Certificados electrónicos de servidor en administración y comercio electrónicos: garantías de seguridad

El uso de Internet por parte de los ciudadanos para relacionarse con las Administraciones Públicas o en relación con actividades de comercio electrónico crece día a día. Así lo evidencian los diferentes estudios realizados en esta materia, como los que lleva a cabo el Observatorio Nacional de las Telecomunicaciones y la Sociedad de la Información (http://www.ontsi.red.es/ontsi/). Se hace necesario, por tanto, identificar a las partes intervinientes en estas transacciones, además de dotarlas de la confidencialidad necesaria y garantizar el no repudio. Uno de los elementos que, junto con los mecanismos criptográficos apropiados, proporcionan estos requisitos, son los certificados electrónicos de servidor web. Existen numerosas publicaciones dedicadas a analizar esos mecanismos criptográficos y numerosos estudios de seguridad relacionados con los algoritmos de cifrado, simétrico y asimétrico, y el tamaño de las claves criptográficas. Sin embargo, la seguridad relacionada con el uso de los protocolos de seguridad SSL/TLS está estrechamente ligada a dos aspectos menos conocidos:  el grado de seguridad con el que se emiten los certificados electrónicos de servidor que permiten implementar dichos protocolos; y  el uso que hacen las aplicaciones software, y en especial los navegadores web, de los campos que contiene el perfil de dichos certificados. Por tanto, diferentes perfiles de certificados electrónicos de servidor y diferentes niveles de seguridad asociados al procedimiento de emisión de los mismos, dan lugar a diferentes tipos de certificados electrónicos. Si además se considera el marco jurídico que afecta a cada uno de ellos, se puede concluir que existe una tipología de certificados de servidor, con diferentes grados de seguridad o de confianza. Adicionalmente, existen otros requisitos que también pueden pasar desapercibidos tanto a los titulares de los certificados como a los usuarios de los servicios de comercio electrónico y administración electrónica. Por ejemplo, el grado de confianza que otorgan los navegadores web a las Autoridades de Certificación emisoras de los certificados y cómo estas adquieren tal condición, o la posibilidad de poder verificar el estado de revocación del certificado electrónico. El presente trabajo analiza todos estos requisitos y establece, en función de los mismos, la correspondiente tipología de certificados electrónicos de servidor web. Concretamente, las características a analizar para cada tipo de certificado son las siguientes:  Seguridad jurídica.  Normas técnicas.  Garantías sobre la verdadera identidad del dominio.  Verificación del estado de revocación.  Requisitos del Prestador de Servicios de Certificación. Los tipos de certificados electrónicos a analizar son:  Certificados de servidor web:  Certificados autofirmados y certificados emitidos por un Prestador de Servicios de Certificación.  Certificados de dominio simple y certificados multidominio (wildcard y SAN)  Certificados de validación extendida.  Certificados de sede electrónica. ABSTRACT Internet use by citizens to interact with government or with e-commerce activities is growing daily. This topic is evidenced by different studies in this area, such as those undertaken by the Observatorio Nacional de las Telecomunicaciones y la Sociedad de la Información (http://www.ontsi.red.es/ontsi/ ). Therefore, it is necessary to identify the parties involved in these transactions, as well as provide guaranties such as confidentiality and non-repudiation. One instrument which, together with appropriate cryptographic mechanisms, provides these requirements is SSL electronic certificate. There are numerous publications devoted to analyzing these cryptographic mechanisms and many studies related security encryption algorithms, symmetric and asymmetric, and the size of the cryptographic keys. However, the safety related to the use of security protocols SSL / TLS is closely linked to two lesser known aspects:  the degree of security used in issuing the SSL electronic certificates; and  the way software applications, especially web Internet browsers, work with the fields of the SSL certificates profiles. Therefore, the diversity of profiles and security levels of issuing SSL electronic certificates give rise to different types of certificates. Besides, some of these electronic certificates are affected by a specific legal framework. Consequently, it can be concluded that there are different types of SSL certificates, with different degrees of security or trustworthiness. Additionally, there are other requirements that may go unnoticed both certificate holders and users of e-commerce services and e-Government. For example, the degree of trustworthiness of the Certification Authorities and how they acquire such a condition by suppliers of Internet browsers, or the possibility to verify the revocation status of the SSL electronic certificate. This paper discusses these requirements and sets, according to them, the type of SSL electronic certificates. Specifically, the characteristics analyzed for each type of certificate are the following:  Legal security.  Technical standards.  Guarantees to the real identity of the domain.  Check the revocation status.  Requirements of the Certification Services Providers. The types of electronic certificates to be analyzed are the following:  SSL electronic certificates:  Self-signed certificates and certificates issued by a Certification Service Provider.  Single-domain certificates and multi-domain certificates (wildcard and SAN)  Extended Validation Certificates.  “Sede electrónica” certificates (specific certificates for web sites of Spanish Public Administrations).

A methodology to analyze, design and implement very fast and robust controls of Buck-type converters

La electrónica digital moderna presenta un desafío a los diseñadores de sistemas de potencia. El creciente alto rendimiento de microprocesadores, FPGAs y ASICs necesitan sistemas de alimentación que cumplan con requirimientos dinámicos y estáticos muy estrictos. Específicamente, estas alimentaciones son convertidores DC-DC de baja tensión y alta corriente que necesitan ser diseñados para tener un pequeño rizado de tensión y una pequeña desviación de tensión de salida bajo transitorios de carga de una alta pendiente. Además, dependiendo de la aplicación, se necesita cumplir con otros requerimientos tal y como proveer a la carga con ”Escalado dinámico de tensión”, donde el convertidor necesitar cambiar su tensión de salida tan rápidamente posible sin sobreoscilaciones, o ”Posicionado Adaptativo de la Tensión” donde la tensión de salida se reduce ligeramente cuanto más grande sea la potencia de salida. Por supuesto, desde el punto de vista de la industria, las figuras de mérito de estos convertidores son el coste, la eficiencia y el tamaño/peso. Idealmente, la industria necesita un convertidor que es más barato, más eficiente, más pequeño y que aún así cumpla con los requerimienos dinámicos de la aplicación. En este contexto, varios enfoques para mejorar la figuras de mérito de estos convertidores se han seguido por la industria y la academia tales como mejorar la topología del convertidor, mejorar la tecnología de semiconducores y mejorar el control. En efecto, el control es una parte fundamental en estas aplicaciones ya que un control muy rápido hace que sea más fácil que una determinada topología cumpla con los estrictos requerimientos dinámicos y, consecuentemente, le da al diseñador un margen de libertar más amplio para mejorar el coste, la eficiencia y/o el tamaño del sistema de potencia. En esta tesis, se investiga cómo diseñar e implementar controles muy rápidos para el convertidor tipo Buck. En esta tesis se demuestra que medir la tensión de salida es todo lo que se necesita para lograr una respuesta casi óptima y se propone una guía de diseño unificada para controles que sólo miden la tensión de salida Luego, para asegurar robustez en controles muy rápidos, se proponen un modelado y un análisis de estabilidad muy precisos de convertidores DC-DC que tienen en cuenta circuitería para sensado y elementos parásitos críticos. También, usando este modelado, se propone una algoritmo de optimización que tiene en cuenta las tolerancias de los componentes y sensados distorsionados. Us ando este algoritmo, se comparan controles muy rápidos del estado del arte y su capacidad para lograr una rápida respuesta dinámica se posiciona según el condensador de salida utilizado. Además, se propone una técnica para mejorar la respuesta dinámica de los controladores. Todas las propuestas se han corroborado por extensas simulaciones y prototipos experimentales. Con todo, esta tesis sirve como una metodología para ingenieros para diseñar e implementar controles rápidos y robustos de convertidores tipo Buck. ABSTRACT Modern digital electronics present a challenge to designers of power systems. The increasingly high-performance of microprocessors, FPGAs (Field Programmable Gate Array) and ASICs (Application-Specific Integrated Circuit) require power supplies to comply with very demanding static and dynamic requirements. Specifically, these power supplies are low-voltage/high-current DC-DC converters that need to be designed to exhibit low voltage ripple and low voltage deviation under high slew-rate load transients. Additionally, depending on the application, other requirements need to be met such as to provide to the load ”Dynamic Voltage Scaling” (DVS), where the converter needs to change the output voltage as fast as possible without underdamping, or ”Adaptive Voltage Positioning” (AVP) where the output voltage is slightly reduced the greater the output power. Of course, from the point of view of the industry, the figures of merit of these converters are the cost, efficiency and size/weight. Ideally, the industry needs a converter that is cheaper, more efficient, smaller and that can still meet the dynamic requirements of the application. In this context, several approaches to improve the figures of merit of these power supplies are followed in the industry and academia such as improving the topology of the converter, improving the semiconductor technology and improving the control. Indeed, the control is a fundamental part in these applications as a very fast control makes it easier for the topology to comply with the strict dynamic requirements and, consequently, gives the designer a larger margin of freedom to improve the cost, efficiency and/or size of the power supply. In this thesis, how to design and implement very fast controls for the Buck converter is investigated. This thesis proves that sensing the output voltage is all that is needed to achieve an almost time-optimal response and a unified design guideline for controls that only sense the output voltage is proposed. Then, in order to assure robustness in very fast controls, a very accurate modeling and stability analysis of DC-DC converters is proposed that takes into account sensing networks and critical parasitic elements. Also, using this modeling approach, an optimization algorithm that takes into account tolerances of components and distorted measurements is proposed. With the use of the algorithm, very fast analog controls of the state-of-the-art are compared and their capabilities to achieve a fast dynamic response are positioned de pending on the output capacitor. Additionally, a technique to improve the dynamic response of controllers is also proposed. All the proposals are corroborated by extensive simulations and experimental prototypes. Overall, this thesis serves as a methodology for engineers to design and implement fast and robust controls for Buck-type converters.

Identifying Moderator Variables Through Requirements Elicitation Experiments Limitations

Interviews are the most widely used elicitation technique in Requirements Engineering (RE). Despite its importance, research in interviews is quite limited, in particular from an experimental perspective. We have performed a series of experiments exploring the relative effectiveness of structured and unstructured interviews. This line of research has been active in Information Systems in the past years, so that our experiments can be aggregated together with existing ones to obtain guidelines for practice. Experimental aggregation is a demanding task. It requires not only a large number of experiments, but also considering the influence of the existing moderators. However, in the current state of the practice in RE, those moderators are unknown. We believe that analyzing the threats to validity in interviewing experiments may give insight about how to improve further replications and the corresponding aggregations. It is likely that this strategy may be applied in other Software Engineering areas as well.

Ontology Requirements Specification

The goal of the ontology requirements specification activity is to state why the ontology is being built, what its intended uses are, who the end users are, and which requirements the ontology should fulfill. This chapter presents detailed methodological guidelines for specifying ontology requirements efficiently. These guidelines will help ontology engineers to capture ontology requirements and produce the ontology requirements specification document (ORSD). The ORSD will play a key role during the ontology development process because it facilitates, among other activities, (1) the search and reuse of existing knowledge resources with the aim of reengineering them into ontologies, (2) the search and reuse of ontological resources (ontologies, ontology modules, ontology statements as well as ontology design patterns), and (3) the verification of the ontology along the ontology development.

Adding Usability Mechanisms into Agile Requirements: Tool Support with U-Kunagi

The growing interest for integrating agile methodologies and usability has brought various challenges to practitioners. This research focuses on a specific part of these challenges that is related to the integration of usability mechanisms (features such as cancel, undo, warning, etc.) into agile requirements, usually written in the form of user stories. For this aim, a framework has been developed, conformed first by a well-defined modeling language that aims to formalize previous empirical research in the field, models of the impact of usability mechanisms into user stories, and a tool to help practitioners applying them to user stories. Results show that the use of this framework helps agile developers to think about usability from the beginning of the development process, without needing to be an expert in the subject. Our proposal can therefore complement other usability practices to improve the quality of use of software developed using agile methodologies.

Storage requirements for PV power ramp-rate control

Short-term variability in the power generated by large grid-connected photovoltaic (PV) plants can negatively affect power quality and the network reliability. New grid-codes require combining the PV generator with some form of energy storage technology in order to reduce short-term PV power fluctuation. This paper proposes an effective method in order to calculate, for any PV plant size and maximum allowable ramp-rate, the maximum power and the minimum energy storage requirements alike. The general validity of this method is corroborated with extensive simulation exercises performed with real 5-s one year data of 500 kW inverters at the 38.5 MW Amaraleja (Portugal) PV plant and two other PV plants located in Navarra (Spain), at a distance of more than 660 km from Amaraleja.

Systematizing requirements elicitation technique selection

Context: This research deals with requirements elicitation technique selection for software product requirements and the overselection of open interviews. Objectives: This paper proposes and validates a framework to help requirements engineers select the most adequate elicitation techniques at any time. Method: We have explored both the existing underlying theory and the results of empirical research to build the framework. Based on this, we have deduced and put together justified proposals about the framework components. We have also had to add information not found in theoretical or empirical sources. In these cases, we drew on our own experience and expertise. Results: A new validated approach for requirements technique selection. This new approach selects tech- niques other than open interview, offers a wider range of possible techniques and captures more require- ments information. Conclusions: The framework is easily extensible and changeable. Whenever any theoretical or empirical evidence for an attribute, technique or adequacy value is unearthed, the information can be easily added to the framework.