Isaac Agudo

@article{morales2024commag,

title = {Toward a Framework for Cost-Effective and Publicly Verifiable Confidential Computations in Blockchain},

author = {Daniel Morales and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/morales2024commag.pdf},

doi = {10.1109/MCOM.001.2300839},

issn = {1558-1896},

year  = {2024},

date = {2024-09-03},

urldate = {2024-09-03},

journal = {IEEE Communications Magazine},

abstract = {Blockchain technologies have introduced a compelling paradigm for a new understanding of security through decentralized networks and consensus mechanisms. However, they need all data to be public, which may be unacceptable for use cases such as biometric data processing or sensitive monetary transactions. Therefore, confidentiality is identified as a need in blockchain. Additionally, blockchain can contribute to confidential applications by providing publicly verifiable mechanisms, therefore enhancing security. This work presents a framework for cost-effective and publicly verifiable confidential computations in blockchain, by relying on secure multi-party computation committees and zero-knowledge proofs. Our framework supports arbitrary computations on confidential data enforced by smart contracts. Additionally, staking, incentives, and cheat identification are provided as solutions to enhance trust. We also provide a technical solution to embed secure multi-party computations within smart contracts by using the Promise programming pattern. Finally, a cost analysis is provided to justify the feasibility of the framework compared to other solutions.},

keywords = {},

pubstate = {forthcoming},

tppubtype = {article}

}

@article{ishak22,

title = {Learning multi-party adversarial encryption and its application to secret sharing},

author = {Ishak Meraouche and Sabyasachi Dutta and Sraban Kumar Mohanty and Isaac Agudo and Kouichi Sakurai},

url = {/wp-content/papers/ishak22.pdf},

doi = {10.1109/ACCESS.2022.3223430},

issn = {2169-3536},

year  = {2022},

date = {2022-01-01},

urldate = {2022-01-01},

journal = {IEEE Access},

publisher = {IEEE},

abstract = {Neural networks based cryptography has seen a significant growth since the introduction of adversarial cryptography which makes use of Generative Adversarial Networks (GANs) to build neural networks that can learn encryption. The encryption has been proven weak at first but many follow up works have shown that the neural networks can be made to learn the One Time Pad (OTP) and produce perfectly secure ciphertexts. To the best of our knowledge, existing works only considered communications between two or three parties. In this paper, we show how multiple neural networks in an adversarial setup can remotely synchronize and establish a perfectly secure communication in the presence of different attackers eavesdropping their communication. As an application, we show how to build Secret Sharing Scheme based on this perfectly secure multi-party communication. The results show that it takes around 45,000 training steps for 4 neural networks to synchronize and reach equilibria. When reaching equilibria, all the neural networks are able to communicate between each other and the attackers are not able to break the ciphertexts exchanged between them.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Agudo2020,

title = {A Blockchain Approach for Decentralized V2X (D-V2X)},

author = {Isaac Agudo and Manuel Montenegro-G\'{o}mez and Javier Lopez},

url = {/wp-content/papers/Agudo2020.pdf},

doi = {10.1109/TVT.2020.3046640},

issn = {0018-9545},

year  = {2021},

date = {2021-05-01},

urldate = {2021-05-01},

journal = {IEEE Transactions on Vehicular Technology},

volume = {70},

number = {5},

pages = {4001 - 4010},

publisher = {IEEE},

abstract = {New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet. 

One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications. 

Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez19,

title = {Escrowed decryption protocols for lawful interception of encrypted data},

author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/nunez19.pdf},

doi = {10.1049/iet-ifs.2018.5082},

issn = {1751-8709},

year  = {2019},

date = {2019-09-01},

urldate = {2019-09-01},

journal = {IET Information Security},

volume = {13},

pages = {498 \textendash 507},

publisher = {IET},

abstract = {Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez2014blindidm,

title = {BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service},

author = {David Nu\~{n}ez and Isaac Agudo},

url = {/wp-content/papers/nunez2014blindidm.pdf},

doi = {10.1007/s10207-014-0230-4},

issn = {1615-5262},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

journal = {International Journal of Information Security},

volume = {13},

pages = {199-215},

publisher = {Springer},

abstract = {Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data condentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{agudo2013,

title = {A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control},

author = {Isaac Agudo and Ruben Rios and Javier Lopez},

url = {/wp-content/papers/agudo2013.pdf},

doi = {10.1016/j.cose.2013.05.004},

issn = {0167-4048},

year  = {2013},

date = {2013-11-01},

urldate = {2013-11-01},

journal = {Computers \& Security},

volume = {39 (B)},

pages = {117-126},

publisher = {Elsevier},

abstract = {Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}