Smart-shopping: aplicación de un protocolo de firma de contratos multi-two-party atómico

El avance de Internet y las tecnologías de comunicaciones está disminuyendo cada vez más la distancia entre consumidores y proveedores, hasta el punto que cualquier proveedor que lo desee puede ofrecer sus productos directamente al consumidor final. Esto supone a la vez una ventaja y una desventaja para el consumidor. Por un lado, le permite comparar los precios de distintos proveedores, pero por otra parte la gran cantidad de oferta puede complicar este proceso. Un caso particularmente interesante es la situación en la que el consumidor quiera un producto multi servicio, como los paquetes turísticos, formados por vuelos, hoteles, excursiones, etc. En este artículo presentamos una modificación sobre un protocolo multi-two-party atómico, que permite al consumidor automatizar la función búsqueda, negociación y compra (firma de un contrato), manteniendo la equitatividad y atomicidad en la transacción

Fair exchange in e-commerce and certified e-mail, new scenarios and protocols

We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’àmbit del comerç electrònic està experimentant un creixement estable. Aquest increment d’ús està promovent lamigració de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantació. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmà, i quan es paga per un bé o servei ambdós venedor i comprador hi són presents. Quan totes les parts hi són presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el món electrònic. Així doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència física no és necessària, de fet, la majoria de vegades és fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no és necessari que siguin humans, podrien sermàquines. Llavors, la seguretat de que la transacció s’executarà correctament no està assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no té la seguretat que rebrà els objectes de les altres parts. L’intercanvi equitatiu té multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepció, o un procés de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi és estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A més, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mínim nombre de transaccions necessàries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participació demúltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants és de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa

Privacy safeguards and online anonymity

In a world that is increasingly more connected, digital citizens, actively or passively accept to transmit information, part of which are “personal data”. This information is often collected and elaborated by third parties to infer further knowledge about users. The act of gathering the data is commonly called “tracking” and can be performed through several means. The act of analysing and processing those data and relate them to the individual is called “profiling”. The aim of this JRC Technical report is to be an instrument of support for the Digital Citizens to help them to protect and to manage their privacy during online activities. After a brief introduction in Chapter 1, the following chapter is dedicated to the description of two legitimate use-cases to track and profile users on-line, namely target advertising and personalisation of the user experience. Chapter 3 and 4 identify and analyse the set of techniques currently used by online digital providers to track citizens and profile them based on their online behaviour. Chapter 5 deals with some of the available tools cited in chapter 6 that could be helpful to protect the privacy while browsing online. Chapter 6 aims to raise awareness among users and provide some guidelines to address specific issues related to privacy through a multidisciplinary approach. The report concludes highlighting the importance of raising awareness among digital users and empower them through education, technical and legal tools, including the General Data Protection Regulation (GDPR) to overcome possible privacy issues.JRC.E.3-Cyber and Digital Citizens' Securit

Idol Show in China

Our objective is to test the performance of a real SMS Processing System. We will work with Boost Communications, a norwegian company that is developing a SMS Processing System to sell interactive SMS solutions. With our test, we want to be able to put the system performance into numbers, and to identify and eliminate possible bottlenecks. In order to achieve our objective we will use different techniques. First, we wil build an analytic model, a simple one, an we will use It to try to identtify the main weak points on the Architechture. Once built, we will run a few tests on the Architecture to identify our modeled parameters values. The second step will be to build a simulation model using the knowledge we will had achieved while doing the analityc model and the first tests. At the end, we will have to be able to point the bottlenecks and offer solutions to them. These solutions can be hardware based, or software base

Minerales supergénicos de Hg de Almadén: Una forma natural de fijar mercurio

Como es conocido, la zona de Almadén constituye uno de los reservorios de mercurio más importantes del mundo (Higueras et al., 2006)

A Very Large Telescope imaging and spectroscopic survey of the Wolf-Rayet population in NGC 7793

We present a VLT/FORS1 imaging and spectroscopic survey of the Wolf-Rayet (WR) population in the Sculptor group spiral galaxy NGC 7793. We identify 74 emission line candidates from archival narrow-band imaging, from which 39 were observed with the Multi Object Spectroscopy (MOS) mode of FORS1. 85% of these sources displayed WR features. Additional slits were used to observe HII regions, enabling an estimate of the metallicity gradient of NGC 7793 using strong line calibrations, from which a central oxygen content of log (O/H) + 12 = 8.6 was obtained, falling to 8.25 at R_25. We have estimated WR populations using a calibration of line luminosities of Large Magellanic Cloud stars, revealing ~27 WN and ~25 WC stars from 29 sources spectroscopically observed. Photometric properties of the remaining candidates suggest an additional ~27 WN and ~8 WC stars. A comparison with the WR census of the LMC suggests that our imaging survey has identified 80% of WN stars and 90% for the WC subclass. Allowing for incompleteness, NGC 7793 hosts ~105 WR stars for which N(WC)/N(WN)~0.5. From our spectroscopy of HII regions in NGC 7793, we revise the global Halpha star formation rate of Kennicutt et al. upward by 50% to 0.45 M_sun/yr. This allows us to obtain N(WR)/N(O)~0.018, which is somewhat lower than that resulting from the WR census by Schild et al. of another Sculptor group spiral NGC 300, whose global physical properties are similar to NGC 7793. Finally, we also report the fortuitous detection of a bright (m_V = 20.8 mag) background quasar Q2358-32 at z~2.02 resulting from CIV 1548-51 redshifted to the 4684 passband.Comment: 17 pages, 13 figures, accepted for MNRAS (detailed finding charts omitted)

Email communication security standards: an analysis of uptake in the EU - March 2022

Ensuring the interoperability and security of email communications is one of the cornerstones of a resilient and open Internet. In this context, the wide adoption of key Internet security standards, such as StartTLS, SPF, DKIM, DMARC, DANE and DNSSEC, is essential for a safe cyberspace for everyone. This report assesses the level of uptake of the above set of standards in Q1 2022 across EU Member States, comparing it to the global status. The analysis uses data from publicly available data sources and assessment tools, as well as from measurements conducted by the European Commission’s Joint Research Centre.JRC.E.3 - Cyber and Digital Citizens' Securit

IPv6 standard: an analysis of uptake in the EU - March 2022

The adoption of Internet Protocol version 6 (IPv6), the next version of the widely used IPv4, is key to ensure the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of the IPv6 protocol in Q1 2022 across EU Member States, compared to the global adoption status. The analysis uses a set of publicly available data sources for estimating the rate of adoption of IPv6 across two dimensions: (a) end-user adoption, i.e. end-user hosts capable of using IPv6 to connect to the Internet, and (b) server-side adoption, i.e. Internet services that can operate over IPv6.JRC.E.3 - Cyber and Digital Citizens' Securit

Email communication security standards: an analysis of uptake in the EU

Ensuring the interoperability and security of email communications is one of the cornerstones of a resilient and open Internet. In this context, the wide adoption of key Internet security standards, such as StartTLS, SPF, DKIM, DMARC, DANE and DNSSEC, is essential for a safe cyberspace for everyone. This report assesses the level of uptake of the above set of standards in Q3 2022 across EU Member States, comparing it to the global status. The analysis uses data from publicly available data sources and assessment tools, as well as from measurements conducted by the European Commission’s Joint Research Centre. Our findings show that the level of adoption of all standards is similar to the previous measurement period (Q1 2022), with StartTLS, SPF and DKIM having high adoption rates, DMARC following with medium adoption, and DANE with DNSSEC showing low, close to zero uptake.JRC.T.2 - Cybersecurity and Digital Technologie

IPv6 standard: an analysis of uptake in the EU

The adoption of Internet Protocol version 6 (IPv6), the next version of the widely used IPv4, is key to ensure the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of the IPv6 protocol in Q3 2022 across EU Member States, compared to the global adoption status. The analysis uses a set of publicly available data sources for estimating the rate of adoption of IPv6 across two dimensions: (a) end-user adoption, i.e. end-user hosts capable of using IPv6 to connect to the Internet, and (b) server-side adoption, i.e. Internet services that can operate over IPv6. Our findings show that the level of adoption of IPv6 is similar to the previous measurement period (Q1 2022), with end-user adoption reaching 30% and server-side 14% in the EU. These adoption rates are low, especially on the server-side, considering also that IPv4 addresses have already been depleted.JRC.T.2 - Cybersecurity and Digital Technologie