2024
Fernandez-Gago, Carmen; Ferraris, Davide; Roman, Rodrigo; Lopez, Javier
Trust interoperability in the Internet of Things Journal Article Forthcoming
In: Internet of Things, vol. 26, Forthcoming.
@article{FerIoT24,
title = {Trust interoperability in the Internet of Things},
author = {Carmen Fernandez-Gago and Davide Ferraris and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/FerIoT24.pdf},
doi = {https://doi.org/10.1016/j.iot.2024.101226},
year = {2024},
date = {2024-12-31},
urldate = {2024-12-31},
journal = {Internet of Things},
volume = {26},
abstract = {The Internet of Things (IoT) is a paradigm where entities or things are interconnected, often in heterogeneous contexts. As the interconnection happens, things establish collaborations with others, sometimes under uncertainty. Although trust can help us overcome this uncertainty, things might not be able to process the information about trust coming from other things: each thing could have its own trust model, which means its own way to understand and measure trust. If new trust relationships are to be established, it would be desirable to have a mechanism of interoperability that allows the things to process the information about the other things in terms of trust. In this paper, we describe an interoperability framework for tackling the trust interoperability issues in IoT, depending on the different types of trust models that might co-exist in the same IoT scenario.},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}
The Internet of Things (IoT) is a paradigm where entities or things are interconnected, often in heterogeneous contexts. As the interconnection happens, things establish collaborations with others, sometimes under uncertainty. Although trust can help us overcome this uncertainty, things might not be able to process the information about trust coming from other things: each thing could have its own trust model, which means its own way to understand and measure trust. If new trust relationships are to be established, it would be desirable to have a mechanism of interoperability that allows the things to process the information about the other things in terms of trust. In this paper, we describe an interoperability framework for tackling the trust interoperability issues in IoT, depending on the different types of trust models that might co-exist in the same IoT scenario.
2023
Ferraris, Davide; Fernandez-Gago, Carmen; Roman, Rodrigo; Lopez, Javier
A Survey on IoT Trust Model Frameworks Journal Article
In: The Journal of Supercomputing, 2023.
@article{surveyIoTrust2023,
title = {A Survey on IoT Trust Model Frameworks},
author = {Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/surveyIoTrust2023.pdf},
doi = {10.1007/s11227-023-05765-4},
year = {2023},
date = {2023-11-17},
urldate = {2023-11-17},
journal = {The Journal of Supercomputing},
abstract = {Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.
Roman, Rodrigo; Ahmed, Mujeeb (Ed.)
9th ACM Cyber-Physical System Security Workshop (CPSS 2023) Proceedings
ACM, Melbourne, Australia, 2023, ISBN: 979-8-4007-0090-3.
BibTeX | Links:
@proceedings{cpss23,
title = {9th ACM Cyber-Physical System Security Workshop (CPSS 2023)},
editor = {Rodrigo Roman and Mujeeb Ahmed},
doi = {10.1145/3592538},
isbn = {979-8-4007-0090-3},
year = {2023},
date = {2023-07-19},
urldate = {2023-07-19},
publisher = {ACM},
address = {Melbourne, Australia},
keywords = {},
pubstate = {published},
tppubtype = {proceedings}
}
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier; Sakurai, Kouichi
Current Perspectives on Securing Critical Infrastructures’ Supply Chains Journal Article
In: IEEE Security & Privacy, vol. 21, no. 4, pp. 29-38, 2023, ISSN: 1540-7993.
BibTeX | Links:
@article{Roman2023a,
title = {Current Perspectives on Securing Critical Infrastructures’ Supply Chains},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Kouichi Sakurai},
url = {/wp-content/papers/Roman2023a.pdf},
doi = {10.1109/MSEC.2023.3247946},
issn = {1540-7993},
year = {2023},
date = {2023-03-08},
urldate = {2023-03-08},
journal = {IEEE Security \& Privacy},
volume = {21},
number = {4},
pages = {29-38},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Muñoz, Antonio; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
A survey on the (in)security of Trusted Execution Environments Journal Article
In: Computers & Security, pp. 103-180, 2023, ISSN: 0167-4048.
@article{MUNOZ2023103180,
title = {A survey on the (in)security of Trusted Execution Environments},
author = {Antonio Mu\~{n}oz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/MUNOZ2023103180.pdf
https://www.sciencedirect.com/science/article/pii/S0167404823000901},
doi = {10.1016/j.cose.2023.103180},
issn = {0167-4048},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {Computers \& Security},
pages = {103-180},
publisher = {Elsevier},
address = {In Press},
abstract = {As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.
2022
Ruiz, Manuel; Rios, Ruben; Roman, Rodrigo; Muñoz, Antonio; Martínez, Juan Manuel; Wallace, Jorge
AndroCIES: Automatización de la certificación de seguridad para aplicaciones Android Proceedings Article
In: XVII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2022), pp. 192-197, Ediciones Universidad Cantabria Ediciones Universidad Cantabria, Santander, Spain, 2022.
@inproceedings{2016,
title = {AndroCIES: Automatizaci\'{o}n de la certificaci\'{o}n de seguridad para aplicaciones Android},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Antonio Mu\~{n}oz and Juan Manuel Mart\'{i}nez and Jorge Wallace},
url = {/wp-content/papers/2016.pdf},
year = {2022},
date = {2022-10-01},
urldate = {2022-10-01},
booktitle = {XVII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2022)},
volume = {265},
pages = {192-197},
publisher = {Ediciones Universidad Cantabria},
address = {Santander, Spain},
organization = {Ediciones Universidad Cantabria},
abstract = {El auge de las plataformas m\'{o}viles est\'{a} impulsando el desarrollo de un gran n\'{u}mero de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google est\'{a} apostando por hacer este problema m\'{a}s visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificaci\'{o}n de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificaci\'{o}n de aplicaciones m\'{o}viles, reduciendo en torno a un 20% el tiempo empleado en este proceso.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El auge de las plataformas móviles está impulsando el desarrollo de un gran número de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google está apostando por hacer este problema más visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificación de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificación de aplicaciones móviles, reduciendo en torno a un 20% el tiempo empleado en este proceso.
Ruiz, Manuel; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Privacidad Contextual en entornos Edge Proceedings Article
In: VII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2022), pp. 122-129, Bilbao, Spain, 2022, ISBN: 978-84-88734-13-6.
@inproceedings{1979,
title = {Privacidad Contextual en entornos Edge},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1979.pdf},
isbn = {978-84-88734-13-6},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {VII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2022)},
pages = {122-129},
address = {Bilbao, Spain},
abstract = {La privacidad contextual se refiere a la protecci\'{o}n de toda aquella informaci\'{o}n que puede desprenderse de la interacci\'{o}n entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localizaci\'{o}n, el tiempo, los patrones de uso y los diferentes par\'{a}metros necesarios para realizar la comunicaci\'{o}n son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computaci\'{o}n edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un an\'{a}lisis y clasificaci\'{o}n de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desaf\'{i}os en este campo.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La privacidad contextual se refiere a la protección de toda aquella información que puede desprenderse de la interacción entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localización, el tiempo, los patrones de uso y los diferentes parámetros necesarios para realizar la comunicación son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computación edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un análisis y clasificación de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desafíos en este campo.
Rios, Ruben; Onieva, Jose A.; Roman, Rodrigo; Lopez, Javier
Personal IoT Privacy Control at the Edge Journal Article
In: IEEE Security & Privacy, vol. 20, pp. 23 – 32, 2022, ISSN: 1540-7993.
@article{rios2022pmec,
title = {Personal IoT Privacy Control at the Edge},
author = {Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rios2022pmec.pdf},
doi = {10.1109/MSEC.2021.3101865},
issn = {1540-7993},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {IEEE Security \& Privacy},
volume = {20},
pages = {23 - 32},
publisher = {IEEE},
abstract = {This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.
2021
Roman, Rodrigo; Zhou, Jianying (Ed.)
17th International Workshop on Security and Trust Management (STM 2021) Proceedings
Springer Cham, vol. 13075, 2021, ISBN: 978-3-030-91859-0.
@proceedings{stm2021,
title = {17th International Workshop on Security and Trust Management (STM 2021)},
editor = {Rodrigo Roman and Jianying Zhou},
doi = {10.1007/978-3-030-91859-0},
isbn = {978-3-030-91859-0},
year = {2021},
date = {2021-12-03},
urldate = {2021-12-03},
volume = {13075},
publisher = {Springer Cham},
series = {Lecture Notes in Computer Science (LNCS)},
abstract = {This book constitutes the proceedings of the 17th International Workshop on Security and Trust Management, STM 2021, co-located with the 26th European Symposium on Research in Computer Security, ESORICS 2021. The conference was planned to take place in Darmstadt, Germany. It was held online on October 8, 2021, due to the COVID-19 pandemic.},
keywords = {},
pubstate = {published},
tppubtype = {proceedings}
}
This book constitutes the proceedings of the 17th International Workshop on Security and Trust Management, STM 2021, co-located with the 26th European Symposium on Research in Computer Security, ESORICS 2021. The conference was planned to take place in Darmstadt, Germany. It was held online on October 8, 2021, due to the COVID-19 pandemic.
2020
Rubio, Juan E.; Roman, Rodrigo; Lopez, Javier
Integration of a Threat Traceability Solution in the Industrial Internet of Things Journal Article
In: IEEE Transactions on Industrial Informatics, vol. 16, no. 6575-6583, 2020, ISSN: 1551-3203.
@article{Rubio2020IIoT,
title = {Integration of a Threat Traceability Solution in the Industrial Internet of Things},
author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Rubio2020IIoT.pdf},
doi = {10.1109/TII.2020.2976747},
issn = {1551-3203},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {16},
number = {6575-6583},
publisher = {IEEE},
abstract = {In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.
Rubio, Juan E.; Alcaraz, Cristina; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Distributed Detection of APTs: Consensus vs. Clustering Proceedings Article
In: 25th European Symposium on Research in Computer Security (ESORICS 2020), pp. 174-192, 2020, ISBN: 978-3-030-58951-6.
BibTeX | Links:
@inproceedings{1846,
title = {Distributed Detection of APTs: Consensus vs. Clustering},
author = {Juan E. Rubio and Cristina Alcaraz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1846.pdf},
doi = {10.1007/978-3-030-58951-6_9},
isbn = {978-3-030-58951-6},
year = {2020},
date = {2020-09-01},
urldate = {2020-09-01},
booktitle = {25th European Symposium on Research in Computer Security (ESORICS 2020)},
volume = {12308},
pages = {174-192},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2019
Rubio, Juan E.; Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Current Cyber-Defense Trends in Industrial Control Systems Journal Article
In: Computers & Security Journal, vol. 87, 2019, ISSN: 0167-4048.
@article{rub2019cose,
title = {Current Cyber-Defense Trends in Industrial Control Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rub2019cose.pdf},
doi = {10.1016/j.cose.2019.06.015},
issn = {0167-4048},
year = {2019},
date = {2019-11-01},
urldate = {2019-11-01},
journal = {Computers \& Security Journal},
volume = {87},
publisher = {Elsevier},
abstract = {Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.
Onieva, Jose A.; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Edge-Assisted Vehicular Networks Security Journal Article
In: IEEE Internet of Things Journal, vol. 6, pp. 8038-8045, 2019, ISSN: 2327-4662.
@article{onieva2019vec,
title = {Edge-Assisted Vehicular Networks Security},
author = {Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/onieva2019vec.pdf},
doi = {10.1109/JIOT.2019.2904323},
issn = {2327-4662},
year = {2019},
date = {2019-10-01},
urldate = {2019-10-01},
journal = {IEEE Internet of Things Journal},
volume = {6},
pages = {8038-8045},
publisher = {IEEE Computer Society},
abstract = {Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking APTs in Industrial Ecosystems: A Proof of Concept Journal Article
In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
BibTeX | Links:
@article{RubioSIJCS19,
title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioSIJCS19.pdf},
issn = {0167-4048},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {Journal of Computer Security},
volume = {27},
pages = {521-546},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Roman, Rodrigo; Rios, Ruben; Onieva, Jose A.; Lopez, Javier
Immune System for the Internet of Things using Edge Technologies Journal Article
In: IEEE Internet of Things Journal, vol. 6, pp. 4774-4781, 2019, ISSN: 2327-4662.
@article{roman2018VIS,
title = {Immune System for the Internet of Things using Edge Technologies},
author = {Rodrigo Roman and Ruben Rios and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/roman2018VIS.pdf
https://ieeexplore.ieee.org/document/8449989/},
doi = {10.1109/JIOT.2018.2867613},
issn = {2327-4662},
year = {2019},
date = {2019-06-01},
urldate = {2019-06-01},
journal = {IEEE Internet of Things Journal},
volume = {6},
pages = {4774-4781},
publisher = {IEEE Computer Society},
abstract = {The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.
2018
Rubio, Juan E.; Roman, Rodrigo; Lopez, Javier
Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection Proceedings Article
In: The 12th International Conference on Critical Information Infrastructures Security, pp. 119-130, Springer Springer, 2018.
BibTeX | Links:
@inproceedings{1666,
title = {Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection},
author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1666.pdf},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {The 12th International Conference on Critical Information Infrastructures Security},
volume = {10707},
pages = {119-130},
publisher = {Springer},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Tsunoda, Hiroshi; Roman, Rodrigo; Lopez, Javier; Keeni, Glenn Mansfield
Feasibility of Societal Model for Securing Internet of Things Journal Article
In: KSII Transactions on Internet and Information Systems, vol. 12, no. 8, pp. 3567-3588, 2018, ISSN: 1976-7277.
@article{Hiroshi18IoT,
title = {Feasibility of Societal Model for Securing Internet of Things},
author = {Hiroshi Tsunoda and Rodrigo Roman and Javier Lopez and Glenn Mansfield Keeni},
url = {/wp-content/papers/Hiroshi18IoT.pdf
http://www.itiis.org/digital-library/manuscript/2082},
doi = {10.3837/tiis.2018.08.003},
issn = {1976-7277},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
journal = {KSII Transactions on Internet and Information Systems},
volume = {12},
number = {8},
pages = {3567-3588},
publisher = {KSII},
abstract = {In the Internet of Things (IoT) concept, devices communicate autonomously with applications in the Internet. A significant aspect of IoT that makes it stand apart from present-day networked devices and applications is a) the very large number of devices, produced by diverse makers and used by an even more diverse group of users; b) the applications residing and functioning in what were very private sanctums of life e.g. the car, home, and the people themselves. Since these diverse devices require high-level security, an operational model for an IoT system is required, which has built-in security. We have proposed the societal model as a simple operational model. The basic concept of the model is borrowed from human society \textendash there will be infants, the weak and the handicapped who need to be protected by guardians. This natural security mechanism works very well for IoT networks which seem to have inherently weak security mechanisms. In this paper, we discuss the requirements of the societal model and examine its feasibility by doing a proof-of-concept implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the Internet of Things (IoT) concept, devices communicate autonomously with applications in the Internet. A significant aspect of IoT that makes it stand apart from present-day networked devices and applications is a) the very large number of devices, produced by diverse makers and used by an even more diverse group of users; b) the applications residing and functioning in what were very private sanctums of life e.g. the car, home, and the people themselves. Since these diverse devices require high-level security, an operational model for an IoT system is required, which has built-in security. We have proposed the societal model as a simple operational model. The basic concept of the model is borrowed from human society – there will be infants, the weak and the handicapped who need to be protected by guardians. This natural security mechanism works very well for IoT networks which seem to have inherently weak security mechanisms. In this paper, we discuss the requirements of the societal model and examine its feasibility by doing a proof-of-concept implementation.
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics Proceedings Article
In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
@inproceedings{RubioRomanAlcarazZhang2018,
title = {Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioRomanAlcarazZhang2018.pdf
https://link.springer.com/chapter/10.1007/978-3-319-99073-6_27, },
doi = {10.1007/978-3-319-99073-6_27},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS 2018)},
volume = {11098},
pages = {555-574},
publisher = {Springer},
address = {Barcelona, Spain},
organization = {Springer},
abstract = {Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.
Roman, Rodrigo; Lopez, Javier; Gritzalis, Stefanos
Evolution and Trends in the Security of the Internet of Things Journal Article
In: IEEE Computer, vol. 51, pp. 16-25, 2018, ISSN: 0018-9162.
BibTeX | Links:
@article{RomanIoT18,
title = {Evolution and Trends in the Security of the Internet of Things},
author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},
url = {/wp-content/papers/RomanIoT18.pdf
https://ieeexplore.ieee.org/document/8423133/},
doi = {10.1109/MC.2018.3011051},
issn = {0018-9162},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
journal = {IEEE Computer},
volume = {51},
pages = {16-25},
publisher = {IEEE Computer Society},
address = {New Jersey, USA},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Roman, Rodrigo; Lopez, Javier; Mambo, Masahiro
Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges Journal Article
In: Future Generation Computer Systems, vol. 78, pp. 680-698, 2018, ISSN: 0167-739X.
@article{RomanFog16,
title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges},
author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo},
url = {/wp-content/papers/RomanFog16.pdf
https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ},
doi = {10.1016/j.future.2016.11.009},
issn = {0167-739X},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Future Generation Computer Systems},
volume = {78},
pages = {680-698},
publisher = {Elsevier},
abstract = {For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.
2017
Rios, Ruben; Roman, Rodrigo; Onieva, Jose A.; Lopez, Javier
From Smog to Fog: A Security Perspective Proceedings Article
In: 2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017), pp. 56-61, IEEE Computer Society IEEE Computer Society, Valencia, Spain. 8-11 May 2017, 2017, ISBN: 978-1-5386-2859-1.
@inproceedings{Ruben2017smog,
title = {From Smog to Fog: A Security Perspective},
author = {Ruben Rios and Rodrigo Roman and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/Ruben2017smog.pdf},
doi = {10.1109/FMEC.2017.7946408},
isbn = {978-1-5386-2859-1},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
booktitle = {2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017)},
pages = {56-61},
publisher = {IEEE Computer Society},
address = {Valencia, Spain. 8-11 May 2017},
organization = {IEEE Computer Society},
abstract = {Cloud computing has some major limitations that hinder its application to some specific scenarios (e.g., Industrial IoT, and remote surgery) where there are particularly stringent requirements, such as extremely low latency. Fog computing is a specialization of the Cloud that promises to overcome the aforementioned limitations by bringing the Cloud closer to end-users. Despite its potential benefits, Fog Computing is still a developing paradigm which demands further research, especially on security and privacy aspects. This is precisely the focus of this paper: to make evident the urgent need for security mechanisms in Fog computing, as well as to present a research strategy with the necessary steps and processes that are being undertaken within the scope of the SMOG project, in order to enable a trustworthy and resilient Fog ecosystem.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud computing has some major limitations that hinder its application to some specific scenarios (e.g., Industrial IoT, and remote surgery) where there are particularly stringent requirements, such as extremely low latency. Fog computing is a specialization of the Cloud that promises to overcome the aforementioned limitations by bringing the Cloud closer to end-users. Despite its potential benefits, Fog Computing is still a developing paradigm which demands further research, especially on security and privacy aspects. This is precisely the focus of this paper: to make evident the urgent need for security mechanisms in Fog computing, as well as to present a research strategy with the necessary steps and processes that are being undertaken within the scope of the SMOG project, in order to enable a trustworthy and resilient Fog ecosystem.
Lopez, Javier; Alcaraz, Cristina; Rodriguez, Jesús; Roman, Rodrigo; Rubio, Juan E.
Protecting Industry 4.0 against Advanced Persistent Threats Journal Article
In: European CIIP Newsletter, vol. 11, no. 1, pp. 27-29, 2017.
BibTeX | Links:
@article{lopez2017ecn,
title = {Protecting Industry 4.0 against Advanced Persistent Threats},
author = {Javier Lopez and Cristina Alcaraz and Jes\'{u}s Rodriguez and Rodrigo Roman and Juan E. Rubio},
url = {/wp-content/papers/lopez2017ecn.pdf},
year = {2017},
date = {2017-03-01},
urldate = {2017-03-01},
journal = {European CIIP Newsletter},
volume = {11},
number = {1},
pages = {27-29},
publisher = {European CIIP Newsletter},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Rubio, Juan E.; Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Analysis of Intrusion Detection Systems in Industrial Ecosystems Proceedings Article
In: 14th International Conference on Security and Cryptography (SECRYPT 2017), pp. 116-128, SciTePress SciTePress, 2017, ISBN: 978-989-758-259-2.
BibTeX | Links:
@inproceedings{1662,
title = {Analysis of Intrusion Detection Systems in Industrial Ecosystems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1662.pdf},
doi = {10.5220/0006426301160128},
isbn = {978-989-758-259-2},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {14th International Conference on Security and Cryptography (SECRYPT 2017)},
volume = {6},
pages = {116-128},
publisher = {SciTePress},
organization = {SciTePress},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Rodriguez, Jesús; Roman, Rodrigo; Rubio, Juan E.
Estado y Evolución de la Detección de Intrusiones en los Sistemas Industriales Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), 2017.
@inproceedings{1653,
title = {Estado y Evoluci\'{o}n de la Detecci\'{o}n de Intrusiones en los Sistemas Industriales},
author = {Cristina Alcaraz and Jes\'{u}s Rodriguez and Rodrigo Roman and Juan E. Rubio},
url = {/wp-content/papers/1653.pdf},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
abstract = {Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomal\'{i}as e intrusiones. Es por tanto el objetivo de este art\'{i}culo analizar el estado y la evoluci\'{o}n, tanto acad\'{e}mica como industrial, de los mecanismos de detecci\'{o}n de intrusiones en este campo, as\'{i} como estudiar su aplicabilidad actual y futura.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomalías e intrusiones. Es por tanto el objetivo de este artículo analizar el estado y la evolución, tanto académica como industrial, de los mecanismos de detección de intrusiones en este campo, así como estudiar su aplicabilidad actual y futura.
2016
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Testificación Digital Journal Article
In: Revista SIC, vol. 122, pp. 94-98, 2016, ISSN: 1136-0623.
@article{nrlSIC16,
title = {Testificaci\'{o}n Digital},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/nrlSIC16.pdf
https://revistasic.es/index.php?option=com_content\&view=article\&id=1713\&Itemid=1498},
issn = {1136-0623},
year = {2016},
date = {2016-11-01},
urldate = {2016-11-01},
journal = {Revista SIC},
volume = {122},
pages = {94-98},
publisher = {Ediciones CODA},
abstract = {El creciente n\'{u}mero de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos \textendashmuchos de ellos propietarios\textendash y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse c\'{o}mo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se est\'{a} desarrollando una soluci\'{o}n, el Testigo Digital, que permitir\'{a} a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegi\'{e}ndonos de los ciberataques emergentes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
El creciente número de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos –muchos de ellos propietarios– y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse cómo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se está desarrollando una solución, el Testigo Digital, que permitirá a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegiéndonos de los ciberataques emergentes.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Arquitectura funcional para la cadena de custodia digital en objetos de la IoT Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 2016, ISBN: 978-84-608-9470-4.
@inproceedings{1582,
title = {Arquitectura funcional para la cadena de custodia digital en objetos de la IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1582.pdf},
isbn = {978-84-608-9470-4},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {168-173},
abstract = {En la Internet de los Objetos (IoT, por sus siglas en ingl\'{e}s), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayud\'{a}ndose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboraci\'{o}n de \'{e}stos para denunciar posibles abusos telem\'{a}ticos a\'{u}n est\'{a} por definir. Los testigos digitales son dispositivos concebidos para definir la participaci\'{o}n de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este art\'{i}culo proponemos una arquitectura funcional para la implementaci\'{o}n del concepto de testigo digital en dispositivos heterog\'{e}neos de la IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En la Internet de los Objetos (IoT, por sus siglas en inglés), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayudándose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboración de éstos para denunciar posibles abusos telemáticos aún está por definir. Los testigos digitales son dispositivos concebidos para definir la participación de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este artículo proponemos una arquitectura funcional para la implementación del concepto de testigo digital en dispositivos heterogéneos de la IoT.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Digital Witness: Digital Evidence Management Framework for the Internet of Things Journal Article
In: ERCIM News, no. 106, pp. 9-9, 2016, ISSN: 0926-4981.
BibTeX | Links:
@article{ercim-nrl16,
title = {Digital Witness: Digital Evidence Management Framework for the Internet of Things},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {http://ercim-news.ercim.eu/images/stories/EN106/EN106-web.pdf},
issn = {0926-4981},
year = {2016},
date = {2016-07-01},
urldate = {2016-07-01},
journal = {ERCIM News},
number = {106},
pages = {9-9},
publisher = {ERCIM EEIG},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT Proceedings Article
In: II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 2016, ISBN: 978-84-608-8070-7.
@inproceedings{1578,
title = {Testigo digital: delegaci\'{o}n vinculante de evidencias electr\'{o}nicas para escenarios IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1578.pdf
http://ucys.ugr.es/jnic2016/docs/ActasJNIC2016.pdf, },
isbn = {978-84-608-8070-7},
year = {2016},
date = {2016-06-01},
urldate = {2016-06-01},
booktitle = {II Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2016)},
pages = {109-116},
abstract = {En un mundo en el que los usuarios dependen cada vez m\'{a}s de sus dispositivos, \'{e}stos almacenan gran cantidad de datos y son una fuente muy valiosa de informaci\'{o}n sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, caracter\'{i}sticas propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este art\'{i}culo definimos el concepto de testigo digital: funcionalidad que permitir\'{a} a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, ampar\'{a}ndose en la colaboraci\'{o}n de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de \'{e}stas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices Journal Article
In: IEEE Network, pp. 12-19, 2016, ISSN: 0890-8044.
@article{ieeenet16-nrl,
title = {Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/ieeenet16-nrl.pdf
http://ieeexplore.ieee.org/document/7764297/$#$full-text-section},
doi = {10.1109/MNET.2016.1600087NM},
issn = {0890-8044},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {IEEE Network},
pages = {12-19},
publisher = {IEEE Communications Society},
abstract = {Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.
2013
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
User-centric secure integration of personal RFID tags and sensor networks Journal Article
In: Security and Communication Networks, vol. 6, pp. 1177–1197, 2013, ISSN: 1939-0114.
@article{najerascn12,
title = {User-centric secure integration of personal RFID tags and sensor networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
doi = {10.1002/sec.684},
issn = {1939-0114},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Security and Communication Networks},
volume = {6},
pages = {1177\textendash1197},
publisher = {Wiley-Blackwell},
abstract = {A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.
Lopez, Javier; Alcaraz, Cristina; Roman, Rodrigo
Smart Control of Operational Threats in Control Substations Journal Article
In: Computers & Security, vol. 38, pp. 14-27, 2013, ISSN: 0167-4048.
@article{1770,
title = {Smart Control of Operational Threats in Control Substations},
author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/1770.pdf
http://www.sciencedirect.com/science/article/pii/S0167404813000588},
doi = {10.1016/j.cose.2013.03.013},
issn = {0167-4048},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Computers \& Security},
volume = {38},
pages = {14-27},
publisher = {Elsevier},
abstract = {Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
On the features and challenges of security and privacy in distributed internet of things Journal Article
In: Computer Networks, vol. 57, pp. 2266–2279, 2013, ISSN: 1389-1286.
@article{roman2013iot,
title = {On the features and challenges of security and privacy in distributed internet of things},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/roman2013iot.pdf
http://www.sciencedirect.com/science/article/pii/S1389128613000054},
doi = {10.1016/j.comnet.2012.12.018},
issn = {1389-1286},
year = {2013},
date = {2013-07-01},
urldate = {2013-07-01},
journal = {Computer Networks},
volume = {57},
pages = {2266\textendash2279},
publisher = {Elsevier},
abstract = {In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages \textendash not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things Journal Article
In: Ad Hoc Networks, vol. 11, pp. 1091–1104, 2013, ISSN: 1570-8705.
@article{1752,
title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1752.pdf},
doi = {10.1016/j.adhoc.2012.12.001},
issn = {1570-8705},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {Ad Hoc Networks},
volume = {11},
pages = {1091\textendash1104},
publisher = {Elsevier},
abstract = {The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.
2012
Alcaraz, Cristina; Lopez, Javier; Roman, Rodrigo; Chen, Hsiao-Hwa
Selecting key management schemes for WSN applications Journal Article
In: Computers & Security, vol. 31, no. 38, pp. 956–966, 2012, ISSN: 0167-4048.
@article{AlcarazR2012,
title = {Selecting key management schemes for WSN applications},
author = {Cristina Alcaraz and Javier Lopez and Rodrigo Roman and Hsiao-Hwa Chen},
url = {/wp-content/papers/AlcarazR2012.pdf
http://www.sciencedirect.com/science/article/pii/S0167404812001034},
doi = {10.1016/j.cose.2012.07.002},
issn = {0167-4048},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
journal = {Computers \& Security},
volume = {31},
number = {38},
pages = {956\textendash966},
publisher = {Elsevier},
abstract = {Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.
Roman, Rodrigo; Lopez, Javier; Dugeon, Olivier; Lacoste, Marc; Tron, Pierre Plaza; Bel, Marta
Advanced Secure Multimedia Services for Digital Homes Journal Article
In: Information Systems Frontiers, vol. 14, pp. 527-540, 2012, ISSN: 1387-3326.
@article{Roman2010a,
title = {Advanced Secure Multimedia Services for Digital Homes},
author = {Rodrigo Roman and Javier Lopez and Olivier Dugeon and Marc Lacoste and Pierre Plaza Tron and Marta Bel},
url = {/wp-content/papers/Roman2010a.pdf
http://www.springerlink.com/content/1785645v5246006u/},
doi = {10.1007/s10796-010-9258-9},
issn = {1387-3326},
year = {2012},
date = {2012-07-01},
urldate = {2012-07-01},
journal = {Information Systems Frontiers},
volume = {14},
pages = {527-540},
publisher = {Springer},
abstract = {Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.
Clarke, James; Roman, Rodrigo; Sharma, Abhishek; Lopez, Javier; Suri, Neeraj
Trust & Security RTD in the Internet of Things: Opportunities for International Cooperation Proceedings Article
In: Proceedings of the First International Conference on Security of Internet of Things, pp. 172–178, ACM ACM, New York, NY, USA, 2012, ISBN: 978-1-4503-1822-8.
@inproceedings{Clarke:2012,
title = {Trust \& Security RTD in the Internet of Things: Opportunities for International Cooperation},
author = {James Clarke and Rodrigo Roman and Abhishek Sharma and Javier Lopez and Neeraj Suri},
url = {http://doi.acm.org/10.1145/2490428.2490452},
doi = {10.1145/2490428.2490452},
isbn = {978-1-4503-1822-8},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {Proceedings of the First International Conference on Security of Internet of Things},
pages = {172\textendash178},
publisher = {ACM},
address = {New York, NY, USA},
organization = {ACM},
series = {SecurIT ’12},
abstract = {While there has been considerable progress in the research and technological development (RTD) of the Internet of Things (IoT), there is still considerable RTD required by international communities for the trust, privacy and security research challenges arising from the constitution of the IoT architectures, infrastructures, communications, devices, objects, applications and services. In this paper, we present an thorough analysis of the ongoing and future RTD work, specifically in Europe, regarding trust, privacy and security of the Internet of Things with a view towards enabling international cooperation efforts around the globe to solve these major research challenges.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
While there has been considerable progress in the research and technological development (RTD) of the Internet of Things (IoT), there is still considerable RTD required by international communities for the trust, privacy and security research challenges arising from the constitution of the IoT architectures, infrastructures, communications, devices, objects, applications and services. In this paper, we present an thorough analysis of the ongoing and future RTD work, specifically in Europe, regarding trust, privacy and security of the Internet of Things with a view towards enabling international cooperation efforts around the globe to solve these major research challenges.
Galindo, David; Roman, Rodrigo; Lopez, Javier
On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks Journal Article
In: Wireless Communications and Mobile Computing, vol. 12, pp. 133-143, 2012, ISSN: 1530-8669.
@article{Galindo2010,
title = {On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks},
author = {David Galindo and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Galindo2010.pdf},
doi = {10.1002/wcm.894},
issn = {1530-8669},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {12},
pages = {133-143},
publisher = {Wiley},
abstract = {Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Secure architecure for the integration of RFID and sensors in personal networks Proceedings Article
In: 7th International Workshop on Security and Trust Management (STM’11), pp. 207-222, Springer Springer, Copenhagen, Denmark, 2012, ISBN: 978-3-642-29962-9.
@inproceedings{Najera_STM11,
title = {Secure architecure for the integration of RFID and sensors in personal networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Najera_STM11.pdf},
doi = {10.1007/978-3-642-29963-6_15},
isbn = {978-3-642-29962-9},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {7th International Workshop on Security and Trust Management (STM’11)},
volume = {7170},
pages = {207-222},
publisher = {Springer},
address = {Copenhagen, Denmark},
organization = {Springer},
series = {LNCS},
abstract = {The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.
2011
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Acceso seguro a nodos RFID en una arquitectura de red personal Proceedings Article
In: Hackbarth, Klaus; Agüero, Ramón; Sanz, Roberto (Ed.): X Jornadas de Ingeniería Telemática (JITEL 2011), pp. 104 – 111, Universidad de Cantabria Universidad de Cantabria, Santander, Spain, 2011, ISBN: 978-84-694-5948-5.
@inproceedings{Najera_JITEL11,
title = {Acceso seguro a nodos RFID en una arquitectura de red personal},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
editor = {Klaus Hackbarth and Ram\'{o}n Ag\"{u}ero and Roberto Sanz},
isbn = {978-84-694-5948-5},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
booktitle = {X Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2011)},
pages = {104 - 111},
publisher = {Universidad de Cantabria},
address = {Santander, Spain},
organization = {Universidad de Cantabria},
abstract = {El paradigma de red personal (PN) permitir\'{a} la interacci\'{o}n y colaboraci\'{o}n del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno m\'{u}ltiples tecnolog\'{i}as heterog\'{e}neas con diversas capacidades computacionales y de comunicaci\'{o}n de forma segura. En particular, la incorporaci\'{o}n de la tecnolog\'{i}a RFID en objetos personales conlleva m\'{u}ltiples riesgos de seguridad y privacidad que han suscitado un elevado inter\'{e}s de la comunidad investigadora en los \'{u}ltimos a\~{n}os. M\'{a}s all\'{a} de su seguridad de forma aislada, su integraci\'{o}n en la PN y la interacci\'{o}n de \'{e}sta con redes de \'{a}rea extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este art\'{i}culo proporciona los fundamentos de tal arquitectura segura incluyendo el an\'{a}lisis de aspectos como la incorporaci\'{o}n e inicializaci\'{o}n de las restringidas etiquetas RFID en la red personal, la autenticaci\'{o}n tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnolog\'{i}as de contexto, el control de las pol\'{i}ticas de privacidad y el establecimiento de canales seguros de comunicaci\'{o}n supervisados.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El paradigma de red personal (PN) permitirá la interacción y colaboración del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno múltiples tecnologías heterogéneas con diversas capacidades computacionales y de comunicación de forma segura. En particular, la incorporación de la tecnología RFID en objetos personales conlleva múltiples riesgos de seguridad y privacidad que han suscitado un elevado interés de la comunidad investigadora en los últimos años. Más allá de su seguridad de forma aislada, su integración en la PN y la interacción de ésta con redes de área extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este artículo proporciona los fundamentos de tal arquitectura segura incluyendo el análisis de aspectos como la incorporación e inicialización de las restringidas etiquetas RFID en la red personal, la autenticación tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnologías de contexto, el control de las políticas de privacidad y el establecimiento de canales seguros de comunicación supervisados.
Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Securing the Internet of Things Journal Article
In: IEEE Computer, vol. 44, no. 9, pp. 51 -58, 2011, ISSN: 0018-9162.
@article{1633,
title = {Securing the Internet of Things},
author = {Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1633.pdf},
doi = {10.1109/MC.2011.291},
issn = {0018-9162},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {IEEE Computer},
volume = {44},
number = {9},
pages = {51 -58},
publisher = {IEEE},
abstract = {This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.
Alcaraz, Cristina; Lopez, Javier; Zhou, Jianying; Roman, Rodrigo
Secure SCADA Framework for the Protection of Energy Control Systems Journal Article
In: Concurrency and Computation Practice & Experience, vol. 23, no. 12, pp. 1414-1430, 2011, ISSN: 1532-0626.
@article{Alcaraz2011a,
title = {Secure SCADA Framework for the Protection of Energy Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Jianying Zhou and Rodrigo Roman},
url = {/wp-content/papers/Alcaraz2011a.pdf},
doi = {10.1002/cpe.1679},
issn = {1532-0626},
year = {2011},
date = {2011-08-01},
urldate = {2011-08-01},
journal = {Concurrency and Computation Practice \& Experience},
volume = {23},
number = {12},
pages = {1414-1430},
publisher = {John Wiley \& Sons, Inc.},
abstract = {Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.
Leon, Olga; Roman, Rodrigo; Serrano, Juan Hernandez
Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks Proceedings Article
In: Workshop on Wireless Cooperative Network Security (WCNS’11), Springer Springer, 2011.
@inproceedings{Leon11,
title = {Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks},
author = {Olga Leon and Rodrigo Roman and Juan Hernandez Serrano},
url = {/wp-content/papers/Leon11.pdf
http://www.networking2011.org/workshops/WCNS.html},
doi = {10.1007/978-3-642-23041-7_22},
year = {2011},
date = {2011-05-01},
urldate = {2011-05-01},
booktitle = {Workshop on Wireless Cooperative Network Security (WCNS’11)},
publisher = {Springer},
organization = {Springer},
series = {LNCS},
abstract = {Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier; Sklavos, Nicolas
Key management systems for sensor networks in the context of the Internet of Things Journal Article
In: Computers & Electrical Engineering, vol. 37, pp. 147-159, 2011, ISSN: 0045-7906.
@article{roman2011,
title = {Key management systems for sensor networks in the context of the Internet of Things},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Nicolas Sklavos},
url = {/wp-content/papers/roman2011.pdf
http://www.sciencedirect.com/science/article/B6V25-527FRSD-1/2/62661c595153993639c43b9b331d8d66},
doi = {10.1016/j.compeleceng.2011.01.009},
issn = {0045-7906},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
journal = {Computers \& Electrical Engineering},
volume = {37},
pages = {147-159},
publisher = {Elsevier},
abstract = {If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.
Roman, Rodrigo; Lopez, Javier; Alcaraz, Cristina; Chen, Hsiao-Hwa
SenseKey – Simplifying the Selection of Key Management Schemes for Sensor Networks Proceedings Article
In: 5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE IEEE, Singapore, 2011.
@inproceedings{Roman11SK,
title = {SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks},
author = {Rodrigo Roman and Javier Lopez and Cristina Alcaraz and Hsiao-Hwa Chen},
url = {/wp-content/papers/Roman11SK.pdf
http://www.ftrai.org/smpe2011/},
doi = {10.1109/WAINA.2011.78},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
booktitle = {5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11)},
publisher = {IEEE},
address = {Singapore},
organization = {IEEE},
abstract = {Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.
Najera, Pablo; Nieto, Ana
Network Technologies Book Section
In: Carbou, Romain; Exposito, Ernesto; Roman, Rodrigo (Ed.): Digital Home Networking, pp. 17 – 58, Wiley-ISTE, 2011, ISBN: 978-1848213210.
@incollection{Najera_DHNChapter,
title = {Network Technologies},
author = {Pablo Najera and Ana Nieto},
editor = {Romain Carbou and Ernesto Exposito and Rodrigo Roman},
isbn = {978-1848213210},
year = {2011},
date = {2011-01-01},
booktitle = {Digital Home Networking},
pages = {17 - 58},
publisher = {Wiley-ISTE},
organization = {Wiley-ISTE},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Moyano, Francisco; Roman, Rodrigo; Kalam, Anas Abou El; Lacoste, Marc; Maachaoui, Mohamed
Security Book Section
In: Carbou, Romain; Diaz, Michel; Exposito, Ernesto; Roman, Rodrigo (Ed.): Digital Home Networking, pp. 139-202, 2011, ISSN: 9781848213210.
@incollection{Moyano_DHNChapter,
title = {Security},
author = {Francisco Moyano and Rodrigo Roman and Anas Abou El Kalam and Marc Lacoste and Mohamed Maachaoui},
editor = {Romain Carbou and Michel Diaz and Ernesto Exposito and Rodrigo Roman},
issn = {9781848213210},
year = {2011},
date = {2011-01-01},
booktitle = {Digital Home Networking},
pages = {139-202},
chapter = {Security},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Bars, Remi; Gomez, Jorge; Mahdi, Mohamed; Alcaraz, Cristina; Roman, Rodrigo
Digital Home Networking: Standards Book Section
In: Carbou, Romain; Exposito, Ernesto; Roman, Rodrigo; Diaz, Michel (Ed.): Digital Home Networking, vol. 7130, pp. 60-96, John Wiley & Sons Inc., Reino Unido, 2011, ISSN: 978-1-84821-321-0.
@incollection{Alcaraz2011_ChapterBook,
title = {Digital Home Networking: Standards},
author = {Remi Bars and Jorge Gomez and Mohamed Mahdi and Cristina Alcaraz and Rodrigo Roman},
editor = {Romain Carbou and Ernesto Exposito and Rodrigo Roman and Michel Diaz},
issn = {978-1-84821-321-0},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
booktitle = {Digital Home Networking},
volume = {7130},
pages = {60-96},
publisher = {John Wiley \& Sons Inc.},
address = {Reino Unido},
organization = {John Wiley \& Sons Inc.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Roman, Rodrigo; Lopez, Javier; Najera, Pablo
A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures Journal Article
In: Wireless Communications and Mobile Computing, vol. 11, pp. 267-276, 2011, ISSN: 1530-8669.
@article{Roman2010,
title = {A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures},
author = {Rodrigo Roman and Javier Lopez and Pablo Najera},
url = {/wp-content/papers/Roman2010.pdf},
doi = {10.1002/wcm.1006},
issn = {1530-8669},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {11},
pages = {267-276},
publisher = {Wiley},
abstract = {The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
Carbou, Romain; Diaz, Michel; Exposito, Ernesto; Roman, Rodrigo
Digital Home Networking Book
Wiley-ISTE, 2011, ISSN: 1848213212.
BibTeX | Links:
@book{RomFatH11,
title = {Digital Home Networking},
author = {Romain Carbou and Michel Diaz and Ernesto Exposito and Rodrigo Roman},
url = {http://as.wiley.com/WileyCDA/WileyTitle/productCd-1848213212.html},
issn = {1848213212},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
publisher = {Wiley-ISTE},
organization = {Wiley-ISTE},
keywords = {},
pubstate = {published},
tppubtype = {book}
}
2010
Alcaraz, Cristina; Najera, Pablo; Lopez, Javier; Roman, Rodrigo
Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration? Proceedings Article
In: 1st International Workshop on the Security of the Internet of Things (SecIoT’10), pp. xxxx, IEEE IEEE, Tokyo (Japan), 2010.
@inproceedings{calcaraz10,
title = {Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?},
author = {Cristina Alcaraz and Pablo Najera and Javier Lopez and Rodrigo Roman},
url = {/wp-content/papers/calcaraz10.pdf},
year = {2010},
date = {2010-12-01},
urldate = {2010-12-01},
booktitle = {1st International Workshop on the Security of the Internet of Things (SecIoT’10)},
pages = {xxxx},
publisher = {IEEE},
address = {Tokyo (Japan)},
organization = {IEEE},
abstract = {Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Acceso seguro a redes de sensores en SCADA a través de Internet Proceedings Article
In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, Tarragona (Spain), 2010, ISBN: 978-84-693-3304-4.
@inproceedings{Alcaraz2010,
title = {Acceso seguro a redes de sensores en SCADA a trav\'{e}s de Internet},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010.pdf
http://crises-deim.urv.cat/recsi2010/},
isbn = {978-84-693-3304-4},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {XI Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2010)},
pages = {337-342},
address = {Tarragona (Spain)},
abstract = {Las Infraestructuras Cr\'{i}ticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisici\'{o}n de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria est\'{a} actualmente demandando la integraci\'{o}n en el modelo tradicional de dos avances tecnol\'{o}gicos: Internet y las redes de sensores inal\'{a}mbricas. Sin embargo, su incorporaci\'{o}n requiere analizar los requisitos de seguridad que surgen en dicho contexto, as\'{i} como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimizaci\'{o}n) y, en base a estos, la estrategia de integraci\'{o}n m\'{a}s adecuada para satisfacer dichos requisitos. Este art\'{i}culo proporciona dicho an\'{a}lisis en profundidad con el fin de ofrecer un modelo de integraci\'{o}n seguro adecuado para entornos cr\'{i}ticos.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.
Lopez, Javier; Roman, Rodrigo; Najera, Pablo
Los Desafíos de Seguridad en la Internet de los Objetos Journal Article
In: Revista SIC, vol. 88, pp. 66-73, 2010, ISSN: 1136-0623.
@article{jlopez09,
title = {Los Desaf\'{i}os de Seguridad en la Internet de los Objetos},
author = {Javier Lopez and Rodrigo Roman and Pablo Najera},
url = {/wp-content/papers/jlopez09.pdf},
issn = {1136-0623},
year = {2010},
date = {2010-02-01},
urldate = {2010-02-01},
journal = {Revista SIC},
volume = {88},
pages = {66-73},
publisher = {Ediciones CODA},
abstract = {El paradigma de la Internet de los Objetos, donde todos aquellos objetos f\'{i}sicos que nos rodean tendr\'{a}n la capacidad de generar y consumir informaci\'{o}n en el \'{a}mbito de un mundo virtual, se encuentra cada vez m\'{a}s cerca. Es ahora un buen momento para llamar la atenci\'{o}n sobre sus principales desaf\'{i}os de seguridad, tanto desde un punto de vista global como asociados a sus elementos m\'{a}s importantes (la tecnolog\'{i}a RFID y las redes de sensores). As\'{i}, este paradigma puede ser plenamente comprendido y protegido, evolucionando hacia uno de los nuevos pilares del futuro.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
El paradigma de la Internet de los Objetos, donde todos aquellos objetos físicos que nos rodean tendrán la capacidad de generar y consumir información en el ámbito de un mundo virtual, se encuentra cada vez más cerca. Es ahora un buen momento para llamar la atención sobre sus principales desafíos de seguridad, tanto desde un punto de vista global como asociados a sus elementos más importantes (la tecnología RFID y las redes de sensores). Así, este paradigma puede ser plenamente comprendido y protegido, evolucionando hacia uno de los nuevos pilares del futuro.
Lopez, Javier; Roman, Rodrigo; Agudo, Isaac; Fernandez-Gago, Carmen
Trust Management Systems for Wireless Sensor Networks: Best practices Journal Article
In: Computer Communications, vol. 33, no. 9, pp. 0140-3664, 2010, ISSN: 0140-3664.
@article{JavierLopezMunoz2010,
title = {Trust Management Systems for Wireless Sensor Networks: Best practices},
author = {Javier Lopez and Rodrigo Roman and Isaac Agudo and Carmen Fernandez-Gago},
url = {/wp-content/papers/JavierLopezMunoz2010.pdf},
doi = {10.1016/j.comcom.2010.02.006},
issn = {0140-3664},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer Communications},
volume = {33},
number = {9},
pages = {0140-3664},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.
2009
Roman, Rodrigo; Lopez, Javier; Alcaraz, Cristina
Do Wireless Sensor Networks Need to be Completely Integrated into the Internet? Proceedings Article
In: 3rd CompanionAble Workshop – Future Internet of People, Things and Services (IoPTS) eco-Systems, pp. xxxx, xxxx xxxx, Brussels (Belgium), 2009.
@inproceedings{roman2009,
title = {Do Wireless Sensor Networks Need to be Completely Integrated into the Internet?},
author = {Rodrigo Roman and Javier Lopez and Cristina Alcaraz},
url = {/wp-content/papers/roman2009.pdf},
year = {2009},
date = {2009-12-01},
urldate = {2009-12-01},
booktitle = {3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems},
pages = {xxxx},
publisher = {xxxx},
address = {Brussels (Belgium)},
organization = {xxxx},
abstract = {Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.
Alcaraz, Cristina; Agudo, Isaac; Fernandez-Gago, Carmen; Roman, Rodrigo; Fernandez, Gerardo; Lopez, Javier
Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems Proceedings Article
In: 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), pp. 86-94, Springer-Verlag Springer-Verlag, Linz, Austria, 2009, ISBN: 978-3-642-03747-4.
@inproceedings{Alcaraz2009,
title = {Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems},
author = {Cristina Alcaraz and Isaac Agudo and Carmen Fernandez-Gago and Rodrigo Roman and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/Alcaraz2009.pdf},
doi = {10.1007/978-3-642-03748-1_9},
isbn = {978-3-642-03747-4},
year = {2009},
date = {2009-09-01},
urldate = {2009-09-01},
booktitle = {6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09)},
pages = {86-94},
publisher = {Springer-Verlag},
address = {Linz, Austria},
organization = {Springer-Verlag},
series = {LNCS},
abstract = {SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.
Lopez, Javier; Roman, Rodrigo; Alcaraz, Cristina
Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks Proceedings Article
In: Foundations of Security Analysis and Design 2009, pp. 289-338, Springer Berlin/Heidelberg Springer Berlin/Heidelberg, Bertinoro (Italy), 2009, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Lopez2009,
title = {Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks},
author = {Javier Lopez and Rodrigo Roman and Cristina Alcaraz},
url = {/wp-content/papers/Lopez2009.pdf
http://www.springerlink.com/content/u8h4882831k474n6/},
doi = {10.1007/978-3-642-03829-7_10},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2009},
date = {2009-08-01},
urldate = {2009-08-01},
booktitle = {Foundations of Security Analysis and Design 2009},
volume = {5705},
pages = {289-338},
publisher = {Springer Berlin/Heidelberg},
address = {Bertinoro (Italy)},
organization = {Springer Berlin/Heidelberg},
series = {LNCS},
abstract = {As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.
Caro, Rafael J.; Garrido, David; Plaza, Pierre; Roman, Rodrigo; Sanz, Nuria; Serrano, Jose L.
SMEPP: A Secure Middleware for Embedded P2P Proceedings Article
In: ICT Mobile and Wireless Communications Summit (ICT-MobileSummit’09), Santander (Spain), 2009, ISBN: 978-1-905824-12-0.
@inproceedings{Benito2009,
title = {SMEPP: A Secure Middleware for Embedded P2P},
author = {Rafael J. Caro and David Garrido and Pierre Plaza and Rodrigo Roman and Nuria Sanz and Jose L. Serrano},
url = {/wp-content/papers/Benito2009.pdf},
isbn = {978-1-905824-12-0},
year = {2009},
date = {2009-06-01},
urldate = {2009-06-01},
booktitle = {ICT Mobile and Wireless Communications Summit (ICT-MobileSummit’09)},
address = {Santander (Spain)},
abstract = {The increasing presence of embedded devices with internet access capabilities constitutes a new challenge in software development. These devices are now cooperating in a distributed manner towards what has been called as "Internet of Things". In this new scenario the client-server model is sometimes not adequate and dynamic ad-hoc networks are more common than before. However, security poses as a hard issue as these systems are extremely vulnerable. In this paper, we introduce SMEPP project, which aims at developing a middleware designed for P2P systems with a special focus on embedded devices and security. SMEPP is designed to be deployed in a wide range of devices. It tries to ease the development of applications hiding platforms details and other aspects such as scalability, adaptability and interoperability. A full implementation of this middleware is already available that incorporates security features specially designed for low-resource devices. Moreover, we describe two business applications being developed using this middleware in the context of "Digital Home" and "Environmental Monitoring in Industrial Environments".},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The increasing presence of embedded devices with internet access capabilities constitutes a new challenge in software development. These devices are now cooperating in a distributed manner towards what has been called as "Internet of Things". In this new scenario the client-server model is sometimes not adequate and dynamic ad-hoc networks are more common than before. However, security poses as a hard issue as these systems are extremely vulnerable. In this paper, we introduce SMEPP project, which aims at developing a middleware designed for P2P systems with a special focus on embedded devices and security. SMEPP is designed to be deployed in a wide range of devices. It tries to ease the development of applications hiding platforms details and other aspects such as scalability, adaptability and interoperability. A full implementation of this middleware is already available that incorporates security features specially designed for low-resource devices. Moreover, we describe two business applications being developed using this middleware in the context of "Digital Home" and "Environmental Monitoring in Industrial Environments".
Roman, Rodrigo; Lopez, Javier
Integrating Wireless Sensor Networks and the Internet: A Security Analysis Journal Article
In: Internet Research, vol. 19, no. 2, pp. 246-259, 2009, ISSN: 1066-2243.
@article{roman2009a,
title = {Integrating Wireless Sensor Networks and the Internet: A Security Analysis},
author = {Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/roman2009a.pdf},
doi = {10.1108/10662240910952373},
issn = {1066-2243},
year = {2009},
date = {2009-03-01},
urldate = {2009-03-01},
journal = {Internet Research},
volume = {19},
number = {2},
pages = {246-259},
publisher = {Emerald},
abstract = {Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Roman, Rodrigo; Fernandez-Gago, Carmen; Lopez, Javier; Chen, Hsiao-Hwa
Trust and Reputation Systems for Wireless Sensor Networks Book Section
In: Gritzalis, Stefanos; Karygiannis, Tom; Skianis, Charalabos (Ed.): Security and Privacy in Mobile and Wireless Networking, pp. 105-128, Troubador Publishing Ltd, 2009, ISBN: 978-1905886-906.
@incollection{Roman2009b,
title = {Trust and Reputation Systems for Wireless Sensor Networks},
author = {Rodrigo Roman and Carmen Fernandez-Gago and Javier Lopez and Hsiao-Hwa Chen},
editor = {Stefanos Gritzalis and Tom Karygiannis and Charalabos Skianis},
url = {/wp-content/papers/Roman2009b.pdf},
isbn = {978-1905886-906},
year = {2009},
date = {2009-01-01},
urldate = {2009-01-01},
booktitle = {Security and Privacy in Mobile and Wireless Networking},
pages = {105-128},
publisher = {Troubador Publishing Ltd},
organization = {Troubador Publishing Ltd},
abstract = {The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.
2008
Galindo, David; Roman, Rodrigo; Lopez, Javier
A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks Proceedings Article
In: Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08), pp. 120-132, Springer Springer, Hong Kong (China), 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Galindo2008aa,
title = {A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks},
author = {David Galindo and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Galindo2008aa.pdf
http://www.springerlink.com/content/g26h0115ngt12331/},
doi = {10.1007/978-3-540-89641-8_9},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
booktitle = {Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08)},
volume = {5339},
pages = {120-132},
publisher = {Springer},
address = {Hong Kong (China)},
organization = {Springer},
series = {LNCS},
abstract = {Wireless sensors are low power devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. The latter is specially dramatic in underwater wireless sensor networks (UWSN), where the acoustic transmission mechanisms are less reliable and more energy-demanding. Saving in communication is thus the primary concern in underwater wireless sensors. With this constraint in mind, we argue that non-interactive identity-based key agreement built on pairings provides the best solution for key distribution in large UWSN when compared to the state of the art. At first glance this claim is surprising, since pairing computation is very demanding. Still, pairing-based non-interactive key establishment requires minimal communication and at the same time enjoys excellent properties when used for key distribution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensors are low power devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. The latter is specially dramatic in underwater wireless sensor networks (UWSN), where the acoustic transmission mechanisms are less reliable and more energy-demanding. Saving in communication is thus the primary concern in underwater wireless sensors. With this constraint in mind, we argue that non-interactive identity-based key agreement built on pairings provides the best solution for key distribution in large UWSN when compared to the state of the art. At first glance this claim is surprising, since pairing computation is very demanding. Still, pairing-based non-interactive key establishment requires minimal communication and at the same time enjoys excellent properties when used for key distribution.
Alcaraz, Cristina; Fernandez, Gerardo; Roman, Rodrigo; Balastegui, Angel; Lopez, Javier
Gestión segura de redes SCADA Journal Article
In: Nuevas tendencias en gestión de redes, Novática, no. 196, pp. 20-25, 2008, ISSN: 0211-2124.
@article{Alcaraz2008a,
title = {Gesti\'{o}n segura de redes SCADA},
author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008a.pdf
http://www.ati.es/novatica/indice.html$#$196},
issn = {0211-2124},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
journal = {Nuevas tendencias en gesti\'{o}n de redes, Nov\'{a}tica},
number = {196},
pages = {20-25},
publisher = {CEPIS},
abstract = {En el momento que se introduce en el mercado nuevas tecnolog\'{i}as basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupci\'{o}n en uno de sus componentes podr\'{i}a suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes an\'{a}lisis de seguridad para as\'{i} mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gesti\'{o}n de red fiable y siempre disponible.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
En el momento que se introduce en el mercado nuevas tecnologías basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupción en uno de sus componentes podría suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes análisis de seguridad para así mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gestión de red fiable y siempre disponible.
Alcaraz, Cristina; Fernandez, Gerardo; Roman, Rodrigo; Balastegui, Angel; Lopez, Javier
Secure Management of SCADA Networks Journal Article
In: Novatica, New Trends in Network Management, vol. 9, no. 6, pp. 22-28, 2008, ISSN: 1684-5285.
@article{Alcaraz2008b,
title = {Secure Management of SCADA Networks},
author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008b.pdf
http://www.upgrade-cepis.org/issues/2008/6/up9-6Alcaraz.pdf},
issn = {1684-5285},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
journal = {Novatica, New Trends in Network Management},
volume = {9},
number = {6},
pages = {22-28},
publisher = {Cepis UPGRADE},
abstract = {When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.
Caro, Rafael J.; Garrido, David; Plaza, Pierre; Roman, Rodrigo; Sanz, Nuria; Serrano, Jose L.
Middleware Seguro EP2P: un Desafío para las Redes Sociales Proceedings Article
In: XVIII Jornadas Telecom I+D, Bilbao (Spain), 2008.
@inproceedings{Benito2008,
title = {Middleware Seguro EP2P: un Desaf\'{i}o para las Redes Sociales},
author = {Rafael J. Caro and David Garrido and Pierre Plaza and Rodrigo Roman and Nuria Sanz and Jose L. Serrano},
url = {/wp-content/papers/Benito2008.pdf},
year = {2008},
date = {2008-10-01},
urldate = {2008-10-01},
booktitle = {XVIII Jornadas Telecom I+D},
address = {Bilbao (Spain)},
abstract = {Los sistemas distribuidos en dispositivos embebidos representan un nuevo reto en el desarrollo de software. Estos sistemas han supuesto una importante revoluci\'{o}n en el paradigma de la computaci\'{o}n distribuida donde se intenta fragmentar un problema grande en m\'{u}ltiples problemas m\'{a}s peque\~{n}os. El nuevo escenario tiende entonces hacia sistemas en los cuales todos los elementos de la red se consideran iguales y los mecanismos de comunicaci\'{o}n est\~{a}n basados en redes ad-hoc que se forman din\'{a}micamente. De esta forma cualquier usuario de la red (en realidad cualquier elemento, hasta el m\'{a}s simple dispositivo) adquiere valor, a mayor colaboraci\'{o}n, mayor \'{e}xito del sistema. Sin embargo, desde el punto de vista de la seguridad, estos sistemas son extremadamente vulnerables. En este art\'{i}culo se presenta SMEPP, un middleware dise\~{n}ado especialmente para sistemas P2P incluyendo aspectos de seguridad. SMEPP est\'{a} dise\~{n}ado para poder ser ejecutado en un amplio rango de dispositivos (desde redes de sensores hasta PC), y trata de facilitar el desarrollo de aplicaciones ocultando los detalles de la plataforma y otros aspectos tales como escalabilidad, adaptabilidad e interoperabilidad. Adem\'{a}s el art\'{i}culo presenta dos aplicaciones de alto nivel que utilizando este middleware pasan a ser m\'{a}s personales, m\'{a}s sociales y m\'{a}s baratas, haciendo que todos los usuarios de la red cobren mayor importancia.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los sistemas distribuidos en dispositivos embebidos representan un nuevo reto en el desarrollo de software. Estos sistemas han supuesto una importante revolución en el paradigma de la computación distribuida donde se intenta fragmentar un problema grande en múltiples problemas más pequeños. El nuevo escenario tiende entonces hacia sistemas en los cuales todos los elementos de la red se consideran iguales y los mecanismos de comunicación estãn basados en redes ad-hoc que se forman dinámicamente. De esta forma cualquier usuario de la red (en realidad cualquier elemento, hasta el más simple dispositivo) adquiere valor, a mayor colaboración, mayor éxito del sistema. Sin embargo, desde el punto de vista de la seguridad, estos sistemas son extremadamente vulnerables. En este artículo se presenta SMEPP, un middleware diseñado especialmente para sistemas P2P incluyendo aspectos de seguridad. SMEPP está diseñado para poder ser ejecutado en un amplio rango de dispositivos (desde redes de sensores hasta PC), y trata de facilitar el desarrollo de aplicaciones ocultando los detalles de la plataforma y otros aspectos tales como escalabilidad, adaptabilidad e interoperabilidad. Además el artículo presenta dos aplicaciones de alto nivel que utilizando este middleware pasan a ser más personales, más sociales y más baratas, haciendo que todos los usuarios de la red cobren mayor importancia.
Galindo, David; Roman, Rodrigo; Lopez, Javier
An Evaluation of the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks Proceedings Article
In: X Reunión Española sobre Criptología y Seguridad de la Información (RECSI’08), pp. 231-236, Salamanca (Spain), 2008.
@inproceedings{Galindo2008a,
title = {An Evaluation of the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks},
author = {David Galindo and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Galindo2008a.pdf},
year = {2008},
date = {2008-09-01},
urldate = {2008-09-01},
booktitle = {X Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI’08)},
pages = {231-236},
address = {Salamanca (Spain)},
abstract = {Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, the energy saving of computationally inexpensive security primitives (like those using symmetric key cryptography) can be nullified by the bigger amount of data they require to be sent. In this work we study the energy cost of key agreement protocols between peers in a network using public key cryptography techniques. Our concern is to reduce the amount of data to be exchanged. Our main news is that a computationally very demanding security primitive, such as identity-based authenticated key exchange, can present energy-wise a better performance than traditional public key based key exchange in realistic scenarios such as Underwater Wireless Sensor Networks. Such a result is not to be expected in wired networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, the energy saving of computationally inexpensive security primitives (like those using symmetric key cryptography) can be nullified by the bigger amount of data they require to be sent. In this work we study the energy cost of key agreement protocols between peers in a network using public key cryptography techniques. Our concern is to reduce the amount of data to be exchanged. Our main news is that a computationally very demanding security primitive, such as identity-based authenticated key exchange, can present energy-wise a better performance than traditional public key based key exchange in realistic scenarios such as Underwater Wireless Sensor Networks. Such a result is not to be expected in wired networks.
Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Análisis de la Aplicabilidad de las Redes de Sensores para la Protección de Infraestructuras de Información Críticas Proceedings Article
In: VI Jornadas de Ingeniería Telemática (JITEL’08), pp. 437, Alcalá de Henares (Spain), 2008, ISBN: 978-84-612-5474-3.
@inproceedings{Alcaraz2008,
title = {An\'{a}lisis de la Aplicabilidad de las Redes de Sensores para la Protecci\'{o}n de Infraestructuras de Informaci\'{o}n Cr\'{i}ticas},
author = {Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008.pdf
http://www.telematica.ws/jitel/2008/default.htm},
isbn = {978-84-612-5474-3},
year = {2008},
date = {2008-09-01},
urldate = {2008-09-01},
booktitle = {VI Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL’08)},
pages = {437},
address = {Alcal\'{a} de Henares (Spain)},
abstract = {Las infraestructuras cr\'{i}ticas, como el sector energ\'{e}tico, la banca, el transporte, y muchas otras, son un pilar esencial para en bienestar de la sociedad y la econom\'{i}a de un pa\'{i}s. Estas infraestructuras dependen a su vez de ciertas infraestructuras de informaci\'{o}n, las cuales permiten su correcto funcionamiento. La tarea de proteger esas infraestructuras (de informaci\'{o}n) cr\'{i}ticas es compleja y multidimensional, con una gran cantidad de desaf\'{i}os por resolver. Precisamente, las redes de sensores pueden ser de gran ayuda para esta tarea, debido a suscapacidades de control distribuidas y a su habilidad de funcionar en situaciones extremas. Este art\'{i}culo analiza la utilidad de las redes de sensores en este contexto, describiendo tanto sus capacidades como sus posibles roles y mecanismos de integraci\'{o}n para la protecci\'{o}n de infraestructuras (de informaci\'{o}n) cr\'{i}ticas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las infraestructuras críticas, como el sector energético, la banca, el transporte, y muchas otras, son un pilar esencial para en bienestar de la sociedad y la economía de un país. Estas infraestructuras dependen a su vez de ciertas infraestructuras de información, las cuales permiten su correcto funcionamiento. La tarea de proteger esas infraestructuras (de información) críticas es compleja y multidimensional, con una gran cantidad de desafíos por resolver. Precisamente, las redes de sensores pueden ser de gran ayuda para esta tarea, debido a suscapacidades de control distribuidas y a su habilidad de funcionar en situaciones extremas. Este artículo analiza la utilidad de las redes de sensores en este contexto, describiendo tanto sus capacidades como sus posibles roles y mecanismos de integración para la protección de infraestructuras (de información) críticas.
Roman, Rodrigo; Lopez, Javier
KeyLED – Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks Proceedings Article
In: 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08), pp. 796-801, IEEE IEEE, Atlanta (USA), 2008, ISBN: 978-1-4244-2574-7.
@inproceedings{Roman2008b,
title = {KeyLED - Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks},
author = {Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Roman2008b.pdf},
doi = {10.1109/MAHSS.2008.4660128},
isbn = {978-1-4244-2574-7},
year = {2008},
date = {2008-09-01},
urldate = {2008-09-01},
booktitle = {5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08)},
pages = {796-801},
publisher = {IEEE},
address = {Atlanta (USA)},
organization = {IEEE},
abstract = {An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.
Roman, Rodrigo; Lopez, Javier; Gritzalis, Stefanos
Situation Awareness Mechanisms for Wireless Sensor Networks Journal Article
In: IEEE Communications Magazine, vol. 46, no. 4, pp. 102-107, 2008, ISSN: 0163-6804.
@article{Roman2008a,
title = {Situation Awareness Mechanisms for Wireless Sensor Networks},
author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},
url = {/wp-content/papers/Roman2008a.pdf},
doi = {10.1109/MCOM.2008.4481348},
issn = {0163-6804},
year = {2008},
date = {2008-04-01},
urldate = {2008-04-01},
journal = {IEEE Communications Magazine},
volume = {46},
number = {4},
pages = {102-107},
publisher = {IEEE},
abstract = {A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.
Roman, Rodrigo; Alcaraz, Cristina; Sklavos, Nicolas
On the Hardware Implementation Efficiency of Cryptographic Primitives Book Section
In: Lopez, Javier; Zhou, Jianying (Ed.): Wireless Sensor Network Security, IOS Press, 2008, ISBN: 978-1-58603-813-7.
@incollection{Roman2008,
title = {On the Hardware Implementation Efficiency of Cryptographic Primitives},
author = {Rodrigo Roman and Cristina Alcaraz and Nicolas Sklavos},
editor = {Javier Lopez and Jianying Zhou},
url = {/wp-content/papers/Roman2008.pdf},
isbn = {978-1-58603-813-7},
year = {2008},
date = {2008-01-01},
urldate = {2008-01-01},
booktitle = {Wireless Sensor Network Security},
publisher = {IOS Press},
organization = {IOS Press},
abstract = {Security has been proven a crucial factor in the provision of data services and especially in the computer-related environments. While wired and wireless networks come to all sectors of everyday life, security tries to satisfy the growing needs for confidentiality, integrity and non-repudiation. There are many instances of security primitives and each one of them has different requirements in terms of processing power, word size, etc. Therefore, it is important to review the functionality of the less resource-demanding encryption algorithms in order to analyze their theoretical suitability to the existent sensor node hardware. Still, the constraints inherent to the sensor nodes advise against the total dependence on software-based implementations, even more in the case of expensive primitives.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Security has been proven a crucial factor in the provision of data services and especially in the computer-related environments. While wired and wireless networks come to all sectors of everyday life, security tries to satisfy the growing needs for confidentiality, integrity and non-repudiation. There are many instances of security primitives and each one of them has different requirements in terms of processing power, word size, etc. Therefore, it is important to review the functionality of the less resource-demanding encryption algorithms in order to analyze their theoretical suitability to the existent sensor node hardware. Still, the constraints inherent to the sensor nodes advise against the total dependence on software-based implementations, even more in the case of expensive primitives.
2007
Roman, Rodrigo; Fernandez-Gago, Carmen; Lopez, Javier
Featuring Trust and Reputation Management Systems for Constrained Hardware Devices Proceedings Article
In: 1st International Conference on Autonomic Computing and Communication Systems (Autonomics’07), ICST ICST, Rome (Italy), 2007, ISBN: 978-963-9799-09-7.
@inproceedings{Roman2007c,
title = {Featuring Trust and Reputation Management Systems for Constrained Hardware Devices},
author = {Rodrigo Roman and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Roman2007c.pdf},
isbn = {978-963-9799-09-7},
year = {2007},
date = {2007-10-01},
urldate = {2007-10-01},
booktitle = {1st International Conference on Autonomic Computing and Communication Systems (Autonomics’07)},
publisher = {ICST},
address = {Rome (Italy)},
organization = {ICST},
abstract = {Research on trust management systems for wireless sensor networks is still at a very early stage and few works have done so far. It seems that for those works which deal with the topic general features of how these systems should be are not clearly identified. In this paper we try to identify the main features that a trust management system should have and justify their importance for future developments.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Research on trust management systems for wireless sensor networks is still at a very early stage and few works have done so far. It seems that for those works which deal with the topic general features of how these systems should be are not clearly identified. In this paper we try to identify the main features that a trust management system should have and justify their importance for future developments.
Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Análisis de primitivas criptográficas para redes de sensores Proceedings Article
In: VI Jornadas de Ingeniería Telemática (JITEL’07), pp. 401-408, Málaga (Spain), 2007, ISBN: 978-84-690-6670-6.
@inproceedings{Alcaraz2007,
title = {An\'{a}lisis de primitivas criptogr\'{a}ficas para redes de sensores},
author = {Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Alcaraz2007.pdf
http://www.telematica.ws/jitel/2007/},
isbn = {978-84-690-6670-6},
year = {2007},
date = {2007-09-01},
urldate = {2007-09-01},
booktitle = {VI Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL’07)},
pages = {401-408},
address = {M\'{a}laga (Spain)},
abstract = {Security in wireless sensor networks is very limited due to highly-constrained hardware of sensor nodes. To protect services is necessary to use secure foundations, known as security primitives, like part of a protocol. Theses primitives must assure at least confidentiality in the communication channel, authentication of the peers involved in an information exchange, and integrity of the messages. There are many primitives such as symmetric encryption, hash functions and public key cryptography, but not all of them can be supported by sensor nodes since require high resource levels, for example memory. This paper contains a deep analysis of available and suitable security primitives for sensor nodes, as well as an analysis of hardware and software implementations. Besides, it has been developed an experiment with two implementations, and it has been created a new and improved version using the optimizations of each.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Security in wireless sensor networks is very limited due to highly-constrained hardware of sensor nodes. To protect services is necessary to use secure foundations, known as security primitives, like part of a protocol. Theses primitives must assure at least confidentiality in the communication channel, authentication of the peers involved in an information exchange, and integrity of the messages. There are many primitives such as symmetric encryption, hash functions and public key cryptography, but not all of them can be supported by sensor nodes since require high resource levels, for example memory. This paper contains a deep analysis of available and suitable security primitives for sensor nodes, as well as an analysis of hardware and software implementations. Besides, it has been developed an experiment with two implementations, and it has been created a new and improved version using the optimizations of each.
Onieva, Jose A.; Lopez, Javier; Roman, Rodrigo; Zhou, Jianying; Gritzalis, Stefanos
Integration of non-repudiation services in mobile DRM scenarios Journal Article
In: Telecommunications Systems, vol. 35, pp. 161-176, 2007, ISSN: 1572-9451.
@article{Onieva2007a,
title = {Integration of non-repudiation services in mobile DRM scenarios},
author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou and Stefanos Gritzalis},
url = {/wp-content/papers/JoseA.Onieva2007a.pdf},
doi = {10.1007/s11235-007-9050-4},
issn = {1572-9451},
year = {2007},
date = {2007-09-01},
urldate = {2007-09-01},
journal = {Telecommunications Systems},
volume = {35},
pages = {161-176},
abstract = {In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier
A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes Journal Article
In: Mobile Networks and Applications, vol. 12, no. 4, pp. 231-244, 2007, ISSN: 1383-469X.
@article{Roman2007,
title = {A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Roman2007.pdf
http://www.springerlink.com/content/3785k818327456gq/},
doi = {10.1007/s11036-007-0024-2},
issn = {1383-469X},
year = {2007},
date = {2007-08-01},
urldate = {2007-08-01},
journal = {Mobile Networks and Applications},
volume = {12},
number = {4},
pages = {231-244},
publisher = {Springer},
abstract = {In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.
Roman, Rodrigo; Alcaraz, Cristina
Applicability of Public Key Infrastructures in Wireless Sensor Networks Proceedings Article
In: European PKI Workshop: Theory and Practice (EuroPKI’07), pp. 313-320, Springer Springer, Mallorca (Spain), 2007, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Roman2007b,
title = {Applicability of Public Key Infrastructures in Wireless Sensor Networks},
author = {Rodrigo Roman and Cristina Alcaraz},
url = {/wp-content/papers/Roman2007b.pdf
http://www.springerlink.com/content/q4l10ww348010131/},
doi = {10.1007/978-3-540-73408-6_22},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2007},
date = {2007-06-01},
urldate = {2007-06-01},
booktitle = {European PKI Workshop: Theory and Practice (EuroPKI’07)},
volume = {4582},
pages = {313-320},
publisher = {Springer},
address = {Mallorca (Spain)},
organization = {Springer},
series = {LNCS},
abstract = {Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of PKC is too expensive for WSN has changed partially due to the existence of new hardware and software prototypes based on Elliptic Curve Cryptography and other PKC primitives. Then, it is necessary to analyze whether it is both feasible and convenient to have a Public Key Infrastructure for sensor networks that would allow the creation of PKC-based services like Digital Signatures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of PKC is too expensive for WSN has changed partially due to the existence of new hardware and software prototypes based on Elliptic Curve Cryptography and other PKC primitives. Then, it is necessary to analyze whether it is both feasible and convenient to have a Public Key Infrastructure for sensor networks that would allow the creation of PKC-based services like Digital Signatures.
Fernandez-Gago, Carmen; Roman, Rodrigo; Lopez, Javier
A Survey on the Applicability of Trust Management Systems for Wireless Sensor Networks Proceedings Article
In: 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’07), pp. 25-30, IEEE Computer Society IEEE Computer Society, Istanbul (Turkey), 2007.
@inproceedings{FernandezGago2007,
title = {A Survey on the Applicability of Trust Management Systems for Wireless Sensor Networks},
author = {Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/FernandezGago2007.pdf},
doi = {10.1109/SECPERU.2007.3},
year = {2007},
date = {2007-01-01},
urldate = {2007-01-01},
booktitle = {3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’07)},
pages = {25-30},
publisher = {IEEE Computer Society},
address = {Istanbul (Turkey)},
organization = {IEEE Computer Society},
abstract = {Trust plays an important role in human life environments and virtual organizations. In the context of a network, trust may help its elements to decide whether another member of the same network is being uncooperative or malicious. Trust becomes quite important in self-configurable and autonomous systems, such as wireless sensor networks (WSN). However, very little effort has been done in the field of trust management in WSN. On the other hand, some efforts have been made in quite related fields such as Ad-hoc and P2P networks. In this paper we give an overview of existing trust management solutions, mainly those developed for Ad-Hoc and P2P networks and, more importantly, investigate their suitability to WSN. We also provide some guidelines to aid the development of trust management systems for WSN according to the nature of these networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Trust plays an important role in human life environments and virtual organizations. In the context of a network, trust may help its elements to decide whether another member of the same network is being uncooperative or malicious. Trust becomes quite important in self-configurable and autonomous systems, such as wireless sensor networks (WSN). However, very little effort has been done in the field of trust management in WSN. On the other hand, some efforts have been made in quite related fields such as Ad-hoc and P2P networks. In this paper we give an overview of existing trust management solutions, mainly those developed for Ad-Hoc and P2P networks and, more importantly, investigate their suitability to WSN. We also provide some guidelines to aid the development of trust management systems for WSN according to the nature of these networks.
Zhou, Jianying; Chin, Wee-Yung; Roman, Rodrigo; Lopez, Javier
An Effective Multi-layered Defense Framework Against Spam Journal Article
In: Information Security Technical Report, vol. 12, no. 3, pp. 179-185, 2007, ISSN: 1363-4127.
@article{Zhou2007,
title = {An Effective Multi-layered Defense Framework Against Spam},
author = {Jianying Zhou and Wee-Yung Chin and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Zhou2007.pdf
http://www.sciencedirect.com/science/article/B6VJC-4NS2GR9-1/2/d542b6d1b936f796cad17284a6edbc69},
doi = {10.1016/j.istr.2007.05.007},
issn = {1363-4127},
year = {2007},
date = {2007-01-01},
urldate = {2007-01-01},
journal = {Information Security Technical Report},
volume = {12},
number = {3},
pages = {179-185},
publisher = {Elsevier},
abstract = {Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users’ overheads.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users’ overheads.
Lopez, Javier; Alcaraz, Cristina; Roman, Rodrigo
On the Protection and Technologies of Critical Information Infrastructures. Book Section
In: On Foundations of Security Analysis and Design IV, FOSAD 2006/2007, Springer, vol. 4677, pp. 160-182, 2007, ISSN: 0302-9743, (10.1007/978-3-540-74810-6_6).
@incollection{Lopez2007,
title = {On the Protection and Technologies of Critical Information Infrastructures.},
author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/Lopez2007.pdf},
doi = {10.1007/978-3-540-74810-6_6},
issn = {0302-9743},
year = {2007},
date = {2007-01-01},
urldate = {2007-01-01},
booktitle = {On Foundations of Security Analysis and Design IV, FOSAD 2006/2007, Springer},
volume = {4677},
pages = {160-182},
series = {LNCS},
abstract = {Critical Infrastructures are complex and highly interconnected systems that are crucial for the well-being of the society. Any type of failure can cause significant damage, affecting one or more sectors due to their inherent interdependency. Not only the infrastructures are critical, but also the information infrastructures that manage, control and supervise them. Due to the seriousness of the consequences, the protection of these critical (information) infrastructures must have the highest priority. It is the purpose of this book chapter to review and discuss about these infrastructures, to explain their elements, and to highlight their research and development issues. This chapter will also discuss the role of Wireless Sensor Network (WSN) technology in the protection of these infrastructures.},
note = {10.1007/978-3-540-74810-6_6},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Critical Infrastructures are complex and highly interconnected systems that are crucial for the well-being of the society. Any type of failure can cause significant damage, affecting one or more sectors due to their inherent interdependency. Not only the infrastructures are critical, but also the information infrastructures that manage, control and supervise them. Due to the seriousness of the consequences, the protection of these critical (information) infrastructures must have the highest priority. It is the purpose of this book chapter to review and discuss about these infrastructures, to explain their elements, and to highlight their research and development issues. This chapter will also discuss the role of Wireless Sensor Network (WSN) technology in the protection of these infrastructures.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier
The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure Journal Article
In: Information Security Technical Report, vol. 12, no. 1, pp. 24-31, 2007, ISSN: 1363-4127.
@article{Roman2007a,
title = {The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Roman2007a.pdf
http://www.sciencedirect.com/science/article/B6VJC-4N6NK24-1/2/b1462973afe70af30a10b955d96ccbb6},
doi = {10.1016/j.istr.2007.02.003},
issn = {1363-4127},
year = {2007},
date = {2007-01-01},
urldate = {2007-01-01},
journal = {Information Security Technical Report},
volume = {12},
number = {1},
pages = {24-31},
publisher = {Elsevier},
abstract = {Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.
2006
Lopez, Javier; Montenegro, Jose A.; Roman, Rodrigo
Service-Oriented Security Architecture for CII based on Sensor Networks Proceedings Article
In: 2nd International Workshop on Security Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’06), pp. 1-6, IEEE Press IEEE Press, Lyon, France, 2006.
@inproceedings{JavierLopez2006a,
title = {Service-Oriented Security Architecture for CII based on Sensor Networks},
author = {Javier Lopez and Jose A. Montenegro and Rodrigo Roman},
url = {/wp-content/papers/JavierLopez2006a.pdf},
year = {2006},
date = {2006-06-01},
urldate = {2006-06-01},
booktitle = {2nd International Workshop on Security Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’06)},
pages = {1-6},
publisher = {IEEE Press},
address = {Lyon, France},
organization = {IEEE Press},
abstract = {The extraordinary growth of the Information Society is originating a high dependency on ICT. This provokes that those strongly interrelated technological infrastructures, as well as the information systems that underpin them, become highly critical, since their disruption would lead to high economical, material and, sometimes, human loss. As a consequence, the protection of these Critical Information Infrastructures is becoming a major objective for governments and companies. In this paper, we give an overview of the main challenges and open research issues on Critical Information Infrastructure security, and introduce an on-going research project that, using wireless sensor networks as an underlying technology, is dealing with those problems. Our research project focuses on the development of protection, control, evaluation, maintenance and verification mechanisms, integrated into a secure service-oriented architecture.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The extraordinary growth of the Information Society is originating a high dependency on ICT. This provokes that those strongly interrelated technological infrastructures, as well as the information systems that underpin them, become highly critical, since their disruption would lead to high economical, material and, sometimes, human loss. As a consequence, the protection of these Critical Information Infrastructures is becoming a major objective for governments and companies. In this paper, we give an overview of the main challenges and open research issues on Critical Information Infrastructure security, and introduce an on-going research project that, using wireless sensor networks as an underlying technology, is dealing with those problems. Our research project focuses on the development of protection, control, evaluation, maintenance and verification mechanisms, integrated into a secure service-oriented architecture.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
An Anti-spam Scheme Using Pre-challenges Journal Article
In: Computer Communications, vol. 29, no. 15, pp. 2739-2749, 2006, ISSN: 0140-3664.
@article{Roman2006a,
title = {An Anti-spam Scheme Using Pre-challenges},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/Roman2006a.pdf
http://www.sciencedirect.com/science/article/B6TYP-4HYM1T7-1/2/53871c3a06d8e1c9439deda17a05ed2d},
doi = {10.1016/j.comcom.2005.10.037},
issn = {0140-3664},
year = {2006},
date = {2006-01-01},
urldate = {2006-01-01},
journal = {Computer Communications},
volume = {29},
number = {15},
pages = {2739-2749},
publisher = {Elsevier},
abstract = {Unsolicited Commercial Email, or Spam, is nowadays an increasingly serious problem to email users. A number of anti-spam schemes have been proposed in the literature and some of them have been deployed in email systems, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge, ranging from a simple mathematical problem to a hard-AI problem, is imposed on an email sender in order to forbid machine-based spam reaching receivers’ mailboxes. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service. In this paper, we introduce the pre-challenge scheme, which is based on the challenge-response mechanism and takes advantage of some features of email systems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed in our scheme to reach a good balance between security against spam and convenience to normal email users. Our scheme can be also used for protecting other messaging systems, like Instant Messaging and Blog comments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Unsolicited Commercial Email, or Spam, is nowadays an increasingly serious problem to email users. A number of anti-spam schemes have been proposed in the literature and some of them have been deployed in email systems, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge, ranging from a simple mathematical problem to a hard-AI problem, is imposed on an email sender in order to forbid machine-based spam reaching receivers’ mailboxes. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service. In this paper, we introduce the pre-challenge scheme, which is based on the challenge-response mechanism and takes advantage of some features of email systems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed in our scheme to reach a good balance between security against spam and convenience to normal email users. Our scheme can be also used for protecting other messaging systems, like Instant Messaging and Blog comments.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
Applying Intrusion Detection Systems to Wireless Sensor Networks Proceedings Article
In: IEEE Consumer Communications & Networking Conference (CCNC 2006), pp. 640-644, IEEE IEEE, Las Vegas (USA), 2006, ISBN: 1-4244-0085-6.
@inproceedings{Roman2006,
title = {Applying Intrusion Detection Systems to Wireless Sensor Networks},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/Roman2006.pdf},
doi = {10.1109/CCNC.2006.1593102},
isbn = {1-4244-0085-6},
year = {2006},
date = {2006-01-01},
urldate = {2006-01-01},
booktitle = {IEEE Consumer Communications \& Networking Conference (CCNC 2006)},
pages = {640-644},
publisher = {IEEE},
address = {Las Vegas (USA)},
organization = {IEEE},
abstract = {The research of Intrusion Detection Systems (IDS) is a mature area in wired networks, and has also attracted many attentions in wireless ad hoc networks recently. Nevertheless, there is no previous work reported in the literature about IDS architectures in wireless sensor networks. In this paper, we discuss the general guidelines for applying IDS to static sensor networks, and introduce a novel technique to optimally watch over the communications of the sensors’ neighborhood on certain scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The research of Intrusion Detection Systems (IDS) is a mature area in wired networks, and has also attracted many attentions in wireless ad hoc networks recently. Nevertheless, there is no previous work reported in the literature about IDS architectures in wireless sensor networks. In this paper, we discuss the general guidelines for applying IDS to static sensor networks, and introduce a novel technique to optimally watch over the communications of the sensors’ neighborhood on certain scenarios.
Alcaraz, Cristina; Roman, Rodrigo
Applying Key Infrastructures for Sensor Networks in CIP/CIIP Scenarios Proceedings Article
In: 1st International Workshop on Critical Information Infrastructures Security (CRITIS’06), pp. 166-178, Springer Berlin / Heidelberg Springer Berlin / Heidelberg, 2006, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Alcaraz2006,
title = {Applying Key Infrastructures for Sensor Networks in CIP/CIIP Scenarios},
author = {Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/Alcaraz2006.pdf
http://www.springerlink.com/content/2458827107n14870/},
doi = {10.1007/11962977_14},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2006},
date = {2006-01-01},
urldate = {2006-01-01},
booktitle = {1st International Workshop on Critical Information Infrastructures Security (CRITIS’06)},
volume = {4347},
pages = {166-178},
publisher = {Springer Berlin / Heidelberg},
organization = {Springer Berlin / Heidelberg},
series = {LNCS},
abstract = {It is commonly agreed that Wireless Sensor Networks (WSN) is one of the technologies that better fulfills features like the ones required by Critical (Information) Infrastructures. However, a sensor network is highly vulnerable against any external or internal attacks, thus network designers must know which are the tools that they can use in order to avoid such problems. In this paper we describe in detail a procedure (the KMS Guidelines), developed under our CRISIS project, that allows network designers to choose a certain Key Management System, or at least to know which protocol need to improve in order to satisfy the network requirements.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
It is commonly agreed that Wireless Sensor Networks (WSN) is one of the technologies that better fulfills features like the ones required by Critical (Information) Infrastructures. However, a sensor network is highly vulnerable against any external or internal attacks, thus network designers must know which are the tools that they can use in order to avoid such problems. In this paper we describe in detail a procedure (the KMS Guidelines), developed under our CRISIS project, that allows network designers to choose a certain Key Management System, or at least to know which protocol need to improve in order to satisfy the network requirements.
Onieva, Jose A.; Lopez, Javier; Roman, Rodrigo; Zhou, Jianying
Extension de una plataforma DRM basada en OMA con servicios de No Repudio Proceedings Article
In: IX Reunion Española sobre Criptologia y Seguridad de la Informacion (RECSI’06), pp. 129-141, UOC S.L. UOC S.L., 2006.
@inproceedings{Onieva2006a,
title = {Extension de una plataforma DRM basada en OMA con servicios de No Repudio},
author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou},
url = {/wp-content/papers/JoseA.Onieva2006a.pdf},
year = {2006},
date = {2006-01-01},
urldate = {2006-01-01},
booktitle = {IX Reunion Espa\~{n}ola sobre Criptologia y Seguridad de la Informacion (RECSI’06)},
pages = {129-141},
publisher = {UOC S.L.},
organization = {UOC S.L.},
abstract = {Digital Rights Management (DRM) es un t\'{e}rmino general para cualesquiera de las soluciones que permite a un vendedor de contenido en forma electr\'{o}nica controlar el material y restringir su uso de distintas maneras. Estas soluciones son posibles, por un lado gracias a t\'{e}cnicas de la Seguridad de la Informaci\'{o}n, principalmente cifrado de datos, y por otro a la distribuci\'{o}n, de manera independiente, de contenido y derechos digitales. Esto permite que los consumidores puedan acceder libremente al contenido, pero s\'{o}lo aquellos que adquieran el derecho digital apropiado (RO) podr\'{a}n procesarlo. Como servicio de seguridad considerado en diversas capas del marco de seguridad definido por la recomendaci\'{o}n ITU X.805, casi todas las aplicaciones necesitan considerar la propiedad de no repudio en las etapas iniciales de su dise\~{n}o. Desafortunadamente, esto no ha sido as\'{i} en general, y m\'{a}s concretamente en especificaciones DRM; debido a consideraciones en la pr\'{a}ctica y al tipo de contenido a distribuir. Analizamos este servicio para un marco de DRM y proporcionamos una soluci\'{o}n que permita que la adquisici\'{o}n de derechos digitales sea un operaci\'{o}n que no pueda repudiarse.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Digital Rights Management (DRM) es un término general para cualesquiera de las soluciones que permite a un vendedor de contenido en forma electrónica controlar el material y restringir su uso de distintas maneras. Estas soluciones son posibles, por un lado gracias a técnicas de la Seguridad de la Información, principalmente cifrado de datos, y por otro a la distribución, de manera independiente, de contenido y derechos digitales. Esto permite que los consumidores puedan acceder libremente al contenido, pero sólo aquellos que adquieran el derecho digital apropiado (RO) podrán procesarlo. Como servicio de seguridad considerado en diversas capas del marco de seguridad definido por la recomendación ITU X.805, casi todas las aplicaciones necesitan considerar la propiedad de no repudio en las etapas iniciales de su diseño. Desafortunadamente, esto no ha sido así en general, y más concretamente en especificaciones DRM; debido a consideraciones en la práctica y al tipo de contenido a distribuir. Analizamos este servicio para un marco de DRM y proporcionamos una solución que permita que la adquisición de derechos digitales sea un operación que no pueda repudiarse.
2005
Roman, Rodrigo; Lopez, Javier; Zhou, Jianying
Aplicación de Sistemas de Detección de Intrusiones en Redes de Sensores Proceedings Article
In: Simposio sobre Computación Ubicua e Inteligencia Ambiental (UCAmI’05), pp. 113-120, Granada (Spain), 2005.
@inproceedings{Roman2005b,
title = {Aplicaci\'{o}n de Sistemas de Detecci\'{o}n de Intrusiones en Redes de Sensores},
author = {Rodrigo Roman and Javier Lopez and Jianying Zhou},
url = {/wp-content/papers/Roman2005b.pdf},
year = {2005},
date = {2005-09-01},
urldate = {2005-09-01},
booktitle = {Simposio sobre Computaci\'{o}n Ubicua e Inteligencia Ambiental (UCAmI’05)},
pages = {113-120},
address = {Granada (Spain)},
abstract = {Los sistemas de detecci\'{o}n de intrusiones (IDS) son una herramienta imprescindible de seguridad a la hora de proteger una red. Recientemente se han investigado y desarrollado arquitecturas de IDS para redes inal\'{a}mbricas, en concreto para redes "Ad Hoc". No obstante, no existe un trabajo previo que desarrolle una arquitectura de IDS para una red de sensores. En este art\'{i}culo, analizamos porque los sistemas IDS de redes "Ad Hoc" no pueden aplicarse a redes de sensores, e introducimos una arquitectura de IDS para redes de sensores que incorpora una nueva t\'{e}cnica para vigilar las comunicaciones de la red en ciertos escenarios.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los sistemas de detección de intrusiones (IDS) son una herramienta imprescindible de seguridad a la hora de proteger una red. Recientemente se han investigado y desarrollado arquitecturas de IDS para redes inalámbricas, en concreto para redes "Ad Hoc". No obstante, no existe un trabajo previo que desarrolle una arquitectura de IDS para una red de sensores. En este artículo, analizamos porque los sistemas IDS de redes "Ad Hoc" no pueden aplicarse a redes de sensores, e introducimos una arquitectura de IDS para redes de sensores que incorpora una nueva técnica para vigilar las comunicaciones de la red en ciertos escenarios.
Roman, Rodrigo; Lopez, Javier; Zhou, Jianying
Protección contra el Spam Utilizando Desafíos a Priori Proceedings Article
In: V Jornadas de Ingeniería Telemática (JITEL’05), pp. 375-382, Vigo (Spain), 2005.
@inproceedings{Roman2005a,
title = {Protecci\'{o}n contra el Spam Utilizando Desaf\'{i}os a Priori},
author = {Rodrigo Roman and Javier Lopez and Jianying Zhou},
url = {/wp-content/papers/Roman2005a.pdf},
year = {2005},
date = {2005-09-01},
urldate = {2005-09-01},
booktitle = {V Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL’05)},
pages = {375-382},
address = {Vigo (Spain)},
abstract = {Spam is considered to be one of the biggest problems in messaging systems. In the area of email Spam, A high number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. In this paper, we introduce a new scheme, called pre-challenge scheme, which avoids problems that exists in other schemes such as delay of service and denial of service. Some new mechanisms are employed to reach a good balance between security against Spam and convenience to email users. In addition, our scheme can be used for protecting other types of messaging systems, such as Instant Messaging (IM) and Blogs, against Spam.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Spam is considered to be one of the biggest problems in messaging systems. In the area of email Spam, A high number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. In this paper, we introduce a new scheme, called pre-challenge scheme, which avoids problems that exists in other schemes such as delay of service and denial of service. Some new mechanisms are employed to reach a good balance between security against Spam and convenience to email users. In addition, our scheme can be used for protecting other types of messaging systems, such as Instant Messaging (IM) and Blogs, against Spam.
Roman, Rodrigo; Lopez, Javier
Especificación de Sistemas Electrónicos de Microdonaciones Proceedings Article
In: III Simposio Español de Comercio Electrónico, pp. 95-104, Palma (Spain), 2005.
@inproceedings{Roman2005c,
title = {Especificaci\'{o}n de Sistemas Electr\'{o}nicos de Microdonaciones},
author = {Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Roman2005c.pdf},
year = {2005},
date = {2005-06-01},
urldate = {2005-06-01},
booktitle = {III Simposio Espa\~{n}ol de Comercio Electr\'{o}nico},
pages = {95-104},
address = {Palma (Spain)},
abstract = {Los sistemas electr\'{o}nicos de pago permiten que un comprador adquiera a un vendedor una serie de productos y servicios de forma virtual. Sin embargo, estos sistemas no tienen en cuenta el escenario en el que un comprador se convierte en donante, accediendo al servicio de forma gratuita. En este art\'{i}culo se presenta el concepto y caracter\'{i}sticas de las microdonaciones, o la donaci\'{o}n de cantidades tan peque\~{n}as como un c\'{e}ntimo de euro en el contexto del comercio electr\'{o}nico. Tambi\'{e}n se muestra como la microdonaci\'{o}n es algo necesario en el contexto actual de Internet, y como es posible su implementaci\'{o}n bas\'{a}ndose en sistemas de micropago.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los sistemas electrónicos de pago permiten que un comprador adquiera a un vendedor una serie de productos y servicios de forma virtual. Sin embargo, estos sistemas no tienen en cuenta el escenario en el que un comprador se convierte en donante, accediendo al servicio de forma gratuita. En este artículo se presenta el concepto y características de las microdonaciones, o la donación de cantidades tan pequeñas como un céntimo de euro en el contexto del comercio electrónico. También se muestra como la microdonación es algo necesario en el contexto actual de Internet, y como es posible su implementación basándose en sistemas de micropago.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
On the Security of Wireless Sensor Networks Proceedings Article
In: Computational Science and Its Applications (ICCSA’05), pp. 681-690, Springer Springer, Singapore, 2005, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Roman2005e,
title = {On the Security of Wireless Sensor Networks},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/Roman2005e.pdf
http://www.springerlink.com/content/pvnd4eu8b7acgtpe/},
doi = {10.1007/11424857_75},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2005},
date = {2005-05-01},
urldate = {2005-05-01},
booktitle = {Computational Science and Its Applications (ICCSA’05)},
volume = {3482},
pages = {681-690},
publisher = {Springer},
address = {Singapore},
organization = {Springer},
series = {LNCS},
abstract = {Wireless Sensor Networks are extremely vulnerable against any kind of internal or external attacks, due to several factors such as resource-constrained nodes and lack of tamper-resistant packages. As a result, security must be an important factor to have in mind when designing the infrastructure and protocols of sensor networks. In this paper we survey the state-of-the-art security issues in sensor networks and highlight the open areas of research.security issues in sensor networks and highlight the open areas of research.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks are extremely vulnerable against any kind of internal or external attacks, due to several factors such as resource-constrained nodes and lack of tamper-resistant packages. As a result, security must be an important factor to have in mind when designing the infrastructure and protocols of sensor networks. In this paper we survey the state-of-the-art security issues in sensor networks and highlight the open areas of research.security issues in sensor networks and highlight the open areas of research.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
Protection Against Spam using Pre-Challenges Proceedings Article
In: Sasaki, Ryôichi; Qing, Sihan; Okamoto, Eiji; Yoshiura, Hiroshi (Ed.): 20th IFIP International Information Security Conference (IFIP-SEC’05), pp. 281-294, Springer Springer, Chiba (Japan), 2005, ISBN: 0-387-25658-X.
@inproceedings{Roman2005d,
title = {Protection Against Spam using Pre-Challenges},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
editor = {Ry\^{o}ichi Sasaki and Sihan Qing and Eiji Okamoto and Hiroshi Yoshiura},
url = {/wp-content/papers/Roman2005d.pdf},
isbn = {0-387-25658-X},
year = {2005},
date = {2005-05-01},
urldate = {2005-05-01},
booktitle = {20th IFIP International Information Security Conference (IFIP-SEC’05)},
pages = {281-294},
publisher = {Springer},
address = {Chiba (Japan)},
organization = {Springer},
abstract = {Spam turns out to be an increasingly serious problem to email users. A number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge is imposed on an email sender. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service attacks. In this paper, we introduce a pre-challenge scheme that avoids those problems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed to reach a good balance between security against spam and convenience to email users.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Spam turns out to be an increasingly serious problem to email users. A number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge is imposed on an email sender. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service attacks. In this paper, we introduce a pre-challenge scheme that avoids those problems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed to reach a good balance between security against spam and convenience to email users.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
Casual Virtual Private Network Journal Article
In: International Journal of Computer Systems Science & Engineering, vol. 3, pp. 185-192, 2005, ISSN: 0267-6192.
@article{Roman2005f,
title = {Casual Virtual Private Network},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/Roman2005f.pdf},
issn = {0267-6192},
year = {2005},
date = {2005-01-01},
urldate = {2005-01-01},
journal = {International Journal of Computer Systems Science \& Engineering},
volume = {3},
pages = {185-192},
publisher = {CRL Publishing},
abstract = {Virtual Private Networks (VPNs) provide a cost-effective way for securing communications using public and insecure networks like the Internet. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network, using centralized security policies for better management and protection. However, in certain scenarios, users may not require such a transparent access to the resources within their networks, but only want temporary secure access to internal services based on their own demands. We call the network architecture with such a feature as Casual VPN. In this paper, we present the notion of Casual VPN, and explain why traditional VPN architectures and protocols are unable to offer Casual VPN services. We also propose and define the operation of a particular Casual VPN architecture, C-VPN, which additionally allows the management of TCP and UDP-based protocols.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Virtual Private Networks (VPNs) provide a cost-effective way for securing communications using public and insecure networks like the Internet. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network, using centralized security policies for better management and protection. However, in certain scenarios, users may not require such a transparent access to the resources within their networks, but only want temporary secure access to internal services based on their own demands. We call the network architecture with such a feature as Casual VPN. In this paper, we present the notion of Casual VPN, and explain why traditional VPN architectures and protocols are unable to offer Casual VPN services. We also propose and define the operation of a particular Casual VPN architecture, C-VPN, which additionally allows the management of TCP and UDP-based protocols.
Onieva, Jose A.; Zhou, Jianying; Lopez, Javier; Roman, Rodrigo
Extending an OMA-based DRM Framework with Non-Repudiation Services Proceedings Article
In: 5th Symposium on Signal Processing and Information Technology (ISSPIT’05), pp. 472-477, IEEE IEEE, 2005.
@inproceedings{Onieva2005,
title = {Extending an OMA-based DRM Framework with Non-Repudiation Services},
author = {Jose A. Onieva and Jianying Zhou and Javier Lopez and Rodrigo Roman},
url = {/wp-content/papers/Onieva2005.pdf},
doi = {10.1109/ISSPIT.2005.1577143},
year = {2005},
date = {2005-01-01},
urldate = {2005-01-01},
booktitle = {5th Symposium on Signal Processing and Information Technology (ISSPIT’05)},
pages = {472-477},
publisher = {IEEE},
organization = {IEEE},
abstract = {Digital Rights Management (DRM) is an umbrella term for any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in various ways that can be specified by the vendor. These arrangements are provided through security techniques, mainly encryption, and the distribution, in a detached manner, of content and rights. This allows free access to the content by the consumers, but only those carrying the proper Right Object (RO) will be able to process such content. As a security service considered in different layers of the security framework defined by ITU X.805, almost all applications need to consider non-repudiation in the very beginning of their design. Unfortunately this has not been done so far in DRM specifications due to practical issues and the type of content distributed. We analyze this service for the a DRM framework and provide a solution which allows the right objects acquisition to be undeniable.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Digital Rights Management (DRM) is an umbrella term for any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in various ways that can be specified by the vendor. These arrangements are provided through security techniques, mainly encryption, and the distribution, in a detached manner, of content and rights. This allows free access to the content by the consumers, but only those carrying the proper Right Object (RO) will be able to process such content. As a security service considered in different layers of the security framework defined by ITU X.805, almost all applications need to consider non-repudiation in the very beginning of their design. Unfortunately this has not been done so far in DRM specifications due to practical issues and the type of content distributed. We analyze this service for the a DRM framework and provide a solution which allows the right objects acquisition to be undeniable.
Roman, Rodrigo; Lopez, Javier; Zhou, Jianying
Análisis de Seguridad en Redes Inalámbricas de Sensores Proceedings Article
In: V Jornadas de Ingenería Telemática (JITEL’05), pp. 335-343, Vigo (Spain), 2005.
@inproceedings{R.Roman2005,
title = {An\'{a}lisis de Seguridad en Redes Inal\'{a}mbricas de Sensores},
author = {Rodrigo Roman and Javier Lopez and Jianying Zhou},
url = {/wp-content/papers/R.Roman2005.pdf},
year = {2005},
date = {2005-00-01},
urldate = {2005-00-01},
booktitle = {V Jornadas de Ingener\'{i}a Telem\'{a}tica (JITEL’05)},
pages = {335-343},
address = {Vigo (Spain)},
abstract = {The design and development of security infrastructures and protocols for Wireless Sensor Networks is a difficult task, due to several factors like the constraints of the sensor nodes and the public nature of the communication channels. The intrinsic features of these networks create numerous security problems. In this paper, we analyze and put into perspective those problems.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The design and development of security infrastructures and protocols for Wireless Sensor Networks is a difficult task, due to several factors like the constraints of the sensor nodes and the public nature of the communication channels. The intrinsic features of these networks create numerous security problems. In this paper, we analyze and put into perspective those problems.
2002
Lopez, Javier; Montenegro, Jose A.; Roman, Rodrigo; Davila, Jorge
Design of a VPN Software Solution Integrating TCP and UDP Services Proceedings Article
In: International Conference on Infrastructure Security (InfraSec’02), pp. 325-337, Springer-Verlag Springer-Verlag, Bristol, U.K., 2002.
@inproceedings{JavierLopez2002c,
title = {Design of a VPN Software Solution Integrating TCP and UDP Services},
author = {Javier Lopez and Jose A. Montenegro and Rodrigo Roman and Jorge Davila},
url = {/wp-content/papers/JavierLopez2002c.pdf},
year = {2002},
date = {2002-10-01},
urldate = {2002-10-01},
booktitle = {International Conference on Infrastructure Security (InfraSec’02)},
volume = {2437},
pages = {325-337},
publisher = {Springer-Verlag},
address = {Bristol, U.K.},
organization = {Springer-Verlag},
series = {LNCS},
abstract = {The main aims of Virtual Private Network (VPN) are to isolate a distributed network from outsiders, as well as to protect the confidentiality and integrity of sensitive information traversing a non-trusted network such as the Internet. However, some problems arise when security is considered as the unique problem because VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange with non-VPN users, and to access Web and FTP servers external to the organization. This paper presents a new solution that allows the open use of traditional network services running over TCP and UDP layers, while maintaining strong security features. The new scheme works at the TCP/IP transport layer and does not require the addition of new hardware because it is a totally software solution. As a consequence, the application is totally portable. Moreover, and because of its implementation at the transport layer, there is no need to modify any traditional communication applications previously installed in the network system.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The main aims of Virtual Private Network (VPN) are to isolate a distributed network from outsiders, as well as to protect the confidentiality and integrity of sensitive information traversing a non-trusted network such as the Internet. However, some problems arise when security is considered as the unique problem because VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange with non-VPN users, and to access Web and FTP servers external to the organization. This paper presents a new solution that allows the open use of traditional network services running over TCP and UDP layers, while maintaining strong security features. The new scheme works at the TCP/IP transport layer and does not require the addition of new hardware because it is a totally software solution. As a consequence, the application is totally portable. Moreover, and because of its implementation at the transport layer, there is no need to modify any traditional communication applications previously installed in the network system.
2001
Davila, Jorge; Lopez, Javier; Roman, Rodrigo
Introducción de Aplicaciones UDP en Redes Privadas Virtuales Proceedings Article
In: III Jornadas de Ingeniería Telemática (JITEL’01), pp. 397-404, Barcelona (Spain), 2001.
@inproceedings{JorgeDavila2001,
title = {Introducci\'{o}n de Aplicaciones UDP en Redes Privadas Virtuales},
author = {Jorge Davila and Javier Lopez and Rodrigo Roman},
url = {/wp-content/papers/JorgeDavila2001.pdf},
year = {2001},
date = {2001-00-01},
urldate = {2001-00-01},
booktitle = {III Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL’01)},
pages = {397-404},
address = {Barcelona (Spain)},
abstract = {Virtual Private Network (VPN) solutions mainly focus on security aspects. However, when security is considered the unique problem, some collateral ones arise. VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange and audio/video conference with non-VPN users, and to access Web and Ftp servers external to the organization. In this paper we present a new solution, located at the TCP/IP transport layer and oriented to UDP applications that, while maintaining strong security features, allows the open use of traditional network services. The solution does not require the addition of new hardware because it is an exclusively software solution. As a consequence, the application is totally portable.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Virtual Private Network (VPN) solutions mainly focus on security aspects. However, when security is considered the unique problem, some collateral ones arise. VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange and audio/video conference with non-VPN users, and to access Web and Ftp servers external to the organization. In this paper we present a new solution, located at the TCP/IP transport layer and oriented to UDP applications that, while maintaining strong security features, allows the open use of traditional network services. The solution does not require the addition of new hardware because it is an exclusively software solution. As a consequence, the application is totally portable.