2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011), 2011
The increasing popularity of broadband Internet and the widespread penetration of full-featured m... more The increasing popularity of broadband Internet and the widespread penetration of full-featured mobile devices have signaled WiMAX importance. IEEE 802.16 standard has focused on security from the beginning, being security support a fundamental aspect in wireless communication. We have found some limitations concerning authentication and authorization mechanisms at user level. To overcome those limitations we consider necessary to provide a proper identity management support for WiMAX for enhancing users' experience whereas delivering services in a secure fashion. In this article we analyze several weaknesses and vulnerabilities in WiMAX security and propose the introduction of identity management in WiMAX for a better provision of secure personalized services.
2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin), 2012
ABSTRACT Privacy rules imposed by social networks (SNs) impose several restrictions to user priva... more ABSTRACT Privacy rules imposed by social networks (SNs) impose several restrictions to user privacy. Though they usually offer the user some control to limit access to his own data, the social network may share uploaded data with other partners and marketing companies. Pictures and videos may have a second life, even after being deleted by the user, and consequently storage and access must take place in the user home domain or facilities managed by the user, following an end to end approach. We propose to combine the usage of private clouds, specialized in media contents, in cooperation with SNs, offering the user complete control over his data, while benefiting from the SNs visibility to announce and spread the data. To achieve transparency, we propose a plug-in system to embed links as annotations in reduced media replacement uploaded in the SN. These links point to the real resource stored in the private cloud, now under complete user control. We perform validation tests which show important improvements in uploading time and user experience.
2010 IEEE Global Telecommunications Conference GLOBECOM 2010, 2010
With the rapid evolution of networks and the widespread penetration of mobile devices with increa... more With the rapid evolution of networks and the widespread penetration of mobile devices with increasing capabilities, that have already become a commodity, we are getting a step closer to ubiquity. Thus, we are moving a great part of our lives from the physical world to the online world, i.e. social interactions, business transactions, relations with government administrations, etc. However, while identity verification is easy to handle in the real world, there are many unsolved challenges when dealing with digital identity management, especially due to the lack of user awareness when it comes to privacy. Thus, with the aim to enhance the navigation experience and security in multiservice and multiprovider environments the user must be empowered to control how her attributes are shared and disclosed between different domains. With these goals on mind, we leverage the benefits of the Infocard technology and introduce this usercentric paradigm into the emerging NGN architectures. This paper proposes a way to combine the gains of a SAML federation between service and identity providers with the easiness for the final user of the Inforcard System using the well known architectural schema of IP Multimedia Subsystem.
2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011), 2011
Multimedia availability is exceeding our capacity of management in home environment and outside i... more Multimedia availability is exceeding our capacity of management in home environment and outside it. For that reason, solutions as Media Cloud have brought the concept of Cloud Computing to home environments. Media Cloud provides a comprehensive and efficient solution for managing content among federated home environments. However, when consuming those contents outside a home environment some problems should be addressed as dealing with limited devices and protecting user generated and commercial contents from eavesdroppers. This article describes a solution that enables limited devices to access contents located in private clouds, as Media Cloud, with the cooperation of network providers.
This 14-year-long study makes a novel contribution to the debate on the relationship between the ... more This 14-year-long study makes a novel contribution to the debate on the relationship between the in vitro radiosensitivity of peripheral blood lymphocytes and normal tissue reactions after radiation therapy. The aims were (1) to prospectively assess the degree and time of onset of skin side effects in 40 prospectively recruited consecutive patients with locally advanced breast cancer treated with a hyperfractionated dose-escalation radiotherapy schedule and (2) to assess whether initial radiation-induced DNA damage in peripheral blood lymphocytes of these patients could be used to determine their likelihood of suffering severe late damage to normal tissue. Initial radiation-induced DNA double-strand breaks (DSBs) were assessed in peripheral blood lymphocytes of these patients by pulsed-field electrophoresis. Acute and late cutaneous and subcutaneous toxicity was evaluated using the Radiation Therapy Oncology Group morbidity score. A wide interindividual variation was observed in toxicity grades and in radiation-induced DNA DSBs in peripheral blood lymphocytes (mean 1.61 +/- 0.76 DSBs/Gy per 200 MBp, range 0.63- 4.08), which were not correlated. Multivariate analysis showed a correlation (P < 0.008) between late toxicity and higher prescribed protocol dose (81.6 Gy). Analysis of the 29 patients referred to 81.6 Gy revealed significantly (P < 0.031) more frequent late subcutaneous toxicity in those with intrinsic sensitivity to radiation-induced DNA DSBs of >1.69 DSBs/Gy per DNA unit. Our demonstration of a relationship between the sensitivity of in vitro-irradiated peripheral blood lymphocytes and the risk of developing late toxic effects opens up the possibility of predicting normal tissue response to radiation in individual patients, at least in high-dose non-conventional radiation therapy regimens.
Lafora disease is an autosomal recessive form of progressive myoclonus epilepsy with no effective... more Lafora disease is an autosomal recessive form of progressive myoclonus epilepsy with no effective therapy. Although the outcome is always unfavorable, onset of symptoms and progression of the disease may vary. We aimed to identify modifier genes that may contribute to the clinical course of Lafora disease patients with EPM2A or EPM2B mutations. We established a list of 43 genes coding for proteins related to laforin/malin function and/or glycogen metabolism and tested common polymorphisms for possible associations with phenotypic differences using a collection of Lafora disease families. Genotype and haplotype analysis showed that PPP1R3C may be associated with a slow progression of the disease. The PPP1R3C gene encodes protein targeting to glycogen (PTG). Glycogen targeting subunits play a major role in recruiting type 1 protein phosphatase (PP1) to glycogen-enriched cell compartments and in increasing the specific activity of PP1 toward specific glycogenic substrates (glycogen synthase and glycogen phosphorylase). Here, we report a new mutation (c.746A.G, N249S) in the PPP1R3C gene that results in a decreased capacity to induce glycogen synthesis and a reduced interaction with glycogen phosphorylase and laforin, supporting a key role of this mutation in the glycogenic activity of PTG. This variant was found in one of two affected siblings of a Lafora disease family characterized by a remarkable mild course. Our findings suggest that variations in PTG may condition the course of Lafora disease and establish PTG as a potential target for pharmacogenetic and therapeutic approaches.
The cloud computing paradigm is set to become the next explosive revolution on the Internet, but ... more The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidencebased trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is 1 defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.
Mutations in the PARK2 gene encoding parkin cause autosomal recessive juvenile parkinsonism, but ... more Mutations in the PARK2 gene encoding parkin cause autosomal recessive juvenile parkinsonism, but have also been found in patients diagnosed with certain tauopathies. Conversely, mutations in the MAPT gene encoding tau are present in some types of parkinsonism. In order to investigate the possible relationship between these two proteins, we generated a double mutant mouse that is deficient in PARK2 and that over-expresses the hTauVLW transgene, a mutant form of the tau protein present in FTDP-17. Independent deletion of PARK2 or over-expression of the hTauVLW transgene produces mild phenotypic alterations, while a substantial increase in parkin expression is observed in hTauVLW transgenic mice. However, double mutant mice present memory and exploratory deficits, and accumulation of PHF-1 and AT8 hyperphosphorylated tau epitopes in neurons. These phenomena are coupled with reactive astrocytosis, DNA fragmentation, and variable cerebral atrophy. Here, we show that cortical and hippocampal neurons of double mutant mice develop argyrophilic Gallyas-Braak aggregates of phosphorylated tau from 3 months of age. Their number decreases in old animals. Moreover, numerous phosphorylated tau aggregates were identified with the conformation-dependent Alz-50 antibody and the S-Thioflavin staining. Ventral motor nuclei of the spinal cord also present Alz-50, AT8, and PHF1 hyperphosphorylated tau aggregates when parkin is deleted in mice over-expressing the hTauVLW transgene, begining at early ages. Thus, the combination of PARK2 gene deletion with hTauVLW over-expression in mice produces abnormal hyperphosphorylated tau aggregates, similar to those observed in the brain of patients diagnosed with certain tauopathies. In the light of these changes, these mice may help to understand the molecular processes responsible for these diseases, and they may aid the development of new therapeutic strategies to treat neurodegenerative diseases related to tau and parkin proteins.
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving l... more Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent-considered as a privacy rule in sensitive scenarios-has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011), 2011
The increasing popularity of broadband Internet and the widespread penetration of full-featured m... more The increasing popularity of broadband Internet and the widespread penetration of full-featured mobile devices have signaled WiMAX importance. IEEE 802.16 standard has focused on security from the beginning, being security support a fundamental aspect in wireless communication. We have found some limitations concerning authentication and authorization mechanisms at user level. To overcome those limitations we consider necessary to provide a proper identity management support for WiMAX for enhancing users' experience whereas delivering services in a secure fashion. In this article we analyze several weaknesses and vulnerabilities in WiMAX security and propose the introduction of identity management in WiMAX for a better provision of secure personalized services.
2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin), 2012
ABSTRACT Privacy rules imposed by social networks (SNs) impose several restrictions to user priva... more ABSTRACT Privacy rules imposed by social networks (SNs) impose several restrictions to user privacy. Though they usually offer the user some control to limit access to his own data, the social network may share uploaded data with other partners and marketing companies. Pictures and videos may have a second life, even after being deleted by the user, and consequently storage and access must take place in the user home domain or facilities managed by the user, following an end to end approach. We propose to combine the usage of private clouds, specialized in media contents, in cooperation with SNs, offering the user complete control over his data, while benefiting from the SNs visibility to announce and spread the data. To achieve transparency, we propose a plug-in system to embed links as annotations in reduced media replacement uploaded in the SN. These links point to the real resource stored in the private cloud, now under complete user control. We perform validation tests which show important improvements in uploading time and user experience.
2010 IEEE Global Telecommunications Conference GLOBECOM 2010, 2010
With the rapid evolution of networks and the widespread penetration of mobile devices with increa... more With the rapid evolution of networks and the widespread penetration of mobile devices with increasing capabilities, that have already become a commodity, we are getting a step closer to ubiquity. Thus, we are moving a great part of our lives from the physical world to the online world, i.e. social interactions, business transactions, relations with government administrations, etc. However, while identity verification is easy to handle in the real world, there are many unsolved challenges when dealing with digital identity management, especially due to the lack of user awareness when it comes to privacy. Thus, with the aim to enhance the navigation experience and security in multiservice and multiprovider environments the user must be empowered to control how her attributes are shared and disclosed between different domains. With these goals on mind, we leverage the benefits of the Infocard technology and introduce this usercentric paradigm into the emerging NGN architectures. This paper proposes a way to combine the gains of a SAML federation between service and identity providers with the easiness for the final user of the Inforcard System using the well known architectural schema of IP Multimedia Subsystem.
2011 4th Joint IFIP Wireless and Mobile Networking Conference (WMNC 2011), 2011
Multimedia availability is exceeding our capacity of management in home environment and outside i... more Multimedia availability is exceeding our capacity of management in home environment and outside it. For that reason, solutions as Media Cloud have brought the concept of Cloud Computing to home environments. Media Cloud provides a comprehensive and efficient solution for managing content among federated home environments. However, when consuming those contents outside a home environment some problems should be addressed as dealing with limited devices and protecting user generated and commercial contents from eavesdroppers. This article describes a solution that enables limited devices to access contents located in private clouds, as Media Cloud, with the cooperation of network providers.
This 14-year-long study makes a novel contribution to the debate on the relationship between the ... more This 14-year-long study makes a novel contribution to the debate on the relationship between the in vitro radiosensitivity of peripheral blood lymphocytes and normal tissue reactions after radiation therapy. The aims were (1) to prospectively assess the degree and time of onset of skin side effects in 40 prospectively recruited consecutive patients with locally advanced breast cancer treated with a hyperfractionated dose-escalation radiotherapy schedule and (2) to assess whether initial radiation-induced DNA damage in peripheral blood lymphocytes of these patients could be used to determine their likelihood of suffering severe late damage to normal tissue. Initial radiation-induced DNA double-strand breaks (DSBs) were assessed in peripheral blood lymphocytes of these patients by pulsed-field electrophoresis. Acute and late cutaneous and subcutaneous toxicity was evaluated using the Radiation Therapy Oncology Group morbidity score. A wide interindividual variation was observed in toxicity grades and in radiation-induced DNA DSBs in peripheral blood lymphocytes (mean 1.61 +/- 0.76 DSBs/Gy per 200 MBp, range 0.63- 4.08), which were not correlated. Multivariate analysis showed a correlation (P < 0.008) between late toxicity and higher prescribed protocol dose (81.6 Gy). Analysis of the 29 patients referred to 81.6 Gy revealed significantly (P < 0.031) more frequent late subcutaneous toxicity in those with intrinsic sensitivity to radiation-induced DNA DSBs of >1.69 DSBs/Gy per DNA unit. Our demonstration of a relationship between the sensitivity of in vitro-irradiated peripheral blood lymphocytes and the risk of developing late toxic effects opens up the possibility of predicting normal tissue response to radiation in individual patients, at least in high-dose non-conventional radiation therapy regimens.
Lafora disease is an autosomal recessive form of progressive myoclonus epilepsy with no effective... more Lafora disease is an autosomal recessive form of progressive myoclonus epilepsy with no effective therapy. Although the outcome is always unfavorable, onset of symptoms and progression of the disease may vary. We aimed to identify modifier genes that may contribute to the clinical course of Lafora disease patients with EPM2A or EPM2B mutations. We established a list of 43 genes coding for proteins related to laforin/malin function and/or glycogen metabolism and tested common polymorphisms for possible associations with phenotypic differences using a collection of Lafora disease families. Genotype and haplotype analysis showed that PPP1R3C may be associated with a slow progression of the disease. The PPP1R3C gene encodes protein targeting to glycogen (PTG). Glycogen targeting subunits play a major role in recruiting type 1 protein phosphatase (PP1) to glycogen-enriched cell compartments and in increasing the specific activity of PP1 toward specific glycogenic substrates (glycogen synthase and glycogen phosphorylase). Here, we report a new mutation (c.746A.G, N249S) in the PPP1R3C gene that results in a decreased capacity to induce glycogen synthesis and a reduced interaction with glycogen phosphorylase and laforin, supporting a key role of this mutation in the glycogenic activity of PTG. This variant was found in one of two affected siblings of a Lafora disease family characterized by a remarkable mild course. Our findings suggest that variations in PTG may condition the course of Lafora disease and establish PTG as a potential target for pharmacogenetic and therapeutic approaches.
The cloud computing paradigm is set to become the next explosive revolution on the Internet, but ... more The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidencebased trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is 1 defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.
Mutations in the PARK2 gene encoding parkin cause autosomal recessive juvenile parkinsonism, but ... more Mutations in the PARK2 gene encoding parkin cause autosomal recessive juvenile parkinsonism, but have also been found in patients diagnosed with certain tauopathies. Conversely, mutations in the MAPT gene encoding tau are present in some types of parkinsonism. In order to investigate the possible relationship between these two proteins, we generated a double mutant mouse that is deficient in PARK2 and that over-expresses the hTauVLW transgene, a mutant form of the tau protein present in FTDP-17. Independent deletion of PARK2 or over-expression of the hTauVLW transgene produces mild phenotypic alterations, while a substantial increase in parkin expression is observed in hTauVLW transgenic mice. However, double mutant mice present memory and exploratory deficits, and accumulation of PHF-1 and AT8 hyperphosphorylated tau epitopes in neurons. These phenomena are coupled with reactive astrocytosis, DNA fragmentation, and variable cerebral atrophy. Here, we show that cortical and hippocampal neurons of double mutant mice develop argyrophilic Gallyas-Braak aggregates of phosphorylated tau from 3 months of age. Their number decreases in old animals. Moreover, numerous phosphorylated tau aggregates were identified with the conformation-dependent Alz-50 antibody and the S-Thioflavin staining. Ventral motor nuclei of the spinal cord also present Alz-50, AT8, and PHF1 hyperphosphorylated tau aggregates when parkin is deleted in mice over-expressing the hTauVLW transgene, begining at early ages. Thus, the combination of PARK2 gene deletion with hTauVLW over-expression in mice produces abnormal hyperphosphorylated tau aggregates, similar to those observed in the brain of patients diagnosed with certain tauopathies. In the light of these changes, these mice may help to understand the molecular processes responsible for these diseases, and they may aid the development of new therapeutic strategies to treat neurodegenerative diseases related to tau and parkin proteins.
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving l... more Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent-considered as a privacy rule in sensitive scenarios-has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
Uploads
Papers by Rosa Guerrero