Person:
Marín López, Rafael

Profile Picture
Name
Marín López, Rafael
publication.page.department
Universidad de Murcia. Departamento de Ingeniería de la Informacióny las Comunicaciones
Repository logoRepository logo

Filters

2024 - 20254
4
4
Reset filters

Settings

Search Results

Now showing 1 - 4 of 4
  • Thumbnail Image
    Publication
    Embargo
    Establishment of IPsec security associations with Diffie–Hellman following a SDN-based framework: analysis and practical validation
    (Elsevier, 2024-08-17) Parra Espín, José Antonio; Marín López, Rafael; López Millán, Gabriel; Ingeniería de la Información y las Comunicaciones; Facultades de la UMU::Facultad de Informática
    The centralized management of IPsec Security Associations (SAs) by using Software Defined Network (SDN) paradigm has been already explored and standardized. Datacenters are some of the scenarios where the dynamic establishment of IPsec security associations among network nodes has been deemed relevant. In these scenarios, where nodes do not support protocols like IKEv2, applying solutions where the generation and distribution of keys for IPsec are delegated to the SDN controller. However, these scenarios have the issue that the controller itself generates the IPsec keys for the nodes, posing a higher risk to the system’s security in case the controller is compromised. For these scenarios, it would be necessary to define solutions that allow the distribution of this cryptographic material securely, while maintaining the capacity restrictions established by the nodes. To solve this risk, we propose the generation of the IPsec keys using key distribution through the Diffie–Hellman algorithm in such a manner, that the controller will never have access to the IPsec SAs session keys used by the network nodes, mitigating the aforementioned problem. In concrete, our approach makes the nodes responsible for generating their own Diffie–Hellman public and private keypair, while the controller is only in charge of distributing the public keys to the rest of nodes, as well as other parameters needed to install the IPsec SAs. As we will analyze, the distribution of the public keys will be enough to allow the network nodes to generate the session keys. This work presents the design, implementation and validation of this IPsec management solution based on Diffie–Hellman in SDN environments using asymmetric key distribution for negotiating encryption and integrity keys, focusing on the performance in key generation and installation of IPsec SAs.
  • Thumbnail Image
    Publication
    Open Access
    SDN-AAA: towards the standard management of AAA infrastructures
    (Elsevier, 2025-01-26) López Gómez, Francisco; Marín López, Rafael; Cánovas Reverte, Óscar; López Millán, Gabriel; Periniguez García, Fernando; Ingeniería de la Información y las Comunicaciones; Facultades de la UMU::Facultad de Informática
    Software Defined Networking (SDN) is a widely adopted technology that enables agile and flexible management of networks and services. This paradigm is a strong candidate for addressing the dynamic and secure management of large and complex Authentication, Authorization and Accounting (AAA) infrastructures. In those infrastructures, multiple nodes must securely exchange information to interconnect different realms, and the manual configuration of these nodes represents a significant point of failure and a challenge for administrators. This paper presents a novel SDN-based framework, named SDN-AAA, that follows a data model-driven approach using the YANG standard. This framework enables the dynamic management of routing and security configurations in AAA scenarios. Additionally, empirical results demonstrate that the proposed framework can handle increasing numbers of nodes without significant performance degradation in mesh and star topologies, with configuration and routing times that linearly or exponentially scale depending on the topology used. This validates the feasibility of the solution in real-world scenarios.
  • Thumbnail Image
    Publication
    Open Access
    Towards a new standard for network access authentication: EAP-EDHOC
    (Elsevier, 2025-07-12) López Gómez, Francisco; Marín López, Rafael; López Millán, Gabriel; García Carrillo, Dan; Preuß Mattsson, John; Selander, Göran; Ingeniería de la Información y las Comunicaciones; Facultades de la UMU::Facultad de Informática
    The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.
  • Thumbnail Image
    Publication
    Embargo
    CORECONF implementation as SDN southboundInterface for IoT: an OSCORE/EDHOC use case
    (Institute of Electrical and Electronics Engineers Inc., 2025) Fernández, Javier A.; Marín López, Rafael; López Millán, Gabriel; Toutain, Laurent; Ingeniería de la Información y las Comunicaciones; Facultades de la UMU::Facultad de Informática
    The Internet of Things (IoT) aims to gather valuable data from our surroundings through resource-constrained networks and devices. For this reason, efficient and lightweight communication protocols are required to be developed and adopted. CORECONF, a network management protocol designed for constrained environments, provides a promising solution for IoT device configuration. This work introduces pycoreconf, an open-source implementation of CORECONF, with the goal of testing the protocol and making it more accessible to researchers and developers by enabling its use in real-world scenarios and experimental setups. In this paper, we evaluate its performance and applicability as a southbound interface in an SDN-based architecture, demonstrating its potential for configuring security contexts between IoT devices. Potential for other use cases remains to be explored in future work. Our results suggest that pycoreconf is a viable tool for those interested in exploring and adopting CORECONF in IoT scenarios.
Ir a Estadísticas