Nuestros investigadores

Javier Añorga Benito

Publicaciones científicas más recientes (desde 2010)

Autores: Fernandez-Berrueta, N. , (Autor de correspondencia); Goya, Jon; Añorga, Javier; et al.
ISSN 2169-3536  Vol. 8  2020  págs. 109266 - 109274
Communication technologies are in continuous evolution and as well, the different applications making use of them. In order to succeed with the roll-out of the communication-based applications, it is required that the communications technologies are intensively tested and validated before deployment. Current strategies for testing and validation cover field tests and laboratory tests. Railways is also taking advantage of the communication technologies evolution, and therefore, there is a need for having testing and validation strategies adapted to the railway environment, especially for safety-critical applications. Field tests and laboratory tests also apply in Railways. In the frame of laboratory tests, this paper includes an overview of different network emulators existing currently in the market. Furthermore, an analysis of the gaps of the network emulators with regards to the needs of the railways environment is also included. The goal of this paper is to show that network emulators are a flexible cost-effective solution for communication technologies testing purposes. Additionally, this paper also shows that there is a need to adapt current emulators to the railway environment in order to test and validate the future railway applications based on communication technologies.
Autores: Valdivia, L. J., (Autor de correspondencia); Adin, Íñigo; Añorga, Javier; et al.
ISSN 0748-8017  Vol. 35  Nº 2  2019  págs. 561 - 571
A malicious attack on a safety-critical system can derive in an undesired behavior of the system that may result in a failure. In this case, the reliability of the device is decreased, and it might affect directly to safety. Therefore, the security is also an essential issue to consider in the design of safety-critical systems. The main problem when safety and security are considered is to make them work together without interfering each other. A safety-critical device needs to be certified following standards like IEC-61508, and any security mechanisms must not affect this certification. This paper describes a system that integrates safety and security mechanisms to improve reliability without affecting safety certification. With the aim of reaching the required safety level, a redundant system is considered. This system is an n out of m distributed and synchronized voter. The synchronization method is based on the precision time protocol (IEEE-1588) allowing that all devices on a local network have the same time.
Autores: Añorga, Javier; Arrizabalaga, Saioa;
ISSN 2073-431X  Vol. 8  Nº 3  2019 
The growing adoption of Radio-frequency Identification (RFID) systems, particularly in the healthcare field, demonstrates that RFID is a positive asset for healthcare institutions. RFID offers the ability to save organizations time and costs by enabling data of traceability, identification, communication, temperature and location in real time for both people and resources. However, the RFID systems challenges are financial, technical, organizational and above all privacy and security. For this reason, recent works focus on attribute-based access control (ABAC) schemes. Currently, ABAC are based on mostly centralized models, which in environments such as the supply chain can present problems of scalability, synchronization and trust between the parties. In this manuscript, we implement an ABAC model in RFID systems based on a decentralized model such as blockchain. Common criteria for the selection of the appropriate blockchain are detailed. Our access control policies are executed through the decentralized application (DApp), which interfaces with the blockchain through the smart contract. Smart contracts and blockchain technology, on the one hand, solve current centralized systems issues as well as being flexible infrastructures that represent the relationship of trust and support essential in the ABAC model in order to provide the security of RFID systems. Our system has been designed for a supply chain environment with an use case suitable for healthcare systems, so that assets such as surgical instruments containing an associated RFID tag can only access to specific areas. Our system is deployed in both a local and Testnet environment in order to stablish a deep comparison and determining the technical feasibility.
Autores: Añorga, Javier; Arrizabalaga, Saioa;
Revista: SENSORS
ISSN 1424-8220  Vol. 19  Nº 20  2019 
Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.
Autores: Añorga, Javier, (Autor de correspondencia); Arrizabalaga, Saioa; Sedano, Beatriz; et al.
ISSN 1380-7501  Vol. 77  Nº 7  2018  págs. 7977 - 8000
The popular Internet service, YouTube, has adopted by default the HyperText Markup Language version 5 (HTML5). With this adoption, YouTube has moved to Dynamic Adaptive Streaming over HTTP (DASH) as Adaptive BitRate (ABR) video streaming technology. Furthermore, rate adaptation in DASH is solely receiver-driven. This issue motivates this work to make a deep analysis of YouTube's particular DASH implementation. Firstly, this article provides a state of the art about DASH and adaptive streaming technology, and also YouTube traffic characterization related work. Secondly, this paper describes a new methodology and test-bed for YouTube's DASH implementation traffic characterization and performance measurement. This methodology and test-bed do not make use of proxies and, moreover, they are able to cope with YouTube traffic redirections. Finally, a set of experimental results are provided, involving a dataset of 310 YouTube's videos. The depicted results show a YouTube's traffic pattern characterization and a discussion about allowed download bandwidth, YouTube's consumed bitrate and quality of the video. Moreover, the obtained results are cross-validated with the analysis of HTTP requests performed by YouTube's video player. The outcomes of this article are applicable in the field of Quality of Service (QoS) and Quality of Experience (QoE) management. This is valuable information for Internet Service Providers (ISPs), because QoS management based on assured download bandwidth can be used in order to provide a target end-user's QoE when YouTube service is being consumed.
Autores: Valdivia, Leonardo Jesús, (Autor de correspondencia); Adin, Íñigo; Arrizabalaga, Saioa; et al.
ISSN 1556-6072  Vol. 13  Nº 1  2018  págs. 48 - 55
Most critical applications today depend on computers, so a computer failure can cause financial disaster, serious injury, or even death. In this context, railways are considered a critical application, so they must meet the highest standards of availability and safety. Availability ensures continuous operation of the system, while a safe system must behave correctly in all operating and environmental conditions.