@article{Fernandez25b,

title = {A cluster of patterns for Trusted Computing},

author = {Eduardo B. Fernandez and Antonio Mu\~{n}oz },

editor = {Guenther Pernul},

year  = {2025},

date = {2025-12-12},

urldate = {2025-12-12},

journal = {International Journal of Information Security},

volume = {XX},

number = {XX},

issue = {XX},

pages = {XX},

abstract = {The proliferation of Internet of Things (IoT) and cyberphysical systems (CPSs) has introduced unprecedented challenges in ensuring the integrity and confidentiality of critical data, making robust security mechanisms essential. There are several mechanisms intended to assure trust with respect to the software loaded into the system and the trustworthiness of the boot process. These mechanisms start from a Root of Trust (RoT), from where all the other trusts, e.g., for components and software are derived. As part of the RoT, a Secure Storage is needed. This Secure Storage can be considered as part of the RoT or considered a separate component. After a RoT is established, a Trusted Boot can be performed. The execution of computational processes can then be supported by using separate execution zones (Zone Isolation). More complex trust functions such as remote attestation can be performed by a Trusted Platform Module (TPM) . In this paper, we propose security patterns for these components. The abstraction power of patterns can be used to define the basic aspects that each of these components must have, thus serving as reference for designers and for security evaluation.},

key = {Trusted systems, Security patterns, Root of Trust,Trusted processing},

keywords = {},

pubstate = {forthcoming},

tppubtype = {article}

}

@article{ferraris2025iot,

title = {Trust dynamicity for IoT: How do i trust your social IoT cluster?},

author = {Davide Ferraris and Carmen Fernandez-Gago and Younes Assouyat and Houda Labiod and Wang Haiguang and Javier Lopez},

editor = {Elsevier},

doi = {10.1016/j.iot.2025.101529},

year  = {2025},

date = {2025-03-01},

urldate = {2025-03-01},

journal = {Internet of Things},

volume = {30},

abstract = {The Social IoT (SIoT) enhances the traditional Internet of Things (IoT) by integrating social relationships between device owners. This paper presents a dynamic trust framework specifically designed for SIoT environments, with the objective of providing security against malicious attacks targeting IoT devices. The framework offers a multi-dimensional analysis of trust, emphasizing the behaviours and contextual interactions of domestic devices. A prototype implementing the proposed framework is introduced and evaluated across three different use cases showing how to assess device reputation, enable dynamic device integration, and secure communication within device clusters. The evaluation results highlight the framework’s ability to enhance the reliability of device interactions and ensure seamless interoperability among devices utilizing different trust models. This significant improvement in trust management contributes to more secure and efficient SIoT operations. The findings underscore the critical role of dynamic trust adaptation and interoperability in creating a cohesive and secure SIoT ecosystem.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2025a,

title = {Digital Twin Security: A Perspective on Efforts From Standardization Bodies},

author = {Cristina Alcaraz and Javier Lopez},

url = {https://www.computer.org/csdl/magazine/sp/2025/01/10871233/2448764c2l2},

doi = {10.1109/MSEC.2024.3504193},

issn = {1558-4046},

year  = {2025},

date = {2025-01-01},

urldate = {2025-01-01},

journal = {IEEE Security \& Privacy},

volume = {23},

issue = {1},

pages = {83-90},

abstract = {This article assesses the contributions of standardization bodies to digital twin (DT) protection and analyzes whether and how the organizations prioritize security. It identifies standardization work that better covers different security requirements, hence offering higher guarantees of DT protection.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Rios2025,

title = {Toward the Quantum-Safe Web: Benchmarking Post-Quantum TLS},

author = {Ruben Rios and Jose A. Montenegro and Antonio Mu\~{n}oz and Davide Ferraris},

doi = {10.1109/MNET.2025.3531116},

issn = {0890-8044},

year  = {2025},

date = {2025-00-00},

urldate = {2025-00-00},

journal = {IEEE Network},

abstract = {The transition to a quantum-resistant Internet is a complex process that depends on the integration of post-quantum cryptographic primitives into existing security protocols. This paper analyzes the impact that the primitives selected by NIST in their post-quantum cryptography competition has on a critical Internet security protocol, the TLS protocol. The analysis is facilitated by a framework that enables the implementation of an evaluation scenario in which different post-quantum primitives can be tested under identical conditions, ensuring a fair comparison. Our results indicate that the computational overhead introduced by current post-quantum standards in TLS is comparable to that of traditional algorithms, and even more efficient at high security levels. However, their significant impact on data transmission constrains the transition to a full-fledged quantum-safe web.},

keywords = {},

pubstate = {forthcoming},

tppubtype = {article}

}

@article{Alcaraz2024c,

title = {Digital Twin-assisted anomaly detection for industrial scenarios},

author = {Cristina Alcaraz and Javier Lopez},

url = {https://www.sciencedirect.com/science/article/pii/S1874548224000623},

doi = {https://doi.org/10.1016/j.ijcip.2024.100721},

issn = {1874-5482},

year  = {2024},

date = {2024-12-01},

urldate = {2024-12-01},

journal = {International Journal of Critical Infrastructure Protection},

volume = {47},

pages = {100721},

abstract = {Industry 5.0 is the current industrial paradigm that inherits the technological diversity of its predecessor, Industry 4.0, but includes three priority goals: (i) resilience, (ii) sustainability and (iii) human-centeredness. Through these three goals, Industry 5.0 pursues a more far-reaching digital transformation in industrial ecosystems with high protection guarantees. However, the deployment of innovative information technologies for this new digital transformation also requires considering their implicit vulnerabilities and threats in order to avoid any negative impacts on the three Industry 5.0 goals, and to prioritize cybersecurity aspects so as to ensure acceptable protection levels. This paper, therefore, proposes a detection framework composed of a Digital Twin (DT) and machine learning algorithms for online protection, supporting the resilience that Industry 5.0 seeks. To validate the approach, this work includes several practical studies on a real industrial control testbed to demonstrate the feasibility and accuracy of the framework, taking into account a set of malicious perturbations in several critical sections of the system. The results highlight the effectiveness of the DT in complementing the anomaly detection processes, especially for advanced and stealthy threats.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{AlcarazMeskiniLopez2024,

title = {Digital twin communities: an approach for secure DT data sharing},

author = {Cristina Alcaraz and Iman Hasnaouia Meskini and Javier Lopez},

url = {https://link.springer.com/article/10.1007/s10207-024-00912-1#citeas},

doi = {https://doi.org/10.1007/s10207-024-00912-1},

issn = {1615-5270},

year  = {2024},

date = {2024-11-07},

urldate = {2024-11-07},

journal = {International Journal of Information Security},

volume = {24},

number = {17},

abstract = {Digital Twin (DT) technology empowers organizations to create virtual counterparts of their physical assets, thereby magnifying their analytical, optimization and decision-making capabilities. More specifically, the simulation capabilities of a DT generate high-quality data that not only benefit the DT owner organization, but also increase the potential of similar organizations by leveraging the DT’s capabilities when sharing its simulation results This collaborative sharing boosts the capabilities of each participating organization, fostering a collective intelligence that amplifies their competitive advantage. Nonetheless, data exchange must rigorously safeguard each organization’s data confidentiality, and access to this data must be thoroughly controlled. Thus, this paper introduces the novel concept of DT communities and proposes a hybrid access control architecture. This architecture seamlessly integrates the strengths of both Role Based Access Control (RBAC) and Organizational Based Access Control (OrBAC), facilitating secure, authorized intra- and inter-organizational information sharing in the context of Industry 5.0, combining the strengths of local DT communication and other organization’s DTs as well. Moreover, in order to show the feasibility of the approach for critical corporate organizations and their systems, in this paper we provide a proof-of-concept implementation of this architecture. To validate its functionality and efficiency, we perform a number of experimental studies showing how various entities can benefit from securely sharing DT models based on the concept of “community".},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{morales2024commag,

title = {Toward a Framework for Cost-Effective and Publicly Verifiable Confidential Computations in Blockchain},

author = {Daniel Morales and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/morales2024commag.pdf},

doi = {10.1109/MCOM.001.2300839},

issn = {1558-1896},

year  = {2024},

date = {2024-09-03},

urldate = {2024-09-03},

journal = {IEEE Communications Magazine},

abstract = {Blockchain technologies have introduced a compelling paradigm for a new understanding of security through decentralized networks and consensus mechanisms. However, they need all data to be public, which may be unacceptable for use cases such as biometric data processing or sensitive monetary transactions. Therefore, confidentiality is identified as a need in blockchain. Additionally, blockchain can contribute to confidential applications by providing publicly verifiable mechanisms, therefore enhancing security. This work presents a framework for cost-effective and publicly verifiable confidential computations in blockchain, by relying on secure multi-party computation committees and zero-knowledge proofs. Our framework supports arbitrary computations on confidential data enforced by smart contracts. Additionally, staking, incentives, and cheat identification are provided as solutions to enhance trust. We also provide a technical solution to embed secure multi-party computations within smart contracts by using the Promise programming pattern. Finally, a cost analysis is provided to justify the feasibility of the framework compared to other solutions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{FerIoT24,

title = {Trust interoperability in the Internet of Things},

author = {Carmen Fernandez-Gago and Davide Ferraris and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/FerIoT24.pdf},

doi = {https://doi.org/10.1016/j.iot.2024.101226},

year  = {2024},

date = {2024-07-31},

urldate = {2024-07-31},

journal = {Internet of Things},

volume = {26},

abstract = {The Internet of Things (IoT) is a paradigm where entities or things are interconnected, often in heterogeneous contexts. As the interconnection happens, things establish collaborations with others, sometimes under uncertainty. Although trust can help us overcome this uncertainty, things might not be able to process the information about trust coming from other things: each thing could have its own trust model, which means its own way to understand and measure trust. If new trust relationships are to be established, it would be desirable to have a mechanism of interoperability that allows the things to process the information about the other things in terms of trust. In this paper, we describe an interoperability framework for tackling the trust interoperability issues in IoT, depending on the different types of trust models that might co-exist in the same IoT scenario.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{SYRMAKESIS2024100678,

title = {DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control},

author = {Andrew D. Syrmakesis and Cristina Alcaraz and Nikos D. Hatziargyriou},

url = {https://www.sciencedirect.com/science/article/pii/S1874548224000192?dgcid=rss_sd_all},

doi = {https://doi.org/10.1016/j.ijcip.2024.100678},

issn = {1874-5482},

year  = {2024},

date = {2024-07-01},

urldate = {2024-07-01},

journal = {International Journal of Critical Infrastructure Protection},

volume = {45},

issue = {100678},

pages = {100678},

abstract = {In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Onieva0000,

title = {Malware similarity and a new fuzzy hash: Compound Code Block Hash (CCBHash)},

author = {Jose A. Onieva and Pablo P\'{e}rez Jim\'{e}nez and Javier Lopez},

doi = {10.1016/j.cose.2024.103856},

isbn = {0167-4048},

year  = {2024},

date = {2024-04-21},

urldate = {2024-04-21},

journal = {Computers \& Security},

volume = {142},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2023a,

title = {Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/Alcaraz2023a.pdf

https://ieeexplore.ieee.org/abstract/document/10239369},

doi = {10.1109/MNET.004.2200529},

issn = {0890-8044},

year  = {2023},

date = {2023-12-31},

urldate = {2023-12-31},

journal = {IEEE Network Magazine},

volume = {37},

number = {2},

pages = {302-308},

publisher = {IEEE},

abstract = {New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{surveyIoTrust2023,

title = {A Survey on IoT Trust Model Frameworks},

author = {Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/surveyIoTrust2023.pdf},

doi = {10.1007/s11227-023-05765-4},

year  = {2023},

date = {2023-11-17},

urldate = {2023-11-17},

journal = {The Journal of Supercomputing},

volume = {80},

pages = {8259\textendash8296},

abstract = {Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2023b,

title = {OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0},

author = {Cristina Alcaraz and Jesus Cumplido and Alicia Trivi\~{n}o},

url = {/wp-content/papers/Alcaraz2023b.pdf

https://link.springer.com/article/10.1007/s10207-023-00698-8},

doi = {10.1007/s10207-023-00698-8},

issn = {1615-5262},

year  = {2023},

date = {2023-05-05},

urldate = {2023-05-05},

journal = {International Journal of Information Security},

publisher = {Springer},

address = {Springer Verlag},

abstract = {Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{morales2023psi,

title = {Private set intersection: A systematic literature review},

author = {Daniel Morales and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/morales2023psi.pdf

https://www.sciencedirect.com/science/article/pii/S1574013723000345},

doi = {10.1016/j.cosrev.2023.100567},

issn = {1574-0137},

year  = {2023},

date = {2023-05-01},

urldate = {2023-05-01},

journal = {Computer Science Review},

volume = {49},

number = {100567},

publisher = {Elsevier},

address = {ScienceDirect},

abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2023a,

title = {Current Perspectives on Securing Critical Infrastructures’ Supply Chains},

author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Kouichi Sakurai},

url = {/wp-content/papers/Roman2023a.pdf},

doi = {10.1109/MSEC.2023.3247946},

issn = {1540-7993},

year  = {2023},

date = {2023-03-08},

urldate = {2023-03-08},

journal = {IEEE Security \& Privacy},

volume = {21},

number = {4},

pages = {29-38},

publisher = {IEEE},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{MUNOZ2023103180,

title = {A survey on the (in)security of Trusted Execution Environments},

author = {Antonio Mu\~{n}oz and Ruben Rios and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/MUNOZ2023103180.pdf

https://www.sciencedirect.com/science/article/pii/S0167404823000901},

doi = {10.1016/j.cose.2023.103180},

issn = {0167-4048},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {Computers \& Security},

pages = {103-180},

publisher = {Elsevier},

address = {In Press},

abstract = {As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{munoz2022,

title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios},

author = {Antonio Mu\~{n}oz and Carmen Fernandez-Gago and Roberto Lopez-Villa},

url = {/wp-content/papers/munoz2022.pdf},

doi = {10.1007/s11036-022-02046-x},

issn = {1383-469X},

year  = {2022},

date = {2022-10-01},

urldate = {2022-10-01},

journal = {Mobile Networks and Applications},

publisher = {Springer},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{suciu2022samgrid,

title = {SAMGRID: Security Authorization and Monitoring Module Based on SealedGRID Platform},

author = {George Suciu and Aristeidis Farao and Giorgio Bernardinetti and Ivan Palam\'{a} and Mari-Anais Sachian and Alexandru Vulpe and Marius-Constantin Vochin and Pavel Muresan and Michail Bampatsikos and Antonio Mu\~{n}oz and Christos Xenakis},

url = {/wp-content/papers/suciu2022samgrid.pdf

https://www.mdpi.com/1424-8220/22/17/6527},

doi = {10.3390/s22176527},

issn = {1424-8220},

year  = {2022},

date = {2022-08-30},

urldate = {2022-08-30},

journal = {SENSORS},

volume = {22},

number = {17},

issue = {6527},

abstract = {IoT devices present an ever-growing domain with multiple applicability. This technology has favored and still favors many areas by creating critical infrastructures that are as profitable as possible. This paper presents a hierarchical architecture composed of different licensing entities that manage access to different resources within a network infrastructure. They are conducted on the basis of well-drawn policy rules. At the same time, the security side of these resources is also placed through a context awareness module. Together with this technology, IoT is used and Blockchain is enabled (for network consolidation, as well as the transparency with which to monitor the platform). The ultimate goal is to implement a secure and scalable security platform for the Smart Grid. The paper presents the work undertaken in the SealedGRID project and the steps taken for implementing security policies specifically tailored to the Smart Grid, based on advanced concepts such as Opinion Dynamics and Smart Grid-related Attribute-based Access Control.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Syrmakesis2022,

title = {Classifying resilience approaches for protecting smart grids against cyber threats},

author = {Andrew D. Syrmakesis and Cristina Alcaraz and Nikos D. Hatziargyriou},

url = {/wp-content/papers/Syrmakesis2022.pdf

https://link.springer.com/content/pdf/10.1007/s10207-022-00594-7.pdf},

doi = {https://doi.org/10.1007/s10207-022-00594-7},

issn = {1615-5262},

year  = {2022},

date = {2022-05-01},

urldate = {2022-05-01},

journal = {International Journal of Information Security},

volume = {21},

pages = {1189\textendash1210},

publisher = {Springer},

address = {Springer Verlag},

abstract = {Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rios2022cpa,

title = {Constrained Proximity Attacks on Mobile Targets},

author = {Xueou Wang and Xiaolu Hou and Ruben Rios and Nils Ole Tippenhauer and Martin Ochoa},

url = {/wp-content/papers/rios2022cpa.pdf},

doi = {10.1145/3498543},

issn = {2471-2566},

year  = {2022},

date = {2022-05-01},

urldate = {2022-05-01},

journal = {ACM Transactions on Privacy and Security (TOPS)},

volume = {25},

number = {10},

pages = {1 - 29},

publisher = {Association for Computer Machinery (ACM)},

abstract = {Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2022b,

title = {Digital Twin: A Comprehensive Survey of Security Threats},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/Alcaraz2022b.pdf

https://ieeexplore.ieee.org/document/9765576},

doi = {10.1109/COMST.2022.3171465},

issn = {1553-877X},

year  = {2022},

date = {2022-04-01},

urldate = {2022-04-01},

journal = {IEEE Communications Surveys \& Tutorials},

volume = {24},

number = {thirdquarter 2022},

pages = {1475 - 1503},

publisher = {IEEE},

address = {IEEE},

abstract = {Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ishak22,

title = {Learning multi-party adversarial encryption and its application to secret sharing},

author = {Ishak Meraouche and Sabyasachi Dutta and Sraban Kumar Mohanty and Isaac Agudo and Kouichi Sakurai},

url = {/wp-content/papers/ishak22.pdf},

doi = {10.1109/ACCESS.2022.3223430},

issn = {2169-3536},

year  = {2022},

date = {2022-01-01},

urldate = {2022-01-01},

journal = {IEEE Access},

publisher = {IEEE},

abstract = {Neural networks based cryptography has seen a significant growth since the introduction of adversarial cryptography which makes use of Generative Adversarial Networks (GANs) to build neural networks that can learn encryption. The encryption has been proven weak at first but many follow up works have shown that the neural networks can be made to learn the One Time Pad (OTP) and produce perfectly secure ciphertexts. To the best of our knowledge, existing works only considered communications between two or three parties. In this paper, we show how multiple neural networks in an adversarial setup can remotely synchronize and establish a perfectly secure communication in the presence of different attackers eavesdropping their communication. As an application, we show how to build Secret Sharing Scheme based on this perfectly secure multi-party communication. The results show that it takes around 45,000 training steps for 4 neural networks to synchronize and reach equilibria. When reaching equilibria, all the neural networks are able to communicate between each other and the attackers are not able to break the ciphertexts exchanged between them.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rios2022pmec,

title = {Personal IoT Privacy Control at the Edge},

author = {Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/rios2022pmec.pdf},

doi = {10.1109/MSEC.2021.3101865},

issn = {1540-7993},

year  = {2022},

date = {2022-01-01},

urldate = {2022-01-01},

journal = {IEEE Security \& Privacy},

volume = {20},

pages = {23 - 32},

publisher = {IEEE},

abstract = {This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Flamini2022,

title = {Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives},

author = {Francesco Flammini and Cristina Alcaraz and Emanuele Bellini and Stefano Marrone and Javier Lopez and Andrea Bondavalli},

url = {/wp-content/papers/Flamini2022.pdf

https://ieeexplore.ieee.org/abstract/document/9979717/authors$#$authors},

doi = {10.1109/TETC.2022.3227113},

issn = {2168-6750},

year  = {2022},

date = {2022-01-01},

urldate = {2022-01-01},

journal = {IEEE Transactions on Emerging Topics in Computing},

publisher = {IEEE},

abstract = {The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2021a,

title = {Stakeholder Perspectives and Requirements on Cybersecurity in Europe},

author = {Simone Fischer-H\"{u}bner and Cristina Alcaraz and Afonso Ferreira and Carmen Fernandez-Gago and Javier Lopez and Evangelos Markatos and Lejla Islami and Mahdi Akil},

url = {/wp-content/papers/Alcaraz2021a.pdf

https://www.sciencedirect.com/science/article/pii/S2214212621001381},

doi = {10.1016/j.jisa.2021.102916},

issn = {2214-2126},

year  = {2021},

date = {2021-09-01},

urldate = {2021-09-01},

journal = {Journal of Information Security and Applications},

volume = {61},

number = {102916},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{anto2021,

title = {P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements},

author = {Antonio Mu\~{n}oz and Aristeidis Farao and Ryan Casas and Christos Xenakis},

url = {/wp-content/papers/anto2021.pdf},

issn = {2078-2489,},

year  = {2021},

date = {2021-08-01},

urldate = {2021-08-01},

journal = {Information},

volume = {12},

number = {357},

publisher = {MDPI},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Agudo2020,

title = {A Blockchain Approach for Decentralized V2X (D-V2X)},

author = {Isaac Agudo and Manuel Montenegro-G\'{o}mez and Javier Lopez},

url = {/wp-content/papers/Agudo2020.pdf},

doi = {10.1109/TVT.2020.3046640},

issn = {0018-9545},

year  = {2021},

date = {2021-05-01},

urldate = {2021-05-01},

journal = {IEEE Transactions on Vehicular Technology},

volume = {70},

number = {5},

pages = {4001 - 4010},

publisher = {IEEE},

abstract = {New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet. 

One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications. 

Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{lopez2020,

title = {Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid},

author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},

url = {/wp-content/papers/lopez2020.pdf

https://ieeexplore.ieee.org/document/9430900},

doi = {10.1109/MWC.001.2000336},

issn = {1536-1284},

year  = {2021},

date = {2021-04-01},

urldate = {2021-04-01},

journal = {IEEE Wireless Communications},

volume = {28},

pages = {48-55},

publisher = {IEEE},

abstract = {Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2020b,

title = {A model-driven approach to ensure trust in the IoT},

author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/ferraris2020b.pdf},

doi = {10.1186/s13673-020-00257-3},

issn = {2192-1962},

year  = {2020},

date = {2020-12-01},

urldate = {2020-12-01},

journal = {Human-centric Computing and Information Sciences},

volume = {10},

number = {50},

publisher = {Springer},

abstract = {The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues. 

In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them. 

So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity. 

In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy. 

We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way. 

Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram. 

This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC. 

These models will be a fundamental input for the following and final phases of the SDLC.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Rubio2020IIoT,

title = {Integration of a Threat Traceability Solution in the Industrial Internet of Things},

author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/Rubio2020IIoT.pdf},

doi = {10.1109/TII.2020.2976747},

issn = {1551-3203},

year  = {2020},

date = {2020-10-01},

urldate = {2020-10-01},

journal = {IEEE Transactions on Industrial Informatics},

volume = {16},

number = {6575-6583},

publisher = {IEEE},

abstract = {In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JUDAS2020,

title = {Becoming JUDAS: Correlating Users and Devices during a Digital Investigation},

author = {Ana Nieto},

url = {/wp-content/papers/JUDAS2020.pdf

https://ieeexplore.ieee.org/document/9069950},

doi = {10.1109/TIFS.2020.2988602},

issn = {1556-6013},

year  = {2020},

date = {2020-07-01},

urldate = {2020-07-01},

journal = {IEEE Transactions on Information Forensics \& Security},

volume = {15},

pages = {3325-3334},

publisher = {IEEE},

abstract = {One of the biggest challenges in IoT-forensics is the analysis and correlation of heterogeneous digital evidence, to enable an effective understanding of complex scenarios. This paper defines a methodology for extracting unique objects (e.g., representing users or devices) from the files of a case, defining the context of the digital investigation and increasing the knowledge progressively, using additional files from the case (e.g. network captures). The solution includes external searches using emphopen source intelligence (OSINT) sources when needed. In order to illustrate this approach, the proposed methodology is implemented in the emphJSON Users and Devices analysis (JUDAS) tool, which is able to generate the context from JSON files, complete it, and show the whole context using dynamic graphs. The approach is validated using the files in an IoT-Forensic digital investigation where an important set of potential digital evidence extracted from Amazon’s Alexa Cloud is analysed.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2020a,

title = {Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features},

author = {Cristina Alcaraz and Juan E. Rubio and Javier Lopez},

url = {/wp-content/papers/Alcaraz2020a.pdf},

issn = {0743-7315},

year  = {2020},

date = {2020-06-01},

urldate = {2020-06-01},

journal = {Journal of Parallel and Distributed Computing},

volume = {144},

pages = {124-135},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2020,

title = {A Trust Model for Popular Smart Home Devices},

author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa},

url = {/wp-content/papers/ferraris2020.pdf

https://link.springer.com/article/10.1007/s10207-020-00519-2},

doi = {10.1007/s10207-020-00519-2},

issn = {1615-5262},

year  = {2020},

date = {2020-01-01},

urldate = {2020-01-01},

journal = {International Journal of Information Security},

publisher = {Springer},

abstract = {Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. 

Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. 

There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers. 

As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it. 

Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences. 

In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors. 

We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests). 

As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{alcaraz2019a,

title = {Covert Channels-based Stealth Attacks in Industry 4.0},

author = {Cristina Alcaraz and Giuseppe Bernieri and Federica Pascucci and Javier Lopez and Roberto Setola},

url = {/wp-content/papers/alcaraz2019a.pdf

https://ieeexplore.ieee.org/document/8715420?source=authoralert},

doi = {10.1109/JSYST.2019.2912308},

issn = {1932-8184},

year  = {2019},

date = {2019-12-01},

urldate = {2019-12-01},

journal = {IEEE Systems Journal.},

volume = {13},

pages = {3980-3988},

publisher = {IEEE},

abstract = {Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rub2019cose,

title = {Current Cyber-Defense Trends in Industrial Control Systems},

author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/rub2019cose.pdf},

doi = {10.1016/j.cose.2019.06.015},

issn = {0167-4048},

year  = {2019},

date = {2019-11-01},

urldate = {2019-11-01},

journal = {Computers \& Security Journal},

volume = {87},

publisher = {Elsevier},

abstract = {Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{onieva2019vec,

title = {Edge-Assisted Vehicular Networks Security},

author = {Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/onieva2019vec.pdf},

doi = {10.1109/JIOT.2019.2904323},

issn = {2327-4662},

year  = {2019},

date = {2019-10-01},

urldate = {2019-10-01},

journal = {IEEE Internet of Things Journal},

volume = {6},

pages = {8038-8045},

publisher = {IEEE Computer Society},

abstract = {Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez19,

title = {Escrowed decryption protocols for lawful interception of encrypted data},

author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/nunez19.pdf},

doi = {10.1049/iet-ifs.2018.5082},

issn = {1751-8709},

year  = {2019},

date = {2019-09-01},

urldate = {2019-09-01},

journal = {IET Information Security},

volume = {13},

pages = {498 \textendash 507},

publisher = {IET},

abstract = {Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{RubioSIJCS19,

title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},

author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},

url = {/wp-content/papers/RubioSIJCS19.pdf},

issn = {0167-4048},

year  = {2019},

date = {2019-09-01},

urldate = {2019-09-01},

journal = {Journal of Computer Security},

volume = {27},

pages = {521-546},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{roman2018VIS,

title = {Immune System for the Internet of Things using Edge Technologies},

author = {Rodrigo Roman and Ruben Rios and Jose A. Onieva and Javier Lopez},

url = {/wp-content/papers/roman2018VIS.pdf

https://ieeexplore.ieee.org/document/8449989/},

doi = {10.1109/JIOT.2018.2867613},

issn = {2327-4662},

year  = {2019},

date = {2019-06-01},

urldate = {2019-06-01},

journal = {IEEE Internet of Things Journal},

volume = {6},

pages = {4774-4781},

publisher = {IEEE Computer Society},

abstract = {The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{kolar2019trust,

title = {A Model Specification for the Design of Trust Negotiations},

author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/kolar2019trust.pdf

https://www.sciencedirect.com/science/article/pii/S0167404818310484},

doi = {10.1016/j.cose.2019.03.024},

issn = {0167-4048},

year  = {2019},

date = {2019-04-01},

urldate = {2019-04-01},

journal = {Computers \& Security},

volume = {84},

pages = {288-300},

publisher = {Elsevier},

abstract = {Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{sarita2018,

title = {Detection of Node Capture Attack in Wireless Sensor Networks},

author = {Sarita Agrawal and Manik Lal Das and Javier Lopez},

issn = {1932-8184},

year  = {2019},

date = {2019-03-01},

urldate = {2019-03-01},

journal = {IEEE Systems Journal},

volume = {13},

pages = {238 - 247},

publisher = {IEEE},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{HFNR2019,

title = {Cybersecurity Profiles based on Human-Centric IoT Devices},

author = {Ana Nieto and Ruben Rios},

url = {/wp-content/papers/HFNR2019.pdf},

doi = {10.1186/s13673-019-0200-y},

issn = {2192-1962},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

journal = {Human-centric Computing and Information Sciences},

volume = {9},

number = {1},

pages = {1-23},

publisher = {Springer},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2019,

title = {TrUStAPIS: A Trust Requirements Elicitation Method for IoT},

author = {Davide Ferraris and Carmen Fernandez-Gago},

url = {/wp-content/papers/ferraris2019.pdf

https://link.springer.com/article/10.1007%2Fs10207-019-00438-x},

doi = {10.1007/s10207-019-00438-x},

issn = {1615-5262},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

journal = {International Journal of Information Security},

pages = {111-127},

publisher = {Springer},

abstract = {The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform. 

When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy. 

To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity. 

This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration. 

We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{alcarazlopez-IEEESystems-2017,

title = {A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/alcarazlopez-IEEESystems-2017.pdf

http://ieeexplore.ieee.org/document/8057984/},

doi = {10.1109/JSYST.2017.2740719},

issn = {1932-8184},

year  = {2018},

date = {2018-12-01},

urldate = {2018-12-01},

journal = {IEEE Systems Journal},

volume = {12},

pages = {3543-3554},

publisher = {IEEE},

abstract = {The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{NAFMONET2018,

title = {Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation},

author = {Ana Nieto and Antonio Acien and Gerardo Fernandez},

url = {/wp-content/papers/NAFMONET2018.pdf},

doi = {10.1007/s11036-018-1146-4},

issn = {1383-469X},

year  = {2018},

date = {2018-10-01},

urldate = {2018-10-01},

journal = {Mobile Networks and Applications (MONET)},

pages = {881-889},

publisher = {Springer US},

abstract = {underlineCrowdsourcing can be a powerful weapon against underlinecyberattacks in underline5G networks. In this paper we analyse this idea in detail, starting from the use cases in underlinecrowdsourcing focused on security, and highlighting those areas of a underline5G ecosystem where underlinecrowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and underlinecybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of underlineIoT objects coexist. The analysis is made considering the different participants in a underline5G underlineIoT ecosystem.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Hiroshi18IoT,

title = {Feasibility of Societal Model for Securing Internet of Things},

author = {Hiroshi Tsunoda and Rodrigo Roman and Javier Lopez and Glenn Mansfield Keeni},

url = {/wp-content/papers/Hiroshi18IoT.pdf

http://www.itiis.org/digital-library/manuscript/2082},

doi = {10.3837/tiis.2018.08.003},

issn = {1976-7277},

year  = {2018},

date = {2018-08-01},

urldate = {2018-08-01},

journal = {KSII Transactions on Internet and Information Systems},

volume = {12},

number = {8},

pages = {3567-3588},

publisher = {KSII},

abstract = {In the Internet of Things (IoT) concept, devices communicate autonomously with applications in the Internet. A significant aspect of IoT that makes it stand apart from present-day networked devices and applications is a) the very large number of devices, produced by diverse makers and used by an even more diverse group of users; b) the applications residing and functioning in what were very private sanctums of life e.g. the car, home, and the people themselves. Since these diverse devices require high-level security, an operational model for an IoT system is required, which has built-in security. We have proposed the societal model as a simple operational model. The basic concept of the model is borrowed from human society \textendash there will be infants, the weak and the handicapped who need to be protected by guardians. This natural security mechanism works very well for IoT networks which seem to have inherently weak security mechanisms. In this paper, we discuss the requirements of the societal model and examine its feasibility by doing a proof-of-concept implementation.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{transactionInformaticsSG2018,

title = {A Resilient Architecture for the Smart Grid},

author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},

url = {/wp-content/papers/transactionInformaticsSG2018.pdf},

doi = {10.1109/TII.2018.2826226},

issn = {1551-3203},

year  = {2018},

date = {2018-08-01},

urldate = {2018-08-01},

journal = {IEEE Transactions on Industrial Informatics},

volume = {14},

pages = {3745-3753},

publisher = {IEEE},

abstract = {The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{RomanIoT18,

title = {Evolution and Trends in the Security of the Internet of Things},

author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},

url = {/wp-content/papers/RomanIoT18.pdf

https://ieeexplore.ieee.org/document/8423133/},

doi = {10.1109/MC.2018.3011051},

issn = {0018-9162},

year  = {2018},

date = {2018-07-01},

urldate = {2018-07-01},

journal = {IEEE Computer},

volume = {51},

pages = {16-25},

publisher = {IEEE Computer Society},

address = {New Jersey, USA},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{IonnaisPanosMihalisAlcarazLopez2018,

title = {Survey of IoT-enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services},

author = {Ioannis Stellios and Panayiotis Kotzanikolaou and Mihalis Psarakis and Cristina Alcaraz and Javier Lopez},

url = {https://ieeexplore.ieee.org/document/8410404},

doi = {10.1109/COMST.2018.2855563},

issn = {1553-877X},

year  = {2018},

date = {2018-07-01},

urldate = {2018-07-01},

journal = {IEEE Communications Surveys and Tutorials},

volume = {20},

pages = {3453-3495},

publisher = {IEEE},

abstract = {As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, smart grids, transportation and medical services, the significance of such attacks is obvious, since IoT technologies are part of critical backend systems. However, in sectors where IoT is usually at the enduser side, like smart homes, such attacks can be underestimated, since not all possible attack paths are examined. In this paper we survey IoT-enabled cyber attacks, found in all application domains since 2010. For each sector, we emphasize on the latest, verified IoT-enabled attacks, based on known real-world incidents and published proof-of-concept attacks. We methodologically analyze representative attacks that demonstrate direct, indirect and subliminal attack paths against critical targets. Our goal is threefold: (i) To assess IoT-enabled cyber attacks in a risk-like approach, in order to demonstrate their current threat landscape; (ii) To identify hidden and subliminal IoT-enabled attack paths against critical infrastructures and services, and (iii) To examine mitigation strategies for all application domains.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{cazorla2016cyber,

title = {Cyber Stealth Attacks in Critical Information Infrastructures},

author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/cazorla2016cyber.pdf

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},

doi = {10.1109/JSYST.2015.2487684},

issn = {1932-8184},

year  = {2018},

date = {2018-06-01},

urldate = {2018-06-01},

journal = {IEEE Systems Journal},

volume = {12},

pages = {1778-1792},

publisher = {IEEE},

abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2018a,

title = {Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems},

author = {Cristina Alcaraz},

url = {/wp-content/papers/Alcaraz2018a.pdf

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=8304395\&isnumber=8304374},

doi = {10.1109/MWC.2018.1700231},

issn = {1536-1284},

year  = {2018},

date = {2018-02-01},

urldate = {2018-02-01},

journal = {IEEE Wireless Communications},

volume = {25},

number = {1},

pages = {76-82},

publisher = {IEEE},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nrlSensors2018,

title = {IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations},

author = {Ana Nieto and Ruben Rios and Javier Lopez},

url = {/wp-content/papers/nrlSensors2018.pdf

http://www.mdpi.com/1424-8220/18/2/492},

doi = {10.3390/s18020492},

issn = {1424-8220},

year  = {2018},

date = {2018-02-01},

urldate = {2018-02-01},

journal = {Sensors},

volume = {18},

number = {492},

publisher = {MDPI},

abstract = {IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{LOPEZ201846,

title = {Access control for cyber-physical systems interconnected to the cloud},

author = {Javier Lopez and Juan E. Rubio},

url = {/wp-content/papers/LOPEZ201846.pdf

http://www.sciencedirect.com/science/article/pii/S1389128618300501},

doi = {10.1016/j.comnet.2018.01.037},

issn = {1389-1286},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

journal = {Computer Networks},

volume = {134},

pages = {46 - 54},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{RomanFog16,

title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges},

author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo},

url = {/wp-content/papers/RomanFog16.pdf

https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ},

doi = {10.1016/j.future.2016.11.009},

issn = {0167-739X},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

journal = {Future Generation Computer Systems},

volume = {78},

pages = {680-698},

publisher = {Elsevier},

abstract = {For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Ruben2017trust,

title = {Modelling Privacy-Aware Trust Negotiations},

author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/Ruben2017trust.pdf},

doi = {10.1016/j.cose.2017.09.015},

issn = {0167-4048},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

journal = {Computers \& Security},

volume = {77},

pages = {773-789},

publisher = {Elsevier},

abstract = {Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{NietNLS15,

title = {Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data},

author = {Ana Nieto and Nikolaos Nomikos and Javier Lopez and Charalambos Skianis},

url = {/wp-content/papers/NietNLS15.pdf},

doi = {10.1109/JSYST.2015.2477782},

issn = {1932-8184},

year  = {2017},

date = {2017-12-01},

urldate = {2017-12-01},

journal = {IEEE Systems Journal},

volume = {11},

number = {99},

pages = {2479-2489},

publisher = {IEEE},

abstract = {The growing number of parameters in heteroge- neous networks, as is the case of the emphfifth generation (5G) Green networks, greatly complicates the analysis of the emphSecurity and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz_2017_IJCIS,

title = {Resilient Industrial Control Systems based on Multiple Redundancy},

author = {Cristina Alcaraz},

doi = {10.1504/IJCIS.2017.10009287},

issn = {1741-8038},

year  = {2017},

date = {2017-11-01},

urldate = {2017-11-01},

journal = {International Journal of Critical Infrastructures (IJCIS)},

volume = {13},

number = {2/3},

pages = {278 - 295},

publisher = {Inderscience Publisher},

address = {London, UK},

abstract = {The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2017COSE,

title = {Resilient Interconnection in Cyber-Physical Control Systems},

author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},

url = {/wp-content/papers/Alcaraz2017COSE.pdf

http://www.sciencedirect.com/science/article/pii/S0167404817300573},

doi = {10.1016/j.cose.2017.03.004},

issn = {0167-4048},

year  = {2017},

date = {2017-11-01},

urldate = {2017-11-01},

journal = {Computers \& Security},

volume = {71},

pages = {2-14},

publisher = {Elsevier},

abstract = {Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Lopez2017iotpriv,

title = {Evolving privacy: From sensors to the Internet of Things},

author = {Javier Lopez and Ruben Rios and Feng Bao and Guilin Wang},

url = {/wp-content/papers/Lopez2017iotpriv.pdf},

doi = {10.1016/j.future.2017.04.045},

issn = {0167-739X},

year  = {2017},

date = {2017-10-01},

urldate = {2017-10-01},

journal = {Future Generation Computer Systems},

volume = {75},

pages = {46\textendash57},

publisher = {Elsevier},

abstract = {The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rubiorecommender17,

title = {Recommender System for Privacy-Preserving Solutions in Smart Metering},

author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/rubiorecommender17.pdf},

issn = {1574-1192},

year  = {2017},

date = {2017-10-01},

urldate = {2017-10-01},

journal = {Pervasive and Mobile Computing},

volume = {41},

pages = {205-218},

publisher = {Pervasive and Mobile Computing},

abstract = {Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez2017proxy,

title = {Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation},

author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/nunez2017proxy.pdf},

doi = {10.1016/j.jnca.2017.03.005},

issn = {1084-8045},

year  = {2017},

date = {2017-06-01},

urldate = {2017-06-01},

journal = {Journal of Network and Computer Applications},

volume = {87},

pages = {193-209},

publisher = {Elsevier},

abstract = {This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{AlcarazLopezWolthusen2017,

title = {OCPP Protocol: Security Threats and Challenges},

author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},

url = {/wp-content/papers/AlcarazLopezWolthusen2017.pdf},

doi = {10.1109/TSG.2017.2669647},

issn = {1949-3053},

year  = {2017},

date = {2017-02-01},

urldate = {2017-02-01},

journal = {IEEE Transactions on Smart Grid},

volume = {8},

pages = {2452 - 2459},

publisher = {IEEE},

abstract = {One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Fer_IS17,

title = {Modelling Trust Dynamics in the Internet of Things},

author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez},

url = {/wp-content/papers/Fer_IS17.pdf},

doi = {10.1016/j.ins.2017.02.039},

issn = {0020-0255},

year  = {2017},

date = {2017-01-01},

urldate = {2017-01-01},

journal = {Information Sciences},

volume = {396},

pages = {72-82},

publisher = {Elsevier},

abstract = {The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nrlSIC16,

title = {Testificaci\'{o}n Digital},

author = {Ana Nieto and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/nrlSIC16.pdf

https://revistasic.es/index.php?option=com_content\&view=article\&id=1713\&Itemid=1498},

issn = {1136-0623},

year  = {2016},

date = {2016-11-01},

urldate = {2016-11-01},

journal = {Revista SIC},

volume = {122},

pages = {94-98},

publisher = {Ediciones CODA},

abstract = {El creciente n\'{u}mero de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos \textendashmuchos de ellos propietarios\textendash y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse c\'{o}mo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se est\'{a} desarrollando una soluci\'{o}n, el Testigo Digital, que permitir\'{a} a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegi\'{e}ndonos de los ciberataques emergentes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez2016application,

title = {On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption},

author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/nunez2016application.pdf},

doi = {10.1002/sec.1434},

issn = {1939-0114},

year  = {2016},

date = {2016-08-01},

urldate = {2016-08-01},

journal = {Security and Communication Networks},

volume = {9},

pages = {1769-1785},

publisher = {Wiley},

abstract = {Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki\textendashOkamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki\textendashOkamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez2016eliciting,

title = {Eliciting Metrics for Accountability of Cloud Systems},

author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Jes\'{u}s Luna},

url = {/wp-content/papers/nunez2016eliciting.pdf},

doi = {10.1016/j.cose.2016.07.003},

issn = {0167-4048},

year  = {2016},

date = {2016-08-01},

urldate = {2016-08-01},

journal = {Computers \& Security},

volume = {62},

pages = {149-164},

publisher = {Elsevier},

abstract = {Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ercim-nrl16,

title = {Digital Witness: Digital Evidence Management Framework for the Internet of Things},

author = {Ana Nieto and Rodrigo Roman and Javier Lopez},

url = {http://ercim-news.ercim.eu/images/stories/EN106/EN106-web.pdf},

issn = {0926-4981},

year  = {2016},

date = {2016-07-01},

urldate = {2016-07-01},

journal = {ERCIM News},

number = {106},

pages = {9-9},

publisher = {ERCIM EEIG},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JNCA16,

title = {A Model-driven Approach for Engineering Trust and Reputation into Software Services},

author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/JNCA16.pdf},

issn = {1084-8045},

year  = {2016},

date = {2016-04-01},

urldate = {2016-04-01},

journal = {Journal of Network and Computer Applications},

volume = {69},

pages = {134-151},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ieeenet16-nrl,

title = {Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices},

author = {Ana Nieto and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/ieeenet16-nrl.pdf

http://ieeexplore.ieee.org/document/7764297/$#$full-text-section},

doi = {10.1109/MNET.2016.1600087NM},

issn = {0890-8044},

year  = {2016},

date = {2016-01-01},

urldate = {2016-01-01},

journal = {IEEE Network},

pages = {12-19},

publisher = {IEEE Communications Society},

abstract = {Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{alcaraz2016POL,

title = {Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems},

author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},

url = {/wp-content/papers/alcaraz2016POL.pdf},

issn = {1084-8045},

year  = {2016},

date = {2016-01-01},

urldate = {2016-01-01},

journal = {Journal of Network and Computer Applications},

volume = {59},

pages = {301\textendash314},

publisher = {Elsevier},

abstract = {Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{NL-COMCOM15,

title = {Contextualising Heterogeneous Information in Unified Communications with Security Restrictions},

author = {Ana Nieto and Javier Lopez},

url = {/wp-content/papers/NL-COMCOM15.pdf

http://www.sciencedirect.com/science/article/pii/S0140366415002534},

doi = {10.1016/j.comcom.2015.07.015},

issn = {0140-3664},

year  = {2015},

date = {2015-09-01},

urldate = {2015-09-01},

journal = {Computer Communications},

volume = {68},

pages = {33-46},

publisher = {Elsevier},

abstract = {The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rios2015,

title = {Probabilistic receiver-location privacy protection in wireless sensor networks},

author = {Ruben Rios and Jorge Cuellar and Javier Lopez},

url = {/wp-content/papers/rios2015.pdf},

doi = {10.1016/j.ins.2015.01.016},

issn = {0020-0255},

year  = {2015},

date = {2015-07-01},

urldate = {2015-07-01},

journal = {Information Sciences},

volume = {321},

pages = {205 - 223},

publisher = {Elsevier},

abstract = {Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{NNMSVRLS,

title = {Relay Selection for Secure 5G Green Communications},

author = {Nikolaos Nomikos and Ana Nieto and Prodromos Makris and Dimitrios N. Skoutas and Demosthenes Vouyioukas and Panagiotis Rizomiliotis and Javier Lopez and Charalambos Skianis},

doi = {10.1007/s11235-014-9890-7},

issn = {1018-4864},

year  = {2015},

date = {2015-05-01},

urldate = {2015-05-01},

journal = {Telecommunication Systems},

volume = {59},

pages = {169-187},

publisher = {Springer US},

abstract = {In this article, we present relay selection policies in applications with secrecy requirements which are of interest in the emphfifth generation (5G) of wireless networks. More specifically, we provide a classification of relays based on their distinct communication attributes, such as processing, multiple antennas, storage, channel estimation, density and security level. In addition, we discuss the level of efficiency exhibited by each relay class, regarding their impact in delay-critical applications and green communications applications, while aiming at a specific security level at the physical layer. Then, relay selection policies are proposed taking into consideration the goals set by each application. Numerical evaluation of the proposed policies in terms of the average secrecy rate, average delay and power reduction show improved performance compared to other state-of-the-art solutions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{cazorla2015b,

title = {Awareness and Reaction Strategies for Critical Infrastructure Protection},

author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/cazorla2015b.pdf},

doi = {10.1016/j.compeleceng.2015.08.010},

issn = {0045-7906},

year  = {2015},

date = {2015-01-01},

urldate = {2015-01-01},

journal = {Computers and Electrical Engineering},

volume = {47},

pages = {299-317},

publisher = {Elsevier},

abstract = {Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{alcaraz2015CRI,

title = {Critical Infrastructure Protection: Requirements and Challenges for the 21st Century},

author = {Cristina Alcaraz and Sherali Zeadally},

url = {/wp-content/papers/alcaraz2015CRI.pdf

http://www.sciencedirect.com/science/article/pii/S1874548214000791},

doi = {10.1016/j.ijcip.2014.12.002},

issn = {1874-5482},

year  = {2015},

date = {2015-01-01},

urldate = {2015-01-01},

journal = {International Journal of Critical Infrastructure Protection (IJCIP)},

volume = {8},

pages = {53\textendash66},

publisher = {Elsevier Science},

abstract = {Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{lorena2015c,

title = {A Three-Stage Analysis of IDS for Critical Infrastructures},

author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/lorena2015c.pdf},

issn = {0167-4048},

year  = {2015},

date = {2015-01-01},

urldate = {2015-01-01},

journal = {Computers \& Security},

volume = {55},

number = {November},

pages = {235-250},

publisher = {Elsevier},

abstract = {The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{MoLo15,

title = {A practical solution for sealed bid and multi-currency auctions},

author = {Jose A. Montenegro and Javier Lopez},

url = {/wp-content/papers/MoLo15.pdf},

doi = {10.1016/j.cose.2014.06.004},

issn = {0167-4048},

year  = {2014},

date = {2014-09-01},

urldate = {2014-09-01},

journal = {Computers \& Security},

volume = {45},

pages = {186-198},

publisher = {Elsevier},

abstract = {This paper introduces a sealed bid and underlinemulti-currency auction using secure multiparty computation (underlineSMC). 

Two boolean functions, a comparison and multiplication function, have been designed as required to apply underlineSMC. These functions are applied without revealing any information, not even to trusted third parties such as the auctioneer. A type of Zero Knowledge proof, discreet proof, has been implemented with three variants, interactive, regular and reduced non interactive proofs. These proofs make it possible to verify the correctness of the functions whilst preserving the privacy of the bid values. Moreover, a system performance evaluation of the proposal has been realized on heterogeneous platforms, including a mobile platform. The evaluation concludes that our proposal is practical even on mobile platforms.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nieto2013mone,

title = {A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms},

author = {Ana Nieto and Javier Lopez},

url = {/wp-content/papers/nieto2013mone.pdf

},

doi = {10.1007/s11036-013-0462-y},

issn = {1383-469X},

year  = {2014},

date = {2014-02-01},

urldate = {2014-02-01},

journal = {Mobile Networks and Applications (MONET) Journal},

volume = {19},

pages = {64-78},

publisher = {Springer US},

abstract = {Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nunez2014blindidm,

title = {BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service},

author = {David Nu\~{n}ez and Isaac Agudo},

url = {/wp-content/papers/nunez2014blindidm.pdf},

doi = {10.1007/s10207-014-0230-4},

issn = {1615-5262},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

journal = {International Journal of Information Security},

volume = {13},

pages = {199-215},

publisher = {Springer},

abstract = {Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data condentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{CSI13,

title = {Building Trust from Context Similarity Measures},

author = {Carmen Fernandez-Gago and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/CSI13.pdf},

doi = {10.1016/j.csi.2013.12.012},

issn = {0920-5489},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

journal = {Computer Standards \& Interfaces, Special Issue on Security in Information Systems},

volume = {36},

pages = {792-800},

publisher = {Elsevier},

abstract = {Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{alcaraz2013a,

title = {Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/alcaraz2013a.pdf},

doi = {10.1016/j.csi.2013.10.002},

issn = {0920-5489},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

journal = {Computer Standards \& Interfaces},

volume = {36},

pages = {501-512},

publisher = {Elsevier},

abstract = {Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{alcaraz2013b,

title = {WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/alcaraz2013b.pdf},

doi = {10.1016/j.future.2013.06.030},

issn = {0167-739X},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

journal = {Future Generation Computer Systems},

volume = {30},

pages = {146-154},

publisher = {Elsevier},

abstract = {Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rios2013a,

title = {Covert Communications through Network Configuration Messages},

author = {Ruben Rios and Jose A. Onieva and Javier Lopez},

url = {/wp-content/papers/rios2013a.pdf},

doi = {10.1016/j.cose.2013.03.004},

issn = {0167-4048},

year  = {2013},

date = {2013-11-01},

urldate = {2013-11-01},

journal = {Computers \& Security},

volume = {39, Part A},

pages = {34 - 46},

publisher = {Elsevier},

abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{moyano2013re,

title = {A Framework for Enabling Trust Requirements in Social Cloud Applications},

author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/moyano2013re.pdf},

doi = {10.1007/s00766-013-0171-x},

issn = {0947-3602},

year  = {2013},

date = {2013-11-01},

urldate = {2013-11-01},

journal = {Requirements Engineering},

volume = {18},

pages = {321-341},

publisher = {Springer London},

abstract = {Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{agudo2013,

title = {A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control},

author = {Isaac Agudo and Ruben Rios and Javier Lopez},

url = {/wp-content/papers/agudo2013.pdf},

doi = {10.1016/j.cose.2013.05.004},

issn = {0167-4048},

year  = {2013},

date = {2013-11-01},

urldate = {2013-11-01},

journal = {Computers \& Security},

volume = {39 (B)},

pages = {117-126},

publisher = {Elsevier},

abstract = {Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1770,

title = {Smart Control of Operational Threats in Control Substations},

author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},

url = {/wp-content/papers/1770.pdf

http://www.sciencedirect.com/science/article/pii/S0167404813000588},

doi = {10.1016/j.cose.2013.03.013},

issn = {0167-4048},

year  = {2013},

date = {2013-10-01},

urldate = {2013-10-01},

journal = {Computers \& Security},

volume = {38},

pages = {14-27},

publisher = {Elsevier},

abstract = {Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{najerascn12,

title = {User-centric secure integration of personal RFID tags and sensor networks},

author = {Pablo Najera and Rodrigo Roman and Javier Lopez},

doi = {10.1002/sec.684},

issn = {1939-0114},

year  = {2013},

date = {2013-10-01},

urldate = {2013-10-01},

journal = {Security and Communication Networks},

volume = {6},

pages = {1177\textendash1197},

publisher = {Wiley-Blackwell},

abstract = {A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{roman2013iot,

title = {On the features and challenges of security and privacy in distributed internet of things},

author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},

url = {/wp-content/papers/roman2013iot.pdf

http://www.sciencedirect.com/science/article/pii/S1389128613000054},

doi = {10.1016/j.comnet.2012.12.018},

issn = {1389-1286},

year  = {2013},

date = {2013-07-01},

urldate = {2013-07-01},

journal = {Computer Networks},

volume = {57},

pages = {2266\textendash2279},

publisher = {Elsevier},

abstract = {In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages \textendash not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{MFLR13,

title = {Secure sealed-bid online auctions using discreet cryptographic proofs},

author = {Jose A. Montenegro and Michael J. Fischer and Javier Lopez and Rene Peralta},

url = {/wp-content/papers/MFLR13.pdf},

doi = {10.1016/j.mcm.2011.07.027},

issn = {0895-7177},

year  = {2013},

date = {2013-06-01},

urldate = {2013-06-01},

journal = {Mathematical and Computer Modelling},

volume = {57},

pages = {2583\textendash2595},

publisher = {Elsevier},

abstract = {This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a emphProof Certificate standard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Rios2012a,

title = {(Un)Suitability of Anonymous Communication Systems to WSN},

author = {Ruben Rios and Javier Lopez},

url = {/wp-content/papers/Rios2012a.pdf},

doi = {10.1109/JSYST.2012.2221956},

issn = {1932-8184},

year  = {2013},

date = {2013-06-01},

urldate = {2013-06-01},

journal = {IEEE Systems Journal},

volume = {7},

number = {2},

pages = {298	- 310},

publisher = {IEEE Systems Council},

abstract = {Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{nietoscn13,

title = {Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet},

author = {Ana Nieto and Javier Lopez},

url = {/wp-content/papers/nietoscn13.pdf

http://onlinelibrary.wiley.com/doi/10.1002/sec.809/abstract?deniedAccessCustomisedMessage=\&userIsAuthenticated=false},

doi = {10.1002/sec.809},

issn = {1939-0114},

year  = {2013},

date = {2013-01-01},

urldate = {2013-01-01},

journal = {Security and Communication Networks (SCN) Journal},

volume = {7},

pages = {2778-2803},

publisher = {Wiley-Blackwell},

abstract = {Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1762,

title = {Critical Control System Protection in the 21st Century: Threats and Solutions},

author = {Cristina Alcaraz and Sherali Zeadally},

doi = {10.1109/MC.2013.69},

issn = {0018-9162},

year  = {2013},

date = {2013-00-01},

urldate = {2013-00-01},

journal = {IEEE Computer},

volume = {46},

number = {10},

pages = {74 - 83},

publisher = {IEEE Computer Society},

abstract = {Information systems, networks, and technologies have become an integral part of modern critical control systems that manage many of today\&$#$x2019;s critical infrastructures. The continuous operation, maintenance, and protection of critical infrastructures have become a high national priority for governments around the world because our society heavily depends on them for most of our daily activities (travel, power usage, banking transactions, telecommunications, etc) and safety. It is therefore critical that these infrastructures have to be protected from potential accidental incidents or cyberattacks. We present the fundamental architectural components of critical control systems which manage most critical infrastructures. We identify some of the vulnerabilities and threats to modern critical control systems followed by protection solutions that can be deployed to mitigate attacks exploiting these vulnerabilities.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1752,

title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things},

author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},

url = {/wp-content/papers/1752.pdf},

doi = {10.1016/j.adhoc.2012.12.001},

issn = {1570-8705},

year  = {2013},

date = {2013-00-01},

urldate = {2013-00-01},

journal = {Ad Hoc Networks},

volume = {11},

pages = {1091\textendash1104},

publisher = {Elsevier},

abstract = {The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1761,

title = {Wide-Area Situational Awareness for Critical Infrastructure Protection},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/1761.pdf

http://doi.ieeecomputersociety.org/10.1109/MC.2013.72},

doi = {10.1109/MC.2013.72},

issn = {0018-9162},

year  = {2013},

date = {2013-00-01},

urldate = {2013-00-01},

journal = {IEEE Computer},

volume = {46},

number = {4},

pages = {30-37},

publisher = {IEEE Computer Society},

abstract = {Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{AlcarazR2012,

title = {Selecting key management schemes for WSN applications},

author = {Cristina Alcaraz and Javier Lopez and Rodrigo Roman and Hsiao-Hwa Chen},

url = {/wp-content/papers/AlcarazR2012.pdf

http://www.sciencedirect.com/science/article/pii/S0167404812001034},

doi = {10.1016/j.cose.2012.07.002},

issn = {0167-4048},

year  = {2012},

date = {2012-11-01},

urldate = {2012-11-01},

journal = {Computers \& Security},

volume = {31},

number = {38},

pages = {956\textendash966},

publisher = {Elsevier},

abstract = {Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1750,

title = {Towards Privacy Protection in Smart Grid},

author = {Sherali Zeadally and Al-Sakib Khan Pathan and Cristina Alcaraz and Mohamad Badra},

url = {/wp-content/papers/1750.pdf},

doi = {10.1007/s11277-012-0939-1},

issn = {0929-6212},

year  = {2012},

date = {2012-11-01},

urldate = {2012-11-01},

journal = {Wireless Personal Communications},

volume = {73},

pages = {23-50},

publisher = {Springer},

abstract = {The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information communication technologies. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. This two-way interaction allows electricity to be generated in real-time based on consumers’ demands and power requests. As a result, consumer privacy becomes an important concern when collecting energy usage data with the deployment and adoption of smart grid technologies. To protect such sensitive information it is imperative that privacy protection mechanisms be used to protect the privacy of smart grid users. We present an analysis of recently proposed smart grid privacy solutions and identify their strengths and weaknesses in terms of their implementation complexity, efficiency, robustness, and simplicity.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2010a,

title = {Advanced Secure Multimedia Services for Digital Homes},

author = {Rodrigo Roman and Javier Lopez and Olivier Dugeon and Marc Lacoste and Pierre Plaza Tron and Marta Bel},

url = {/wp-content/papers/Roman2010a.pdf

http://www.springerlink.com/content/1785645v5246006u/},

doi = {10.1007/s10796-010-9258-9},

issn = {1387-3326},

year  = {2012},

date = {2012-07-01},

urldate = {2012-07-01},

journal = {Information Systems Frontiers},

volume = {14},

pages = {527-540},

publisher = {Springer},

abstract = {Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Galindo2010,

title = {On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks},

author = {David Galindo and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/Galindo2010.pdf},

doi = {10.1002/wcm.894},

issn = {1530-8669},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

journal = {Wireless Communications and Mobile Computing},

volume = {12},

pages = {133-143},

publisher = {Wiley},

abstract = {Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{munoz2012,

title = {A performance-oriented monitoring system for security properties in cloud computing applications},

author = {Antonio Mu\~{n}oz},

editor = {Javier Gonz\'{a}lez},

url = {/wp-content/papers/munoz2012.pdf},

issn = {1460-2067},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

journal = {The Computer Journal},

publisher = {Oxford Academic},

address = {Reino Unido},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1730,

title = {Analysis of Requirements for Critical Control Systems},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/1730.pdf

http://www.sciencedirect.com/science/article/pii/S1874548212000455},

doi = {10.1016/j.ijcip.2012.08.003},

issn = {1874-5482},

year  = {2012},

date = {2012-00-01},

urldate = {2012-00-01},

journal = {International Journal of Critical Infrastructure Protection (IJCIP)},

volume = {5},

pages = {137\textendash145},

publisher = {Elsevier},

abstract = {The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Rios2011a,

title = {Analysis of Location Privacy Solutions in Wireless Sensor Networks},

author = {Ruben Rios and Javier Lopez},

url = {/wp-content/papers/Rios2011a.pdf},

doi = {10.1049/iet-com.2010.0825},

issn = {1751-8628},

year  = {2011},

date = {2011-11-01},

urldate = {2011-11-01},

journal = {IET Communications},

volume = {5},

pages = {2518 - 2532},

publisher = {Institution of Engineering and Technology},

abstract = {Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2011,

title = {An Early Warning System based on Reputation for Energy Control Systems},

author = {Cristina Alcaraz and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/Alcaraz2011.pdf},

doi = {10.1109/TSG.2011.2161498},

issn = {1949-3053},

year  = {2011},

date = {2011-11-01},

urldate = {2011-11-01},

journal = {IEEE Transactions on Smart Grid},

volume = {2},

number = {4},

pages = {827-834},

publisher = {IEEE},

abstract = {Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Rios2011b,

title = {Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks},

author = {Ruben Rios and Javier Lopez},

url = {/wp-content/papers/Rios2011b.pdf},

doi = {10.1093/comjnl/bxr055},

issn = {0010-4620},

year  = {2011},

date = {2011-09-01},

urldate = {2011-09-01},

journal = {The Computer Journal},

volume = {54},

pages = {1603-1615},

publisher = {Oxford University Press},

abstract = {The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1633,

title = {Securing the Internet of Things},

author = {Rodrigo Roman and Pablo Najera and Javier Lopez},

url = {/wp-content/papers/1633.pdf},

doi = {10.1109/MC.2011.291},

issn = {0018-9162},

year  = {2011},

date = {2011-09-01},

urldate = {2011-09-01},

journal = {IEEE Computer},

volume = {44},

number = {9},

pages = {51 -58},

publisher = {IEEE},

abstract = {This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2011a,

title = {Secure SCADA Framework for the Protection of Energy Control Systems},

author = {Cristina Alcaraz and Javier Lopez and Jianying Zhou and Rodrigo Roman},

url = {/wp-content/papers/Alcaraz2011a.pdf},

doi = {10.1002/cpe.1679},

issn = {1532-0626},

year  = {2011},

date = {2011-08-01},

urldate = {2011-08-01},

journal = {Concurrency and Computation Practice \& Experience},

volume = {23},

number = {12},

pages = {1414-1430},

publisher = {John Wiley \& Sons, Inc.},

abstract = {Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{roman2011,

title = {Key management systems for sensor networks in the context of the Internet of Things},

author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Nicolas Sklavos},

url = {/wp-content/papers/roman2011.pdf

http://www.sciencedirect.com/science/article/B6V25-527FRSD-1/2/62661c595153993639c43b9b331d8d66},

doi = {10.1016/j.compeleceng.2011.01.009},

issn = {0045-7906},

year  = {2011},

date = {2011-03-01},

urldate = {2011-03-01},

journal = {Computers \& Electrical Engineering},

volume = {37},

pages = {147-159},

publisher = {Elsevier},

abstract = {If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{vivas2010,

title = {A methodology for security assurance-driven system development},

author = {Jose L. Vivas and Isaac Agudo and Javier Lopez},

url = {/wp-content/papers/vivas2010.pdf},

doi = {10.1007/s00766-010-0114-8},

issn = {0947-3602},

year  = {2011},

date = {2011-03-01},

urldate = {2011-03-01},

journal = {Requirements Engineering},

volume = {16},

number = {1},

pages = {55-73},

publisher = {Springer},

abstract = {In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rosado2009,

title = {Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid systems},

author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini},

url = {/wp-content/papers/rosado2009.pdf},

doi = {10.1587/transinf.E94.D.243},

issn = {0916-8532},

year  = {2011},

date = {2011-02-01},

urldate = {2011-02-01},

journal = {IEICE Trans. on Information and Systems},

volume = {E94-D},

pages = {243-254},

publisher = {IEICE},

abstract = {The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2010,

title = {A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures},

author = {Rodrigo Roman and Javier Lopez and Pablo Najera},

url = {/wp-content/papers/Roman2010.pdf},

doi = {10.1002/wcm.1006},

issn = {1530-8669},

year  = {2011},

date = {2011-01-01},

urldate = {2011-01-01},

journal = {Wireless Communications and Mobile Computing},

volume = {11},

pages = {267-276},

publisher = {Wiley},

abstract = {The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Najera2010,

title = {Real-time Location and Inpatient Care Systems Based on Passive RFID},

author = {Pablo Najera and Javier Lopez},

url = {/wp-content/papers/Najera2010.pdf

http://www.sciencedirect.com/science/article/B6WKB-5023KSB-1/2/3b970ad38b2ce768888c4eec24ea472a},

doi = {10.1016/j.jnca.2010.04.011},

issn = {1084-8045},

year  = {2011},

date = {2011-01-01},

urldate = {2011-01-01},

journal = {Journal of Network and Computer Applications},

volume = {34},

pages = {pp. 980-989},

publisher = {Elsevier},

abstract = {RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient’s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient’s safety. Considerations regarding lessons learned and challenges faced are exposed.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rosado2010d,

title = {Security Services Architecture for Secure Mobile Grid Systems},

author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez},

issn = {1383-7621},

year  = {2011},

date = {2011-00-01},

urldate = {2011-00-01},

journal = {Journal of Systems Architecture},

volume = {57},

pages = {240-258},

publisher = {Elsevier},

address = {Mobile Grid, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. Security is an important aspect in Grid based systems, and it is more complex to ensure this in a mobile platform owing to the limitation},

abstract = {Mobile Grid, is a full inheritor of the Grid with the additional feature that it supports mobile users andresources. Security is an important aspect in Grid based systems, and it is more complex to ensure thisin a mobile platform owing to the limitations of resources in these devices. A Grid infrastructure that supportsthe participation of mobile nodes and incorporates security aspects will thus play a significant rolein the development of Grid computing. The idea of developing software through systematic developmentprocesses to improve software quality is not new. However, many information systems such as those ofGrid Computing are still not developed through methodologies which have been adapted to their mostdifferentiating features. The lack of adequate development methods for this kind of systems in whichsecurity is taken into account has encouraged us to build a methodology to develop them, offering adetailed guide for their analysis, design and implementation. It is important to use software V\&V techniques,according to IEEE Std. 1012 for Software Verification and Validation, to ensure that a software systemmeets the operational needs of the user. This ensures that the requirements for the system arecorrect, complete, and consistent, and that the life-cycle products correctly design and implement systemrequirements. This paper shows part of a development process that we are elaborating for the constructionof information systems based on Grid Computing, which are highly dependent on mobile devices inwhich security plays a highly important role. In the design activity of the process, we design a securityarchitecture which serves as a reference for any mobile Grid application that we wish to build since thissecurity architecture defines a complete set of security services which will be instantiated depending onthe requirements and features found in previous activities of the process. A V\&V task is also defined in thedesign activity to validate and verify both the architecture built and the traceability of the artifacts generatedin this activity. In this paper, we will present the service-oriented security architecture for MobileGrid Systems which considers all possible security services that may be required for any mobile Grid application.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rosado2011,

title = {Systematic Design of Secure Mobile Grid Systems},

author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini},

issn = {1084-8045},

year  = {2011},

date = {2011-00-01},

urldate = {2011-00-01},

journal = {Journal of Network and Computer Applications},

volume = {34},

pages = {1168-1183},

publisher = {Elsevier},

abstract = {Grid computing has arisen as an evolution of distributed systems mainly focused on the sharing of and remote access to resources in a uniform, transparent, secure, efficient and reliable manner. It is possible to join Grid technology and mobile technology in order to create one of the most promising technologies and developments to appear in recent years, in that they enrich one another and provide new solutions that solve many of the limitations and problems found in different technologies. Security is a very important factor in Mobile Grid Computing and is also difficult to achieve owing to the open nature of wireless networks and heterogeneous and distributed environments. Success in obtaining a secure system originates in incorporating security from the first stages of the development process. It has therefore been necessary to define a development process for this kind of systems in which security is incorporated in all stages of the development and the features and particularities of the Mobile Grid systems are taken into consideration. This paper presents one of the activities of this development process, the design activity, which consists of defining and designing a security software architecture. This architecture will be built from a security architecture, defined as reference architecture, in which security services, interfaces and operations are defined with the purpose of defining a reference security architecture which covers the majority of security requirements identified in the analysis activity. The design activity will build the system architecture that will be the input artefact for the subsequent activity in the process, which is the construction activity.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{vivas2009,

title = {A security framework for a workflow-based grid development platform.},

author = {Jose L. Vivas and Carmen Fernandez-Gago and Andres Benjumea and Javier Lopez},

url = {/wp-content/papers/vivas2009.pdf},

doi = {10.1016/j.csi.2009.04.001},

issn = {0920-5489},

year  = {2010},

date = {2010-10-01},

urldate = {2010-10-01},

journal = {Computer Standards and Interfaces},

volume = {32},

number = {5-6},

pages = {230-245},

publisher = {Elsevier},

abstract = {This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rofelopi,

title = {Developing a Secure Mobile Grid System through a UML Extension},

author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini},

doi = {10.3217/jucs-016-17-2333},

issn = {0948-695x},

year  = {2010},

date = {2010-09-01},

urldate = {2010-09-01},

journal = {Journal of Universal Computer Science},

volume = {16},

number = {17},

pages = {2333-2352},

publisher = {Springer},

abstract = {The idea of developing software through systematic development processes toimprove software quality is not new. Nevertheless, there are still many information systemssuch as those of Grid Computing which are not developed through methodologies that areadapted to their most differentiating features. A systematic development process for Gridsystems that supports the participation of mobile nodes and incorporates security aspects intothe entire software lifecycle will thus play a significant role in the development of systemsbased on Grid computing. We are creating a development process for the construction ofinformation systems based on Grid Computing, which is highly dependent on mobile devices,in which security plays a highly important role. One of the activities in this process is that ofanalysis which is focused on ensuring that the system’s security and functional requirements areelicited, specified and modelled. In our approach, this activity is driven by use cases andsupported by the reusable repository. This obtains, builds, defines and refines the use cases ofthe secure Mobile Grid systems which represent the functional and non-functional requirementsof this kind of systems. In this paper, we present the proposed development process throughwhich we introduce the main aspects of the UML profile defined for building use case diagramsin the mobile Grid context through which it is possible to represent specific mobile Gridfeatures and security aspects, showing in detail how to build use case diagrams for a real mobile Grid application by using our UML profile, denominated as GridUCSec-Profile.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Agudo2010b,

title = {A Scale Based Trust Model for Multi-Context Environments},

author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/Agudo2010b.pdf},

doi = {10.1016/j.camwa.2010.02.009},

issn = {0898-1221},

year  = {2010},

date = {2010-07-01},

urldate = {2010-07-01},

journal = {Computers and Mathematics with Applications},

volume = {60},

pages = {209-216},

publisher = {Elsevier},

abstract = {When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2010a,

title = {A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems},

author = {Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/Alcaraz2010a.pdf

http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=\&arnumber=5443456\&queryText%253DC.+Alcaraz%2526openedRefinements%253D*%2526searchField%253DSearch+All\&fromGateway=true},

doi = {10.1109/TSMCC.2010.2045373},

issn = {1094-6977},

year  = {2010},

date = {2010-07-01},

urldate = {2010-07-01},

journal = {IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews},

volume = {40},

number = {4},

pages = {419-428},

publisher = {IEEE},

abstract = {Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rosado2010b,

title = {Analysis of Secure Mobile Grid Systems: A Systematic Approach},

author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini},

doi = {10.1016/j.infsof.2010.01.002},

issn = {0950-5849},

year  = {2010},

date = {2010-05-01},

urldate = {2010-05-01},

journal = {Information and Software Technology},

volume = {52},

pages = {517-536},

publisher = {Elsevier},

abstract = {Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{jlopez09,

title = {Los Desaf\'{i}os de Seguridad en la Internet de los Objetos},

author = {Javier Lopez and Rodrigo Roman and Pablo Najera},

url = {/wp-content/papers/jlopez09.pdf},

issn = {1136-0623},

year  = {2010},

date = {2010-02-01},

urldate = {2010-02-01},

journal = {Revista SIC},

volume = {88},

pages = {66-73},

publisher = {Ediciones CODA},

abstract = {El paradigma de la Internet de los Objetos, donde todos aquellos objetos f\'{i}sicos que nos rodean tendr\'{a}n la capacidad de generar y consumir informaci\'{o}n en el \'{a}mbito de un mundo virtual, se encuentra cada vez m\'{a}s cerca. Es ahora un buen momento para llamar la atenci\'{o}n sobre sus principales desaf\'{i}os de seguridad, tanto desde un punto de vista global como asociados a sus elementos m\'{a}s importantes (la tecnolog\'{i}a RFID y las redes de sensores). As\'{i}, este paradigma puede ser plenamente comprendido y protegido, evolucionando hacia uno de los nuevos pilares del futuro.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1694,

title = {Authentication and Key Establishment in Dynamic Wireless Sensor Networks},

author = {Ying Qiu and Jianying Zhou and Joonsang Baek and Javier Lopez},

url = {/wp-content/papers/1694.pdf},

issn = {1424-8220},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

journal = {Sensors},

volume = {10},

pages = {3718-3731},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{FerrerGomilla2009,

title = {Certified electronic mail: Properties revisited},

author = {Josep L. Ferrer-Gomila and Jose A. Onieva and Magdalena Payeras and Javier Lopez},

url = {/wp-content/papers/FerrerGomilla2009.pdf

http://www.sciencedirect.com/science/article/B6V8G-4WR19XR-1/2/eda89f747b077fc68fa061f213ddf6d5},

doi = {10.1016/j.cose.2009.06.009},

issn = {0167-4048},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

journal = {Computers \& Security},

volume = {29},

number = {2},

pages = {167 - 179},

abstract = {Certified electronic mail is an added value to traditional electronic mail. In the definition of this service some differences arise: a message in exchange for a reception proof, a message and a non repudiation of origin token in exchange for a reception proof, etc. It greatly depends on whether we want to emulate the courier service or improve the service in the electronic world. If the definition of the service seems conflictive, the definition of the properties and requirements of a good certified electronic mail protocol is even more difficult. The more consensuated features are the need of a fair exchange and the existence of a trusted third party (TTP). Each author chooses the properties that considers the most important, and many times the list is conditioned by the proposal. Which kind of TTP must be used? Must it be verifiable, transparent and/or stateless? Which features must the communication channel fulfil? Which temporal requirements must be established? What kind of fairness is desired? What efficiency level is required? Are confidentiality or transferability of the proofs compulsory properties? In this paper we collect the definitions, properties and requirements related with certified electronic mail. The aim of the paper is to create a clearer situation and analyze how some properties cannot be achieved simultaneously. Each protocol designer will have to decide which properties are the most important in the environment in where the service is to be deployed.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1589,

title = {Digital Identity and Identity Management Technologies},

author = {Isaac Agudo},

url = {/wp-content/papers/1589.pdf

http://www.cepis.org/upgrade/files/issue-1-2010-agudo.ruiz.pdf},

issn = {1684-5285},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

journal = {UPGRADE - The European Journal of the Informatics Professional},

volume = {2010},

pages = {6 - 12},

publisher = {CEPIS},

abstract = {There are many technologies for identity management available in the form of open specifications, open source tools and commercial applications. Currently, there are some competing standards for identity management. At the beginning SAML was the only viable choice with a higher enough acceptance level. Recently, another technology called WS-Federation has also gain some attention from the community. Although this technology is not as mature as SAML, it modular design gives it some advantages over SAML. It this work we mainly focus on the WS-Federation and the family of specifications that surround it.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JordiForne2009,

title = {Pervasive Authentication and Authorization Infrastructures for Mobile Users},

author = {Jordi Forne and M. Francisca Hinarejos and Andres Marin and Florina Almenarez and Javier Lopez and Jose A. Montenegro and Marc Lacoste and Daniel Diaz},

url = {/wp-content/papers/JordiForne2009.pdf},

doi = {10.1016/j.cose.2009.09.001},

issn = {0167-4048},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

journal = {Computer and Security},

volume = {29},

pages = {501-514},

publisher = {elsevier},

abstract = {Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JavierLopezMunoz2010,

title = {Trust Management Systems for Wireless Sensor Networks: Best practices},

author = {Javier Lopez and Rodrigo Roman and Isaac Agudo and Carmen Fernandez-Gago},

url = {/wp-content/papers/JavierLopezMunoz2010.pdf},

doi = {10.1016/j.comcom.2010.02.006},

issn = {0140-3664},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

journal = {Computer Communications},

volume = {33},

number = {9},

pages = {0140-3664},

publisher = {Elsevier},

abstract = {Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Agudo2009,

title = {Concurrent access control for multi-user and multi-processor systems based on trust relationships},

author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/Agudo2009.pdf},

doi = {10.1002/cpe.1430},

issn = {1532-0626},

year  = {2009},

date = {2009-07-01},

urldate = {2009-07-01},

journal = {Concurrency and Computation: Practice and Experience},

volume = {21},

pages = {1389-1403},

publisher = {John Wiley \& Sons},

abstract = {Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{roman2009a,

title = {Integrating Wireless Sensor Networks and the Internet: A Security Analysis},

author = {Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/roman2009a.pdf},

doi = {10.1108/10662240910952373},

issn = {1066-2243},

year  = {2009},

date = {2009-03-01},

urldate = {2009-03-01},

journal = {Internet Research},

volume = {19},

number = {2},

pages = {246-259},

publisher = {Emerald},

abstract = {Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context. 

Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions. 

Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter. 

Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue. 

Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties. 

Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{rosado2009c,

title = {Obtaining Security Requirements for a Mobile Grid System},

author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez},

url = {/wp-content/papers/rosado2009c.pdf},

doi = {10.4018/IJGHPC},

issn = {1938-0259},

year  = {2009},

date = {2009-01-01},

urldate = {2009-01-01},

journal = {International Journal of Grid and High Performance Computing},

volume = {1},

pages = {1-17},

publisher = {IGI-Global},

abstract = {Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, withthe additional feature of supporting mobile users and resources ina seamless, transparent, secure and efficient way. Security ofthese systems, due to their distributed and open nature, isconsidered a topic of great interest. We are elaborating amethodology of development to build secure mobile grid systemsconsidering security on all life cycle. In this paper we present thepractical results applying our methodology to a real case,specifically we apply the part of security requirements analysis toobtain and identify security requirements of a specific applicationfollowing a set of tasks defined for helping us in the definition,identification and specification of the security requirements onour case study. The methodology will help us to build a securegrid application in a systematic and iterative way.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1705,

title = {Secure multiparty payment with an intermediary entity},

author = {Mildrey Carbonell and Jose Maria Sierra and Javier Lopez},

url = {/wp-content/papers/1705.pdf},

issn = {0167-4048},

year  = {2009},

date = {2009-01-01},

urldate = {2009-01-01},

journal = {Computers and Security},

volume = {28},

number = {5},

pages = {289-300},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Najera2009,

title = {Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents},

author = {Pablo Najera and Francisco Moyano and Javier Lopez},

url = {/wp-content/papers/Najera2009.pdf

http://www.jucs.org/jucs_15_5/security_mechanisms_and_access},

doi = {10.3217/jucs-015-05-0970},

issn = {0948-695X},

year  = {2009},

date = {2009-01-01},

urldate = {2009-01-01},

journal = {Journal of Universal Computer Science},

volume = {15},

pages = {970-991},

abstract = {Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2008a,

title = {Gesti\'{o}n segura de redes SCADA},

author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},

url = {/wp-content/papers/Alcaraz2008a.pdf

http://www.ati.es/novatica/indice.html$#$196},

issn = {0211-2124},

year  = {2008},

date = {2008-12-01},

urldate = {2008-12-01},

journal = {Nuevas tendencias en gesti\'{o}n de redes, Nov\'{a}tica},

number = {196},

pages = {20-25},

publisher = {CEPIS},

abstract = {En el momento que se introduce en el mercado nuevas tecnolog\'{i}as basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupci\'{o}n en uno de sus componentes podr\'{i}a suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes an\'{a}lisis de seguridad para as\'{i} mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gesti\'{o}n de red fiable y siempre disponible.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Onieva2008a,

title = {Multi-Party Nonrepudiation: A survey},

author = {Jose A. Onieva and Jianying Zhou and Javier Lopez},

url = {/wp-content/papers/JoseA.Onieva2008a.pdf},

doi = {https://doi.org/10.1145/1456650.1456655},

issn = {0360-0300},

year  = {2008},

date = {2008-12-01},

urldate = {2008-12-01},

journal = {ACM Comput. Surveys},

volume = {41},

number = {1},

pages = {5},

abstract = {Nonrepudiation is a security service that plays an important role in many Internet applications. Traditional two-party nonrepudiation has been studied intensively in the literature. This survey focuses on multiparty scenarios and provides a comprehensive overview. It starts with a brief introduction of fundamental issues on nonrepudiation, including the types of nonrepudiation service and cryptographic evidence, the roles of trusted third-party, nonrepudiation phases and requirements, and the status of standardization. Then it describes the general multiparty nonrepudiation problem, and analyzes state-of-the-art mechanisms. After this, it presents in more detail the 1-N multiparty nonrepudiation solutions for distribution of different messages to multiple recipients. Finally, it discusses advanced solutions for two typical multiparty nonrepudiation applications, namely, multiparty certified email and multiparty contract signing.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Alcaraz2008b,

title = {Secure Management of SCADA Networks},

author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},

url = {/wp-content/papers/Alcaraz2008b.pdf

http://www.upgrade-cepis.org/issues/2008/6/up9-6Alcaraz.pdf},

issn = {1684-5285},

year  = {2008},

date = {2008-12-01},

urldate = {2008-12-01},

journal = {Novatica, New Trends in Network Management},

volume = {9},

number = {6},

pages = {22-28},

publisher = {Cepis UPGRADE},

abstract = {When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Agudo2008d,

title = {Enabling Attribute Delegation in Ubiquitous Environments},

author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro},

url = {/wp-content/papers/Agudo2008d.pdf},

doi = {10.1007/s11036-008-0062-4},

issn = {1383-469X},

year  = {2008},

date = {2008-08-01},

urldate = {2008-08-01},

journal = {Mobile Networks and Applications},

volume = {13},

number = {3-4},

pages = {398-410},

publisher = {Springer},

abstract = {When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2008a,

title = {Situation Awareness Mechanisms for Wireless Sensor Networks},

author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},

url = {/wp-content/papers/Roman2008a.pdf},

doi = {10.1109/MCOM.2008.4481348},

issn = {0163-6804},

year  = {2008},

date = {2008-04-01},

urldate = {2008-04-01},

journal = {IEEE Communications Magazine},

volume = {46},

number = {4},

pages = {102-107},

publisher = {IEEE},

abstract = {A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{VicenteBenjumea2008,

title = {Anonymity Analysis in Credentials-based Systems: A Formal Framework},

author = {Vicente Benjumea and Javier Lopez and Jose M. Troya},

url = {/wp-content/papers/VicenteBenjumea2008.pdf},

issn = {0920-5489},

year  = {2008},

date = {2008-01-01},

urldate = {2008-01-01},

journal = {Computer Standards \& Interfaces},

volume = {30},

number = {4},

pages = {253-261},

publisher = {Elsevier},

abstract = {Anonymity has been formalized and some metrics have been defined in the scope of anonymizing communication channels. In this paper, such formalization has been extended to cope with anonymity in those scenarios where users must anonymously prove that they own certain privileges to perform remote transactions. In these types of scenarios, the authorization policy states the privileges required to perform a given remote transaction. The paper presents a framework to analyze the actual degree of anonymity reached in a given transaction and allows its comparison with an ideal anonymity degree as defined by the authorization policy, providinga tool to model, design and analyze anonymous systems in different scenarios.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Onieva2007a,

title = {Integration of non-repudiation services in mobile DRM scenarios},

author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou and Stefanos Gritzalis},

url = {/wp-content/papers/JoseA.Onieva2007a.pdf},

doi = {10.1007/s11235-007-9050-4},

issn = {1572-9451},

year  = {2007},

date = {2007-09-01},

urldate = {2007-09-01},

journal = {Telecommunications Systems},

volume = {35},

pages = {161-176},

abstract = {In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2007,

title = {A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes},

author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/Roman2007.pdf

http://www.springerlink.com/content/3785k818327456gq/},

doi = {10.1007/s11036-007-0024-2},

issn = {1383-469X},

year  = {2007},

date = {2007-08-01},

urldate = {2007-08-01},

journal = {Mobile Networks and Applications},

volume = {12},

number = {4},

pages = {231-244},

publisher = {Springer},

abstract = {In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JavierLopez2007,

title = {On the deployment of a real scalable delegation service},

author = {Javier Lopez and Isaac Agudo and Jose A. Montenegro},

url = {/wp-content/papers/JavierLopez2007.pdf},

doi = {10.1016/j.istr.2007.05.008},

issn = {1363-4127},

year  = {2007},

date = {2007-06-01},

urldate = {2007-06-01},

journal = {Information Security Technical Report},

volume = {12},

number = {3},

pages = {139-147},

publisher = {Elsevier},

abstract = {This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker and Keynote, and also on SDSI/SPKI. Then, we elaborate on Federation as a particular case of delegation, and remark the importance given to federation by the industry. Finally, the paper discusses about privilege management infrastructures, introducing a new mechanism to extend their functionality using advanced delegation services.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Zhou2007,

title = {An Effective Multi-layered Defense Framework Against Spam},

author = {Jianying Zhou and Wee-Yung Chin and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/Zhou2007.pdf

http://www.sciencedirect.com/science/article/B6VJC-4NS2GR9-1/2/d542b6d1b936f796cad17284a6edbc69},

doi = {10.1016/j.istr.2007.05.007},

issn = {1363-4127},

year  = {2007},

date = {2007-01-01},

urldate = {2007-01-01},

journal = {Information Security Technical Report},

volume = {12},

number = {3},

pages = {179-185},

publisher = {Elsevier},

abstract = {Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users’ overheads.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2007a,

title = {The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure},

author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez},

url = {/wp-content/papers/Roman2007a.pdf

http://www.sciencedirect.com/science/article/B6VJC-4N6NK24-1/2/b1462973afe70af30a10b955d96ccbb6},

doi = {10.1016/j.istr.2007.02.003},

issn = {1363-4127},

year  = {2007},

date = {2007-01-01},

urldate = {2007-01-01},

journal = {Information Security Technical Report},

volume = {12},

number = {1},

pages = {24-31},

publisher = {Elsevier},

abstract = {Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Dix07,

title = {Temporal Logics of Knowledge and their Applications in Security},

author = {Clare Dixon and Carmen Fernandez-Gago and Michael Fisher and Wiebe Hoek},

url = {/wp-content/papers/Dix07.pdf},

issn = {1571-0661},

year  = {2007},

date = {2007-01-01},

urldate = {2007-01-01},

journal = {First Workshop in Information and Computer Security (ICS’06)},

volume = {186},

pages = {27-42},

publisher = {Elsevier},

address = {Timisoara, Romania},

abstract = {Temporal logics of knowledge are useful for reasoning about situations where the knowledge of an agent or component is important, and where change in this knowledge may occur over time. Here we investigate the application of temporal logics of knowledge to the specification and verification of security protocols. We show how typical assumptions relating to authentication protocols can be specified. We consider verification methods for these logics, in particular, focusing on proofs using clausal resolution. Finally we present experiences from using a resolution based theorem prover applied to security protocols specified in temporal logics of knowledge.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{VicenteBenjumea2006a,

title = {Anonymous Attribute Certificates based on Traceable Signatures},

author = {Vicente Benjumea and Javier Lopez and Jose M. Troya},

url = {/wp-content/papers/VicenteBenjumea2006a.pdf},

issn = {1066-2243},

year  = {2006},

date = {2006-01-01},

urldate = {2006-01-01},

journal = {Internet Research},

volume = {16},

number = {2},

pages = {120-139},

publisher = {Elsevier},

address = {Anonymous attribute certificates were introduced by Benjumea et. al (Benjumea, 2004) in order to integrate anonymity capabilities in the standardized X.509 attribute certificates. That solution was based on the use of fair-blind signatures, but did not ex},

abstract = {In Benjumea et. al (Benjumea, 2004) we introduced the concept of anonymousattribute certificates in order to integrate anonymity capabilities in the standardizedX.509 attribute certificates. That solution was based on the use of fair-blind signatures(Stadler, 1995), but did not explore further possibilities of constructing similar datastructures based on more advanced signature schemes. In this new work, we propose anew type of anonymous attribute certificates that is based on the more recently proposedtraceable signature scheme (Kiayias, 2004a), providing a new anonymous authorizationsolution with interesting features that were not covered in the aforementioned scheme.Thus, this new solution allows users to make use of their attribute certificates in ananonymous way, but under certain circumstances it allows to disclose the users’ identities,trace the transactions carried out by any specific user, or revoke any anonymousattribute certificate. An additional contribution of this work is that it pays special attentionto the preservation of the unlinkability property between transactions, makingimpossible the creation of anonymous user profiles.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2006a,

title = {An Anti-spam Scheme Using Pre-challenges},

author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},

url = {/wp-content/papers/Roman2006a.pdf

http://www.sciencedirect.com/science/article/B6TYP-4HYM1T7-1/2/53871c3a06d8e1c9439deda17a05ed2d},

doi = {10.1016/j.comcom.2005.10.037},

issn = {0140-3664},

year  = {2006},

date = {2006-01-01},

urldate = {2006-01-01},

journal = {Computer Communications},

volume = {29},

number = {15},

pages = {2739-2749},

publisher = {Elsevier},

abstract = {Unsolicited Commercial Email, or Spam, is nowadays an increasingly serious problem to email users. A number of anti-spam schemes have been proposed in the literature and some of them have been deployed in email systems, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge, ranging from a simple mathematical problem to a hard-AI problem, is imposed on an email sender in order to forbid machine-based spam reaching receivers’ mailboxes. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service. In this paper, we introduce the pre-challenge scheme, which is based on the challenge-response mechanism and takes advantage of some features of email systems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed in our scheme to reach a good balance between security against spam and convenience to normal email users. Our scheme can be also used for protecting other messaging systems, like Instant Messaging and Blog comments.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{VicenteBenjumea2006,

title = {Specification of a Framework for the Anonymous Use of Privileges},

author = {Vicente Benjumea and Javier Lopez and Jose M. Troya},

url = {/wp-content/papers/VicenteBenjumea2006.pdf},

issn = {0736-5853},

year  = {2006},

date = {2006-01-01},

urldate = {2006-01-01},

journal = {Telematics and Informatics},

volume = {23},

number = {3},

pages = {179-195},

publisher = {Elsevier},

abstract = {In this paper we have defined an open framework to support open distributed applications where anonymous transactions based on user privileges play an important role. The goal of the framework is to provide a basis to the application level, and is presented from an open and general perspective where many different implementation schemes can fit. Moreover, we have presented a set of requirements that implementation schemes must fulfill to conform a fully anonymous privilege system, which guarantees to supported applications that anonymity will be preserved in remote transactions. Finally, we present an application scenario using the services provided by the framework in order to better show the possibilities of what this type of systems offers.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1710,

title = {Unleashing Public-Key Cryptography in Wireless Sensor Networks},

author = {Javier Lopez},

issn = {0926-227X},

year  = {2006},

date = {2006-01-01},

urldate = {2006-01-01},

journal = {Journal of Computer Security},

volume = {14},

number = {5},

pages = {469-482},

publisher = {IOS Press},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{IsaacAgudo2005,

title = {A Graphical Delegation Solution for X.509 Attribute Certificates},

author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro},

url = {/wp-content/papers/IsaacAgudo2005.pdf},

issn = {0926-4981},

year  = {2005},

date = {2005-10-01},

urldate = {2005-10-01},

journal = {ERCIM News},

number = {63},

pages = {33-34},

publisher = {ERCIM},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{javierlopez2005c,

title = {Specification and Design of Advanced Authentication and Authorization Services},

author = {Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson},

url = {/wp-content/papers/javierlopez2005c.pdf},

doi = {10.1016/j.csi.2005.01.005},

issn = {0920-5489},

year  = {2005},

date = {2005-06-01},

urldate = {2005-06-01},

journal = {Computer Standards \& Interfaces},

volume = {27},

number = {5},

pages = {467-478},

publisher = {Elsevier},

abstract = {A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Roman2005f,

title = {Casual Virtual Private Network},

author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},

url = {/wp-content/papers/Roman2005f.pdf},

issn = {0267-6192},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {International Journal of Computer Systems Science \& Engineering},

volume = {3},

pages = {185-192},

publisher = {CRL Publishing},

abstract = {Virtual Private Networks (VPNs) provide a cost-effective way for securing communications using public and insecure networks like the Internet. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network, using centralized security policies for better management and protection. However, in certain scenarios, users may not require such a transparent access to the resources within their networks, but only want temporary secure access to internal services based on their own demands. We call the network architecture with such a feature as Casual VPN. In this paper, we present the notion of Casual VPN, and explain why traditional VPN architectures and protocols are unable to offer Casual VPN services. We also propose and define the operation of a particular Casual VPN architecture, C-VPN, which additionally allows the management of TCP and UDP-based protocols.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Fernandez2005,

title = {First-Order Temporal Verification in Practice},

author = {Carmen Fernandez-Gago and Ullrich Hustadt and Clare Dixon and Michael Fisher and Boris Konev},

url = {/wp-content/papers/Fernandez2005.pdf},

doi = {10.1007/s10817-005-7354-1},

issn = {0168-7433},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {Journal of Automated Reasoning},

volume = {34},

pages = {295-321},

publisher = {Springer},

abstract = {First-order temporal logic, the extension of first-order logic with operators dealing with time, is a powerful and expressive formalism with many potential applications. This expressive logic can be viewed as a framework in which to investigate problems specified in other logics. The monodic fragment of first-order temporal logic is a useful fragment that possesses good computational properties such as completeness and sometimes even decidability. Temporal logics of knowledge are useful for dealing with situations where the knowledge of agents in a system is involved. In this paper we present a translation from temporal logics of knowledge into the monodic fragment of first-order temporal logic. We can then use a theorem prover for monodic first-order temporal logic to prove properties of the translated formulas. This allows problems specified in temporal logics of knowledge to be verified automatically without needing a specialized theorem prover for temporal logics of knowledge. We present the translation, its correctness, and examples of its use.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Winfield2005,

title = {On the Formal Specification of Emergent Behaviours of Swarm Robotics Systems},

author = {Alan Winfield and Jin Sa and Carmen Fernandez-Gago and Clare Dixon and Michael Fisher},

url = {/wp-content/papers/Winfield2005.pdf},

doi = {10.5772/5769},

issn = {1729-8806},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {International Journal of Advanced Robotics Systems},

volume = {2},

pages = {363-371},

publisher = {SAGE Publishing},

abstract = {It is a characteristic of swarm robotics that specifying overall emergent swarm behaviours in terms of the low-level behaviours of individual robots is very difficult. Yet if swarm robotics is to make the transition from the laboratory to real-world engineering realisation we need such specifications. This paper explores the use of temporal logic to formally specify, and possibly also prove, the emergent behaviours of a robotic swarm. The paper makes use of a simplified wireless connected swarm as a case study with which to illustrate the approach. Such a formal approach could be an important step toward a disciplined design methodology for swarm robotics.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{1707,

title = {A Metadata-based Access Control Model for Web Services},

author = {Mariemma I. Yague and Antonio Mana and Javier Lopez},

url = {/wp-content/papers/1707.pdf},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {Internet Research Journal},

volume = {15},

number = {1},

pages = {99-116},

publisher = {Emerald},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Zhou2005,

title = {Optimised Multi-Party Certified Email Protocols},

author = {Jianying Zhou and Jose A. Onieva and Javier Lopez},

url = {/wp-content/papers/Zhou2005.pdf},

doi = {10.1108/09685220510627250},

issn = {0968- 5227},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {Information Management \& Computer Security Journal},

volume = {13},

number = {5},

pages = {350-366},

abstract = {As a value-added service to deliver important data over the Internet with guaranteed receipt for each successful delivery, certified email has been discussed for years and a number of research papers appeared in the literature. But most of them deal with the two-party scenarios, i.e., there are only one sender and one recipient. In some applications, however, the same certified message may need to be sent to a set of recipients. In this paper, we presents two optimized multi-party certified email protocols. They have three major features. (1) A sender could notify multiple recipients of the same information while only those recipients who acknowledged are able to get the information. (2) Both the sender and the recipients can end a protocol run at any time without breach of fairness. (3) The exchange protocols are optimized, each of which have only three steps.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JavierLopez2005b,

title = {Security Protocols Analysis: A SDL-based Approach},

author = {Javier Lopez and Juan J. Ortega and Jose M. Troya},

url = {/wp-content/papers/JavierLopez2005b.pdf},

issn = {0920-5489},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {Computer Standards \& Interfaces},

volume = {27},

number = {3},

pages = {489-499},

publisher = {Elsevier},

abstract = {Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{SokratisKatsikas2005a,

title = {Trust, Privacy and Security in Digital Business},

author = {Sokratis K. Katsikas and Javier Lopez and Guenther Pernul},

url = {/wp-content/papers/SokratisKatsikas2005a.pdf},

issn = {0267-6192},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {International Journal of Computer Systems, Science \& Engineering},

volume = {20},

number = {6},

publisher = {CRL Publishing},

abstract = {An important aspect of e-business is the area of e-commerce. According to recent surveys, one of the most severe restraining factors for the proliferation of e-commerce, as measured by the gap between predicted market value and actual development is the (lack of) security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. A large number of individuals are not willing to engage in e-commerce (or are only participating at a reduced level) simply because they do not trust the e-commerce sites and the underlying information and communication technologies to be secure enough. This paper first considers privacy and security requirements for e-commerce applications; it then discusses methods and technologies that can be used to fulfil these requirements.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JavierLopez2005,

title = {Why Public Key Infrastructures have failed so far?},

author = {Javier Lopez and Rolf Oppliger and Guenther Pernul},

url = {/wp-content/papers/JavierLopez2005.pdf},

issn = {1066-2243},

year  = {2005},

date = {2005-01-01},

urldate = {2005-01-01},

journal = {Internet Research},

volume = {15},

number = {5},

pages = {544-556},

publisher = {Emerald},

abstract = {Since public key cryptography is a fundamental technology for electronic commerce, people have often argued that public key infrastructures and corresponding certification services are the gold-mines of the information age. Contrary to these relatively high expectations, public key infrastructures have not really taken off and many certification service providers have even gone out of business. In this paper, we overview and discuss the technical, economical, legal, and social reasons why public key infrastructures have failed so far, summarize the lessons learnt, and give our expectations about the future development of the field.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Onieva2004a,

title = {Agent-mediated non-repudiation protocols},

author = {Jose A. Onieva and Jianying Zhou and Javier Lopez and Mildrey Carbonell},

url = {/wp-content/papers/Onieva2004a.pdf},

issn = {1567-4223},

year  = {2004},

date = {2004-01-01},

urldate = {2004-01-01},

journal = {Electronic Commerce Research and Applications},

volume = {3},

number = {2},

pages = {152-162},

publisher = {Elsevier},

abstract = {Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes in electronic commerce. In commercial transactions, an intermediary (or agent) might be involved to help transacting parties to conduct their business. Nevertheless, such an intermediary may not be fully trusted. In this paper, we propose agent-mediated non-repudiation protocols and analyze their security requirements. We first present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible. We also identify applications that could take advantage of these agent-mediated non-repudiation protocols.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{JavierLopez2004,

title = {Authentication and Authorization Infrastructures (AAIs): A Comparative Survey},

author = {Javier Lopez and Rolf Oppliger and Guenther Pernul},

url = {/wp-content/papers/JavierLopez2004.pdf},

issn = {0167-4048},

year  = {2004},

date = {2004-01-01},

urldate = {2004-01-01},

journal = {Computers \& Security},

volume = {23},

number = {7},

pages = {578-590},

publisher = {Elsevier},

abstract = {In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed systems, and that proper authorization and access control requires infrastructural support in one way or another. This support can be provided, for example, by an authentication and authorization infrastructure (AAI). Against this background, we overview, analyze, discuss, and put into perspective some technologies that can be used to build and operate AAIs. More specifically, we address Microsoft .NET Passport and some related activities (e.g. the Liberty Alliance Project), Kerberos-based solutions, and AAIs that are based on digital certificates and public key infrastructures (PKIs). We conclude with the observation that there is no single best approach for providing an AAI, that every approach has specific advantages and disadvantages, and that a comprehensive AAI must combine various technologies and approaches.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{AntonioMana2004,

title = {A Framework for Secure Execution of Software},

author = {Antonio Mana and Javier Lopez and Juan J. Ortega and Ernesto Pimentel and Jose M. Troya},

url = {/wp-content/papers/AntonioMana2004.pdf},

issn = {1615-5262},

year  = {2004},

date = {2004-01-01},

urldate = {2004-01-01},

journal = {International Journal of Information Security (IJIS)},

volume = {3},

number = {2},

pages = {99-112},

publisher = {Springer},

abstract = {The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues.We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solutions depends on two basic premises: (i) to increase the physical security by using tamperproof devices, and (ii) to increase the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user can not modify the software to bypass an operation that is crucial: checking the presence of the token. However, the experience shows that the second premise is not realistic because the analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources. In this paper, we review the most relevant works related to software protection, present a taxonomy of those works and, most important, we introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of previous premises; that is, Smartprot has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of Smart- Prot as well as the protocols developed to manage licenses. Finally, we provide an analysis of its implementation details.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}