple users on how they can select the suitable (M)EPS. However, to the best of our knowledge, there were no thorough studies considering consumer’s preferences when they support multiple (M)EPS. To address this issue, we have performed a survey on an international participants (n=272) aiming to (i) developed a theoretical model to determine their preferences when they are supporting more than one (M)EPS, (ii) find the most valuable option according to them and (iii) determine the surrounding conditions that support their decision to use a specific (M)EPS. The theoretical framework of this study was based on the Technology Acceptance Model (TAM). According to our statistical analysis (Chi-square test), consumers that can pay using different (M)EPS during their online payment transaction, have a preferred payment system based on its security, fees, usefulness, and ease of use as well as on their favorite Web browser for these transactions. Factor analysis was also performed to identify factors that much influence the (M)EPS. Results revealed that the factors influencing online payment preferences differ from those involved in traditional payment methods. Our findings allowed, therefore, providing practical suggestions for supporting payment processes with Web browsers and the W3C payment Application Program Interface (API).
Abstract Working with specific m-learning apps is useful for learning/teaching purposes. However,... more Abstract Working with specific m-learning apps is useful for learning/teaching purposes. However, its development requires advanced knowledge in programming mobile devices. We present a case study that evaluates the usefulness of App Inventor as a visual, blocks platform that allows teachers, without any advanced programming knowledge, to develop customized m-learning apps.
Privacy is an important research topic due to its implications in society. Among the topics cover... more Privacy is an important research topic due to its implications in society. Among the topics covered by privacy, we can highlight how to establish anonymous communications. During the latest years we have seen an important research in this field. In order to know what the state of the art in the research in anonymous communication systems (ACS) is, we have developed a systematic literature review (SLR). Namely, our SLR analyzes several issues: activity performed in the field, major research purposes, findings, what the most ACS study, the limitations of current research, how is leading the research in this field and the most highly-cited articles. Our SLR provides an analysis on 203 papers found in conferences and journals focused on anonymous communications systems between 2011 and 2016. Thus, our SLR provides an updated view on the status of the research in the field and the different future topics to be addressed.
End users' demand for electronic contents and services is increasing dramatically. Vendors and se... more End users' demand for electronic contents and services is increasing dramatically. Vendors and service providers might want to obtain benefits by charging for their electronic contents and services. Thus, they might need to offer different payment protocols to make the payment. Payment frameworks appeared for this purpose. However, currently, none of them provides a comprehensive solution that facilitates the negotiation and the choice of the payment protocol to perform the purchase. In this paper, we present the general approach we have followed for the design of different payment frameworks that facilitate these processes. This approach is built upon the base of a set of generic components that we have defined. Namely, a generic payment protocol for supporting payments with different protocols; a payment schema that allows the description of payment information and the definition of payment extensions to some protocols; a generic wallet Application Programming Interface (API) to support the definition of wallets for different protocols, and a payment ontology for the semantic annotation and description of payment information. These generic components can be utilized in different scenarios and provide a uniform way to make purchases, which generates user trust and simplifies its use.
The Semantic Web has emerged as an extension of the current Web, in which Web content has well-de... more The Semantic Web has emerged as an extension of the current Web, in which Web content has well-defined meaning through the addition of logic-based metadata. However, current mechanisms for information retrieval from semantic knowledge bases restrict their use to only experienced users. To address this gap, the natural language processing (NLP) is deemed to be very intuitive from a use point of view, due to it hides the formality of a knowledge base as well as the executable query language. This paper presents a novel ontology-based information retrieval system for DBpedia called ONLI (Ontology-based Natural Language Interface). ONLI proposes the use of an ontology model in order to represent both the syntactic question’s structure and the question’s context. This model allows inferring the answer type expected by the user through an established question’s classification. These features allow reducing the search space thus increasing the probability of providing the correct answer. From this perspective, ONLI was evaluated in terms of their ability to find the correct answer into DBpedia’s content, achieving promising results and proving to be very useful to non-experienced users.
Security and Communication Networks, Feb 9, 2015
The increase of the capacity of processing units and the growth of distributed computing make eas... more The increase of the capacity of processing units and the growth of distributed computing make easy to collect and process information of Internet traffic flows. This information, however, can be used to perform attacks in anonymous communications that could compromise privacy. With the aim of preventing these attacks, we propose a scheme that implements a multimodal behavior using the random walk theory and crypto-types. The random walk mechanism is responsible for generating network patterns, and the cryptotype performs the micro-encryption tasks using series of quantum-resistant cryptography methods through the anonymous channel. The result shows that using this technique, we can prevent network analysis attacks by means of the generation of a different pattern in each execution for the same set of data. Namely, the experiments we have developed indicate that the average rate of true detections of application behaviors made by intruders does not exceed 24%. Thus, this multimodal pattern gives a high level of immunity against data analysis attacks because the intruders could consider the generated patterns as the typical patterns.
In Next Generation Networks, Kerberos is becoming a key component to support authentication and k... more In Next Generation Networks, Kerberos is becoming a key component to support authentication and key distribution for Internet application services. However, for this purpose, Kerberos needs to rectify certain deficiencies, especially in the area of privacy, which allow an eavesdropper to obtain information of the services users are accessing. This paper presents a comprehensive privacy framework that guarantees user anonymity, service access unlinkability and message exchange unlinkability in Kerberos both in single-domain and multi-domain scenarios. This proposal is based on different extensibility mechanisms already defined for Kerberos, which facilitate its adoption in already deployed systems. Apart from evaluating our proposal in terms of performance to prove its lightweight nature, we demonstrate its capability to work in perfect harmony with a widely used anonymous communication system like Tor.
The growth of users connected to the Internet with a high bandwidth connection hasfavored the inc... more The growth of users connected to the Internet with a high bandwidth connection hasfavored the increase of multimedia services. As many of these services are provided by means of SIP, adding support for payment to SIP might benefit vendors. Payments in SIP have been proposed for accessing services, for microbilling and even as a solution to SPAM in VoIP systems. Current proposals have some limitations such as either not being suitable for low payments or micropayments, or not supporting the use of different payment protocols or the payment is always made for the whole session or they do not take into account that streams of different quality could have different prices. In response to these limitations, we propose a new SIP extension for supporting any kind of payments (both micropayments and macropayments) on SIP. In addition to being payment-independent, our proposal solves interoperability problems. Our proposal is based in an standard extension of SDP and SIP in order to maximize the compatibility. This facilitates the deployment of payment in SIP-based services. Moreover, our SIP extension supports an offer/answer model that allows the choice of the quality of the streams as well as the payment options to use. Furthermore, it is flexible and not only supports payment but also more complex business models such as loyalty models, credentials and subscriptions. In this paper, we provide a generic way to incorporate new payment methods and business models in the vendor's software. Using some application scenarios, we make a comparison between our proposal and previous work to show some of the advantages of using our proposal.
Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many user... more Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many users are aware that when they are accessing Web sites, these Web sites can track them and create profiles on the elements they access, the advertisements they see, the different links they visit, from which Web sites they come from and to which sites they exit, and so on. In order to maintain user privacy, several techniques, methods and solutions have appeared. In this paper we present an analysis of both these solutions and the main tools that are freely distributed or can be used freely and that implement some of these techniques and methods to preserve privacy when users and surfing on the Internet. This work, unlike previous reviews, shows in a comprehensive way, all the different risks when a user navigates on the Web, the different solutions proposed that finally have being implemented and being used to achieve Web privacy goal. Thus, users can decide which tools to use when they want navigate privately and what kind of risks they are assuming.
Low value electronic content is not being offered following a model in which the content is acces... more Low value electronic content is not being offered following a model in which the content is accessed clicking in a new sort of links called per-fee-links. The goal of these links is making the (micro)payment of a web content as simple as possible: just by clicking on a link. Despite this model has been proposed as an approach to pay low-value content on the web, we do not find any existing framework following that model. As a response to this need, we propose a new framework based on three main components. First, a session-oriented protocol that is independent of the application protocol used (HTTP, FTP ...). It does not only support the per-fee-links model but also other models such as pay-per-data, pay-per-time, etc. Second, we describe how to define a per-fee-link. Finally, we mention the set of functions that should be supported by a wallet in this framework.
EURASIP Journal on Wireless …, Jan 1, 2012
In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obt... more In the session initiation protocol (SIP), payments have been proposed as a way for vendors to obtain profit from the services they provide. Payments in SIP have also been proposed for microbilling and even as a solution to SPAM in VoIP systems. Although several proposals exist for making payments in SIP, they present some limitations when we want to pay for access to real-time services: either they are not suitable for micropayments or they do not consider security in the payment information exchanged. As a response to these limitations, we propose a new SIP payment protocol, LP-SIP, that supports the payment according to different models like pay-per-time, session-based, etc. It also performs payments in SIP efficiently and takes into account the secure exchange of payment information, unlike other existing proposals. Thus, we provide a lightweight payment protocol that can be used for the payment of real-time services.
Journal of Theoretical …, Jan 1, 2007
The development of electronic signature in mobile devices is an essential issue for the advance a... more The development of electronic signature in mobile devices is an essential issue for the advance and expansion of the mobile electronic commerce since it provides security and trust in the system. E-signatures provide security for the transactions with authenticity and integrity characteristics that make non-repudiation of the transactions possible.
Uploads
articles by Antonio Ruiz-Martínez