Jordi Herrera-Joancomartí

Jordi Herrera-Joancomartí
Autonomous University of Barcelona | UAB · Department of Information and Communication Engineering

About

115
Publications
99,743
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,741
Citations

Publications

Publications (115)
Article
Full-text available
Attribute-based credentials (ABCs) provide an efficient way to transfer custody of personal and private data to the final user, while minimizing the risk of sensitive data revelation and thus granting anonymity. Nevertheless, this method cannot detect whether one attribute has been used more than once without compromising anonymity when the emitter...
Article
The Bitcoin Lightning Network (LN) disrupts the scenario as a fast and scalable method to make payment transactions off-chain, alongside the Bitcoin network, thereby reducing the on-chain burden. Understanding the topology of the LN is crucial, not only because it is key to performance, but also for ensuring its security and privacy guarantees. The...
Chapter
Full-text available
The Lightning Network (LN) is a payment network running as a second layer on top of Bitcoin and other Blockchains. This paper presents the possibility of performing a balance lockdown in the LN due to misbehaving nodes associated to a given channel. We formalize and introduce a practical attack, minimizing the economic cost of the attack. We presen...
Book
This book constitutes the revised selected post conference proceedings of the 15th International Workshop on Data Privacy Management, DPM 2020, and the 4th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2020, held in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020, held in Guild...
Preprint
Full-text available
Bitcoin is a peer-to-peer distributed cryptocurrency system, that keeps all transaction history in a public ledger known as blockchain. The Bitcoin network is implicitly pseudoanonymous and its nodes are controlled by independent entities making network analysis difficult. This calls for the development of a fully controlled testing environment. Th...
Article
Since digital artworks are indeed digital content, they face the inherent problem digital content has: the link between content and its original author is very difficult to keep. Additionally, retaining control over digital copies of the content is also a challenging task. Digital coins have solved this very same problem through cryptocurrencies (f...
Article
Full-text available
Zero-confirmation transactions, i.e. transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast payments are desirable in certain scenarios, for instance, when buying in vending machines, fast food...
Conference Paper
Full-text available
The Lightning Network is a second layer technology running on top of Bitcoin and other Blockchains. It is composed of a peer-to-peer network, used to transfer raw information data. Some of the links in the peer-to-peer network are identified as payment channels, used to conduct payments between two Lightning Network clients (i.e., the two nodes of...
Article
Full-text available
Unspent Transaction Outputs (UTXOs) are the internal mechanism used in many cryptocurrencies to represent coins. Such representation has some clear benefits, but also entails some complexities that, if not properly handled, may leave the system in an inefficient state. Specifically, inefficiencies arise when wallets (the software responsible for tr...
Article
This paper presents a classifier architecture that is able to deal with classification of interlinked entities when the only information available is the existing relationships between these entities, i.e. no semantic content is known for either the entities or their relationships. After proposing a classifier to deal with this problem, we provide...
Chapter
Bitcoin relies on the Unspent Transaction Outputs (UTXO) set to efficiently verify new generated transactions. Every unspent output, no matter its type, age, value or length is stored in every full node. In this paper we introduce a tool to study and analyze the UTXO set, along with a detailed description of the set format and functionality. Our an...
Chapter
Although Moodle quizzes are a wide used tool for e-assessment, they present some limitations regarding the possibility to provide randomized quizzes with different questions for each different student. In this paper, we present different approaches to incorporate variables with randomness in questions within Moodle, so that multiple versions of the...
Article
Bitcoin smart contracts allow the development of new protocols on top of Bitcoin itself. This usually involves the definition of complex scripts, far beyond the requirement of a single signature. In this paper we introduce the concept of private key locked transactions, a novel type of transactions that allows the atomic verification of a given pri...
Article
Full-text available
P2P networks are the mechanism used by cryptocurrencies to disseminate system information while keeping the whole system as much decentralized as possible. Cryptocurrency P2P networks have new characteristics that propose new challenges and avoid some problems of existing P2P networks. By characterizing the most relevant cryptocurrency network, Bit...
Conference Paper
Bitcoin relies on the Unspent Transaction Outputs (UTXO) set to efficiently verify new generated transactions. Every unspent output, no matter its type, age, value or length is stored in every full node. In this paper we introduce a tool to study and analyze the UTXO set, along with a detailed description of the set format and functionality. Our an...
Book
This book constitutes the refereed conference proceedings of the 2nd International Workshop on Cryprocurrencies and Blockchain Technology, CBT 2018, and the 13thInternational Workshop on Data Privacy Management, DPM 2018, on conjunction with the 23nd European Symposium on Research in Computer Security, ESORICS 2018, held in Barcelona, Spain, in Sep...
Article
In this paper, we describe a compansion system that transforms the telegraphic language that comes from the use of pictogram-based Augmentative and Alternative Communication (AAC) into natural language. The system was tested with 4 participants with severe cerebral palsy and ranging degrees of linguistic competence and intellectual disabilities. Pa...
Conference Paper
Full-text available
Current trade is being heavily influenced by emerging technologies. Despite many technological advances, logistics management is at a standstill about the improvements communication systems. Updating information during the whole process is an essential element in such systems but trust in that information is even more important. For this reason, pr...
Article
Full-text available
On-line commercial transactions involve an inherent mistrust between participant parties since, sometimes, no previous relation exists between them. Such mistrust may be a deadlock point in a trade transaction where the buyer does not want to perform the payment until the seller sends the goods and the seller does not want to do so until the buyer...
Article
Full-text available
Recently, a huge amount of social networks have been made publicly available. In parallel, several definitions and methods have been proposed to protect users’ privacy when publicly releasing these data. Some of them were picked out from relational dataset anonymization techniques, which are riper than network anonymization techniques. In this pape...
Article
Full-text available
The problem of anonymization in large networks and the utility of released data are considered in this paper. Although there are some anonymization methods for networks, most of them cannot be applied in large networks because of their complexity. In this paper, we devise a simple and efficient algorithm for k-degree anonymity in large networks. Ou...
Book
This book constitutes the refereed conference proceedings of the 12th International Workshop on Data Privacy Management, DPM 2017, on conjunction with the 22nd European Symposium on Research in computer Security, ESORICS 2017 and the First International Workshop on Cryprocurrencies and Blockchain Technology (CBT 2017) held in Oslo, Norway, in Septe...
Conference Paper
Bitcoin has emerged as the most successful cryptocurrency since its appearance back in 2009. However, its main drawback to become a truly global payment system is its low capacity in transaction throughput. At present time, some ideas have been proposed to increase the transaction throughput, with different impact on the scalability of the system....
Article
Full-text available
In Mobile Crowd Sensing (MCS), the power of the crowd, jointly with the sensing capabilities of the smartphones they wear, provides a new paradigm for data sensing. Scenarios involving user behavior or those that rely on user mobility are examples where standard sensor networks may not be suitable, and MCS provides an interesting solution. However,...
Conference Paper
Full-text available
Mobile Crowd Sensing (MCS) presents numerous and unique research challenges most of them based on the fact that human participation is in the loop. In this paper we analyse three of the most important: user participation, data sensing quality and user anonymity. To solve them, we present PaySense, a general framework for user rewarding and reputati...
Article
Full-text available
In recent years there has been a significant raise in the use of graph-formatted data. For instance, social and healthcare networks present relationships among users, revealing interesting and useful information for researches and other third-parties. Notice that when someone wants to publicly release this information it is necessary to preserve th...
Article
Full-text available
Peinado et al. analyzed the security of the J3Gen pseudorandom number generator proposed by Melià-Seguí et al., and claimed weaknesses regarding its security properties. They also presented a deterministic attack based on the decimation of the J3Gen output sequences. We show that the assumptions made by Peinado et al. are not correct and that the p...
Chapter
Full-text available
RFID systems are composed by tags (also known as electronic labels) storing an identification sequence which can be wirelessly retrieved by an interrogator, and transmitted to the network through middleware and database information systems. In the case of the EPC Gen2 technology, RFID tags are not provided with on-board batteries. They are passivel...
Book
Full-text available
This volume contains the proceedings of the 9th Data Privacy Management International Workshop (DPM 2014), held in Wrocław, Poland, on September 10, 2014, in conjunction with the 19th annual European research event in Computer Security (ESORICS 2014) symposium. The DPM series started in 2005 when the first workshop took place in Tokyo (Japan). Sinc...
Chapter
A crowdsensing network is a sensor network in which sensors are users that sense the environment and send the obtained data using, for instance, their smartphones. The performance of such sensor networks depends heavily on the mobility of the users and their willingness to collaborate. It is hard to obtain a stable set of users to evaluate such kin...
Conference Paper
Full-text available
Bitcoin has emerged as the most successful crypto currency since its appearance back in 2009. Besides its security robustness, two main properties have probably been its key to success: anonymity and decentralization. In this paper, we provide a comprehensive description on the details that make such cryptocurrency an interesting research topic in...
Article
Anonymization of graph-based data is a problem, which has been widely studied last years, and several anonymization methods have been developed. Information loss measures have been carried out to evaluate the noise introduced in the anonymized data. Generic information loss measures ignore the intended anonymized data use. When data has to be relea...
Conference Paper
Full-text available
The Bitcoin virtual currency is built on the top of a decentralized peer-to-peer (P2P) network used to propagate system information such as transactions or blockchain updates. In this paper, we have performed a data collection process identifying more than 872000 different Bitcoin nodes. This data allows us to present information on the size of the...
Article
Pseudorandom generators are the main security tool in EPC Gen2 systems. Besides its statistical compliance with the standard, no further information is provided on its design, performance or generation scheme. We empirically analysed EPC Gen2 pseudorandom sequences using a novel experimental setup. From our analysis, we obtained evidences that pseu...
Conference Paper
Full-text available
Most of recent anonymization algorithms for networks are based on edge modification, i.e., adding and/or deleting edges on a network. But, no one considers the edge's relevance in order to decide which edges may be removed and which ones must be preserved. Considering edge's relevance can help us to improve data utility and reduce information loss....
Conference Paper
Full-text available
In this paper, we address the problem of edge selection for networked data, that is, given a set of interlinked entities for which many different kinds of links can be defined, how do we select those links that lead to a better classification of the dataset. We evaluate the current approaches to the edge selection problem for relational classificat...
Article
Full-text available
In recent years there has been a significant increase in the use of graphs as a tool for representing information. It is very important to preserve the privacy of users when one wants to publish this information, especially in the case of social graphs. In this case, it is essential to implement an anonymization process in the data in order to pres...
Article
Smart sensor network arises as a new generation of sensor networks, where a crowd of possibly anonymous volunteers are involved in the tasks of collecting data from the surrounding environment and providing it to the community. In this paper, we analyze one of the main questions, often forgotten, in these scenarios: whether or not we can trust the...
Conference Paper
Full-text available
In this paper, we address the problem of classifying entities belonging to networked datasets. We show that assortativity is positively correlated with classification performance and how we are able to improve classification accuracy by increasing the assortativity of the network. Our method to increase assortativity is based on modifying the weigh...
Conference Paper
Full-text available
In this paper, we consider the problem of anonymization on large networks. There are some anonymization methods for networks, but most of them can not be applied on large networks because of their complexity. We present an algorithm for k-degree anonymity on large networks. Given a network G, we construct a k-degree anonymous network, G, by the min...
Article
Web crawlers are complex applications that explore the Web for different purposes. Web crawlers can be configured to crawl online social networks (OSNs) to obtain relevant data about their global structure. Before a web crawler can be launched to explore the Web, a large amount of settings have to be configured. These settings define the crawler's...
Article
Full-text available
Pseudorandom number generation (PRNG) is the main security tool in low-cost passive radio-frequency identification (RFID) technologies, such as EPC Gen2. We present a lightweight PRNG design for low-cost passive RFID tags, named J3Gen. J3Gen is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials. The polyn...
Conference Paper
In this paper, we address the problem of classifying online social network users using a naively anonymized version of a social graph. We use two main user attributes defined by the graph structure to build an initial classifier, node degree and clustering coefficient, and then exploit user relationships to build a second classifier. We describe ho...
Chapter
Full-text available
Sensor networks may become a key element in a smart city in order to collect and provide information to its citizens. In this paper, we propose a new mobile phone sensing application, Incidències 2.0, that helps users notify and stay informed about the incidents of the public rail network in the Barcelona metropolitan area. The application takes ad...
Conference Paper
Recently, several anonymization algorithms have appeared for privacy preservation on graphs. Some of them are based on randomization techniques and on k-anonymity concepts. We can use both of them to obtain an anonymized graph with a given k-anonymity value. In this paper we compare algorithms based on both techniques in order to obtain an anonymiz...
Conference Paper
Smart sensor networks fall into a new sensor network paradigm that involve individuals in the sensing data collection process. While prior sensor network paradigms focused on collecting ephemeral data about the surrounding environment by means of a static sensor node topology, smart sensor networks collect and process large amounts of data regardin...
Article
Full-text available
Mobile devices have become ubiquitous, allowing the integration of new information from a large range of devices. However, the development of new applications requires a powerful framework which simplifies their construction. JXME is the JXTA implementation for mobile devices using J2ME, its main value being its simplicity when creating peer-to-pee...
Article
Full-text available
Networks are evolving toward a ubiquitous model in which heterogeneous devices are interconnected. Cryptographic algorithms are required for developing security solutions that protect network activity. However, the computational and energy limitations of network devices jeopardize the actual implementation of such mechanisms. In this paper, we perf...
Conference Paper
Full-text available
We present a lightweight pseudorandom number generator (PRNG) design for EPC Gen2 RFID tags. It is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials that are selected by a physical source of randomness. The proposal successfully handles the inherent linearity of LFSR based PRNGs and satisfies the statist...
Conference Paper
Full-text available
Web crawlers are complex applications that explore the Web with different purposes. Web crawlers can be configured to crawl online social networks (OSN) to obtain relevant data about its global structure. Before a web crawler can be launched to explore the web, a large amount of settings have to be configured. This settings define the behavior of t...
Article
Full-text available
The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomn...
Article
Full-text available
An efficient approach for organizing large ad hoc networks is to divide the nodes into multiple clusters and designate, for each cluster, a clusterhead which is responsible for holding intercluster control information. The role of a clusterhead entails rights and duties. On the one hand, it has a dominant position in front of the others because it...
Conference Paper
Full-text available
Online Social Networks (OSNs) are becoming more important in the web 2.0 paradigm. Although most implementations of OSN are not distributed applications, users conforming an OSN work autonomously posting their information in the OSN and interacting among them. Users are responsible of the information they post in their profile and, in the vast majo...
Article
JXTA defines a set of six core protocols specifically suited for ad hoc, pervasive, multi-hop, peer-to-peer (P2P) computing. These protocols allow peers to cooperate and form autonomous peer groups. This paper presents a satisfactory method that provides security services to the core protocols: privacy, authenticity, integrity and non-repudiation....
Conference Paper
Full-text available
The EPC Gen2 is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. The development of Gen2 tags faces, in fact, several challenging constraints such as cost, compatibility regulations, power consumption, and performance requirements. As a co...
Conference Paper
Full-text available
A new pseudorandom number generator (PRNG) design for EPC Gen2 is discussed. This generator is based on a 16-bit linear feedback shift register (LFSR) that contains multiple feedback primitive polynomials fed by a physical source of randomness. The resulting generator successfully handles the inher-ent linearity of LFSR based PRNGs and satisfies th...
Conference Paper
Full-text available
Security and privacy on low-cost RFID deployments is focusing the attention of researchers due to the progressive adoption by retailers, making the RFID a real ubiquitous technology. Besides the retail sector, other logistics industries are starting to improve their processes with this technology like the postal companies, supposed to be one of the...
Conference Paper
Full-text available
JXME is the JXTA protocols implementation for mobile devices using J2ME. Two different flavors of JXME have been implemented, each one specific for a particular set of devices, according to their capabilities. The main value of JXME is its simplicity to create peer-to-peer (P2P) applications in limited devices. In addition to assessing JXME functio...
Article
JXTA is an open-source initiative that provides a middleware for the creation and deployment of peer-to-peer (P2P) applications. Resources in a JXTA network are accessed through advertisements, special metadata documents published by its owner. By controlling access to advertisements, it is also possible to restrict access to resources. However, in...
Conference Paper
En España, la Constitución de 1978 reconoce (y la Ley Orgánica 3/1984, de 26 de marzo, regula) la denominada Iniciativa Legislativa Popular (ILP), consistente en un proceso en virtud del cual los ciudadanos pueden presentar proposiciones de ley suscritas por un número mínimo de firmantes. Con la aparición de los dispositivos de firma electrónica co...
Chapter
En España, la Constitución de 1978 reconoce (y la Ley Orgánica 3/1984, de 26 de marzo, regula) la denominada Iniciativa Legislativa Popular (ILP), consistente en un proceso en virtud del cual los ciudadanos pueden presentar proposiciones de ley suscritas por un número mínimo de firmantes. Con la aparición de los dispositivos de firma electrónica co...
Article
Full-text available
In ad hoc networks, due to the lack of a dedicated network infrastructure, members have to collaborate ones with the others to support the basic networking functions that allowthem to communicate. The main challenge of this model iscombating the intrinsic selfish behavior of the participants,which are usually equipped with handheld and mobile devic...
Article
JXTA is an open-source initiative that allows to specify a set of collaboration and communication protocols which enable the creation and deployment of peer-to-peer (P2P) applications. This paper provides a survey on its current state regarding the topic of security. The study focuses on the security evaluation of standard peer operations within th...
Article
Web search engines (e.g. Google, Yahoo, Microsoft Live Search, etc.) are widely used to find certain data among a huge amount of information in a minimal amount of time. However, these useful tools also pose a privacy threat to the users: web search engines profile their users by storing and analyzing past searches submitted by them. To address thi...
Conference Paper
Full-text available
In the wake of the success of peer-to-peer networking, privacy has arisen as a big concern. Even though steps have been taken in order to attain an anonymous communications channel, all approaches consider the overlay network as a single entity and none of them take into account peer group based environments. In this paper, we describe a method in...
Article
The performance of symmetric and asymmetric cryptography algorithms in small devices is presented. Both temporal and energy costs are measured and compared with the basic functional costs of a device. We demonstrate that cryptographic power costs are not a limiting factor of the autonomy of a device and explain how processing delays can be convenie...
Conference Paper
Full-text available
JXTA defines a set of six core protocols specifically suited for ad hoc, pervasive, multi-hop, peer-to-peer (P2P) computing. These protocols allow peers to cooperate and form autonomous peer groups. This paper presents a method that provides security services to the core protocols: privacy, authenticity, integrity and non-repudiation. The presented...
Article
Full-text available
Virtual Laboratories in a Virtual Learning Environment are indispensable spaces for developing practical activities. This paper proposes an integrated structure for Virtual Laboratories for undergraduate degree programmes in Computer Engineering and Software Engineering. The general structure proposed is based on the experience gained in designing...