Jorge L. Hernandez-Ardieta

Ph.D. in Computer Science

University Carlos III de Madrid · Department of Computer Science and Engineering

0.11

Topics (12) View all

Computer Science ×

527 Questions

124469 Followers

Follow
Software Engineering ×

110 Questions

34151 Followers

Follow
Computer Security and Reliability ×

6 Questions

10271 Followers

Follow
Computer Security and IT Forensics ×

46 Questions

6665 Followers

Follow
Identity Management ×

2 Questions

121 Followers

Follow
Public Key Infrastructure ×

0 Questions

19 Followers

Follow
digital identity ×

Topic pending review

Follow
electronic signatures ×

Topic pending review

Follow

Research experience

- Jan 2009–
  Dec 2011
  
  Research: Universidad Carlos III de Madrid
  
  Universidad Carlos III de Madrid · Department of Computer Science and Engineering
  
  Madrid · Spain
- Jan 2005
  
  Research: Universidad Autónoma de Madrid
  
  Universidad Autónoma de Madrid
  
  Madrid · Spain
Teaching: 2003-2004. Trainer at private companies
Teaching: 2010-currently. Assistant Professor at University Autonoma of Madrid
Teaching: Part Time Professor at University Carlos III of Madrid
Jun 2009

Research: STORK (Secure idenTity acrOss boRders linKed)

INDRA Sistemas · Security Division

Security & Defense
Nov 2007–
May 2009

Research: Security, Privacy, Reliability

Secuware S.L. · R&D Department

Spain · Madrid

Computer and Network Security
Sep 2002–
Sep 2004

Research: e-Merge: e-learning, reconfigurable hardware, remote laboratories

University Autonoma of Madrid · Department of Computer Science · University Autonoma of Madrid

Architecture and Technology of Computers · Madrid

Education

Nov 2006–
Mar 2011

University Carlos III of Madrid

Security in Information Technologies · Ph.D. in Computer Science

Spain · Madrid
Oct 2003–
Sep 2005

University Autonoma of Madrid

Computer Engineering · Master in Computer Engineering

Spain · Madrid
Sep 1999–
Sep 2003

University Autonoma of Madrid

Computer Engineering · Bachelor in Computer Engineering

Spain · Madrid

Awards & achievements

Jan 2002

Scholarship: SOCRATES-MINERVA Research Student Scholarship

Other

Languages

Spanish, English
Scientific Memberships

IEEE
IEEE Computer Society
Iberoamerican Information Security and Cryptography Association
Journal Referees

ACM Transactions on Information and System Security, Malaysian Journal of Computer Science, International Journal of Computational Intelligence Systems
Other Interests

Computers & Security
IEEE Transactions on Dependable and Secure Computer
IEEE Security and Privacy, - Member of the Steering Committee of the Track CENIT-Segur@, in the 2nd International Workshop in Information Security Theory and Practices (WISTP ’08)

Publications (22) View all

Source
Available from: Jorge L. Hernandez-Ardieta

Thesis: Enhancing the reliability of digital signatures as non-repudiation evidence under a holistic threat model

Jorge Lopez Hernandez-Ardieta

01/2011, Degree: Ph.D. in Computer Science, Supervisor: Prof. Dr. Ana Isabel Gonzalez-Tablas Ferreres
Source
Available from: Jorge L. Hernandez-Ardieta

Conference Proceeding: Harmonizing Common Criteria and Formal Risk Analysis Methodologies: Security Target Construction through Risk Analysis

Jorge Lopez Hernandez-Ardieta, David Vara Cuesta

[show abstract] [hide abstract]
ABSTRACT: Common Criteria (CC) establishes a methodology to evaluate the security claimed by information technology products. As a requisite of CC-based evaluations, the manufacturer has to provide a formal document named security target, in which a security problem definition must be included along with the security objectives met by the product and the implemented security functional requirements (SFRs). The security problem definition contains the assets to protect, the expected threats to those assets, the existent organizational security policies and the assumptions made, being most of this information typically obtained from a formal risk analysis (RA). A RA is a process that organizations shall carry out to determine appropriate and cost-effective security controls to protect their ICT systems. By means of a RA, the level of security risk on the organization’s assets can be calculated. The risk level usually depends on the probability of occurrence of the considered threats and the potential impact should these threats occur. In a RA, the reduction of the risk level can also be estimated, being able to decide the appropriate security controls to implement in order to achieve an acceptable residual risk level. It is thus clear that the output of a RA process can help to approximate a CC evaluation, and, in particular, to shape the security target content. However, CC and RA methodologies follow opposite approaches. In the former, the evaluation result is binary. Either the ICT product resists the vulnerability analysis performed by the evaluators, or it does not. In the latter, the organization pursues a residual level of risk, which is never zero (due to the costs). This means that SFRs intend to completely counteract the attacks which the product is exposed to, while the security controls intend to mitigate (not eliminate) the risk by reducing the impact of the threats, their probability of occurrence, or both. In this presentation we will explain a methodology developed to combine formal RA and CC in a harmonized way, permitting to automatically derive the SFRs from the security controls selected in the RA, and to decide the evaluation assurance level (EAL) to achieve depending on the potential risk estimated in the RA. Our methodology fills the current gap between RA and CC, offering a time-save and accurate approach to write security targets. Furthermore, it is possible to specify a different EAL for different sets of SFRs, in a manner that composite evaluation could benefit from it. We will also present the results of using our methodology in a complex ICT system, proving its applicability in a concrete and demanding scenario.

12th International Common Criteria Conference, Selangor, Malaysia; 01/2011
Source
Available from: Jorge L. Hernandez-Ardieta

Conference Proceeding: Aumento de la Fiabilidad de la Evidencia en un Protocolo de Intercambio Justo mediante la División del Entorno de Firma

Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas, Benjamin Ramos Alvarez, Arturo Ribagorda Garnacho

[show abstract] [hide abstract]
ABSTRACT: El respaldo legal de la firma electrónica unido a su reconocimiento como evidencia de no repudio por parte de los estándares internacionales hace que la seguridad del proceso de creación de firmas sea una cuestión de suma importancia. Sin embargo, numerosos estudios demuestran que existe una gran variedad de ataques a entornos de creación de firmas, lo cual socava la fiabilidad de la firma electrónica como evidencia de no repudio y evidencia en procedimientos legales. En este artículo se presenta un protocolo en el cual se aumenta considerablemente la fiabilidad de la evidencia generada aun cuando el firmante emplea un entorno de creación de firmas inseguro. El protocolo se ha diseñado tomando como base un protocolo de intercambio justo presentado con anterioridad, en el cual se asegura que ningún participante obtiene una ventaja respecto al otro durante la transacción.

Congreso Iberoamericano de Seguridad Informática (CIBSI'09), Montevideo, Uruguay; 11/2009
Conference Proceeding: Extended Electronic Signature Policies

Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas, Benjamin Ramos, Arturo Ribagorda

[show abstract] [hide abstract]
ABSTRACT: A signature policy collects the rules to create and validate electronic signatures under which they become binding in a particular transactional context. These policies have been widely adopted to enforce the binding property of signatures in business scenarios. However, current standards only cover the definition of the requirements to be fulfilled by a single signature. As a consequence, business models where more than one signature is required in order to make the transaction effective cannot adhere to the benefits of signature policies. This paper is the first to propose a solution where the dependences and relationships among the signatures generated in the same transaction can be established. In particular, the ASN.1 definition of an extended signature policy is presented along with the procedures to be followed by the transacting parties. This work will be submitted to the IETF PKIX Work Group to be considered as an Experimental Request For Comments document (RFC).

ACM 2nd International Conference on Security of Information and Networks (SIN 2009), Cyprus; 10/2009
Chapter: Formal Validation of OFEPSP+ with AVISPA

Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas, Benjamin Ramos

[show abstract] [hide abstract]
ABSTRACT: Formal validation of security protocols is of utmost importance before they gain market or academic acceptance. In particular, the results obtained from the formal validation of the improved Optimistic Fair Exchange Protocol based on Signature Policies (OFEPSP+) are presented. OFEPSP+ ensures that no party gains an unfair advantage over the other during the protocol execution, while substantially reducing the probability of a successful attack on the protocol due to a compromise of the signature creation environment. We have used the Automated Validation of Internet Security Protocols and Applications (AVISPA) and the Security Protocol ANimator for AVISPA (SPAN), two powerful automated reasoning technique tools to formally specify and validate security protocols for the Internet.

08/2009: pages 124-137;