Antonio Pastor

Alberto Sebastián-Lombraña, Hans H. Brunner, David Rincón et al.

Quantum Communications promise advances in cryptography, quantum computing and clock synchronisation, among other emerging applications. However, communication based on quantum phenomena requires an extreme level of isolation from external disturbances, complicating the co-propagation of quantum and classical signals. The challenge is greater when deploying networks that are both heterogeneous (e.g., multiple vendors) and installed in production facilities, given that this type of infrastructure already supports networks loaded with their own requirements. Moreover, to achieve a broad acceptance among network operators, the joint management and operation of quantum and classical resources, compliance with standards, and legal and quality assurance need to be addressed. This article presents solutions to the aforementioned challenges validated in the Madrid quantum network during the implementation of the projects CiViC and OpenQKD. This network was designed to integrate quantum communications in the telecommunications ecosystem by installing quantum-key-distribution modules from multiple providers in production nodes of two different operators. The modules were connected through an optically-switched network with more than 130~km of deployed optical fibre. The tests were done in compliance with strict service level agreements that protected the legacy traffic of the pre-existing classical network. The goal was to ensure full quantum-classical interoperability at all levels, while limiting the modifications to optical transport and encryption and complying with relevant standards. This effort is intended to lay the foundation for large-scale quantum network deployments.

José González Cabañas, Patricia Callejo, Rubén Cuevas et al.

Energy is today the most critical environmental challenge. The amount of carbon emissions contributing to climate change is significantly influenced by both the production and consumption of energy. Measuring and reducing the energy consumption of services is a crucial step toward reducing adverse environmental effects caused by carbon emissions. Millions of websites rely on online advertisements to generate revenue, with most websites earning most or all of their revenues from ads. As a result, hundreds of billions of online ads are delivered daily to internet users to be rendered in their browsers. Both the delivery and rendering of each ad consume energy. This study investigates how much energy online ads use in the rendering process and offers a way for predicting it as part of rendering the ad. To the best of the authors' knowledge, this is the first study to calculate the energy usage of single advertisements in the rendering process. Our research further introduces different levels of consumption by which online ads can be classified based on energy efficiency. This classification will allow advertisers to add energy efficiency metrics and optimize campaigns towards consuming less possible.

Rubén B. Mendez, Hans H. Brunner, Juan P. Brito et al.

A monitor and control framework for quantum-key-distribution (QKD) networks equipped with switching capabilities was developed. On the one hand, this framework provides real-time visibility into operational metrics. Specifically, it extracts essential data, such as the switching capabilities of QKD modules, the number of keys stored in buffer queues of the QKD links, and the respective key generation and consumption rates along these links. On the other hand, this framework allows software-defined networking (SDN) applications to operate on the collected information and address the cryptographic needs of the network. The SDN applications dynamically adapt the configuration of the switched network to align with its changing demands, e.g.,~prioritizing key availability on critical paths, responding to link failures, or reallocating generation capacity to prevent bottlenecks. This contribution demonstrates that the combination of switched QKD, centralized control, and global optimization strategies enables efficient, policy-driven operation of QKD networks. The cryptographic resources are allocated to maximize performance and resilience while remaining aligned with the specific policies set by network administrators.

Alberto Mozo, Ángel González-Prieto, Antonio Pastor et al.

Due to the growing rise of cyber attacks in the Internet, flow-based data sets are crucial to increase the performance of the Machine Learning (ML) components that run in network-based intrusion detection systems (IDS). To overcome the existing network traffic data shortage in attack analysis, recent works propose Generative Adversarial Networks (GANs) for synthetic flow-based network traffic generation. Data privacy is appearing more and more as a strong requirement when processing such network data, which suggests to find solutions where synthetic data can fully replace real data. Because of the ill-convergence of the GAN training, none of the existing solutions can generate high-quality fully synthetic data that can totally substitute real data in the training of IDS ML components. Therefore, they mix real with synthetic data, which acts only as data augmentation components, leading to privacy breaches as real data is used. In sharp contrast, in this work we propose a novel deterministic way to measure the quality of the synthetic data produced by a GAN both with respect to the real data and to its performance when used for ML tasks. As a byproduct, we present a heuristic that uses these metrics for selecting the best performing generator during GAN training, leading to a stopping criterion. An additional heuristic is proposed to select the best performing GANs when different types of synthetic data are to be used in the same ML task. We demonstrate the adequacy of our proposal by generating synthetic cryptomining attack traffic and normal traffic flow-based data using an enhanced version of a Wasserstein GAN. We show that the generated synthetic network traffic can completely replace real data when training a ML-based cryptomining detector, obtaining similar performance and avoiding privacy violations, since real data is not used in the training of the ML-based detector.

Antonio Pastor, Rubén Cuevas, Ángel Cuevas et al.

Programmatic advertising operates one of the most sophisticated and efficient service platforms on the Internet. However, the complexity of this ecosystem is a direct cause of one of the most important problems in online advertising, the lack of transparency. This lack of transparency enables subsequent problems such as advertising fraud, which causes billions of dollars in losses. In this paper we propose Ads.chain, a technological solution to the lack-of-transparency problem in programmatic advertising. Ads.chain extends the current effort of the Internet Advertising Bureau (IAB) in providing traceability in online advertising through the Ads.txt and Ads.cert solutions, addressing the limitations of these techniques. Ads.chain is (to the best of the authors' knowledge) the first solution that provides end-to-end cryptographic traceability at the ad transaction level. It is a communication protocol that can be seamlessly embedded into ad-tags and the OpenRTB protocol, the de-facto standards for communications in online advertising, allowing an incremental adoption by the industry. We have implemented Ads.chain and made the code publicly available. We assess the performance of Ads.chain through a thorough analysis in a lab environment that emulates a real ad delivery process at real-life throughputs. The obtained results show that Ads.chain can be implemented with limited impact on the hardware resources and marginal delay increments at the publishers lower than 0.20 milliseconds per ad space on webpages and 2.6 milliseconds at the programmatic advertising platforms. These results confirm that Ads.chain's impact on the user experience and the overall operation of the programmatic ad delivery process can be considered negligible.

Alexander Sjosten, Peter Snyder, Antonio Pastor et al.

Filter lists play a large and growing role in protecting and assisting web users. The vast majority of popular filter lists are crowd-sourced, where a large number of people manually label resources related to undesirable web resources (e.g., ads, trackers, paywall libraries), so that they can be blocked by browsers and extensions. Because only a small percentage of web users participate in the generation of filter lists, a crowd-sourcing strategy works well for blocking either uncommon resources that appear on "popular" websites, or resources that appear on a large number of "unpopular" websites. A crowd-sourcing strategy will perform poorly for parts of the web with small "crowds", such as regions of the web serving languages with (relatively) few speakers. This work addresses this problem through the combination of two novel techniques: (i) deep browser instrumentation that allows for the accurate generation of request chains, in a way that is robust in situations that confuse existing measurement techniques, and (ii) an ad classifier that uniquely combines perceptual and page-context features to remain accurate across multiple languages. We apply our unique two-step filter list generation pipeline to three regions of the web that currently have poorly maintained filter lists: Sri Lanka, Hungary, and Albania. We generate new filter lists that complement existing filter lists. Our complementary lists block an additional 3,349 of ad and ad-related resources (1,771 unique) when applied to 6,475 pages targeting these three regions. We hope that this work can be part of an increased effort at ensuring that the security, privacy, and performance benefits of web resource blocking can be shared with all users, and not only those in dominant linguistic or economic regions.

Alejandro Aguado, Victor Lopez, Diego Lopez et al.

Quantum computers will change the cryptographic panorama. A technology once believed to lay far away into the future is increasingly closer to real world applications. Quantum computers will break the algorithms used in our public key infrastructure and in our key exchange protocols, forcing a complete retooling of the cryptography as we know it. Quantum Key distribution is a physical layer technology immune to quantum or classical computational threats. However, it requires a physical substrate, and optical fiber has been the usual choice. Most of the time used just as a point to point link for the exclusive transport of the delicate quantum signals. Its integration in a real-world shared network has not been attempted so far. Here we show how the new programmable software network architectures, together with specially designed quantum systems can be used to produce a network that integrates classical and quantum communications, including management, in a single, production-level infrastructure. The network can also incorporate new quantum-safe algorithms and use the existing security protocols, thus bridging the gap between today's network security and the quantum-safe network of the future. This can be done in an evolutionary way, without zero-day migrations and the corresponding upfront costs. We also present how the technologies have been deployed in practice using a production network.