Supported Publications
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Garcia, Alberto; Alcaraz, Cristina; Lopez, Javier
MAS para la convergencia de opiniones y detección de anomalías en sistemas ciberfísicos distribuidos Proceedings Article
In: VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC), Vigo, 2023.
@inproceedings{Garcia2023,
title = {MAS para la convergencia de opiniones y detecci\'{o}n de anomal\'{i}as en sistemas ciberf\'{i}sicos distribuidos},
author = {Alberto Garcia and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Garcia2023.pdf},
year = {2023},
date = {2023-12-31},
urldate = {2023-12-31},
booktitle = {VIII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC)},
address = {Vigo},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Lopez, Javier
Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems Journal Article
In: IEEE Network Magazine, vol. 37, no. 2, pp. 302-308, 2023, ISSN: 0890-8044.
@article{Alcaraz2023a,
title = {Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2023a.pdf
https://ieeexplore.ieee.org/abstract/document/10239369},
doi = {10.1109/MNET.004.2200529},
issn = {0890-8044},
year = {2023},
date = {2023-12-31},
urldate = {2023-12-31},
journal = {IEEE Network Magazine},
volume = {37},
number = {2},
pages = {302-308},
publisher = {IEEE},
abstract = {New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.
Morales, Daniel; Agudo, Isaac; Lopez, Javier
Private set intersection: A systematic literature review Journal Article
In: Computer Science Review, vol. 49, no. 100567, 2023, ISSN: 1574-0137.
@article{morales2023psi,
title = {Private set intersection: A systematic literature review},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2023psi.pdf
https://www.sciencedirect.com/science/article/pii/S1574013723000345},
doi = {10.1016/j.cosrev.2023.100567},
issn = {1574-0137},
year = {2023},
date = {2023-05-01},
urldate = {2023-05-01},
journal = {Computer Science Review},
volume = {49},
number = {100567},
publisher = {Elsevier},
address = {ScienceDirect},
abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Garcia, Alberto; Alcaraz, Cristina; Lopez, Javier
MAS para la convergencia de opiniones y detección de anomalías en sistemas ciberfísicos distribuidos Proceedings Article
In: VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC), Vigo, 2023.
@inproceedings{Garcia2023,
title = {MAS para la convergencia de opiniones y detecci\'{o}n de anomal\'{i}as en sistemas ciberf\'{i}sicos distribuidos},
author = {Alberto Garcia and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Garcia2023.pdf},
year = {2023},
date = {2023-12-31},
urldate = {2023-12-31},
booktitle = {VIII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC)},
address = {Vigo},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Morales, Daniel; Agudo, Isaac; Lopez, Javier
Integration of MPC into Besu through an extended private transaction model Proceedings Article
In: IEEE International Conference on Metaverse Computing, Networking and Applications, pp. 266-273, IEEE Computer Society IEEE, Kyoto, Japan, 2023.
@inproceedings{morales2023metacom,
title = {Integration of MPC into Besu through an extended private transaction model},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2023metacom.pdf},
doi = {10.1109/MetaCom57706.2023.00056},
year = {2023},
date = {2023-06-01},
urldate = {2023-06-01},
booktitle = {IEEE International Conference on Metaverse Computing, Networking and Applications},
pages = {266-273},
publisher = {IEEE},
address = {Kyoto, Japan},
organization = {IEEE Computer Society},
abstract = {In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.
Morales, Daniel; Agudo, Isaac; Lopez, Javier
Private set intersection: A systematic literature review Journal Article
In: Computer Science Review, vol. 49, no. 100567, 2023, ISSN: 1574-0137.
@article{morales2023psi,
title = {Private set intersection: A systematic literature review},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2023psi.pdf
https://www.sciencedirect.com/science/article/pii/S1574013723000345},
doi = {10.1016/j.cosrev.2023.100567},
issn = {1574-0137},
year = {2023},
date = {2023-05-01},
urldate = {2023-05-01},
journal = {Computer Science Review},
volume = {49},
number = {100567},
publisher = {Elsevier},
address = {ScienceDirect},
abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.
Ruiz, Manuel; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Privacidad Contextual en entornos Edge Proceedings Article
In: VII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2022), pp. 122-129, Bilbao, Spain, 2022, ISBN: 978-84-88734-13-6.
@inproceedings{1979,
title = {Privacidad Contextual en entornos Edge},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1979.pdf},
isbn = {978-84-88734-13-6},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {VII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2022)},
pages = {122-129},
address = {Bilbao, Spain},
abstract = {La privacidad contextual se refiere a la protecci\'{o}n de toda aquella informaci\'{o}n que puede desprenderse de la interacci\'{o}n entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localizaci\'{o}n, el tiempo, los patrones de uso y los diferentes par\'{a}metros necesarios para realizar la comunicaci\'{o}n son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computaci\'{o}n edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un an\'{a}lisis y clasificaci\'{o}n de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desaf\'{i}os en este campo.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La privacidad contextual se refiere a la protección de toda aquella información que puede desprenderse de la interacción entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localización, el tiempo, los patrones de uso y los diferentes parámetros necesarios para realizar la comunicación son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computación edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un análisis y clasificación de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desafíos en este campo.
Alcaraz, Cristina; Lopez, Javier
Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems Journal Article
In: IEEE Network Magazine, vol. 37, no. 2, pp. 302-308, 2023, ISSN: 0890-8044.
@article{Alcaraz2023a,
title = {Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2023a.pdf
https://ieeexplore.ieee.org/abstract/document/10239369},
doi = {10.1109/MNET.004.2200529},
issn = {0890-8044},
year = {2023},
date = {2023-12-31},
urldate = {2023-12-31},
journal = {IEEE Network Magazine},
volume = {37},
number = {2},
pages = {302-308},
publisher = {IEEE},
abstract = {New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
New industrial paradigms, such as the Industrial Internet of Things (IIoT) and Industry 5.0, are emerging in industrial contexts with the aim of fostering quality in operational processes. With the expected launch of 6G in the coming years, IIoT networks in Industry 5.0 ecosystems can leverage 6G technology and its support for training machine learning models using Digital Twins (DTs), embedded in DT Networks (DTNs), to transparently and continuously optimize their communications. Unfortunately, the use of these technologies, in turn, intensifies the attack surface and poses a serious threat to the new goals of Industry 5.0, such as improving the user experience, sustainability and resilience. This article therefore proposes a layered protection framework for 6G-enabled IIoT environments, where not only DTs and DTNs are fully protected, but also the whole 6G ecosystem, complying with the expected goals of Industry 5.0. To achieve this, the framework identifies for each protection layer a set of security and privacy services to subsequently relate them to existing computing infrastructures (cloud, edge, edge-cloud) and provide the best approach for future IIoT deployments.
Morales, Daniel; Agudo, Isaac; Lopez, Javier
Integration of MPC into Besu through an extended private transaction model Proceedings Article
In: IEEE International Conference on Metaverse Computing, Networking and Applications, pp. 266-273, IEEE Computer Society IEEE, Kyoto, Japan, 2023.
@inproceedings{morales2023metacom,
title = {Integration of MPC into Besu through an extended private transaction model},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2023metacom.pdf},
doi = {10.1109/MetaCom57706.2023.00056},
year = {2023},
date = {2023-06-01},
urldate = {2023-06-01},
booktitle = {IEEE International Conference on Metaverse Computing, Networking and Applications},
pages = {266-273},
publisher = {IEEE},
address = {Kyoto, Japan},
organization = {IEEE Computer Society},
abstract = {In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.
Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data.
We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain.
Our work extends Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces.
Alcaraz, Cristina; Cumplido, Jesus; Triviño, Alicia
OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0 Journal Article
In: International Journal of Information Security, 2023, ISSN: 1615-5262.
@article{Alcaraz2023b,
title = {OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0},
author = {Cristina Alcaraz and Jesus Cumplido and Alicia Trivi\~{n}o},
url = {/wp-content/papers/Alcaraz2023b.pdf
https://link.springer.com/article/10.1007/s10207-023-00698-8},
doi = {10.1007/s10207-023-00698-8},
issn = {1615-5262},
year = {2023},
date = {2023-05-05},
urldate = {2023-05-05},
journal = {International Journal of Information Security},
publisher = {Springer},
address = {Springer Verlag},
abstract = {Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.
Muñoz, Antonio; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
A survey on the (in)security of Trusted Execution Environments Journal Article
In: Computers & Security, pp. 103-180, 2023, ISSN: 0167-4048.
@article{MUNOZ2023103180,
title = {A survey on the (in)security of Trusted Execution Environments},
author = {Antonio Mu\~{n}oz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/MUNOZ2023103180.pdf
https://www.sciencedirect.com/science/article/pii/S0167404823000901},
doi = {10.1016/j.cose.2023.103180},
issn = {0167-4048},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {Computers \& Security},
pages = {103-180},
publisher = {Elsevier},
address = {In Press},
abstract = {As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.
Muñoz, Antonio; Fernandez-Gago, Carmen; Lopez-Villa, Roberto
A Test Environment for Wireless Hacking in Domestic IoT Scenarios Journal Article
In: Mobile Networks and Applications, 2022, ISSN: 1383-469X.
@article{munoz2022,
title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios},
author = {Antonio Mu\~{n}oz and Carmen Fernandez-Gago and Roberto Lopez-Villa},
url = {/wp-content/papers/munoz2022.pdf},
doi = {10.1007/s11036-022-02046-x},
issn = {1383-469X},
year = {2022},
date = {2022-10-01},
urldate = {2022-10-01},
journal = {Mobile Networks and Applications},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cumplido, Jesus; Alcaraz, Cristina; Lopez, Javier
Collaborative anomaly detection system for charging stations Proceedings Article
In: The 27th European Symposium on Research in Computer Security (ESORICS 2022), pp. 716–736, Springer, Cham Springer, Cham, 2022.
@inproceedings{Alcaraz2022c,
title = {Collaborative anomaly detection system for charging stations},
author = {Jesus Cumplido and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022c.pdf},
doi = {10.1007/978-3-031-17146-8_35},
year = {2022},
date = {2022-09-01},
urldate = {2022-09-01},
booktitle = {The 27th European Symposium on Research in Computer Security (ESORICS 2022)},
volume = {13555},
pages = {716\textendash736},
publisher = {Springer, Cham},
organization = {Springer, Cham},
abstract = {In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.
Morales, Daniel; Agudo, Isaac; Lopez, Javier
Real-time Crowd Counting based on Wearable Ephemeral IDs Proceedings Article
In: 19th International Conference on Security and Cryptography (SECRYPT 2022), pp. 249-260, Scitepress Scitepress, Lisbon, 2022, ISSN: 2184-7711.
@inproceedings{morales2022cc,
title = {Real-time Crowd Counting based on Wearable Ephemeral IDs},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2022cc.pdf},
doi = {10.5220/0011327200003283},
issn = {2184-7711},
year = {2022},
date = {2022-07-01},
urldate = {2022-07-01},
booktitle = {19th International Conference on Security and Cryptography (SECRYPT 2022)},
pages = {249-260},
publisher = {Scitepress},
address = {Lisbon},
organization = {Scitepress},
abstract = {Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
Verification and Validation Methods for a Trust-by-Design Framework for the IoT Proceedings Article
In: 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22), pp. 183-194, Springer Springer, Newark, NJ, USA, 2022, ISBN: 978-3-031-10683-5.
@inproceedings{1981,
title = {Verification and Validation Methods for a Trust-by-Design Framework for the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1981.pdf
https://link.springer.com/chapter/10.1007/978-3-031-10684-2_11, },
doi = {10.1007/978-3-031-10684-2_11},
isbn = {978-3-031-10683-5},
year = {2022},
date = {2022-07-01},
urldate = {2022-07-01},
booktitle = {36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22)},
volume = {13383},
pages = {183-194},
publisher = {Springer},
address = {Newark, NJ, USA},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
Novel Approaches for the Development of Trusted IoT Entities Proceedings Article
In: 37th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2022, pp. 215-230, Springer Springer, Copenhagen, 2022, ISSN: 1868-4238.
@inproceedings{1980,
title = {Novel Approaches for the Development of Trusted IoT Entities},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1980.pdf
https://link.springer.com/content/pdf/10.1007%2F978-3-031-06975-8_13, },
doi = {10.1007/978-3-031-06975-8},
issn = {1868-4238},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {37th International Conference on ICT Systems Security and Privacy Protection \textendash IFIP SEC 2022},
pages = {215-230},
publisher = {Springer},
address = {Copenhagen},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Ruiz, Manuel; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Privacidad Contextual en entornos Edge Proceedings Article
In: VII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2022), pp. 122-129, Bilbao, Spain, 2022, ISBN: 978-84-88734-13-6.
@inproceedings{1979,
title = {Privacidad Contextual en entornos Edge},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1979.pdf},
isbn = {978-84-88734-13-6},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {VII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2022)},
pages = {122-129},
address = {Bilbao, Spain},
abstract = {La privacidad contextual se refiere a la protecci\'{o}n de toda aquella informaci\'{o}n que puede desprenderse de la interacci\'{o}n entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localizaci\'{o}n, el tiempo, los patrones de uso y los diferentes par\'{a}metros necesarios para realizar la comunicaci\'{o}n son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computaci\'{o}n edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un an\'{a}lisis y clasificaci\'{o}n de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desaf\'{i}os en este campo.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La privacidad contextual se refiere a la protección de toda aquella información que puede desprenderse de la interacción entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localización, el tiempo, los patrones de uso y los diferentes parámetros necesarios para realizar la comunicación son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computación edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un análisis y clasificación de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desafíos en este campo.
Wang, Xueou; Hou, Xiaolu; Rios, Ruben; Tippenhauer, Nils Ole; Ochoa, Martin
Constrained Proximity Attacks on Mobile Targets Journal Article
In: ACM Transactions on Privacy and Security (TOPS), vol. 25, no. 10, pp. 1 - 29, 2022, ISSN: 2471-2566.
@article{rios2022cpa,
title = {Constrained Proximity Attacks on Mobile Targets},
author = {Xueou Wang and Xiaolu Hou and Ruben Rios and Nils Ole Tippenhauer and Martin Ochoa},
url = {/wp-content/papers/rios2022cpa.pdf},
doi = {10.1145/3498543},
issn = {2471-2566},
year = {2022},
date = {2022-05-01},
urldate = {2022-05-01},
journal = {ACM Transactions on Privacy and Security (TOPS)},
volume = {25},
number = {10},
pages = {1 - 29},
publisher = {Association for Computer Machinery (ACM)},
abstract = {Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.
Alcaraz, Cristina; Lopez, Javier
Digital Twin: A Comprehensive Survey of Security Threats Journal Article
In: IEEE Communications Surveys & Tutorials, vol. 24, no. thirdquarter 2022, pp. 1475 - 1503, 2022, ISSN: 1553-877X.
@article{Alcaraz2022b,
title = {Digital Twin: A Comprehensive Survey of Security Threats},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022b.pdf
https://ieeexplore.ieee.org/document/9765576},
doi = {10.1109/COMST.2022.3171465},
issn = {1553-877X},
year = {2022},
date = {2022-04-01},
urldate = {2022-04-01},
journal = {IEEE Communications Surveys \& Tutorials},
volume = {24},
number = {thirdquarter 2022},
pages = {1475 - 1503},
publisher = {IEEE},
address = {IEEE},
abstract = {Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.
Rios, Ruben; Onieva, Jose A.; Roman, Rodrigo; Lopez, Javier
Personal IoT Privacy Control at the Edge Journal Article
In: IEEE Security & Privacy, vol. 20, pp. 23 - 32, 2022, ISSN: 1540-7993.
@article{rios2022pmec,
title = {Personal IoT Privacy Control at the Edge},
author = {Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rios2022pmec.pdf},
doi = {10.1109/MSEC.2021.3101865},
issn = {1540-7993},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {IEEE Security \& Privacy},
volume = {20},
pages = {23 - 32},
publisher = {IEEE},
abstract = {This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.
Sorry, no publications matched your criteria.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier; Sakurai, Kouichi
Current Perspectives on Securing Critical Infrastructures’ Supply Chains Journal Article
In: IEEE Security & Privacy, vol. 21, no. 4, pp. 29-38, 2023, ISSN: 1540-7993.
@article{Roman2023a,
title = {Current Perspectives on Securing Critical Infrastructures’ Supply Chains},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Kouichi Sakurai},
url = {/wp-content/papers/Roman2023a.pdf},
doi = {10.1109/MSEC.2023.3247946},
issn = {1540-7993},
year = {2023},
date = {2023-03-08},
urldate = {2023-03-08},
journal = {IEEE Security \& Privacy},
volume = {21},
number = {4},
pages = {29-38},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT Book Section
In: Collaborative Approaches for Cyber Security in Cyber-Physical Systems, pp. 145-170, Springer, 2023, ISSN: 1613-5113.
@incollection{2013,
title = {POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/2013.pdf
https://link.springer.com/chapter/10.1007/978-3-031-16088-2_7},
doi = {https://doi.org/10.1007/978-3-031-16088-2_7},
issn = {1613-5113},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Collaborative Approaches for Cyber Security in Cyber-Physical Systems},
pages = {145-170},
publisher = {Springer},
organization = {Springer},
series = {Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
Verification and Validation Methods for a Trust-by-Design Framework for the IoT Proceedings Article
In: 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22), pp. 183-194, Springer Springer, Newark, NJ, USA, 2022, ISBN: 978-3-031-10683-5.
@inproceedings{1981,
title = {Verification and Validation Methods for a Trust-by-Design Framework for the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1981.pdf
https://link.springer.com/chapter/10.1007/978-3-031-10684-2_11, },
doi = {10.1007/978-3-031-10684-2_11},
isbn = {978-3-031-10683-5},
year = {2022},
date = {2022-07-01},
urldate = {2022-07-01},
booktitle = {36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22)},
volume = {13383},
pages = {183-194},
publisher = {Springer},
address = {Newark, NJ, USA},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
Novel Approaches for the Development of Trusted IoT Entities Proceedings Article
In: 37th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2022, pp. 215-230, Springer Springer, Copenhagen, 2022, ISSN: 1868-4238.
@inproceedings{1980,
title = {Novel Approaches for the Development of Trusted IoT Entities},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1980.pdf
https://link.springer.com/content/pdf/10.1007%2F978-3-031-06975-8_13, },
doi = {10.1007/978-3-031-06975-8},
issn = {1868-4238},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {37th International Conference on ICT Systems Security and Privacy Protection \textendash IFIP SEC 2022},
pages = {215-230},
publisher = {Springer},
address = {Copenhagen},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rios, Ruben; Onieva, Jose A.; Roman, Rodrigo; Lopez, Javier
Personal IoT Privacy Control at the Edge Journal Article
In: IEEE Security & Privacy, vol. 20, pp. 23 - 32, 2022, ISSN: 1540-7993.
@article{rios2022pmec,
title = {Personal IoT Privacy Control at the Edge},
author = {Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rios2022pmec.pdf},
doi = {10.1109/MSEC.2021.3101865},
issn = {1540-7993},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {IEEE Security \& Privacy},
volume = {20},
pages = {23 - 32},
publisher = {IEEE},
abstract = {This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.
Fischer-Hübner, Simone; Alcaraz, Cristina; Ferreira, Afonso; Fernandez-Gago, Carmen; Lopez, Javier; Markatos, Evangelos; Islami, Lejla; Akil, Mahdi
Stakeholder Perspectives and Requirements on Cybersecurity in Europe Journal Article
In: Journal of Information Security and Applications, vol. 61, no. 102916, 2021, ISSN: 2214-2126.
@article{Alcaraz2021a,
title = {Stakeholder Perspectives and Requirements on Cybersecurity in Europe},
author = {Simone Fischer-H\"{u}bner and Cristina Alcaraz and Afonso Ferreira and Carmen Fernandez-Gago and Javier Lopez and Evangelos Markatos and Lejla Islami and Mahdi Akil},
url = {/wp-content/papers/Alcaraz2021a.pdf
https://www.sciencedirect.com/science/article/pii/S2214212621001381},
doi = {10.1016/j.jisa.2021.102916},
issn = {2214-2126},
year = {2021},
date = {2021-09-01},
urldate = {2021-09-01},
journal = {Journal of Information Security and Applications},
volume = {61},
number = {102916},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Lopez, Javier; Rubio, Juan E.; Alcaraz, Cristina
Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid Journal Article
In: IEEE Wireless Communications, vol. 28, pp. 48-55, 2021, ISSN: 1536-1284.
@article{lopez2020,
title = {Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid},
author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},
url = {/wp-content/papers/lopez2020.pdf
https://ieeexplore.ieee.org/document/9430900},
doi = {10.1109/MWC.001.2000336},
issn = {1536-1284},
year = {2021},
date = {2021-04-01},
urldate = {2021-04-01},
journal = {IEEE Wireless Communications},
volume = {28},
pages = {48-55},
publisher = {IEEE},
abstract = {Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
A model-driven approach to ensure trust in the IoT Journal Article
In: Human-centric Computing and Information Sciences, vol. 10, no. 50, 2020, ISSN: 2192-1962.
@article{ferraris2020b,
title = {A model-driven approach to ensure trust in the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/ferraris2020b.pdf},
doi = {10.1186/s13673-020-00257-3},
issn = {2192-1962},
year = {2020},
date = {2020-12-01},
urldate = {2020-12-01},
journal = {Human-centric Computing and Information Sciences},
volume = {10},
number = {50},
publisher = {Springer},
abstract = {The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.
Kolar, Martin; Fernandez-Gago, Carmen; Lopez, Javier
A Model Specification Implementation for Trust Negotiation Proceedings Article
In: The 14th International Conference on Network and System Security (NSS 2020), pp. 327-341, Springer Springer, Melbourne, Australia, 2020.
@inproceedings{1852,
title = {A Model Specification Implementation for Trust Negotiation},
author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1852.pdf},
year = {2020},
date = {2020-11-01},
urldate = {2020-11-01},
booktitle = {The 14th International Conference on Network and System Security (NSS 2020)},
volume = {12570},
pages = {327-341},
publisher = {Springer},
address = {Melbourne, Australia},
organization = {Springer},
abstract = {Trust negotiation represents a suitable approach for building trust in online environments, where the interacting entities are anonymous. It covers important criteria on security and privacy. In this work, we propose a method for implementing our model specification that handles trust negotiation. We define the structure of the trust negotiation module that is a standalone unit capable of negotiating on its own. It may be included to any software by its defined interfaces. We realise our method with a ride-sharing scenario and four trust negotiation strategies that we apply in order to validate our design and implementation. We propose a solution that is fully customisable based on different requirements. The proposal provides guidelines for developers in the process of including trust negotiation into their software.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Trust negotiation represents a suitable approach for building trust in online environments, where the interacting entities are anonymous. It covers important criteria on security and privacy. In this work, we propose a method for implementing our model specification that handles trust negotiation. We define the structure of the trust negotiation module that is a standalone unit capable of negotiating on its own. It may be included to any software by its defined interfaces. We realise our method with a ride-sharing scenario and four trust negotiation strategies that we apply in order to validate our design and implementation. We propose a solution that is fully customisable based on different requirements. The proposal provides guidelines for developers in the process of including trust negotiation into their software.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Game Theory-Based Approach for Defense against APTs Proceedings Article
In: 18th International Conference on Applied Cryptography and Network Security (ACNS’20), pp. 297-320, Springer Springer, 2020, ISBN: 978-3-030-57878-7.
@inproceedings{1840,
title = {Game Theory-Based Approach for Defense against APTs},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1840.pdf},
doi = {10.1007/978-3-030-57878-7_15},
isbn = {978-3-030-57878-7},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
booktitle = {18th International Conference on Applied Cryptography and Network Security (ACNS’20)},
volume = {12147},
pages = {297-320},
publisher = {Springer},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rubio, Juan E.; Roman, Rodrigo; Lopez, Javier
Integration of a Threat Traceability Solution in the Industrial Internet of Things Journal Article
In: IEEE Transactions on Industrial Informatics, vol. 16, no. 6575-6583, 2020, ISSN: 1551-3203.
@article{Rubio2020IIoT,
title = {Integration of a Threat Traceability Solution in the Industrial Internet of Things},
author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Rubio2020IIoT.pdf},
doi = {10.1109/TII.2020.2976747},
issn = {1551-3203},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {16},
number = {6575-6583},
publisher = {IEEE},
abstract = {In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.
Rubio, Juan E.; Alcaraz, Cristina; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Distributed Detection of APTs: Consensus vs. Clustering Proceedings Article
In: 25th European Symposium on Research in Computer Security (ESORICS 2020), pp. 174-192, 2020, ISBN: 978-3-030-58951-6.
@inproceedings{1846,
title = {Distributed Detection of APTs: Consensus vs. Clustering},
author = {Juan E. Rubio and Cristina Alcaraz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1846.pdf},
doi = {10.1007/978-3-030-58951-6_9},
isbn = {978-3-030-58951-6},
year = {2020},
date = {2020-09-01},
urldate = {2020-09-01},
booktitle = {25th European Symposium on Research in Computer Security (ESORICS 2020)},
volume = {12308},
pages = {174-192},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nieto, Ana
Becoming JUDAS: Correlating Users and Devices during a Digital Investigation Journal Article
In: IEEE Transactions on Information Forensics & Security, vol. 15, pp. 3325-3334, 2020, ISSN: 1556-6013.
@article{JUDAS2020,
title = {Becoming JUDAS: Correlating Users and Devices during a Digital Investigation},
author = {Ana Nieto},
url = {/wp-content/papers/JUDAS2020.pdf
https://ieeexplore.ieee.org/document/9069950},
doi = {10.1109/TIFS.2020.2988602},
issn = {1556-6013},
year = {2020},
date = {2020-07-01},
urldate = {2020-07-01},
journal = {IEEE Transactions on Information Forensics \& Security},
volume = {15},
pages = {3325-3334},
publisher = {IEEE},
abstract = {One of the biggest challenges in IoT-forensics is the analysis and correlation of heterogeneous digital evidence, to enable an effective understanding of complex scenarios. This paper defines a methodology for extracting unique objects (e.g., representing users or devices) from the files of a case, defining the context of the digital investigation and increasing the knowledge progressively, using additional files from the case (e.g. network captures). The solution includes external searches using emphopen source intelligence (OSINT) sources when needed. In order to illustrate this approach, the proposed methodology is implemented in the emphJSON Users and Devices analysis (JUDAS) tool, which is able to generate the context from JSON files, complete it, and show the whole context using dynamic graphs. The approach is validated using the files in an IoT-Forensic digital investigation where an important set of potential digital evidence extracted from Amazon’s Alexa Cloud is analysed.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
One of the biggest challenges in IoT-forensics is the analysis and correlation of heterogeneous digital evidence, to enable an effective understanding of complex scenarios. This paper defines a methodology for extracting unique objects (e.g., representing users or devices) from the files of a case, defining the context of the digital investigation and increasing the knowledge progressively, using additional files from the case (e.g. network captures). The solution includes external searches using emphopen source intelligence (OSINT) sources when needed. In order to illustrate this approach, the proposed methodology is implemented in the emphJSON Users and Devices analysis (JUDAS) tool, which is able to generate the context from JSON files, complete it, and show the whole context using dynamic graphs. The approach is validated using the files in an IoT-Forensic digital investigation where an important set of potential digital evidence extracted from Amazon’s Alexa Cloud is analysed.
Alcaraz, Cristina; Rubio, Juan E.; Lopez, Javier
Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features Journal Article
In: Journal of Parallel and Distributed Computing, vol. 144, pp. 124-135, 2020, ISSN: 0743-7315.
@article{Alcaraz2020a,
title = {Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features},
author = {Cristina Alcaraz and Juan E. Rubio and Javier Lopez},
url = {/wp-content/papers/Alcaraz2020a.pdf},
issn = {0743-7315},
year = {2020},
date = {2020-06-01},
urldate = {2020-06-01},
journal = {Journal of Parallel and Distributed Computing},
volume = {144},
pages = {124-135},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Ferraris, Davide; Bastos, Daniel; Fernandez-Gago, Carmen; El-Moussa, Fadi
A Trust Model for Popular Smart Home Devices Journal Article
In: International Journal of Information Security, 2020, ISSN: 1615-5262.
@article{ferraris2020,
title = {A Trust Model for Popular Smart Home Devices},
author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa},
url = {/wp-content/papers/ferraris2020.pdf
https://link.springer.com/article/10.1007/s10207-020-00519-2},
doi = {10.1007/s10207-020-00519-2},
issn = {1615-5262},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
journal = {International Journal of Information Security},
publisher = {Springer},
abstract = {Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.
Ruiz, Manuel; Rios, Ruben; Roman, Rodrigo; Muñoz, Antonio; Martínez, Juan Manuel; Wallace, Jorge
AndroCIES: Automatización de la certificación de seguridad para aplicaciones Android Proceedings Article
In: XVII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2022), pp. 192-197, Ediciones Universidad Cantabria Ediciones Universidad Cantabria, Santander, Spain, 2022.
@inproceedings{2016,
title = {AndroCIES: Automatizaci\'{o}n de la certificaci\'{o}n de seguridad para aplicaciones Android},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Antonio Mu\~{n}oz and Juan Manuel Mart\'{i}nez and Jorge Wallace},
url = {/wp-content/papers/2016.pdf},
year = {2022},
date = {2022-10-01},
urldate = {2022-10-01},
booktitle = {XVII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2022)},
volume = {265},
pages = {192-197},
publisher = {Ediciones Universidad Cantabria},
address = {Santander, Spain},
organization = {Ediciones Universidad Cantabria},
abstract = {El auge de las plataformas m\'{o}viles est\'{a} impulsando el desarrollo de un gran n\'{u}mero de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google est\'{a} apostando por hacer este problema m\'{a}s visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificaci\'{o}n de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificaci\'{o}n de aplicaciones m\'{o}viles, reduciendo en torno a un 20% el tiempo empleado en este proceso.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El auge de las plataformas móviles está impulsando el desarrollo de un gran número de aplicaciones, muchas de las cuales salen al mercado sin las convenientes comprobaciones de seguridad. Recientemente, Google está apostando por hacer este problema más visible y concienciar a los usuarios de la necesidad de instalar aplicaciones verificadas por laboratorios independientes. Sin embargo, la certificación de aplicaciones suele ser una tarea ardua y no exenta de errores. Por ello, en este trabajo, presentamos la herramienta AndroCIES, que es capaz de automatizar en gran medida las evaluaciones necesarias para la certificación de aplicaciones móviles, reduciendo en torno a un 20% el tiempo empleado en este proceso.
Muñoz, Antonio; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
A survey on the (in)security of Trusted Execution Environments Journal Article
In: Computers & Security, pp. 103-180, 2023, ISSN: 0167-4048.
@article{MUNOZ2023103180,
title = {A survey on the (in)security of Trusted Execution Environments},
author = {Antonio Mu\~{n}oz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/MUNOZ2023103180.pdf
https://www.sciencedirect.com/science/article/pii/S0167404823000901},
doi = {10.1016/j.cose.2023.103180},
issn = {0167-4048},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {Computers \& Security},
pages = {103-180},
publisher = {Elsevier},
address = {In Press},
abstract = {As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
As the number of security and privacy attacks continue to grow around the world, there is an ever increasing need to protect our personal devices. As a matter of fact, more and more manufactures are relying on Trusted Execution Environments (TEEs) to shield their devices. In particular, ARM TrustZone (TZ) is being widely used in numerous embedded devices, especially smartphones, and this technology is the basis for secure solutions both in industry and academia. However, as shown in this paper, TEE is not bullet-proof and it has been successfully attacked numerous times and in very different ways. To raise awareness among potential stakeholders interested in this technology, this paper provides an extensive analysis and categorization of existing vulnerabilities in TEEs and highlights the design flaws that led to them. The presented vulnerabilities, which are not only extracted from existing literature but also from publicly available exploits and databases, are accompanied by some effective countermeasures to reduce the likelihood of new attacks. The paper ends with some appealing challenges and open issues.
Jiménez, Pablo Pérez; Onieva, Jose A.; Fernandez, Gerardo
CCBHash (Compound Code Block Hash) para Análisis de Malware Proceedings Article
In: XVII Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 2022, ISBN: 978-84-19024-14-5.
@inproceedings{2033,
title = {CCBHash (Compound Code Block Hash) para An\'{a}lisis de Malware},
author = {Pablo P\'{e}rez Jim\'{e}nez and Jose A. Onieva and Gerardo Fernandez},
url = {/wp-content/papers/2033.pdf},
isbn = {978-84-19024-14-5},
year = {2022},
date = {2022-11-01},
urldate = {2022-11-01},
booktitle = {XVII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {168-173},
abstract = {En estos \'{u}ltimos a\~{n}os, el an\'{a}lisis de malware ha adquirido una importancia cada vez mayor debido al aumento de ataques inform\'{a}ticos, cada vez m\'{a}s sofisticados. Uno de los objetivos que tiene esta rama de la ciberseguridad es encontrar similitudes entre distintos ficheros, permitiendo as\'{i} detectar y clasificar malware e incluso, en algunos casos, realizar atribuciones.
En este trabajo desarrollaremos un fuzzy hash capaz de caracterizar el malware generando una firma f\'{a}cilmente comparable y almacenable de sus funciones. Ya que nuestra meta es poder detectar estas similitudes en grandes cantidades de datos en un periodo de tiempo razonable, el tama\~{n}o del hash debe ser limitado a la vez que guarde la m´axima informaci\'{o}n posible.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En estos últimos años, el análisis de malware ha adquirido una importancia cada vez mayor debido al aumento de ataques informáticos, cada vez más sofisticados. Uno de los objetivos que tiene esta rama de la ciberseguridad es encontrar similitudes entre distintos ficheros, permitiendo así detectar y clasificar malware e incluso, en algunos casos, realizar atribuciones.
En este trabajo desarrollaremos un fuzzy hash capaz de caracterizar el malware generando una firma fácilmente comparable y almacenable de sus funciones. Ya que nuestra meta es poder detectar estas similitudes en grandes cantidades de datos en un periodo de tiempo razonable, el tamaño del hash debe ser limitado a la vez que guarde la m´axima información posible.
En este trabajo desarrollaremos un fuzzy hash capaz de caracterizar el malware generando una firma fácilmente comparable y almacenable de sus funciones. Ya que nuestra meta es poder detectar estas similitudes en grandes cantidades de datos en un periodo de tiempo razonable, el tamaño del hash debe ser limitado a la vez que guarde la m´axima información posible.
Muñoz, Antonio; Fernandez-Gago, Carmen; Lopez-Villa, Roberto
A Test Environment for Wireless Hacking in Domestic IoT Scenarios Journal Article
In: Mobile Networks and Applications, 2022, ISSN: 1383-469X.
@article{munoz2022,
title = {A Test Environment for Wireless Hacking in Domestic IoT Scenarios},
author = {Antonio Mu\~{n}oz and Carmen Fernandez-Gago and Roberto Lopez-Villa},
url = {/wp-content/papers/munoz2022.pdf},
doi = {10.1007/s11036-022-02046-x},
issn = {1383-469X},
year = {2022},
date = {2022-10-01},
urldate = {2022-10-01},
journal = {Mobile Networks and Applications},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cumplido, Jesus; Alcaraz, Cristina; Lopez, Javier
Collaborative anomaly detection system for charging stations Proceedings Article
In: The 27th European Symposium on Research in Computer Security (ESORICS 2022), pp. 716–736, Springer, Cham Springer, Cham, 2022.
@inproceedings{Alcaraz2022c,
title = {Collaborative anomaly detection system for charging stations},
author = {Jesus Cumplido and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022c.pdf},
doi = {10.1007/978-3-031-17146-8_35},
year = {2022},
date = {2022-09-01},
urldate = {2022-09-01},
booktitle = {The 27th European Symposium on Research in Computer Security (ESORICS 2022)},
volume = {13555},
pages = {716\textendash736},
publisher = {Springer, Cham},
organization = {Springer, Cham},
abstract = {In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.
Morales, Daniel; Agudo, Isaac; Lopez, Javier
Real-time Crowd Counting based on Wearable Ephemeral IDs Proceedings Article
In: 19th International Conference on Security and Cryptography (SECRYPT 2022), pp. 249-260, Scitepress Scitepress, Lisbon, 2022, ISSN: 2184-7711.
@inproceedings{morales2022cc,
title = {Real-time Crowd Counting based on Wearable Ephemeral IDs},
author = {Daniel Morales and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/morales2022cc.pdf},
doi = {10.5220/0011327200003283},
issn = {2184-7711},
year = {2022},
date = {2022-07-01},
urldate = {2022-07-01},
booktitle = {19th International Conference on Security and Cryptography (SECRYPT 2022)},
pages = {249-260},
publisher = {Scitepress},
address = {Lisbon},
organization = {Scitepress},
abstract = {Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations.
Alcaraz, Cristina; Garcia, Alberto; Lopez, Javier
Implicaciones de seguridad en MAS Desplegados en Infraestructuras de Carga basadas en OCPP Proceedings Article
In: VII Jornadas Nacionales en Investigación en Ciberseguridad (JNIC 2022), pp. 172-179, 2022, ISBN: 978-84-88734-13-6.
@inproceedings{1989,
title = {Implicaciones de seguridad en MAS Desplegados en Infraestructuras de Carga basadas en OCPP},
author = {Cristina Alcaraz and Alberto Garcia and Javier Lopez},
url = {/wp-content/papers/1989.pdf},
isbn = {978-84-88734-13-6},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {VII Jornadas Nacionales en Investigaci\'{o}n en Ciberseguridad (JNIC 2022)},
pages = {172-179},
abstract = {El inter\'{e}s actual por desplegar infraestructuras de carga de veh\'{i}culos el\'{e}ctricos para el ahorro energ\'{e}tico y la sostenibilidad es cada vez m\'{a}s palpable, lo que llama la atenci\'{o}n a muchas comunidades, especialmente a la cient\'{i}fica, para explorar, entre otras cosas, la influencia de las nuevas tecnolog\'{i}as de informaci\'{o}n en los procesos operacionales. Teniendo en cuenta este escenario, este art\'{i}culo, por tanto, analiza c\'{o}mo el uso de los sistemas de multi-agente pueden beneficiar las tareas de monitorizaci\'{o}n, mantenimiento y de seguridad, y propone una arquitectura espec\'{i}fica en base a los actores especificados en el protocolo OCPP (Open Charge Point Protocol). Esta arquitectura constituye la base para analizar los diversos tipos de amenazas que agentes software pueden sufrir, clasific\'{a}ndolas de acuerdo a las caracter\'{i}sticas funcionales e interacciones con los diversos elementos de la infraestructura. Esta agrupaci\'{o}n y el conjunto de ataques abordados est\'{a}n basados en el SP-800-19 definido por el National Institute of Standards and Technology, y formalizados siguiendo la metodolog\'{i}a de \'{a}rboles de ataque. El estudio revela la importancia que tiene analizar los riesgos que esta tecnolog\'{i}a puede traer a este escenario, proporcionando, adem\'{a}s, un conjunto de recomendaciones que sirvan de gu\'{i}a para aplicaciones futuras.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El interés actual por desplegar infraestructuras de carga de vehículos eléctricos para el ahorro energético y la sostenibilidad es cada vez más palpable, lo que llama la atención a muchas comunidades, especialmente a la científica, para explorar, entre otras cosas, la influencia de las nuevas tecnologías de información en los procesos operacionales. Teniendo en cuenta este escenario, este artículo, por tanto, analiza cómo el uso de los sistemas de multi-agente pueden beneficiar las tareas de monitorización, mantenimiento y de seguridad, y propone una arquitectura específica en base a los actores especificados en el protocolo OCPP (Open Charge Point Protocol). Esta arquitectura constituye la base para analizar los diversos tipos de amenazas que agentes software pueden sufrir, clasificándolas de acuerdo a las características funcionales e interacciones con los diversos elementos de la infraestructura. Esta agrupación y el conjunto de ataques abordados están basados en el SP-800-19 definido por el National Institute of Standards and Technology, y formalizados siguiendo la metodología de árboles de ataque. El estudio revela la importancia que tiene analizar los riesgos que esta tecnología puede traer a este escenario, proporcionando, además, un conjunto de recomendaciones que sirvan de guía para aplicaciones futuras.
Ruiz, Manuel; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Privacidad Contextual en entornos Edge Proceedings Article
In: VII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2022), pp. 122-129, Bilbao, Spain, 2022, ISBN: 978-84-88734-13-6.
@inproceedings{1979,
title = {Privacidad Contextual en entornos Edge},
author = {Manuel Ruiz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1979.pdf},
isbn = {978-84-88734-13-6},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {VII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2022)},
pages = {122-129},
address = {Bilbao, Spain},
abstract = {La privacidad contextual se refiere a la protecci\'{o}n de toda aquella informaci\'{o}n que puede desprenderse de la interacci\'{o}n entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localizaci\'{o}n, el tiempo, los patrones de uso y los diferentes par\'{a}metros necesarios para realizar la comunicaci\'{o}n son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computaci\'{o}n edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un an\'{a}lisis y clasificaci\'{o}n de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desaf\'{i}os en este campo.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La privacidad contextual se refiere a la protección de toda aquella información que puede desprenderse de la interacción entre usuarios y/o servicios, exceptuando los datos que el propio usuario elige transmitir. La localización, el tiempo, los patrones de uso y los diferentes parámetros necesarios para realizar la comunicación son algunos ejemplos. Este tipo de privacidad es extremadamente importante en la computación edge debido al acercamiento de los recursos de la infraestructura a los usuarios. Por ello, el objetivo de este trabajo es ofrecer un análisis y clasificación de las diferentes soluciones propuestas en la literatura respecto a la privacidad contextual en entornos edge, mostrando tanto las capacidades de los mecanismos actuales como los desafíos en este campo.
Wang, Xueou; Hou, Xiaolu; Rios, Ruben; Tippenhauer, Nils Ole; Ochoa, Martin
Constrained Proximity Attacks on Mobile Targets Journal Article
In: ACM Transactions on Privacy and Security (TOPS), vol. 25, no. 10, pp. 1 - 29, 2022, ISSN: 2471-2566.
@article{rios2022cpa,
title = {Constrained Proximity Attacks on Mobile Targets},
author = {Xueou Wang and Xiaolu Hou and Ruben Rios and Nils Ole Tippenhauer and Martin Ochoa},
url = {/wp-content/papers/rios2022cpa.pdf},
doi = {10.1145/3498543},
issn = {2471-2566},
year = {2022},
date = {2022-05-01},
urldate = {2022-05-01},
journal = {ACM Transactions on Privacy and Security (TOPS)},
volume = {25},
number = {10},
pages = {1 - 29},
publisher = {Association for Computer Machinery (ACM)},
abstract = {Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.
Agudo, Isaac; Montenegro-Gómez, Manuel; Lopez, Javier
A Blockchain Approach for Decentralized V2X (D-V2X) Journal Article
In: IEEE Transactions on Vehicular Technology, vol. 70, no. 5, pp. 4001 - 4010, 2021, ISSN: 0018-9545.
@article{Agudo2020,
title = {A Blockchain Approach for Decentralized V2X (D-V2X)},
author = {Isaac Agudo and Manuel Montenegro-G\'{o}mez and Javier Lopez},
url = {/wp-content/papers/Agudo2020.pdf},
doi = {10.1109/TVT.2020.3046640},
issn = {0018-9545},
year = {2021},
date = {2021-05-01},
urldate = {2021-05-01},
journal = {IEEE Transactions on Vehicular Technology},
volume = {70},
number = {5},
pages = {4001 - 4010},
publisher = {IEEE},
abstract = {New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet.
One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications.
Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet.
One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications.
Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.
One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications.
Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT Book Section
In: Collaborative Approaches for Cyber Security in Cyber-Physical Systems, pp. 145-170, Springer, 2023, ISSN: 1613-5113.
@incollection{2013,
title = {POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/2013.pdf
https://link.springer.com/chapter/10.1007/978-3-031-16088-2_7},
doi = {https://doi.org/10.1007/978-3-031-16088-2_7},
issn = {1613-5113},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Collaborative Approaches for Cyber Security in Cyber-Physical Systems},
pages = {145-170},
publisher = {Springer},
organization = {Springer},
series = {Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Cumplido, Jesus; Alcaraz, Cristina; Lopez, Javier
Collaborative anomaly detection system for charging stations Proceedings Article
In: The 27th European Symposium on Research in Computer Security (ESORICS 2022), pp. 716–736, Springer, Cham Springer, Cham, 2022.
@inproceedings{Alcaraz2022c,
title = {Collaborative anomaly detection system for charging stations},
author = {Jesus Cumplido and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022c.pdf},
doi = {10.1007/978-3-031-17146-8_35},
year = {2022},
date = {2022-09-01},
urldate = {2022-09-01},
booktitle = {The 27th European Symposium on Research in Computer Security (ESORICS 2022)},
volume = {13555},
pages = {716\textendash736},
publisher = {Springer, Cham},
organization = {Springer, Cham},
abstract = {In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
Novel Approaches for the Development of Trusted IoT Entities Proceedings Article
In: 37th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2022, pp. 215-230, Springer Springer, Copenhagen, 2022, ISSN: 1868-4238.
@inproceedings{1980,
title = {Novel Approaches for the Development of Trusted IoT Entities},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1980.pdf
https://link.springer.com/content/pdf/10.1007%2F978-3-031-06975-8_13, },
doi = {10.1007/978-3-031-06975-8},
issn = {1868-4238},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {37th International Conference on ICT Systems Security and Privacy Protection \textendash IFIP SEC 2022},
pages = {215-230},
publisher = {Springer},
address = {Copenhagen},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Muñoz, Antonio; Farao, Aristeidis; Casas, Ryan; Xenakis, Christos
P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements Journal Article
In: Information, vol. 12, no. 357, 2021, ISSN: 2078-2489,.
@article{anto2021,
title = {P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements},
author = {Antonio Mu\~{n}oz and Aristeidis Farao and Ryan Casas and Christos Xenakis},
url = {/wp-content/papers/anto2021.pdf},
issn = {2078-2489,},
year = {2021},
date = {2021-08-01},
urldate = {2021-08-01},
journal = {Information},
volume = {12},
number = {357},
publisher = {MDPI},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Lopez, Javier; Rubio, Juan E.; Alcaraz, Cristina
Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid Journal Article
In: IEEE Wireless Communications, vol. 28, pp. 48-55, 2021, ISSN: 1536-1284.
@article{lopez2020,
title = {Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid},
author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},
url = {/wp-content/papers/lopez2020.pdf
https://ieeexplore.ieee.org/document/9430900},
doi = {10.1109/MWC.001.2000336},
issn = {1536-1284},
year = {2021},
date = {2021-04-01},
urldate = {2021-04-01},
journal = {IEEE Wireless Communications},
volume = {28},
pages = {48-55},
publisher = {IEEE},
abstract = {Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
A model-driven approach to ensure trust in the IoT Journal Article
In: Human-centric Computing and Information Sciences, vol. 10, no. 50, 2020, ISSN: 2192-1962.
@article{ferraris2020b,
title = {A model-driven approach to ensure trust in the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/ferraris2020b.pdf},
doi = {10.1186/s13673-020-00257-3},
issn = {2192-1962},
year = {2020},
date = {2020-12-01},
urldate = {2020-12-01},
journal = {Human-centric Computing and Information Sciences},
volume = {10},
number = {50},
publisher = {Springer},
abstract = {The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Game Theory-Based Approach for Defense against APTs Proceedings Article
In: 18th International Conference on Applied Cryptography and Network Security (ACNS’20), pp. 297-320, Springer Springer, 2020, ISBN: 978-3-030-57878-7.
@inproceedings{1840,
title = {Game Theory-Based Approach for Defense against APTs},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1840.pdf},
doi = {10.1007/978-3-030-57878-7_15},
isbn = {978-3-030-57878-7},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
booktitle = {18th International Conference on Applied Cryptography and Network Security (ACNS’20)},
volume = {12147},
pages = {297-320},
publisher = {Springer},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rubio, Juan E.; Roman, Rodrigo; Lopez, Javier
Integration of a Threat Traceability Solution in the Industrial Internet of Things Journal Article
In: IEEE Transactions on Industrial Informatics, vol. 16, no. 6575-6583, 2020, ISSN: 1551-3203.
@article{Rubio2020IIoT,
title = {Integration of a Threat Traceability Solution in the Industrial Internet of Things},
author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Rubio2020IIoT.pdf},
doi = {10.1109/TII.2020.2976747},
issn = {1551-3203},
year = {2020},
date = {2020-10-01},
urldate = {2020-10-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {16},
number = {6575-6583},
publisher = {IEEE},
abstract = {In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.
Rubio, Juan E.; Alcaraz, Cristina; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Distributed Detection of APTs: Consensus vs. Clustering Proceedings Article
In: 25th European Symposium on Research in Computer Security (ESORICS 2020), pp. 174-192, 2020, ISBN: 978-3-030-58951-6.
@inproceedings{1846,
title = {Distributed Detection of APTs: Consensus vs. Clustering},
author = {Juan E. Rubio and Cristina Alcaraz and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1846.pdf},
doi = {10.1007/978-3-030-58951-6_9},
isbn = {978-3-030-58951-6},
year = {2020},
date = {2020-09-01},
urldate = {2020-09-01},
booktitle = {25th European Symposium on Research in Computer Security (ESORICS 2020)},
volume = {12308},
pages = {174-192},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Rubio, Juan E.; Lopez, Javier
Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features Journal Article
In: Journal of Parallel and Distributed Computing, vol. 144, pp. 124-135, 2020, ISSN: 0743-7315.
@article{Alcaraz2020a,
title = {Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features},
author = {Cristina Alcaraz and Juan E. Rubio and Javier Lopez},
url = {/wp-content/papers/Alcaraz2020a.pdf},
issn = {0743-7315},
year = {2020},
date = {2020-06-01},
urldate = {2020-06-01},
journal = {Journal of Parallel and Distributed Computing},
volume = {144},
pages = {124-135},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Muñoz, Antonio
ICITPM: Integrity validation of software in iterative Continuous Integration through the use of Trusted Platform Module (TPM) Proceedings Article
In: Farao, Aristeidis (Ed.): 1st Workshop on Dependability and Safety Emerging Cloud and Fog Systems (DeSECSyS) - Colocated with ESORICS, Guildford (United Kingdom). September 2020., pp. 147–165, Springer Springer, 2020, ISBN: 978-3-030-66504-3.
@inproceedings{munoz2020icitpm,
title = {ICITPM: Integrity validation of software in iterative Continuous Integration through the use of Trusted Platform Module (TPM)},
author = {Antonio Mu\~{n}oz},
editor = {Aristeidis Farao},
url = {/wp-content/papers/munoz2020icitpm.pdf},
doi = {10.1007/978-3-030-66504-3_9},
isbn = {978-3-030-66504-3},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
booktitle = {1st Workshop on Dependability and Safety Emerging Cloud and Fog Systems (DeSECSyS) - Colocated with ESORICS, Guildford (United Kingdom). September 2020.},
volume = {12580},
pages = {147\textendash165},
publisher = {Springer},
organization = {Springer},
abstract = {Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method.
Ferraris, Davide; Bastos, Daniel; Fernandez-Gago, Carmen; El-Moussa, Fadi
A Trust Model for Popular Smart Home Devices Journal Article
In: International Journal of Information Security, 2020, ISSN: 1615-5262.
@article{ferraris2020,
title = {A Trust Model for Popular Smart Home Devices},
author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa},
url = {/wp-content/papers/ferraris2020.pdf
https://link.springer.com/article/10.1007/s10207-020-00519-2},
doi = {10.1007/s10207-020-00519-2},
issn = {1615-5262},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
journal = {International Journal of Information Security},
publisher = {Springer},
abstract = {Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.
Farao, Aristeidis; Rubio, Juan E.; Alcaraz, Cristina; Ntantogian, Christoforos; Xenakis, Christos; Lopez, Javier
SealedGRID: A Secure Interconnection of Technologies for Smart Grid Applications Proceedings Article
In: 14th International Conference on Critical Information Infrastructures Security (CRITIS 2019), pp. 169-175, Springer, Cham Springer, Cham, 2019, ISBN: 978-3-030-37669-7.
@inproceedings{1815,
title = {SealedGRID: A Secure Interconnection of Technologies for Smart Grid Applications},
author = {Aristeidis Farao and Juan E. Rubio and Cristina Alcaraz and Christoforos Ntantogian and Christos Xenakis and Javier Lopez},
url = {/wp-content/papers/1815.pdf},
doi = {10.1007/978-3-030-37670-3_14},
isbn = {978-3-030-37669-7},
year = {2019},
date = {2019-12-01},
urldate = {2019-12-01},
booktitle = {14th International Conference on Critical Information Infrastructures Security (CRITIS 2019)},
volume = {11777},
pages = {169-175},
publisher = {Springer, Cham},
organization = {Springer, Cham},
abstract = {In recent years, the Smart Grid has increasingly integrated cutting-edge technologies that generate several benefits for all the stakeholders involved, such as a more accurate billing system and enhanced Demand Response procedures. However, this modernization also brings with it diverse cyber security and privacy issues, which sets the necessity for developing a security platform specifically tailored to this scenario. In this paper, we present SealedGRID, which proposes a flexible architecture that provides security services at all levels by implementing Trusted Execution Environments on their devices, together with advanced authentication and authorization mechanisms, as well as privacy preserving techniques. These technologies are presented in depth and a final security analysis is conducted, which highlights the contributions of this project.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the Smart Grid has increasingly integrated cutting-edge technologies that generate several benefits for all the stakeholders involved, such as a more accurate billing system and enhanced Demand Response procedures. However, this modernization also brings with it diverse cyber security and privacy issues, which sets the necessity for developing a security platform specifically tailored to this scenario. In this paper, we present SealedGRID, which proposes a flexible architecture that provides security services at all levels by implementing Trusted Execution Environments on their devices, together with advanced authentication and authorization mechanisms, as well as privacy preserving techniques. These technologies are presented in depth and a final security analysis is conducted, which highlights the contributions of this project.
Alcaraz, Cristina; Bernieri, Giuseppe; Pascucci, Federica; Lopez, Javier; Setola, Roberto
Covert Channels-based Stealth Attacks in Industry 4.0 Journal Article
In: IEEE Systems Journal., vol. 13, pp. 3980-3988, 2019, ISSN: 1932-8184.
@article{alcaraz2019a,
title = {Covert Channels-based Stealth Attacks in Industry 4.0},
author = {Cristina Alcaraz and Giuseppe Bernieri and Federica Pascucci and Javier Lopez and Roberto Setola},
url = {/wp-content/papers/alcaraz2019a.pdf
https://ieeexplore.ieee.org/document/8715420?source=authoralert},
doi = {10.1109/JSYST.2019.2912308},
issn = {1932-8184},
year = {2019},
date = {2019-12-01},
urldate = {2019-12-01},
journal = {IEEE Systems Journal.},
volume = {13},
pages = {3980-3988},
publisher = {IEEE},
abstract = {Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.
Rubio, Juan E.; Manulis, Mark; Alcaraz, Cristina; Lopez, Javier
Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics Proceedings Article
In: European Symposium on Research in Computer Security (ESORICS2019), pp. 263-280, 2019.
@inproceedings{RubioESORICS2019,
title = {Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics},
author = {Juan E. Rubio and Mark Manulis and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/RubioESORICS2019.pdf},
doi = {10.1007/978-3-030-29962-0_13},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS2019)},
volume = {11736},
pages = {263-280},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina
Secure Interconnection of IT-OT Networks in Industry 4.0 Book Section
In: Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies, pp. 201-217, Springer International Publishing, 2019, ISBN: 978-3-030-00024-0.
@incollection{alcaraz2019,
title = {Secure Interconnection of IT-OT Networks in Industry 4.0},
author = {Cristina Alcaraz},
url = {/wp-content/papers/alcaraz2019.pdf},
doi = {10.1007/978-3-030-00024-0_11},
isbn = {978-3-030-00024-0},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies},
pages = {201-217},
publisher = {Springer International Publishing},
organization = {Springer International Publishing},
series = {Advanced Sciences and Technologies for Security Applications book series (ASTSA)},
abstract = {Increasingly, the society is witnessing how today’s industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Increasingly, the society is witnessing how today’s industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.
Garcia, Alberto; Alcaraz, Cristina; Lopez, Javier
MAS para la convergencia de opiniones y detección de anomalías en sistemas ciberfísicos distribuidos Proceedings Article
In: VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC), Vigo, 2023.
@inproceedings{Garcia2023,
title = {MAS para la convergencia de opiniones y detecci\'{o}n de anomal\'{i}as en sistemas ciberf\'{i}sicos distribuidos},
author = {Alberto Garcia and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Garcia2023.pdf},
year = {2023},
date = {2023-12-31},
urldate = {2023-12-31},
booktitle = {VIII Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC)},
address = {Vigo},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Cumplido, Jesus; Triviño, Alicia
OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0 Journal Article
In: International Journal of Information Security, 2023, ISSN: 1615-5262.
@article{Alcaraz2023b,
title = {OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0},
author = {Cristina Alcaraz and Jesus Cumplido and Alicia Trivi\~{n}o},
url = {/wp-content/papers/Alcaraz2023b.pdf
https://link.springer.com/article/10.1007/s10207-023-00698-8},
doi = {10.1007/s10207-023-00698-8},
issn = {1615-5262},
year = {2023},
date = {2023-05-05},
urldate = {2023-05-05},
journal = {International Journal of Information Security},
publisher = {Springer},
address = {Springer Verlag},
abstract = {Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging infrastructures are being installed, whose charging stations (CSs) can follow standardized architectures, such as the one proposed by the open charge point protocol (OCPP). The most recent version of this protocol is v.2.0.1, which includes new security measures at device and communication level to cover those security issues identified in previous versions. Therefore, this paper analyzes OCPP-v2.0.1 to determine whether the new functions may still be susceptible to specific cyber and physical threats, and especially when CSs may be connected to microgrids. To formalize the study, we first adapted the well-known threat analysis methodology, STRIDE, to identify and classify threats in terms of control and energy, and subsequently we combine it with DREAD for risk assessment. The analyses indicate that, although OCPP-v2.0.1 has evolved, potential security risks still remain, requiring greater protection in the future.
Cumplido, Jesus; Alcaraz, Cristina; Lopez, Javier
Collaborative anomaly detection system for charging stations Proceedings Article
In: The 27th European Symposium on Research in Computer Security (ESORICS 2022), pp. 716–736, Springer, Cham Springer, Cham, 2022.
@inproceedings{Alcaraz2022c,
title = {Collaborative anomaly detection system for charging stations},
author = {Jesus Cumplido and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022c.pdf},
doi = {10.1007/978-3-031-17146-8_35},
year = {2022},
date = {2022-09-01},
urldate = {2022-09-01},
booktitle = {The 27th European Symposium on Research in Computer Security (ESORICS 2022)},
volume = {13555},
pages = {716\textendash736},
publisher = {Springer, Cham},
organization = {Springer, Cham},
abstract = {In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.
Alcaraz, Cristina; Garcia, Alberto; Lopez, Javier
Implicaciones de seguridad en MAS Desplegados en Infraestructuras de Carga basadas en OCPP Proceedings Article
In: VII Jornadas Nacionales en Investigación en Ciberseguridad (JNIC 2022), pp. 172-179, 2022, ISBN: 978-84-88734-13-6.
@inproceedings{1989,
title = {Implicaciones de seguridad en MAS Desplegados en Infraestructuras de Carga basadas en OCPP},
author = {Cristina Alcaraz and Alberto Garcia and Javier Lopez},
url = {/wp-content/papers/1989.pdf},
isbn = {978-84-88734-13-6},
year = {2022},
date = {2022-06-01},
urldate = {2022-06-01},
booktitle = {VII Jornadas Nacionales en Investigaci\'{o}n en Ciberseguridad (JNIC 2022)},
pages = {172-179},
abstract = {El inter\'{e}s actual por desplegar infraestructuras de carga de veh\'{i}culos el\'{e}ctricos para el ahorro energ\'{e}tico y la sostenibilidad es cada vez m\'{a}s palpable, lo que llama la atenci\'{o}n a muchas comunidades, especialmente a la cient\'{i}fica, para explorar, entre otras cosas, la influencia de las nuevas tecnolog\'{i}as de informaci\'{o}n en los procesos operacionales. Teniendo en cuenta este escenario, este art\'{i}culo, por tanto, analiza c\'{o}mo el uso de los sistemas de multi-agente pueden beneficiar las tareas de monitorizaci\'{o}n, mantenimiento y de seguridad, y propone una arquitectura espec\'{i}fica en base a los actores especificados en el protocolo OCPP (Open Charge Point Protocol). Esta arquitectura constituye la base para analizar los diversos tipos de amenazas que agentes software pueden sufrir, clasific\'{a}ndolas de acuerdo a las caracter\'{i}sticas funcionales e interacciones con los diversos elementos de la infraestructura. Esta agrupaci\'{o}n y el conjunto de ataques abordados est\'{a}n basados en el SP-800-19 definido por el National Institute of Standards and Technology, y formalizados siguiendo la metodolog\'{i}a de \'{a}rboles de ataque. El estudio revela la importancia que tiene analizar los riesgos que esta tecnolog\'{i}a puede traer a este escenario, proporcionando, adem\'{a}s, un conjunto de recomendaciones que sirvan de gu\'{i}a para aplicaciones futuras.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El interés actual por desplegar infraestructuras de carga de vehículos eléctricos para el ahorro energético y la sostenibilidad es cada vez más palpable, lo que llama la atención a muchas comunidades, especialmente a la científica, para explorar, entre otras cosas, la influencia de las nuevas tecnologías de información en los procesos operacionales. Teniendo en cuenta este escenario, este artículo, por tanto, analiza cómo el uso de los sistemas de multi-agente pueden beneficiar las tareas de monitorización, mantenimiento y de seguridad, y propone una arquitectura específica en base a los actores especificados en el protocolo OCPP (Open Charge Point Protocol). Esta arquitectura constituye la base para analizar los diversos tipos de amenazas que agentes software pueden sufrir, clasificándolas de acuerdo a las características funcionales e interacciones con los diversos elementos de la infraestructura. Esta agrupación y el conjunto de ataques abordados están basados en el SP-800-19 definido por el National Institute of Standards and Technology, y formalizados siguiendo la metodología de árboles de ataque. El estudio revela la importancia que tiene analizar los riesgos que esta tecnología puede traer a este escenario, proporcionando, además, un conjunto de recomendaciones que sirvan de guía para aplicaciones futuras.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Alcaraz, Cristina; Lopez, Javier
Digital Twin: A Comprehensive Survey of Security Threats Journal Article
In: IEEE Communications Surveys & Tutorials, vol. 24, no. thirdquarter 2022, pp. 1475 - 1503, 2022, ISSN: 1553-877X.
@article{Alcaraz2022b,
title = {Digital Twin: A Comprehensive Survey of Security Threats},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2022b.pdf
https://ieeexplore.ieee.org/document/9765576},
doi = {10.1109/COMST.2022.3171465},
issn = {1553-877X},
year = {2022},
date = {2022-04-01},
urldate = {2022-04-01},
journal = {IEEE Communications Surveys \& Tutorials},
volume = {24},
number = {thirdquarter 2022},
pages = {1475 - 1503},
publisher = {IEEE},
address = {IEEE},
abstract = {Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.
Sorry, no publications matched your criteria.
Rubio, Juan E.; Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Current Cyber-Defense Trends in Industrial Control Systems Journal Article
In: Computers & Security Journal, vol. 87, 2019, ISSN: 0167-4048.
@article{rub2019cose,
title = {Current Cyber-Defense Trends in Industrial Control Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rub2019cose.pdf},
doi = {10.1016/j.cose.2019.06.015},
issn = {0167-4048},
year = {2019},
date = {2019-11-01},
urldate = {2019-11-01},
journal = {Computers \& Security Journal},
volume = {87},
publisher = {Elsevier},
abstract = {Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.
Onieva, Jose A.; Rios, Ruben; Roman, Rodrigo; Lopez, Javier
Edge-Assisted Vehicular Networks Security Journal Article
In: IEEE Internet of Things Journal, vol. 6, pp. 8038-8045, 2019, ISSN: 2327-4662.
@article{onieva2019vec,
title = {Edge-Assisted Vehicular Networks Security},
author = {Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/onieva2019vec.pdf},
doi = {10.1109/JIOT.2019.2904323},
issn = {2327-4662},
year = {2019},
date = {2019-10-01},
urldate = {2019-10-01},
journal = {IEEE Internet of Things Journal},
volume = {6},
pages = {8038-8045},
publisher = {IEEE Computer Society},
abstract = {Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Escrowed decryption protocols for lawful interception of encrypted data Journal Article
In: IET Information Security, vol. 13, pp. 498 – 507, 2019, ISSN: 1751-8709.
@article{nunez19,
title = {Escrowed decryption protocols for lawful interception of encrypted data},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez19.pdf},
doi = {10.1049/iet-ifs.2018.5082},
issn = {1751-8709},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {IET Information Security},
volume = {13},
pages = {498 \textendash 507},
publisher = {IET},
abstract = {Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking APTs in Industrial Ecosystems: A Proof of Concept Journal Article
In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
@article{RubioSIJCS19,
title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioSIJCS19.pdf},
issn = {0167-4048},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {Journal of Computer Security},
volume = {27},
pages = {521-546},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Roman, Rodrigo; Rios, Ruben; Onieva, Jose A.; Lopez, Javier
Immune System for the Internet of Things using Edge Technologies Journal Article
In: IEEE Internet of Things Journal, vol. 6, pp. 4774-4781, 2019, ISSN: 2327-4662.
@article{roman2018VIS,
title = {Immune System for the Internet of Things using Edge Technologies},
author = {Rodrigo Roman and Ruben Rios and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/roman2018VIS.pdf
https://ieeexplore.ieee.org/document/8449989/},
doi = {10.1109/JIOT.2018.2867613},
issn = {2327-4662},
year = {2019},
date = {2019-06-01},
urldate = {2019-06-01},
journal = {IEEE Internet of Things Journal},
volume = {6},
pages = {4774-4781},
publisher = {IEEE Computer Society},
abstract = {The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.
Kolar, Martin; Fernandez-Gago, Carmen; Lopez, Javier
A Model Specification for the Design of Trust Negotiations Journal Article
In: Computers & Security, vol. 84, pp. 288-300, 2019, ISSN: 0167-4048.
@article{kolar2019trust,
title = {A Model Specification for the Design of Trust Negotiations},
author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/kolar2019trust.pdf
https://www.sciencedirect.com/science/article/pii/S0167404818310484},
doi = {10.1016/j.cose.2019.03.024},
issn = {0167-4048},
year = {2019},
date = {2019-04-01},
urldate = {2019-04-01},
journal = {Computers \& Security},
volume = {84},
pages = {288-300},
publisher = {Elsevier},
abstract = {Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.
Acien, Antonio; Nieto, Ana; Fernandez, Gerardo; Lopez, Javier
Definición de procedimientos para fabricar honeypots IoT basados en criterios de búsqueda Proceedings Article
In: XV Reunión Española sobre Criptología y Seguridad de la Información, Granada (España), 2018, ISBN: 978-84-09-02463-6.
@inproceedings{1706,
title = {Definici\'{o}n de procedimientos para fabricar honeypots IoT basados en criterios de b\'{u}squeda},
author = {Antonio Acien and Ana Nieto and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/1706.pdf},
isbn = {978-84-09-02463-6},
year = {2018},
date = {2018-10-01},
urldate = {2018-10-01},
booktitle = {XV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
address = {Granada (Espa\~{n}a)},
abstract = {Con la revoluci\'{o}n tecnol\'{o}gica que ha supuesto la Internet de las Cosas (Internet of Things, IoT) se han presentado escenarios donde la preocupaci\'{o}n por la seguridad en dicho entorno es cada vez m\'{a}s relevante. Est\'{a}n comenzando a surgir vulnerabilidades en varios dispositivos, y los sistemas trampa son una excelente manera de lidiar con este problema. En este trabajo se analizan soluciones para honeypots en el entorno IoT (y en otros que se puedan adaptar) para sentar las bases de una metodolog\'{i}a que permita el despliegue de honeypots IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Con la revolución tecnológica que ha supuesto la Internet de las Cosas (Internet of Things, IoT) se han presentado escenarios donde la preocupación por la seguridad en dicho entorno es cada vez más relevante. Están comenzando a surgir vulnerabilidades en varios dispositivos, y los sistemas trampa son una excelente manera de lidiar con este problema. En este trabajo se analizan soluciones para honeypots en el entorno IoT (y en otros que se puedan adaptar) para sentar las bases de una metodología que permita el despliegue de honeypots IoT.
Nieto, Ana; Acien, Antonio; Fernandez, Gerardo
Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation Journal Article
In: Mobile Networks and Applications (MONET), pp. 881-889, 2018, ISSN: 1383-469X.
@article{NAFMONET2018,
title = {Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation},
author = {Ana Nieto and Antonio Acien and Gerardo Fernandez},
url = {/wp-content/papers/NAFMONET2018.pdf},
doi = {10.1007/s11036-018-1146-4},
issn = {1383-469X},
year = {2018},
date = {2018-10-01},
urldate = {2018-10-01},
journal = {Mobile Networks and Applications (MONET)},
pages = {881-889},
publisher = {Springer US},
abstract = {underlineCrowdsourcing can be a powerful weapon against underlinecyberattacks in underline5G networks. In this paper we analyse this idea in detail, starting from the use cases in underlinecrowdsourcing focused on security, and highlighting those areas of a underline5G ecosystem where underlinecrowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and underlinecybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of underlineIoT objects coexist. The analysis is made considering the different participants in a underline5G underlineIoT ecosystem.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
underlineCrowdsourcing can be a powerful weapon against underlinecyberattacks in underline5G networks. In this paper we analyse this idea in detail, starting from the use cases in underlinecrowdsourcing focused on security, and highlighting those areas of a underline5G ecosystem where underlinecrowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and underlinecybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of underlineIoT objects coexist. The analysis is made considering the different participants in a underline5G underlineIoT ecosystem.
Acien, Antonio; Nieto, Ana; Fernandez, Gerardo; Lopez, Javier
A comprehensive methodology for deploying IoT honeypots Proceedings Article
In: 15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018), pp. 229–243, Springer Nature Switzerland AG Springer Nature Switzerland AG, Regensburg (Germany), 2018.
@inproceedings{1701,
title = {A comprehensive methodology for deploying IoT honeypots},
author = {Antonio Acien and Ana Nieto and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/1701.pdf},
doi = {10.1007/978-3-319-98385-1_16},
year = {2018},
date = {2018-09-01},
urldate = {2018-09-01},
booktitle = {15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018)},
volume = {LNCS 11033},
pages = {229\textendash243},
publisher = {Springer Nature Switzerland AG},
address = {Regensburg (Germany)},
organization = {Springer Nature Switzerland AG},
abstract = {Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.
Acien, Antonio; Nieto, Ana; Lopez, Javier
Analyzing cross-platform attacks: towards a three-actor approach Proceedings Article
In: The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), pp. 536-543, 2018, ISBN: 978-1-5386-7518-2.
@inproceedings{1709,
title = {Analyzing cross-platform attacks: towards a three-actor approach},
author = {Antonio Acien and Ana Nieto and Javier Lopez},
url = {/wp-content/papers/1709.pdf},
doi = {10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00102},
isbn = {978-1-5386-7518-2},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018)},
pages = {536-543},
abstract = {In the current telecommunications landscape, different devices, systems and platforms are constantly communicating with each other. This heterogeneous environment creates the perfect situation for attacks to pass from one platform to another. This is a particularly worrying scenario, because of the new technologies being used (such as network slicing in 5G), the increasing importance of connected devices in our lives (IoT), and the unpredictable consequences that an attack of this type could have. The current approaches in attack analysis do not take into account these sitations, and the attacker/victim paradigm usually followed may fall short when dealing with these attacks. Thus, in this paper, an architecture for the analysis of cross-platform attacks will be presented, aiming to help understand better this kind of threats and offering solutions to mitigate and track them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In the current telecommunications landscape, different devices, systems and platforms are constantly communicating with each other. This heterogeneous environment creates the perfect situation for attacks to pass from one platform to another. This is a particularly worrying scenario, because of the new technologies being used (such as network slicing in 5G), the increasing importance of connected devices in our lives (IoT), and the unpredictable consequences that an attack of this type could have. The current approaches in attack analysis do not take into account these sitations, and the attacker/victim paradigm usually followed may fall short when dealing with these attacks. Thus, in this paper, an architecture for the analysis of cross-platform attacks will be presented, aiming to help understand better this kind of threats and offering solutions to mitigate and track them.
Nieto, Ana; Acien, Antonio; Lopez, Javier
Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory Proceedings Article
In: The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), pp. 520-527, IEEE IEEE, Athens, Greece, 2018, ISBN: 978-1-5386-7518-2.
@inproceedings{CRAT2018,
title = {Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory},
author = {Ana Nieto and Antonio Acien and Javier Lopez},
url = {/wp-content/papers/CRAT2018.pdf
https://ieeexplore.ieee.org/document/8511943, },
doi = {10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00100},
isbn = {978-1-5386-7518-2},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018)},
pages = {520-527},
publisher = {IEEE},
address = {Athens, Greece},
organization = {IEEE},
abstract = {The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.
Nieto, Ana
An Overview of Proactive Forensic Solutions and its Applicability to 5G Proceedings Article
In: IEEE 5G World Forum (5GWF), pp. 191-196, IEEE, Santa Clara (USA), 2018, ISBN: 978-1-5386-4982-4.
@inproceedings{Nieto5GWF,
title = {An Overview of Proactive Forensic Solutions and its Applicability to 5G},
author = {Ana Nieto},
url = {/wp-content/papers/Nieto5GWF.pdf},
doi = {10.1109/5GWF.2018.8516940},
isbn = {978-1-5386-4982-4},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
booktitle = {IEEE 5G World Forum (5GWF)},
pages = {191-196},
publisher = {IEEE},
address = {Santa Clara (USA)},
abstract = {This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G.
Acien, Antonio; Nieto, Ana; Lopez, Javier
Modelo para la clasificación y análisis de ataques Cross-Platform Proceedings Article
In: IV Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2018), Servicio Editorial de Mondragon Unibertsitatea Servicio Editorial de Mondragon Unibertsitatea, Donostia-San Sebastián (España), 2018, ISBN: 978-84-09-02697-5.
@inproceedings{1699,
title = {Modelo para la clasificaci\'{o}n y an\'{a}lisis de ataques Cross-Platform},
author = {Antonio Acien and Ana Nieto and Javier Lopez},
url = {/wp-content/papers/1699.pdf
http://2018.jnic.es/assets/Actas_JNIC2018.pdf},
isbn = {978-84-09-02697-5},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
booktitle = {IV Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2018)},
publisher = {Servicio Editorial de Mondragon Unibertsitatea},
address = {Donostia-San Sebasti\'{a}n (Espa\~{n}a)},
organization = {Servicio Editorial de Mondragon Unibertsitatea},
abstract = {Los ataques cross-platform suponen un serio desaf\'{i}o para los mecanismos de seguridad cuando los portadores de un ataque dirigido no son conscientes de su participacion en el mismo. Es por ello que, con dispositivos y tecnolog\'{i}as cada vez mas entrelazadas, en constante comunicaci\'{o}n, numerosos ataques pasan desapercibidos hasta que alcanzan su objetivo final. Estos nuevos escenarios hacen posible una v\'{i}a de transmision a tener en cuenta, y que se debe abordar cuanto antes, ya que sus consecuencias, especialmente en el panorama de telecomunicaciones actual, podr\'{i}an ser desoladoras. La rapida transmisi\'{o}n de estos ataques, y la dificultad que supone su prevencion, detecci\'{o}n y mitigaci\'{o}n antes de que se hagan efectivos, hacen que el problema sea particularmente preocupante. En este art\'{i}culo se presentar\'{a} una arquitectura para el analisis de los ataques cross-platform silenciosos, cuyo objetivo es ayudar a comprender mejor este tipo de amenazas y ofrecer soluciones que permitan mitigarlas y rastrearlas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los ataques cross-platform suponen un serio desafío para los mecanismos de seguridad cuando los portadores de un ataque dirigido no son conscientes de su participacion en el mismo. Es por ello que, con dispositivos y tecnologías cada vez mas entrelazadas, en constante comunicación, numerosos ataques pasan desapercibidos hasta que alcanzan su objetivo final. Estos nuevos escenarios hacen posible una vía de transmision a tener en cuenta, y que se debe abordar cuanto antes, ya que sus consecuencias, especialmente en el panorama de telecomunicaciones actual, podrían ser desoladoras. La rapida transmisión de estos ataques, y la dificultad que supone su prevencion, detección y mitigación antes de que se hagan efectivos, hacen que el problema sea particularmente preocupante. En este artículo se presentará una arquitectura para el analisis de los ataques cross-platform silenciosos, cuyo objetivo es ayudar a comprender mejor este tipo de amenazas y ofrecer soluciones que permitan mitigarlas y rastrearlas.
Alcaraz, Cristina
Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems Journal Article
In: IEEE Wireless Communications, vol. 25, no. 1, pp. 76-82, 2018, ISSN: 1536-1284.
@article{Alcaraz2018a,
title = {Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems},
author = {Cristina Alcaraz},
url = {/wp-content/papers/Alcaraz2018a.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=8304395\&isnumber=8304374},
doi = {10.1109/MWC.2018.1700231},
issn = {1536-1284},
year = {2018},
date = {2018-02-01},
urldate = {2018-02-01},
journal = {IEEE Wireless Communications},
volume = {25},
number = {1},
pages = {76-82},
publisher = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nieto, Ana; Rios, Ruben; Lopez, Javier
IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations Journal Article
In: Sensors, vol. 18, no. 492, 2018, ISSN: 1424-8220.
@article{nrlSensors2018,
title = {IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/nrlSensors2018.pdf
http://www.mdpi.com/1424-8220/18/2/492},
doi = {10.3390/s18020492},
issn = {1424-8220},
year = {2018},
date = {2018-02-01},
urldate = {2018-02-01},
journal = {Sensors},
volume = {18},
number = {492},
publisher = {MDPI},
abstract = {IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks Proceedings Article
In: 9th IFIP International Conference on New Technologies, Mobility & Security, 2018.
@inproceedings{1692,
title = {Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1692.pdf},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {9th IFIP International Conference on New Technologies, Mobility \& Security},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wang, Xueou; Hou, Xiaolu; Rios, Ruben; Hallgren, Per; Tippenhauer, Nils Ole; Ochoa, Martin
Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies Proceedings Article
In: 23rd European Symposium on Research in Computer Security (ESORICS 2018), pp. 373-392, Springer Springer, Barcelona, 2018, ISBN: 978-3-319-98988-4.
@inproceedings{rios2018mob,
title = {Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies},
author = {Xueou Wang and Xiaolu Hou and Ruben Rios and Per Hallgren and Nils Ole Tippenhauer and Martin Ochoa},
url = {/wp-content/papers/rios2018mob.pdf},
doi = {10.1007/978-3-319-98989-1},
isbn = {978-3-319-98988-4},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {23rd European Symposium on Research in Computer Security (ESORICS 2018)},
volume = {11099},
pages = {373-392},
publisher = {Springer},
address = {Barcelona},
organization = {Springer},
series = {LNCS},
abstract = {Location privacy has mostly focused on scenarios where users remain static. However, investigating scenarios where the victims present a particular mobility pattern is more realistic. In this paper, we consider abstract attacks on services that provide location information on other users in the proximity. In that setting, we quantify the required effort of the attacker to localize a particular mobile victim. We prove upper and lower bounds for the effort of an optimal attacker. We experimentally show that a emphLinear Jump Strategy (LJS) practically achieves the upper bounds for almost uniform initial distributions of victims. To improve performance for less uniform distributions known to the attacker, we propose a emphGreedy Updating Attack Strategy (GUAS). Finally, we derive a realistic mobility model from a real-world dataset and discuss the performance of our strategies in that setting.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Location privacy has mostly focused on scenarios where users remain static. However, investigating scenarios where the victims present a particular mobility pattern is more realistic. In this paper, we consider abstract attacks on services that provide location information on other users in the proximity. In that setting, we quantify the required effort of the attacker to localize a particular mobile victim. We prove upper and lower bounds for the effort of an optimal attacker. We experimentally show that a emphLinear Jump Strategy (LJS) practically achieves the upper bounds for almost uniform initial distributions of victims. To improve performance for less uniform distributions known to the attacker, we propose a emphGreedy Updating Attack Strategy (GUAS). Finally, we derive a realistic mobility model from a real-world dataset and discuss the performance of our strategies in that setting.
Lopez, Javier; Rubio, Juan E.
Access control for cyber-physical systems interconnected to the cloud Journal Article
In: Computer Networks, vol. 134, pp. 46 - 54, 2018, ISSN: 1389-1286.
@article{LOPEZ201846,
title = {Access control for cyber-physical systems interconnected to the cloud},
author = {Javier Lopez and Juan E. Rubio},
url = {/wp-content/papers/LOPEZ201846.pdf
http://www.sciencedirect.com/science/article/pii/S1389128618300501},
doi = {10.1016/j.comnet.2018.01.037},
issn = {1389-1286},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Computer Networks},
volume = {134},
pages = {46 - 54},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Rios, Ruben; Fernandez-Gago, Carmen; Lopez, Javier
Modelling Privacy-Aware Trust Negotiations Journal Article
In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
@article{Ruben2017trust,
title = {Modelling Privacy-Aware Trust Negotiations},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Ruben2017trust.pdf},
doi = {10.1016/j.cose.2017.09.015},
issn = {0167-4048},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Computers \& Security},
volume = {77},
pages = {773-789},
publisher = {Elsevier},
abstract = {Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.
Lopez, Javier; Rios, Ruben; Bao, Feng; Wang, Guilin
Evolving privacy: From sensors to the Internet of Things Journal Article
In: Future Generation Computer Systems, vol. 75, pp. 46–57, 2017, ISSN: 0167-739X.
@article{Lopez2017iotpriv,
title = {Evolving privacy: From sensors to the Internet of Things},
author = {Javier Lopez and Ruben Rios and Feng Bao and Guilin Wang},
url = {/wp-content/papers/Lopez2017iotpriv.pdf},
doi = {10.1016/j.future.2017.04.045},
issn = {0167-739X},
year = {2017},
date = {2017-10-01},
urldate = {2017-10-01},
journal = {Future Generation Computer Systems},
volume = {75},
pages = {46\textendash57},
publisher = {Elsevier},
abstract = {The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Recommender System for Privacy-Preserving Solutions in Smart Metering Journal Article
In: Pervasive and Mobile Computing, vol. 41, pp. 205-218, 2017, ISSN: 1574-1192.
@article{rubiorecommender17,
title = {Recommender System for Privacy-Preserving Solutions in Smart Metering},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/rubiorecommender17.pdf},
issn = {1574-1192},
year = {2017},
date = {2017-10-01},
urldate = {2017-10-01},
journal = {Pervasive and Mobile Computing},
volume = {41},
pages = {205-218},
publisher = {Pervasive and Mobile Computing},
abstract = {Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.
Fernandez, Gerardo; Nieto, Ana
Configuración de honeypots adaptativos para análisis de malware Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), pp. 91-98, Servicio de Publicaciones de la URJC Servicio de Publicaciones de la URJC, Madrid (Spain), 2017, ISBN: 978-84-608-4659-8.
@inproceedings{1650,
title = {Configuraci\'{o}n de honeypots adaptativos para an\'{a}lisis de malware},
author = {Gerardo Fernandez and Ana Nieto},
url = {/wp-content/papers/1650.pdf
https://eciencia.urjc.es/handle/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
pages = {91-98},
publisher = {Servicio de Publicaciones de la URJC},
address = {Madrid (Spain)},
organization = {Servicio de Publicaciones de la URJC},
abstract = {Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados din\'{a}micamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aqu\'{i} dise\~{n}ados tomar\'{a}n como base informaci\'{o}n de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, as\'{i} como informaci\'{o}n de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento ser\'{a} empleado para configurar honeypots de manera din\'{a}mica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados dinámicamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aquí diseñados tomarán como base información de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, así como información de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento será empleado para configurar honeypots de manera dinámica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.
Rios, Ruben; Roman, Rodrigo; Onieva, Jose A.; Lopez, Javier
From Smog to Fog: A Security Perspective Proceedings Article
In: 2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017), pp. 56-61, IEEE Computer Society IEEE Computer Society, Valencia, Spain. 8-11 May 2017, 2017, ISBN: 978-1-5386-2859-1.
@inproceedings{Ruben2017smog,
title = {From Smog to Fog: A Security Perspective},
author = {Ruben Rios and Rodrigo Roman and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/Ruben2017smog.pdf},
doi = {10.1109/FMEC.2017.7946408},
isbn = {978-1-5386-2859-1},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
booktitle = {2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017)},
pages = {56-61},
publisher = {IEEE Computer Society},
address = {Valencia, Spain. 8-11 May 2017},
organization = {IEEE Computer Society},
abstract = {Cloud computing has some major limitations that hinder its application to some specific scenarios (e.g., Industrial IoT, and remote surgery) where there are particularly stringent requirements, such as extremely low latency. Fog computing is a specialization of the Cloud that promises to overcome the aforementioned limitations by bringing the Cloud closer to end-users. Despite its potential benefits, Fog Computing is still a developing paradigm which demands further research, especially on security and privacy aspects. This is precisely the focus of this paper: to make evident the urgent need for security mechanisms in Fog computing, as well as to present a research strategy with the necessary steps and processes that are being undertaken within the scope of the SMOG project, in order to enable a trustworthy and resilient Fog ecosystem.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud computing has some major limitations that hinder its application to some specific scenarios (e.g., Industrial IoT, and remote surgery) where there are particularly stringent requirements, such as extremely low latency. Fog computing is a specialization of the Cloud that promises to overcome the aforementioned limitations by bringing the Cloud closer to end-users. Despite its potential benefits, Fog Computing is still a developing paradigm which demands further research, especially on security and privacy aspects. This is precisely the focus of this paper: to make evident the urgent need for security mechanisms in Fog computing, as well as to present a research strategy with the necessary steps and processes that are being undertaken within the scope of the SMOG project, in order to enable a trustworthy and resilient Fog ecosystem.
Rios, Ruben; Nuñez, David; Lopez, Javier
Query Privacy in Sensing-as-a-Service Platforms Proceedings Article
In: Vimercati, Sabrina De Capitani; Martinelli, Fabio (Ed.): 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), pp. 141–154, Springer Springer, Roma, Italy, 2017.
@inproceedings{Rios2017query,
title = {Query Privacy in Sensing-as-a-Service Platforms},
author = {Ruben Rios and David Nu\~{n}ez and Javier Lopez},
editor = {Sabrina De Capitani Vimercati and Fabio Martinelli},
url = {/wp-content/papers/Rios2017query.pdf},
doi = {10.1007/978-3-319-58469-0_10},
year = {2017},
date = {2017-05-01},
urldate = {2017-05-01},
booktitle = {32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017)},
volume = {502},
pages = {141\textendash154},
publisher = {Springer},
address = {Roma, Italy},
organization = {Springer},
series = {IFIP Advances in Information and Communication Technology (AICT)},
abstract = {The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S^2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S^2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S^2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S^2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.
Nieto, Ana; Rios, Ruben; Lopez, Javier
PRoFIT: modelo forense-IoT con integración de requisitos de privacidad Proceedings Article
In: XIII Jornadas de Ingeniería Telemática (JITEL 2017), pp. 302-309, Editorial Universitat Politècnica de València Editorial Universitat Politècnica de València, Valencia, 2017, ISBN: 978-84-9048-595-8.
@inproceedings{1655,
title = {PRoFIT: modelo forense-IoT con integraci\'{o}n de requisitos de privacidad},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1655.pdf
http://jlloret.webs.upv.es/jitel2017/files/ACTASJITEL2017.pdf},
doi = {10.4995/JITEL2017.2017.7061},
isbn = {978-84-9048-595-8},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {XIII Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2017)},
volume = {Libro de actas},
pages = {302-309},
publisher = {Editorial Universitat Polit\`{e}cnica de Val\`{e}ncia},
address = {Valencia},
organization = {Editorial Universitat Polit\`{e}cnica de Val\`{e}ncia},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Bernieri, Giuseppe; Pascucci, Federica; Lopez, Javier; Setola, Roberto
Covert Channels-based Stealth Attacks in Industry 4.0 Journal Article
In: IEEE Systems Journal., vol. 13, pp. 3980-3988, 2019, ISSN: 1932-8184.
@article{alcaraz2019a,
title = {Covert Channels-based Stealth Attacks in Industry 4.0},
author = {Cristina Alcaraz and Giuseppe Bernieri and Federica Pascucci and Javier Lopez and Roberto Setola},
url = {/wp-content/papers/alcaraz2019a.pdf
https://ieeexplore.ieee.org/document/8715420?source=authoralert},
doi = {10.1109/JSYST.2019.2912308},
issn = {1932-8184},
year = {2019},
date = {2019-12-01},
urldate = {2019-12-01},
journal = {IEEE Systems Journal.},
volume = {13},
pages = {3980-3988},
publisher = {IEEE},
abstract = {Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.
Rubio, Juan E.; Manulis, Mark; Alcaraz, Cristina; Lopez, Javier
Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics Proceedings Article
In: European Symposium on Research in Computer Security (ESORICS2019), pp. 263-280, 2019.
@inproceedings{RubioESORICS2019,
title = {Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics},
author = {Juan E. Rubio and Mark Manulis and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/RubioESORICS2019.pdf},
doi = {10.1007/978-3-030-29962-0_13},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS2019)},
volume = {11736},
pages = {263-280},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking APTs in Industrial Ecosystems: A Proof of Concept Journal Article
In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
@article{RubioSIJCS19,
title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioSIJCS19.pdf},
issn = {0167-4048},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {Journal of Computer Security},
volume = {27},
pages = {521-546},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alcaraz, Cristina
Secure Interconnection of IT-OT Networks in Industry 4.0 Book Section
In: Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies, pp. 201-217, Springer International Publishing, 2019, ISBN: 978-3-030-00024-0.
@incollection{alcaraz2019,
title = {Secure Interconnection of IT-OT Networks in Industry 4.0},
author = {Cristina Alcaraz},
url = {/wp-content/papers/alcaraz2019.pdf},
doi = {10.1007/978-3-030-00024-0_11},
isbn = {978-3-030-00024-0},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies},
pages = {201-217},
publisher = {Springer International Publishing},
organization = {Springer International Publishing},
series = {Advanced Sciences and Technologies for Security Applications book series (ASTSA)},
abstract = {Increasingly, the society is witnessing how today’s industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Increasingly, the society is witnessing how today’s industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics Proceedings Article
In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
@inproceedings{RubioRomanAlcarazZhang2018,
title = {Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioRomanAlcarazZhang2018.pdf
https://link.springer.com/chapter/10.1007/978-3-319-99073-6_27, },
doi = {10.1007/978-3-319-99073-6_27},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS 2018)},
volume = {11098},
pages = {555-574},
publisher = {Springer},
address = {Barcelona, Spain},
organization = {Springer},
abstract = {Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT Book Section
In: Collaborative Approaches for Cyber Security in Cyber-Physical Systems, pp. 145-170, Springer, 2023, ISSN: 1613-5113.
@incollection{2013,
title = {POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/2013.pdf
https://link.springer.com/chapter/10.1007/978-3-031-16088-2_7},
doi = {https://doi.org/10.1007/978-3-031-16088-2_7},
issn = {1613-5113},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Collaborative Approaches for Cyber Security in Cyber-Physical Systems},
pages = {145-170},
publisher = {Springer},
organization = {Springer},
series = {Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Kolar, Martin; Fernandez-Gago, Carmen; Lopez, Javier
A Model Specification for the Design of Trust Negotiations Journal Article
In: Computers & Security, vol. 84, pp. 288-300, 2019, ISSN: 0167-4048.
@article{kolar2019trust,
title = {A Model Specification for the Design of Trust Negotiations},
author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/kolar2019trust.pdf
https://www.sciencedirect.com/science/article/pii/S0167404818310484},
doi = {10.1016/j.cose.2019.03.024},
issn = {0167-4048},
year = {2019},
date = {2019-04-01},
urldate = {2019-04-01},
journal = {Computers \& Security},
volume = {84},
pages = {288-300},
publisher = {Elsevier},
abstract = {Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.
Ferraris, Davide; Fernandez-Gago, Carmen; Daniel, Joshua; Lopez, Javier
A Segregated Architecture for a Trust-based Network of Internet of Things Proceedings Article
In: IEEE Consumer Communications & Networking Conference 2019, IEEE IEEE, Las Vegas (USA), 2019.
@inproceedings{1780,
title = {A Segregated Architecture for a Trust-based Network of Internet of Things},
author = {Davide Ferraris and Carmen Fernandez-Gago and Joshua Daniel and Javier Lopez},
url = {/wp-content/papers/1780.pdf
https://ieeexplore.ieee.org/document/8651703},
doi = {10.1109/CCNC.2019.8651703},
year = {2019},
date = {2019-03-01},
urldate = {2019-03-01},
booktitle = {IEEE Consumer Communications \& Networking Conference 2019},
publisher = {IEEE},
address = {Las Vegas (USA)},
organization = {IEEE},
abstract = {With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems. In this approach, the smart home is segmented into various levels, which can broadly be categorised into an inner level and external level. The external level is protected by a firewall that checks the communication from/to the Internet to/from the external devices. The internal level is protected by an additional firewall that filters the information and the communications between the external and the internal devices. This segmentation guarantees a trusted environment between the entities belonging to the internal network. In this paper, we propose an adaptive trust model that checks the behaviour of the entities and, through this model, in case the entities violate trust rules they can be put in quarantine or banned from the network.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
With the ever-increasing number of smart home devices, the issues related to these environments are also growing. With an ever-growing attack surface, there is no standard way to protect homes and their inhabitants from new threats. The inhabitants are rarely aware of the increased security threats that they are exposed to and how to manage them. To tackle this problem, we propose a solution based on segmented architectures similar to the ones used in industrial systems. In this approach, the smart home is segmented into various levels, which can broadly be categorised into an inner level and external level. The external level is protected by a firewall that checks the communication from/to the Internet to/from the external devices. The internal level is protected by an additional firewall that filters the information and the communications between the external and the internal devices. This segmentation guarantees a trusted environment between the entities belonging to the internal network. In this paper, we propose an adaptive trust model that checks the behaviour of the entities and, through this model, in case the entities violate trust rules they can be put in quarantine or banned from the network.
Ferraris, Davide; Bastos, Daniel; Fernandez-Gago, Carmen; El-Moussa, Fadi; Lopez, Javier
An Analysis of Trust in Smart Home Devices Proceedings Article
In: The 20th World Conference on Information Security Applications: WISA-Workshop 2019, Springer Springer, Jeju Island, Korea, 2019.
@inproceedings{1814,
title = {An Analysis of Trust in Smart Home Devices},
author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa and Javier Lopez},
url = {/wp-content/papers/1814.pdf},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {The 20th World Conference on Information Security Applications: WISA-Workshop 2019},
publisher = {Springer},
address = {Jeju Island, Korea},
organization = {Springer},
abstract = {In recent times, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. These devices are intrinsically intrusive, being able to access user’s personal information. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices. Improper trust assumptions and security controls can lead to unauthorized access of the devices, which can have severe consequences (i.e. safety risks). In this paper, we analysed the behaviour of smart home devices with respect to trust relationships. We set up a smart home environment to evaluate how trust is built and managed. Then, we performed a number of interaction tests with different types of users (i.e. owner, guests). As a result, we were able to assess the effectiveness of the provided security controls and identify some relevant security issues. To address them, we defined a trust model and proposed a solution based on it for securing smart home devices.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In recent times, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. These devices are intrinsically intrusive, being able to access user’s personal information. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices. Improper trust assumptions and security controls can lead to unauthorized access of the devices, which can have severe consequences (i.e. safety risks). In this paper, we analysed the behaviour of smart home devices with respect to trust relationships. We set up a smart home environment to evaluate how trust is built and managed. Then, we performed a number of interaction tests with different types of users (i.e. owner, guests). As a result, we were able to assess the effectiveness of the provided security controls and identify some relevant security issues. To address them, we defined a trust model and proposed a solution based on it for securing smart home devices.
Ferraris, Davide; Fernandez-Gago, Carmen
TrUStAPIS: A Trust Requirements Elicitation Method for IoT Journal Article
In: International Journal of Information Security, pp. 111-127, 2019, ISSN: 1615-5262.
@article{ferraris2019,
title = {TrUStAPIS: A Trust Requirements Elicitation Method for IoT},
author = {Davide Ferraris and Carmen Fernandez-Gago},
url = {/wp-content/papers/ferraris2019.pdf
https://link.springer.com/article/10.1007%2Fs10207-019-00438-x},
doi = {10.1007/s10207-019-00438-x},
issn = {1615-5262},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
journal = {International Journal of Information Security},
pages = {111-127},
publisher = {Springer},
abstract = {The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity.
This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration.
We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity.
This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration.
We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity.
This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration.
We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.
Alcaraz, Cristina; Lopez, Javier
A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability Journal Article
In: IEEE Systems Journal, vol. 12, pp. 3543-3554, 2018, ISSN: 1932-8184.
@article{alcarazlopez-IEEESystems-2017,
title = {A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcarazlopez-IEEESystems-2017.pdf
http://ieeexplore.ieee.org/document/8057984/},
doi = {10.1109/JSYST.2017.2740719},
issn = {1932-8184},
year = {2018},
date = {2018-12-01},
urldate = {2018-12-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {3543-3554},
publisher = {IEEE},
abstract = {The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.
Kolar, Martin; Fernandez-Gago, Carmen; Lopez, Javier
Policy Languages and Their Suitability for Trust Negotiation Proceedings Article
In: 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018, pp. 69-84, Springer, Cham Springer, Cham, Bergamo, Italy, 2018, ISBN: 978-3-319-95728-9.
@inproceedings{kolar2018,
title = {Policy Languages and Their Suitability for Trust Negotiation},
author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/kolar2018.pdf
https://link.springer.com/chapter/10.1007/978-3-319-95729-6_5},
doi = {10.1007/978-3-319-95729-6_5},
isbn = {978-3-319-95728-9},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
booktitle = {32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018},
volume = {10980},
pages = {69-84},
publisher = {Springer, Cham},
address = {Bergamo, Italy},
organization = {Springer, Cham},
abstract = {Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other. Trust negotiation solves this problem by sequential exchanging credentials between entities, which have decided to establish a trust relationship in order to reach a common goal. Entities specify their own policies that handle a disclosure of confidential information to maintain their security and privacy. Policies are defined by means of a policy language. This paper aims to identify the most suitable policy language for trust negotiation. To do so, policy languages are analysed against a set of criteria for trust negotiation that are first established.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other. Trust negotiation solves this problem by sequential exchanging credentials between entities, which have decided to establish a trust relationship in order to reach a common goal. Entities specify their own policies that handle a disclosure of confidential information to maintain their security and privacy. Policies are defined by means of a policy language. This paper aims to identify the most suitable policy language for trust negotiation. To do so, policy languages are analysed against a set of criteria for trust negotiation that are first established.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
A Trust-by-Design Framework for the Internet of Things Proceedings Article
In: 2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS), IEEE IEEE, Paris, 2018, ISSN: 2157-4960.
@inproceedings{1684,
title = {A Trust-by-Design Framework for the Internet of Things},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1684.pdf
http://ieeexplore.ieee.org/document/8328674/},
doi = {10.1109/NTMS.2018.8328674},
issn = {2157-4960},
year = {2018},
date = {2018-04-01},
urldate = {2018-04-01},
booktitle = {2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS)},
publisher = {IEEE},
address = {Paris},
organization = {IEEE},
abstract = {The Internet of Things (IoT) is an environment of interconnected entities, that are identifiable, usable and controllable via the Internet. Trust is necessary in a system such as IoT as the entities involved should know the effect of interacting with other entities. Moreover, the entities must also be able to trust a system to reliably use it. An IoT system is composed of different entities from different vendors, each of them with a different purpose and a different lifecycle. So considering trust in the whole IoT system lifecycle is useful and necessary to guarantee a good service for the whole system. The heterogeneity and dynamicity of this field make it difficult to ensure trust in IoT. We propose a trust by design framework for including trust in the development of an IoT entity considering all the phases of the life-cycle. It is composed of the K-Model and transversal activities.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) is an environment of interconnected entities, that are identifiable, usable and controllable via the Internet. Trust is necessary in a system such as IoT as the entities involved should know the effect of interacting with other entities. Moreover, the entities must also be able to trust a system to reliably use it. An IoT system is composed of different entities from different vendors, each of them with a different purpose and a different lifecycle. So considering trust in the whole IoT system lifecycle is useful and necessary to guarantee a good service for the whole system. The heterogeneity and dynamicity of this field make it difficult to ensure trust in IoT. We propose a trust by design framework for including trust in the development of an IoT entity considering all the phases of the life-cycle. It is composed of the K-Model and transversal activities.
Roman, Rodrigo; Lopez, Javier; Mambo, Masahiro
Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges Journal Article
In: Future Generation Computer Systems, vol. 78, pp. 680-698, 2018, ISSN: 0167-739X.
@article{RomanFog16,
title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges},
author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo},
url = {/wp-content/papers/RomanFog16.pdf
https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ},
doi = {10.1016/j.future.2016.11.009},
issn = {0167-739X},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Future Generation Computer Systems},
volume = {78},
pages = {680-698},
publisher = {Elsevier},
abstract = {For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.
Rios, Ruben; Fernandez-Gago, Carmen; Lopez, Javier
Modelling Privacy-Aware Trust Negotiations Journal Article
In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
@article{Ruben2017trust,
title = {Modelling Privacy-Aware Trust Negotiations},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Ruben2017trust.pdf},
doi = {10.1016/j.cose.2017.09.015},
issn = {0167-4048},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Computers \& Security},
volume = {77},
pages = {773-789},
publisher = {Elsevier},
abstract = {Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.
Alcaraz, Cristina
Resilient Industrial Control Systems based on Multiple Redundancy Journal Article
In: International Journal of Critical Infrastructures (IJCIS), vol. 13, no. 2/3, pp. 278 - 295, 2017, ISSN: 1741-8038.
@article{Alcaraz:2017:IJCIS,
title = {Resilient Industrial Control Systems based on Multiple Redundancy},
author = {Cristina Alcaraz},
doi = {10.1504/IJCIS.2017.10009287},
issn = {1741-8038},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {International Journal of Critical Infrastructures (IJCIS)},
volume = {13},
number = {2/3},
pages = {278 - 295},
publisher = {Inderscience Publisher},
address = {London, UK},
abstract = {The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.
Alcaraz, Cristina; Lopez, Javier; Choo, Kim-Kwang Raymond
Resilient Interconnection in Cyber-Physical Control Systems Journal Article
In: Computers & Security, vol. 71, pp. 2-14, 2017, ISSN: 0167-4048.
@article{Alcaraz2017COSE,
title = {Resilient Interconnection in Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/Alcaraz2017COSE.pdf
http://www.sciencedirect.com/science/article/pii/S0167404817300573},
doi = {10.1016/j.cose.2017.03.004},
issn = {0167-4048},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {Computers \& Security},
volume = {71},
pages = {2-14},
publisher = {Elsevier},
abstract = {Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems Proceedings Article
In: The 11th International Conference on Critical Information Infrastructures Security, pp. 176-188, 2017.
@inproceedings{1600,
title = {Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1600.pdf},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {The 11th International Conference on Critical Information Infrastructures Security},
volume = {10242},
pages = {176-188},
abstract = {The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.
Rios, Ruben; Lopez, Javier
Evolución y nuevos desafios de privacidad en la Internet de las Cosas Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 209-213, Mahón, Menorca, Islas Baleares, 2016.
@inproceedings{Rios2016a,
title = {Evoluci\'{o}n y nuevos desafios de privacidad en la Internet de las Cosas},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2016a.pdf},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {209-213},
address = {Mah\'{o}n, Menorca, Islas Baleares},
abstract = {La Internet de las Cosas (en ingl\'{e}s, emphInternet of Things (IoT)) es una evoluci\'{o}n de la Internet tal y como lo conocemos. Esta nueva versi\'{o}n de Internet incorpora objetos de la vida cotidiana, rompiendo as\'{i} barrera de los digital y extendi\'{e}ndose al mundo f\'{i}sico. Estos objetos interactuar\'{a}n entre s\'{i} y con otras entidades tanto de manera local como remota, y estar\'{a}n dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traer\'{a} consigo un sinf\'{i}n de posibilidades y nuevos servicios, pero tambi\'{e}n dar\'{a} lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este art\'{i}culo, estudiamos los problemas de privacidad actuales de una de las tecnolog\'{i}as claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La Internet de las Cosas (en inglés, emphInternet of Things (IoT)) es una evolución de la Internet tal y como lo conocemos. Esta nueva versión de Internet incorpora objetos de la vida cotidiana, rompiendo así barrera de los digital y extendiéndose al mundo físico. Estos objetos interactuarán entre sí y con otras entidades tanto de manera local como remota, y estarán dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traerá consigo un sinfín de posibilidades y nuevos servicios, pero también dará lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este artículo, estudiamos los problemas de privacidad actuales de una de las tecnologías claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.
Rios, Ruben; Fernandez-Gago, Carmen; Lopez, Javier
Privacy-Aware Trust Negotiation Proceedings Article
In: 12th International Workshop on Security and Trust Management (STM), pp. 98-105, Springer Springer, Heraklion, Crete, Greece, 2016, ISSN: 0302-9743.
@inproceedings{rios2016b,
title = {Privacy-Aware Trust Negotiation},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/rios2016b.pdf
http://link.springer.com/chapter/10.1007/978-3-319-46598-2_7, },
doi = {10.1007/978-3-319-46598-2 7},
issn = {0302-9743},
year = {2016},
date = {2016-09-01},
urldate = {2016-09-01},
booktitle = {12th International Workshop on Security and Trust Management (STM)},
volume = {LNCS 9871},
pages = {98-105},
publisher = {Springer},
address = {Heraklion, Crete, Greece},
organization = {Springer},
abstract = {Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.
Nuñez, David; Fernandez-Gago, Carmen; Luna, Jesús
Eliciting Metrics for Accountability of Cloud Systems Journal Article
In: Computers & Security, vol. 62, pp. 149-164, 2016, ISSN: 0167-4048.
@article{nunez2016eliciting,
title = {Eliciting Metrics for Accountability of Cloud Systems},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Jes\'{u}s Luna},
url = {/wp-content/papers/nunez2016eliciting.pdf},
doi = {10.1016/j.cose.2016.07.003},
issn = {0167-4048},
year = {2016},
date = {2016-08-01},
urldate = {2016-08-01},
journal = {Computers \& Security},
volume = {62},
pages = {149-164},
publisher = {Elsevier},
abstract = {Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.
Alcaraz, Cristina; Lopez, Javier; Choo, Kim-Kwang Raymond
Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems Proceedings Article
In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, Lisboa, 2016, ISBN: 978-989-758-196-0.
@inproceedings{1585,
title = {Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/1585.pdf},
doi = {10.5220/0005942000190027},
isbn = {978-989-758-196-0},
year = {2016},
date = {2016-00-01},
urldate = {2016-00-01},
booktitle = {Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016)},
pages = {19-27},
address = {Lisboa},
abstract = {Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).
Agudo, Isaac; Montenegro-Gómez, Manuel
Desarrollo de un semáforo inteligente basado en comunicaciones seguras Proceedings Article
In: XIV Jornadas de Ingeniería Telemática (JITEL 2019), 2019.
@inproceedings{1985,
title = {Desarrollo de un sem\'{a}foro inteligente basado en comunicaciones seguras},
author = {Isaac Agudo and Manuel Montenegro-G\'{o}mez},
url = {/wp-content/papers/1985.pdf},
year = {2019},
date = {2019-10-01},
urldate = {2019-10-01},
booktitle = {XIV Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2019)},
abstract = {En los nuevos paradigmas de movilidad surgidos durante los \'{u}ltimos a\~{n}os y en aquellos a\'{u}n por llegar ha quedado patente la necesidad de modernizar la infraestructura viaria y los elementos de se\~{n}alizaci\'{o}n y gesti\'{o}n del tr\'{a}fico. En el presente trabajo se presenta una propuesta para esta nueva generaci\'{o}n de dispositivos de gesti\'{o}n del tr\'{a}fico: un prototipo de sem\'{a}foro inteligente conectado que implementa diversas medidas de seguridad. Adem\'{a}s de las tradicionales se\~{n}ales luminosas, los usuarios de la v\'{i}a pueden conocer a trav\'{e}s de sus dispositivos el estado del sem\'{a}foro, adem\'{a}s de otra informaci\'{o}n complementaria a trav\'{e}s de la difusi\'{o}n de mensajes BLE firmados con criptograf\'{i}a de curva el\'{i}ptica. A su vez, el sem\'{a}foro puede ser gestionado remotamente a trav\'{e}s de la tecnolog\'{i}a LTE Cat M1 protegida por TLS. Esto abre la puerta, entre otros, a facilitar el tr\'{a}nsito de los veh\'{i}culos de emergencia cuando estos se acercan a un cruce o modificar el tiempo de los estados del ciclo en funci\'{o}n de las necesidades del tr\'{a}fico.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En los nuevos paradigmas de movilidad surgidos durante los últimos años y en aquellos aún por llegar ha quedado patente la necesidad de modernizar la infraestructura viaria y los elementos de señalización y gestión del tráfico. En el presente trabajo se presenta una propuesta para esta nueva generación de dispositivos de gestión del tráfico: un prototipo de semáforo inteligente conectado que implementa diversas medidas de seguridad. Además de las tradicionales señales luminosas, los usuarios de la vía pueden conocer a través de sus dispositivos el estado del semáforo, además de otra información complementaria a través de la difusión de mensajes BLE firmados con criptografía de curva elíptica. A su vez, el semáforo puede ser gestionado remotamente a través de la tecnología LTE Cat M1 protegida por TLS. Esto abre la puerta, entre otros, a facilitar el tránsito de los vehículos de emergencia cuando estos se acercan a un cruce o modificar el tiempo de los estados del ciclo en función de las necesidades del tráfico.
Egorov, Michael; Wilkison, MacLane; Nuñez, David
NuCypher KMS: Decentralized key management system Proceedings Article
In: Blockchain Protocol Analysis and Security Engineering 2018, 2018.
@inproceedings{egorov2018nucypher,
title = {NuCypher KMS: Decentralized key management system},
author = {Michael Egorov and MacLane Wilkison and David Nu\~{n}ez},
year = {2018},
date = {2018-01-01},
booktitle = {Blockchain Protocol Analysis and Security Engineering 2018},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nieto, Ana; Rios, Ruben; Lopez, Javier
Privacy-Aware Digital Forensics Book Section
In: Security and Privacy for Big Data, Cloud Computing and Applications, The Institution of Engineering and Technology (IET), United Kingdom, 2019, ISBN: 978-1-78561-747-8.
@incollection{1777,
title = {Privacy-Aware Digital Forensics},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1777.pdf
https://www.amazon.es/Security-Privacy-Computing-Applications-Networks/dp/1785617478},
isbn = {978-1-78561-747-8},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
booktitle = {Security and Privacy for Big Data, Cloud Computing and Applications},
publisher = {The Institution of Engineering and Technology (IET)},
address = {United Kingdom},
edition = {Lizhe Wang, Wei Ren, Raymoond Choo and Fatos Xhafa},
organization = {The Institution of Engineering and Technology (IET)},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Nieto, Ana; Rios, Ruben
Cybersecurity Profiles based on Human-Centric IoT Devices Journal Article
In: Human-centric Computing and Information Sciences, vol. 9, no. 1, pp. 1-23, 2019, ISSN: 2192-1962.
@article{HFNR2019,
title = {Cybersecurity Profiles based on Human-Centric IoT Devices},
author = {Ana Nieto and Ruben Rios},
url = {/wp-content/papers/HFNR2019.pdf},
doi = {10.1186/s13673-019-0200-y},
issn = {2192-1962},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
journal = {Human-centric Computing and Information Sciences},
volume = {9},
number = {1},
pages = {1-23},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Acien, Antonio; Nieto, Ana; Fernandez, Gerardo; Lopez, Javier
Definición de procedimientos para fabricar honeypots IoT basados en criterios de búsqueda Proceedings Article
In: XV Reunión Española sobre Criptología y Seguridad de la Información, Granada (España), 2018, ISBN: 978-84-09-02463-6.
@inproceedings{1706,
title = {Definici\'{o}n de procedimientos para fabricar honeypots IoT basados en criterios de b\'{u}squeda},
author = {Antonio Acien and Ana Nieto and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/1706.pdf},
isbn = {978-84-09-02463-6},
year = {2018},
date = {2018-10-01},
urldate = {2018-10-01},
booktitle = {XV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
address = {Granada (Espa\~{n}a)},
abstract = {Con la revoluci\'{o}n tecnol\'{o}gica que ha supuesto la Internet de las Cosas (Internet of Things, IoT) se han presentado escenarios donde la preocupaci\'{o}n por la seguridad en dicho entorno es cada vez m\'{a}s relevante. Est\'{a}n comenzando a surgir vulnerabilidades en varios dispositivos, y los sistemas trampa son una excelente manera de lidiar con este problema. En este trabajo se analizan soluciones para honeypots en el entorno IoT (y en otros que se puedan adaptar) para sentar las bases de una metodolog\'{i}a que permita el despliegue de honeypots IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Con la revolución tecnológica que ha supuesto la Internet de las Cosas (Internet of Things, IoT) se han presentado escenarios donde la preocupación por la seguridad en dicho entorno es cada vez más relevante. Están comenzando a surgir vulnerabilidades en varios dispositivos, y los sistemas trampa son una excelente manera de lidiar con este problema. En este trabajo se analizan soluciones para honeypots en el entorno IoT (y en otros que se puedan adaptar) para sentar las bases de una metodología que permita el despliegue de honeypots IoT.
Nieto, Ana; Acien, Antonio; Fernandez, Gerardo
Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation Journal Article
In: Mobile Networks and Applications (MONET), pp. 881-889, 2018, ISSN: 1383-469X.
@article{NAFMONET2018,
title = {Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation},
author = {Ana Nieto and Antonio Acien and Gerardo Fernandez},
url = {/wp-content/papers/NAFMONET2018.pdf},
doi = {10.1007/s11036-018-1146-4},
issn = {1383-469X},
year = {2018},
date = {2018-10-01},
urldate = {2018-10-01},
journal = {Mobile Networks and Applications (MONET)},
pages = {881-889},
publisher = {Springer US},
abstract = {underlineCrowdsourcing can be a powerful weapon against underlinecyberattacks in underline5G networks. In this paper we analyse this idea in detail, starting from the use cases in underlinecrowdsourcing focused on security, and highlighting those areas of a underline5G ecosystem where underlinecrowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and underlinecybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of underlineIoT objects coexist. The analysis is made considering the different participants in a underline5G underlineIoT ecosystem.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
underlineCrowdsourcing can be a powerful weapon against underlinecyberattacks in underline5G networks. In this paper we analyse this idea in detail, starting from the use cases in underlinecrowdsourcing focused on security, and highlighting those areas of a underline5G ecosystem where underlinecrowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and underlinecybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of underlineIoT objects coexist. The analysis is made considering the different participants in a underline5G underlineIoT ecosystem.
Acien, Antonio; Nieto, Ana; Fernandez, Gerardo; Lopez, Javier
A comprehensive methodology for deploying IoT honeypots Proceedings Article
In: 15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018), pp. 229–243, Springer Nature Switzerland AG Springer Nature Switzerland AG, Regensburg (Germany), 2018.
@inproceedings{1701,
title = {A comprehensive methodology for deploying IoT honeypots},
author = {Antonio Acien and Ana Nieto and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/1701.pdf},
doi = {10.1007/978-3-319-98385-1_16},
year = {2018},
date = {2018-09-01},
urldate = {2018-09-01},
booktitle = {15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018)},
volume = {LNCS 11033},
pages = {229\textendash243},
publisher = {Springer Nature Switzerland AG},
address = {Regensburg (Germany)},
organization = {Springer Nature Switzerland AG},
abstract = {Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.
Acien, Antonio; Nieto, Ana; Lopez, Javier
Analyzing cross-platform attacks: towards a three-actor approach Proceedings Article
In: The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), pp. 536-543, 2018, ISBN: 978-1-5386-7518-2.
@inproceedings{1709,
title = {Analyzing cross-platform attacks: towards a three-actor approach},
author = {Antonio Acien and Ana Nieto and Javier Lopez},
url = {/wp-content/papers/1709.pdf},
doi = {10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00102},
isbn = {978-1-5386-7518-2},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018)},
pages = {536-543},
abstract = {In the current telecommunications landscape, different devices, systems and platforms are constantly communicating with each other. This heterogeneous environment creates the perfect situation for attacks to pass from one platform to another. This is a particularly worrying scenario, because of the new technologies being used (such as network slicing in 5G), the increasing importance of connected devices in our lives (IoT), and the unpredictable consequences that an attack of this type could have. The current approaches in attack analysis do not take into account these sitations, and the attacker/victim paradigm usually followed may fall short when dealing with these attacks. Thus, in this paper, an architecture for the analysis of cross-platform attacks will be presented, aiming to help understand better this kind of threats and offering solutions to mitigate and track them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In the current telecommunications landscape, different devices, systems and platforms are constantly communicating with each other. This heterogeneous environment creates the perfect situation for attacks to pass from one platform to another. This is a particularly worrying scenario, because of the new technologies being used (such as network slicing in 5G), the increasing importance of connected devices in our lives (IoT), and the unpredictable consequences that an attack of this type could have. The current approaches in attack analysis do not take into account these sitations, and the attacker/victim paradigm usually followed may fall short when dealing with these attacks. Thus, in this paper, an architecture for the analysis of cross-platform attacks will be presented, aiming to help understand better this kind of threats and offering solutions to mitigate and track them.
Nieto, Ana; Acien, Antonio; Lopez, Javier
Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory Proceedings Article
In: The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), pp. 520-527, IEEE IEEE, Athens, Greece, 2018, ISBN: 978-1-5386-7518-2.
@inproceedings{CRAT2018,
title = {Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory},
author = {Ana Nieto and Antonio Acien and Javier Lopez},
url = {/wp-content/papers/CRAT2018.pdf
https://ieeexplore.ieee.org/document/8511943, },
doi = {10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00100},
isbn = {978-1-5386-7518-2},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018)},
pages = {520-527},
publisher = {IEEE},
address = {Athens, Greece},
organization = {IEEE},
abstract = {The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.
Nieto, Ana
An Overview of Proactive Forensic Solutions and its Applicability to 5G Proceedings Article
In: IEEE 5G World Forum (5GWF), pp. 191-196, IEEE, Santa Clara (USA), 2018, ISBN: 978-1-5386-4982-4.
@inproceedings{Nieto5GWF,
title = {An Overview of Proactive Forensic Solutions and its Applicability to 5G},
author = {Ana Nieto},
url = {/wp-content/papers/Nieto5GWF.pdf},
doi = {10.1109/5GWF.2018.8516940},
isbn = {978-1-5386-4982-4},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
booktitle = {IEEE 5G World Forum (5GWF)},
pages = {191-196},
publisher = {IEEE},
address = {Santa Clara (USA)},
abstract = {This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G.
Roman, Rodrigo; Lopez, Javier; Gritzalis, Stefanos
Evolution and Trends in the Security of the Internet of Things Journal Article
In: IEEE Computer, vol. 51, pp. 16-25, 2018, ISSN: 0018-9162.
@article{RomanIoT18,
title = {Evolution and Trends in the Security of the Internet of Things},
author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},
url = {/wp-content/papers/RomanIoT18.pdf
https://ieeexplore.ieee.org/document/8423133/},
doi = {10.1109/MC.2018.3011051},
issn = {0018-9162},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
journal = {IEEE Computer},
volume = {51},
pages = {16-25},
publisher = {IEEE Computer Society},
address = {New Jersey, USA},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Acien, Antonio; Nieto, Ana; Lopez, Javier
Modelo para la clasificación y análisis de ataques Cross-Platform Proceedings Article
In: IV Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2018), Servicio Editorial de Mondragon Unibertsitatea Servicio Editorial de Mondragon Unibertsitatea, Donostia-San Sebastián (España), 2018, ISBN: 978-84-09-02697-5.
@inproceedings{1699,
title = {Modelo para la clasificaci\'{o}n y an\'{a}lisis de ataques Cross-Platform},
author = {Antonio Acien and Ana Nieto and Javier Lopez},
url = {/wp-content/papers/1699.pdf
http://2018.jnic.es/assets/Actas_JNIC2018.pdf},
isbn = {978-84-09-02697-5},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
booktitle = {IV Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2018)},
publisher = {Servicio Editorial de Mondragon Unibertsitatea},
address = {Donostia-San Sebasti\'{a}n (Espa\~{n}a)},
organization = {Servicio Editorial de Mondragon Unibertsitatea},
abstract = {Los ataques cross-platform suponen un serio desaf\'{i}o para los mecanismos de seguridad cuando los portadores de un ataque dirigido no son conscientes de su participacion en el mismo. Es por ello que, con dispositivos y tecnolog\'{i}as cada vez mas entrelazadas, en constante comunicaci\'{o}n, numerosos ataques pasan desapercibidos hasta que alcanzan su objetivo final. Estos nuevos escenarios hacen posible una v\'{i}a de transmision a tener en cuenta, y que se debe abordar cuanto antes, ya que sus consecuencias, especialmente en el panorama de telecomunicaciones actual, podr\'{i}an ser desoladoras. La rapida transmisi\'{o}n de estos ataques, y la dificultad que supone su prevencion, detecci\'{o}n y mitigaci\'{o}n antes de que se hagan efectivos, hacen que el problema sea particularmente preocupante. En este art\'{i}culo se presentar\'{a} una arquitectura para el analisis de los ataques cross-platform silenciosos, cuyo objetivo es ayudar a comprender mejor este tipo de amenazas y ofrecer soluciones que permitan mitigarlas y rastrearlas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los ataques cross-platform suponen un serio desafío para los mecanismos de seguridad cuando los portadores de un ataque dirigido no son conscientes de su participacion en el mismo. Es por ello que, con dispositivos y tecnologías cada vez mas entrelazadas, en constante comunicación, numerosos ataques pasan desapercibidos hasta que alcanzan su objetivo final. Estos nuevos escenarios hacen posible una vía de transmision a tener en cuenta, y que se debe abordar cuanto antes, ya que sus consecuencias, especialmente en el panorama de telecomunicaciones actual, podrían ser desoladoras. La rapida transmisión de estos ataques, y la dificultad que supone su prevencion, detección y mitigación antes de que se hagan efectivos, hacen que el problema sea particularmente preocupante. En este artículo se presentará una arquitectura para el analisis de los ataques cross-platform silenciosos, cuyo objetivo es ayudar a comprender mejor este tipo de amenazas y ofrecer soluciones que permitan mitigarlas y rastrearlas.
Nieto, Ana; Rios, Ruben; Lopez, Javier
IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations Journal Article
In: Sensors, vol. 18, no. 492, 2018, ISSN: 1424-8220.
@article{nrlSensors2018,
title = {IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/nrlSensors2018.pdf
http://www.mdpi.com/1424-8220/18/2/492},
doi = {10.3390/s18020492},
issn = {1424-8220},
year = {2018},
date = {2018-02-01},
urldate = {2018-02-01},
journal = {Sensors},
volume = {18},
number = {492},
publisher = {MDPI},
abstract = {IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.
Nieto, Ana; Rios, Ruben; Lopez, Javier
Digital Witness and Privacy in IoT: Anonymous Witnessing Approach Proceedings Article
In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 642-649, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
@inproceedings{1654,
title = {Digital Witness and Privacy in IoT: Anonymous Witnessing Approach},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1654.pdf},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.295},
issn = {2324-9013},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)},
pages = {642-649},
publisher = {IEEE},
address = {Sydney (Australia)},
organization = {IEEE},
abstract = {The emphdigital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a emphDigital Chain of Custody to an authorised entity. As one of the cores of the digital witness, emphbinding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, emphdigital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The emphdigital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a emphDigital Chain of Custody to an authorised entity. As one of the cores of the digital witness, emphbinding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, emphdigital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.
Nieto, Ana; Rios, Ruben; Lopez, Javier
A Methodology for Privacy-Aware IoT-Forensics Proceedings Article
In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 626-633, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
@inproceedings{1652,
title = {A Methodology for Privacy-Aware IoT-Forensics},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1652.pdf},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.293},
issn = {2324-9013},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)},
pages = {626-633},
publisher = {IEEE},
address = {Sydney (Australia)},
organization = {IEEE},
abstract = {The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.
Fernandez, Gerardo; Nieto, Ana; Lopez, Javier
Modeling Malware-driven Honeypots Proceedings Article
In: 14th International Conference On Trust, Privacy & Security In Digital Business (TrustBus 2017), pp. 130-144, Springer International Publishing Springer International Publishing, Lyon (France), 2017, ISBN: 978-3-319-64482-0.
@inproceedings{1656,
title = {Modeling Malware-driven Honeypots},
author = {Gerardo Fernandez and Ana Nieto and Javier Lopez},
url = {/wp-content/papers/1656.pdf
https://link.springer.com/chapter/10.1007/978-3-319-64483-7_9, },
doi = {10.1007/978-3-319-64483-7_9},
isbn = {978-3-319-64482-0},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {14th International Conference On Trust, Privacy \& Security In Digital Business (TrustBus 2017)},
volume = {10442},
pages = {130-144},
publisher = {Springer International Publishing},
address = {Lyon (France)},
organization = {Springer International Publishing},
abstract = {In this paper we propose the Hogney architecture for the deployment of emphmalware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant emphintelligence information on current threats. Thus, the Hogney architecture takes advantage of recent emphIndicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we propose the Hogney architecture for the deployment of emphmalware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant emphintelligence information on current threats. Thus, the Hogney architecture takes advantage of recent emphIndicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.
Nieto, Ana; Rios, Ruben; Lopez, Javier
PRoFIT: modelo forense-IoT con integración de requisitos de privacidad Proceedings Article
In: XIII Jornadas de Ingeniería Telemática (JITEL 2017), pp. 302-309, Editorial Universitat Politècnica de València Editorial Universitat Politècnica de València, Valencia, 2017, ISBN: 978-84-9048-595-8.
@inproceedings{1655,
title = {PRoFIT: modelo forense-IoT con integraci\'{o}n de requisitos de privacidad},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1655.pdf
http://jlloret.webs.upv.es/jitel2017/files/ACTASJITEL2017.pdf},
doi = {10.4995/JITEL2017.2017.7061},
isbn = {978-84-9048-595-8},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {XIII Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2017)},
volume = {Libro de actas},
pages = {302-309},
publisher = {Editorial Universitat Polit\`{e}cnica de Val\`{e}ncia},
address = {Valencia},
organization = {Editorial Universitat Polit\`{e}cnica de Val\`{e}ncia},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nieto, Ana; Rios, Ruben
Requisitos y soluciones de privacidad para la testificación digital Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), pp. 51-58, Servicio de Publicaciones de la URJC Servicio de Publicaciones de la URJC, Madrid (Spain), 2017, ISBN: 978-84-608-4659-8.
@inproceedings{1648,
title = {Requisitos y soluciones de privacidad para la testificaci\'{o}n digital},
author = {Ana Nieto and Ruben Rios},
url = {/wp-content/papers/1648.pdf
https://eciencia.urjc.es/handle/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
volume = {Actas del JNIC 2017},
pages = {51-58},
publisher = {Servicio de Publicaciones de la URJC},
address = {Madrid (Spain)},
organization = {Servicio de Publicaciones de la URJC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Testificación Digital Journal Article
In: Revista SIC, vol. 122, pp. 94-98, 2016, ISSN: 1136-0623.
@article{nrlSIC16,
title = {Testificaci\'{o}n Digital},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/nrlSIC16.pdf
https://revistasic.es/index.php?option=com_content\&view=article\&id=1713\&Itemid=1498},
issn = {1136-0623},
year = {2016},
date = {2016-11-01},
urldate = {2016-11-01},
journal = {Revista SIC},
volume = {122},
pages = {94-98},
publisher = {Ediciones CODA},
abstract = {El creciente n\'{u}mero de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos \textendashmuchos de ellos propietarios\textendash y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse c\'{o}mo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se est\'{a} desarrollando una soluci\'{o}n, el Testigo Digital, que permitir\'{a} a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegi\'{e}ndonos de los ciberataques emergentes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
El creciente número de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos –muchos de ellos propietarios– y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse cómo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se está desarrollando una solución, el Testigo Digital, que permitirá a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegiéndonos de los ciberataques emergentes.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Arquitectura funcional para la cadena de custodia digital en objetos de la IoT Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 2016, ISBN: 978-84-608-9470-4.
@inproceedings{1582,
title = {Arquitectura funcional para la cadena de custodia digital en objetos de la IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1582.pdf},
isbn = {978-84-608-9470-4},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {168-173},
abstract = {En la Internet de los Objetos (IoT, por sus siglas en ingl\'{e}s), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayud\'{a}ndose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboraci\'{o}n de \'{e}stos para denunciar posibles abusos telem\'{a}ticos a\'{u}n est\'{a} por definir. Los testigos digitales son dispositivos concebidos para definir la participaci\'{o}n de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este art\'{i}culo proponemos una arquitectura funcional para la implementaci\'{o}n del concepto de testigo digital en dispositivos heterog\'{e}neos de la IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En la Internet de los Objetos (IoT, por sus siglas en inglés), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayudándose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboración de éstos para denunciar posibles abusos telemáticos aún está por definir. Los testigos digitales son dispositivos concebidos para definir la participación de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este artículo proponemos una arquitectura funcional para la implementación del concepto de testigo digital en dispositivos heterogéneos de la IoT.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Digital Witness: Digital Evidence Management Framework for the Internet of Things Journal Article
In: ERCIM News, no. 106, pp. 9-9, 2016, ISSN: 0926-4981.
@article{ercim-nrl16,
title = {Digital Witness: Digital Evidence Management Framework for the Internet of Things},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {http://ercim-news.ercim.eu/images/stories/EN106/EN106-web.pdf},
issn = {0926-4981},
year = {2016},
date = {2016-07-01},
urldate = {2016-07-01},
journal = {ERCIM News},
number = {106},
pages = {9-9},
publisher = {ERCIM EEIG},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT Proceedings Article
In: II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 2016, ISBN: 978-84-608-8070-7.
@inproceedings{1578,
title = {Testigo digital: delegaci\'{o}n vinculante de evidencias electr\'{o}nicas para escenarios IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1578.pdf
http://ucys.ugr.es/jnic2016/docs/ActasJNIC2016.pdf, },
isbn = {978-84-608-8070-7},
year = {2016},
date = {2016-06-01},
urldate = {2016-06-01},
booktitle = {II Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2016)},
pages = {109-116},
abstract = {En un mundo en el que los usuarios dependen cada vez m\'{a}s de sus dispositivos, \'{e}stos almacenan gran cantidad de datos y son una fuente muy valiosa de informaci\'{o}n sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, caracter\'{i}sticas propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este art\'{i}culo definimos el concepto de testigo digital: funcionalidad que permitir\'{a} a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, ampar\'{a}ndose en la colaboraci\'{o}n de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de \'{e}stas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices Journal Article
In: IEEE Network, pp. 12-19, 2016, ISSN: 0890-8044.
@article{ieeenet16-nrl,
title = {Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/ieeenet16-nrl.pdf
http://ieeexplore.ieee.org/document/7764297/$#$full-text-section},
doi = {10.1109/MNET.2016.1600087NM},
issn = {0890-8044},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {IEEE Network},
pages = {12-19},
publisher = {IEEE Communications Society},
abstract = {Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.
Falta por incluir la publicación “2015 – Testigo digital: procedimientos y dispositivos para la gestión segura de evidencias electrónicas con credenciales vinculantes (A. Nieto; R. Roman; J. Lopez)“. Motivo: Al principio no se migraron las patentes ni otros tipos de publicaciones.
Sorry, no publications matched your criteria.
Rubio, Juan E.; Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Current Cyber-Defense Trends in Industrial Control Systems Journal Article
In: Computers & Security Journal, vol. 87, 2019, ISSN: 0167-4048.
@article{rub2019cose,
title = {Current Cyber-Defense Trends in Industrial Control Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/rub2019cose.pdf},
doi = {10.1016/j.cose.2019.06.015},
issn = {0167-4048},
year = {2019},
date = {2019-11-01},
urldate = {2019-11-01},
journal = {Computers \& Security Journal},
volume = {87},
publisher = {Elsevier},
abstract = {Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking APTs in Industrial Ecosystems: A Proof of Concept Journal Article
In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
@article{RubioSIJCS19,
title = {Tracking APTs in Industrial Ecosystems: A Proof of Concept},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioSIJCS19.pdf},
issn = {0167-4048},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {Journal of Computer Security},
volume = {27},
pages = {521-546},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alcaraz, Cristina; Lopez, Javier
A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability Journal Article
In: IEEE Systems Journal, vol. 12, pp. 3543-3554, 2018, ISSN: 1932-8184.
@article{alcarazlopez-IEEESystems-2017,
title = {A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcarazlopez-IEEESystems-2017.pdf
http://ieeexplore.ieee.org/document/8057984/},
doi = {10.1109/JSYST.2017.2740719},
issn = {1932-8184},
year = {2018},
date = {2018-12-01},
urldate = {2018-12-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {3543-3554},
publisher = {IEEE},
abstract = {The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.
Rubio, Juan E.; Roman, Rodrigo; Lopez, Javier
Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection Proceedings Article
In: The 12th International Conference on Critical Information Infrastructures Security, pp. 119-130, Springer Springer, 2018.
@inproceedings{1666,
title = {Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection},
author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1666.pdf},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {The 12th International Conference on Critical Information Infrastructures Security},
volume = {10707},
pages = {119-130},
publisher = {Springer},
organization = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rubio, Juan E.; Roman, Rodrigo; Alcaraz, Cristina; Zhang, Yan
Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics Proceedings Article
In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
@inproceedings{RubioRomanAlcarazZhang2018,
title = {Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics},
author = {Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang},
url = {/wp-content/papers/RubioRomanAlcarazZhang2018.pdf
https://link.springer.com/chapter/10.1007/978-3-319-99073-6_27, },
doi = {10.1007/978-3-319-99073-6_27},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
booktitle = {European Symposium on Research in Computer Security (ESORICS 2018)},
volume = {11098},
pages = {555-574},
publisher = {Springer},
address = {Barcelona, Spain},
organization = {Springer},
abstract = {Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.
Lopez, Javier; Rubio, Juan E.; Alcaraz, Cristina
A Resilient Architecture for the Smart Grid Journal Article
In: IEEE Transactions on Industrial Informatics, vol. 14, pp. 3745-3753, 2018, ISSN: 1551-3203.
@article{transactionInformaticsSG2018,
title = {A Resilient Architecture for the Smart Grid},
author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz},
url = {/wp-content/papers/transactionInformaticsSG2018.pdf},
doi = {10.1109/TII.2018.2826226},
issn = {1551-3203},
year = {2018},
date = {2018-08-01},
urldate = {2018-08-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {14},
pages = {3745-3753},
publisher = {IEEE},
abstract = {The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks Proceedings Article
In: 9th IFIP International Conference on New Technologies, Mobility & Security, 2018.
@inproceedings{1692,
title = {Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1692.pdf},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {9th IFIP International Conference on New Technologies, Mobility \& Security},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Lopez, Javier; Rubio, Juan E.
Access control for cyber-physical systems interconnected to the cloud Journal Article
In: Computer Networks, vol. 134, pp. 46 - 54, 2018, ISSN: 1389-1286.
@article{LOPEZ201846,
title = {Access control for cyber-physical systems interconnected to the cloud},
author = {Javier Lopez and Juan E. Rubio},
url = {/wp-content/papers/LOPEZ201846.pdf
http://www.sciencedirect.com/science/article/pii/S1389128618300501},
doi = {10.1016/j.comnet.2018.01.037},
issn = {1389-1286},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Computer Networks},
volume = {134},
pages = {46 - 54},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alcaraz, Cristina
Resilient Industrial Control Systems based on Multiple Redundancy Journal Article
In: International Journal of Critical Infrastructures (IJCIS), vol. 13, no. 2/3, pp. 278 - 295, 2017, ISSN: 1741-8038.
@article{Alcaraz:2017:IJCIS,
title = {Resilient Industrial Control Systems based on Multiple Redundancy},
author = {Cristina Alcaraz},
doi = {10.1504/IJCIS.2017.10009287},
issn = {1741-8038},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {International Journal of Critical Infrastructures (IJCIS)},
volume = {13},
number = {2/3},
pages = {278 - 295},
publisher = {Inderscience Publisher},
address = {London, UK},
abstract = {The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.
Alcaraz, Cristina; Lopez, Javier; Choo, Kim-Kwang Raymond
Resilient Interconnection in Cyber-Physical Control Systems Journal Article
In: Computers & Security, vol. 71, pp. 2-14, 2017, ISSN: 0167-4048.
@article{Alcaraz2017COSE,
title = {Resilient Interconnection in Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/Alcaraz2017COSE.pdf
http://www.sciencedirect.com/science/article/pii/S0167404817300573},
doi = {10.1016/j.cose.2017.03.004},
issn = {0167-4048},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {Computers \& Security},
volume = {71},
pages = {2-14},
publisher = {Elsevier},
abstract = {Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.
Lopez, Javier; Alcaraz, Cristina; Rodriguez, Jesús; Roman, Rodrigo; Rubio, Juan E.
Protecting Industry 4.0 against Advanced Persistent Threats Journal Article
In: European CIIP Newsletter, vol. 11, no. 1, pp. 27-29, 2017.
@article{lopez2017ecn,
title = {Protecting Industry 4.0 against Advanced Persistent Threats},
author = {Javier Lopez and Cristina Alcaraz and Jes\'{u}s Rodriguez and Rodrigo Roman and Juan E. Rubio},
url = {/wp-content/papers/lopez2017ecn.pdf},
year = {2017},
date = {2017-03-01},
urldate = {2017-03-01},
journal = {European CIIP Newsletter},
volume = {11},
number = {1},
pages = {27-29},
publisher = {European CIIP Newsletter},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alcaraz, Cristina; Lopez, Javier; Wolthusen, Stephen
OCPP Protocol: Security Threats and Challenges Journal Article
In: IEEE Transactions on Smart Grid, vol. 8, pp. 2452 - 2459, 2017, ISSN: 1949-3053.
@article{AlcarazLopezWolthusen2017,
title = {OCPP Protocol: Security Threats and Challenges},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/AlcarazLopezWolthusen2017.pdf},
doi = {10.1109/TSG.2017.2669647},
issn = {1949-3053},
year = {2017},
date = {2017-02-01},
urldate = {2017-02-01},
journal = {IEEE Transactions on Smart Grid},
volume = {8},
pages = {2452 - 2459},
publisher = {IEEE},
abstract = {One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.
Rubio, Juan E.; Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Analysis of Intrusion Detection Systems in Industrial Ecosystems Proceedings Article
In: 14th International Conference on Security and Cryptography (SECRYPT 2017), pp. 116-128, SciTePress SciTePress, 2017, ISBN: 978-989-758-259-2.
@inproceedings{1662,
title = {Analysis of Intrusion Detection Systems in Industrial Ecosystems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1662.pdf},
doi = {10.5220/0006426301160128},
isbn = {978-989-758-259-2},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {14th International Conference on Security and Cryptography (SECRYPT 2017)},
volume = {6},
pages = {116-128},
publisher = {SciTePress},
organization = {SciTePress},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Rodriguez, Jesús; Roman, Rodrigo; Rubio, Juan E.
Estado y Evolución de la Detección de Intrusiones en los Sistemas Industriales Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), 2017.
@inproceedings{1653,
title = {Estado y Evoluci\'{o}n de la Detecci\'{o}n de Intrusiones en los Sistemas Industriales},
author = {Cristina Alcaraz and Jes\'{u}s Rodriguez and Rodrigo Roman and Juan E. Rubio},
url = {/wp-content/papers/1653.pdf},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
abstract = {Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomal\'{i}as e intrusiones. Es por tanto el objetivo de este art\'{i}culo analizar el estado y la evoluci\'{o}n, tanto acad\'{e}mica como industrial, de los mecanismos de detecci\'{o}n de intrusiones en este campo, as\'{i} como estudiar su aplicabilidad actual y futura.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomalías e intrusiones. Es por tanto el objetivo de este artículo analizar el estado y la evolución, tanto académica como industrial, de los mecanismos de detección de intrusiones en este campo, así como estudiar su aplicabilidad actual y futura.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Escrowed decryption protocols for lawful interception of encrypted data Journal Article
In: IET Information Security, vol. 13, pp. 498 – 507, 2019, ISSN: 1751-8709.
@article{nunez19,
title = {Escrowed decryption protocols for lawful interception of encrypted data},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez19.pdf},
doi = {10.1049/iet-ifs.2018.5082},
issn = {1751-8709},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
journal = {IET Information Security},
volume = {13},
pages = {498 \textendash 507},
publisher = {IET},
abstract = {Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called ‘custodians’; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.
Nieto, Ana
An Overview of Proactive Forensic Solutions and its Applicability to 5G Proceedings Article
In: IEEE 5G World Forum (5GWF), pp. 191-196, IEEE, Santa Clara (USA), 2018, ISBN: 978-1-5386-4982-4.
@inproceedings{Nieto5GWF,
title = {An Overview of Proactive Forensic Solutions and its Applicability to 5G},
author = {Ana Nieto},
url = {/wp-content/papers/Nieto5GWF.pdf},
doi = {10.1109/5GWF.2018.8516940},
isbn = {978-1-5386-4982-4},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
booktitle = {IEEE 5G World Forum (5GWF)},
pages = {191-196},
publisher = {IEEE},
address = {Santa Clara (USA)},
abstract = {This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G.
Kolar, Martin; Fernandez-Gago, Carmen; Lopez, Javier
Policy Languages and Their Suitability for Trust Negotiation Proceedings Article
In: 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018, pp. 69-84, Springer, Cham Springer, Cham, Bergamo, Italy, 2018, ISBN: 978-3-319-95728-9.
@inproceedings{kolar2018,
title = {Policy Languages and Their Suitability for Trust Negotiation},
author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/kolar2018.pdf
https://link.springer.com/chapter/10.1007/978-3-319-95729-6_5},
doi = {10.1007/978-3-319-95729-6_5},
isbn = {978-3-319-95728-9},
year = {2018},
date = {2018-07-01},
urldate = {2018-07-01},
booktitle = {32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018},
volume = {10980},
pages = {69-84},
publisher = {Springer, Cham},
address = {Bergamo, Italy},
organization = {Springer, Cham},
abstract = {Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other. Trust negotiation solves this problem by sequential exchanging credentials between entities, which have decided to establish a trust relationship in order to reach a common goal. Entities specify their own policies that handle a disclosure of confidential information to maintain their security and privacy. Policies are defined by means of a policy language. This paper aims to identify the most suitable policy language for trust negotiation. To do so, policy languages are analysed against a set of criteria for trust negotiation that are first established.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other. Trust negotiation solves this problem by sequential exchanging credentials between entities, which have decided to establish a trust relationship in order to reach a common goal. Entities specify their own policies that handle a disclosure of confidential information to maintain their security and privacy. Policies are defined by means of a policy language. This paper aims to identify the most suitable policy language for trust negotiation. To do so, policy languages are analysed against a set of criteria for trust negotiation that are first established.
Ferraris, Davide; Fernandez-Gago, Carmen; Lopez, Javier
A Trust-by-Design Framework for the Internet of Things Proceedings Article
In: 2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS), IEEE IEEE, Paris, 2018, ISSN: 2157-4960.
@inproceedings{1684,
title = {A Trust-by-Design Framework for the Internet of Things},
author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/1684.pdf
http://ieeexplore.ieee.org/document/8328674/},
doi = {10.1109/NTMS.2018.8328674},
issn = {2157-4960},
year = {2018},
date = {2018-04-01},
urldate = {2018-04-01},
booktitle = {2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS)},
publisher = {IEEE},
address = {Paris},
organization = {IEEE},
abstract = {The Internet of Things (IoT) is an environment of interconnected entities, that are identifiable, usable and controllable via the Internet. Trust is necessary in a system such as IoT as the entities involved should know the effect of interacting with other entities. Moreover, the entities must also be able to trust a system to reliably use it. An IoT system is composed of different entities from different vendors, each of them with a different purpose and a different lifecycle. So considering trust in the whole IoT system lifecycle is useful and necessary to guarantee a good service for the whole system. The heterogeneity and dynamicity of this field make it difficult to ensure trust in IoT. We propose a trust by design framework for including trust in the development of an IoT entity considering all the phases of the life-cycle. It is composed of the K-Model and transversal activities.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) is an environment of interconnected entities, that are identifiable, usable and controllable via the Internet. Trust is necessary in a system such as IoT as the entities involved should know the effect of interacting with other entities. Moreover, the entities must also be able to trust a system to reliably use it. An IoT system is composed of different entities from different vendors, each of them with a different purpose and a different lifecycle. So considering trust in the whole IoT system lifecycle is useful and necessary to guarantee a good service for the whole system. The heterogeneity and dynamicity of this field make it difficult to ensure trust in IoT. We propose a trust by design framework for including trust in the development of an IoT entity considering all the phases of the life-cycle. It is composed of the K-Model and transversal activities.
Wang, Xueou; Hou, Xiaolu; Rios, Ruben; Hallgren, Per; Tippenhauer, Nils Ole; Ochoa, Martin
Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies Proceedings Article
In: 23rd European Symposium on Research in Computer Security (ESORICS 2018), pp. 373-392, Springer Springer, Barcelona, 2018, ISBN: 978-3-319-98988-4.
@inproceedings{rios2018mob,
title = {Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies},
author = {Xueou Wang and Xiaolu Hou and Ruben Rios and Per Hallgren and Nils Ole Tippenhauer and Martin Ochoa},
url = {/wp-content/papers/rios2018mob.pdf},
doi = {10.1007/978-3-319-98989-1},
isbn = {978-3-319-98988-4},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {23rd European Symposium on Research in Computer Security (ESORICS 2018)},
volume = {11099},
pages = {373-392},
publisher = {Springer},
address = {Barcelona},
organization = {Springer},
series = {LNCS},
abstract = {Location privacy has mostly focused on scenarios where users remain static. However, investigating scenarios where the victims present a particular mobility pattern is more realistic. In this paper, we consider abstract attacks on services that provide location information on other users in the proximity. In that setting, we quantify the required effort of the attacker to localize a particular mobile victim. We prove upper and lower bounds for the effort of an optimal attacker. We experimentally show that a emphLinear Jump Strategy (LJS) practically achieves the upper bounds for almost uniform initial distributions of victims. To improve performance for less uniform distributions known to the attacker, we propose a emphGreedy Updating Attack Strategy (GUAS). Finally, we derive a realistic mobility model from a real-world dataset and discuss the performance of our strategies in that setting.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Location privacy has mostly focused on scenarios where users remain static. However, investigating scenarios where the victims present a particular mobility pattern is more realistic. In this paper, we consider abstract attacks on services that provide location information on other users in the proximity. In that setting, we quantify the required effort of the attacker to localize a particular mobile victim. We prove upper and lower bounds for the effort of an optimal attacker. We experimentally show that a emphLinear Jump Strategy (LJS) practically achieves the upper bounds for almost uniform initial distributions of victims. To improve performance for less uniform distributions known to the attacker, we propose a emphGreedy Updating Attack Strategy (GUAS). Finally, we derive a realistic mobility model from a real-world dataset and discuss the performance of our strategies in that setting.
Rios, Ruben; Fernandez-Gago, Carmen; Lopez, Javier
Modelling Privacy-Aware Trust Negotiations Journal Article
In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
@article{Ruben2017trust,
title = {Modelling Privacy-Aware Trust Negotiations},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Ruben2017trust.pdf},
doi = {10.1016/j.cose.2017.09.015},
issn = {0167-4048},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Computers \& Security},
volume = {77},
pages = {773-789},
publisher = {Elsevier},
abstract = {Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Preventing Advanced Persistent Threats in Complex Control Networks Proceedings Article
In: European Symposium on Research in Computer Security, pp. 402-418, 22nd European Symposium on Research in Computer Security (ESORICS 2017) 22nd European Symposium on Research in Computer Security (ESORICS 2017), 2017.
@inproceedings{RubioAlcarazLopez2017ESORICS,
title = {Preventing Advanced Persistent Threats in Complex Control Networks},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/RubioAlcarazLopez2017ESORICS.pdf},
year = {2017},
date = {2017-09-01},
urldate = {2017-09-01},
booktitle = {European Symposium on Research in Computer Security},
volume = {10493},
pages = {402-418},
publisher = {22nd European Symposium on Research in Computer Security (ESORICS 2017)},
organization = {22nd European Symposium on Research in Computer Security (ESORICS 2017)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Fernandez-Gago, Carmen; Moyano, Francisco; Lopez, Javier
Modelling Trust Dynamics in the Internet of Things Journal Article
In: Information Sciences, vol. 396, pp. 72-82, 2017, ISSN: 0020-0255.
@article{Fer_IS17,
title = {Modelling Trust Dynamics in the Internet of Things},
author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/Fer_IS17.pdf},
doi = {10.1016/j.ins.2017.02.039},
issn = {0020-0255},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
journal = {Information Sciences},
volume = {396},
pages = {72-82},
publisher = {Elsevier},
abstract = {The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.
Rios, Ruben; Fernandez-Gago, Carmen; Lopez, Javier
Privacy-Aware Trust Negotiation Proceedings Article
In: 12th International Workshop on Security and Trust Management (STM), pp. 98-105, Springer Springer, Heraklion, Crete, Greece, 2016, ISSN: 0302-9743.
@inproceedings{rios2016b,
title = {Privacy-Aware Trust Negotiation},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/rios2016b.pdf
http://link.springer.com/chapter/10.1007/978-3-319-46598-2_7, },
doi = {10.1007/978-3-319-46598-2 7},
issn = {0302-9743},
year = {2016},
date = {2016-09-01},
urldate = {2016-09-01},
booktitle = {12th International Workshop on Security and Trust Management (STM)},
volume = {LNCS 9871},
pages = {98-105},
publisher = {Springer},
address = {Heraklion, Crete, Greece},
organization = {Springer},
abstract = {Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.
Nuñez, David; Fernandez-Gago, Carmen; Luna, Jesús
Eliciting Metrics for Accountability of Cloud Systems Journal Article
In: Computers & Security, vol. 62, pp. 149-164, 2016, ISSN: 0167-4048.
@article{nunez2016eliciting,
title = {Eliciting Metrics for Accountability of Cloud Systems},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Jes\'{u}s Luna},
url = {/wp-content/papers/nunez2016eliciting.pdf},
doi = {10.1016/j.cose.2016.07.003},
issn = {0167-4048},
year = {2016},
date = {2016-08-01},
urldate = {2016-08-01},
journal = {Computers \& Security},
volume = {62},
pages = {149-164},
publisher = {Elsevier},
abstract = {Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Model-driven Approach for Engineering Trust and Reputation into Software Services Journal Article
In: Journal of Network and Computer Applications, vol. 69, pp. 134-151, 2016, ISSN: 1084-8045.
@article{JNCA16,
title = {A Model-driven Approach for Engineering Trust and Reputation into Software Services},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/JNCA16.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-04-01},
urldate = {2016-04-01},
journal = {Journal of Network and Computer Applications},
volume = {69},
pages = {134-151},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Cyber Stealth Attacks in Critical Information Infrastructures Journal Article
In: IEEE Systems Journal, vol. 12, pp. 1778-1792, 2018, ISSN: 1932-8184.
@article{cazorla2016cyber,
title = {Cyber Stealth Attacks in Critical Information Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2016cyber.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},
doi = {10.1109/JSYST.2015.2487684},
issn = {1932-8184},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {1778-1792},
publisher = {IEEE},
abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
Nieto, Ana; Nomikos, Nikolaos; Lopez, Javier; Skianis, Charalambos
Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data Journal Article
In: IEEE Systems Journal, vol. 11, no. 99, pp. 2479-2489, 2017, ISSN: 1932-8184.
@article{NietNLS15,
title = {Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data},
author = {Ana Nieto and Nikolaos Nomikos and Javier Lopez and Charalambos Skianis},
url = {/wp-content/papers/NietNLS15.pdf},
doi = {10.1109/JSYST.2015.2477782},
issn = {1932-8184},
year = {2017},
date = {2017-12-01},
urldate = {2017-12-01},
journal = {IEEE Systems Journal},
volume = {11},
number = {99},
pages = {2479-2489},
publisher = {IEEE},
abstract = {The growing number of parameters in heteroge- neous networks, as is the case of the emphfifth generation (5G) Green networks, greatly complicates the analysis of the emphSecurity and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The growing number of parameters in heteroge- neous networks, as is the case of the emphfifth generation (5G) Green networks, greatly complicates the analysis of the emphSecurity and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Preventing Advanced Persistent Threats in Complex Control Networks Proceedings Article
In: European Symposium on Research in Computer Security, pp. 402-418, 22nd European Symposium on Research in Computer Security (ESORICS 2017) 22nd European Symposium on Research in Computer Security (ESORICS 2017), 2017.
@inproceedings{RubioAlcarazLopez2017ESORICS,
title = {Preventing Advanced Persistent Threats in Complex Control Networks},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/RubioAlcarazLopez2017ESORICS.pdf},
year = {2017},
date = {2017-09-01},
urldate = {2017-09-01},
booktitle = {European Symposium on Research in Computer Security},
volume = {10493},
pages = {402-418},
publisher = {22nd European Symposium on Research in Computer Security (ESORICS 2017)},
organization = {22nd European Symposium on Research in Computer Security (ESORICS 2017)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nieto, Ana; Rios, Ruben; Lopez, Javier
Digital Witness and Privacy in IoT: Anonymous Witnessing Approach Proceedings Article
In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 642-649, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
@inproceedings{1654,
title = {Digital Witness and Privacy in IoT: Anonymous Witnessing Approach},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1654.pdf},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.295},
issn = {2324-9013},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)},
pages = {642-649},
publisher = {IEEE},
address = {Sydney (Australia)},
organization = {IEEE},
abstract = {The emphdigital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a emphDigital Chain of Custody to an authorised entity. As one of the cores of the digital witness, emphbinding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, emphdigital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The emphdigital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a emphDigital Chain of Custody to an authorised entity. As one of the cores of the digital witness, emphbinding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, emphdigital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.
Nieto, Ana; Rios, Ruben; Lopez, Javier
A Methodology for Privacy-Aware IoT-Forensics Proceedings Article
In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 626-633, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
@inproceedings{1652,
title = {A Methodology for Privacy-Aware IoT-Forensics},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1652.pdf},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.293},
issn = {2324-9013},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)},
pages = {626-633},
publisher = {IEEE},
address = {Sydney (Australia)},
organization = {IEEE},
abstract = {The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.
Fernandez, Gerardo; Nieto, Ana; Lopez, Javier
Modeling Malware-driven Honeypots Proceedings Article
In: 14th International Conference On Trust, Privacy & Security In Digital Business (TrustBus 2017), pp. 130-144, Springer International Publishing Springer International Publishing, Lyon (France), 2017, ISBN: 978-3-319-64482-0.
@inproceedings{1656,
title = {Modeling Malware-driven Honeypots},
author = {Gerardo Fernandez and Ana Nieto and Javier Lopez},
url = {/wp-content/papers/1656.pdf
https://link.springer.com/chapter/10.1007/978-3-319-64483-7_9, },
doi = {10.1007/978-3-319-64483-7_9},
isbn = {978-3-319-64482-0},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {14th International Conference On Trust, Privacy \& Security In Digital Business (TrustBus 2017)},
volume = {10442},
pages = {130-144},
publisher = {Springer International Publishing},
address = {Lyon (France)},
organization = {Springer International Publishing},
abstract = {In this paper we propose the Hogney architecture for the deployment of emphmalware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant emphintelligence information on current threats. Thus, the Hogney architecture takes advantage of recent emphIndicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we propose the Hogney architecture for the deployment of emphmalware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant emphintelligence information on current threats. Thus, the Hogney architecture takes advantage of recent emphIndicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.
Nuñez, David; Agudo, Isaac; Lopez, Javier
The fallout of key compromise in a proxy-mediated key agreement protocol Proceedings Article
In: 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’17), pp. 453-472, Springer Springer, Philadelphia, USA, 2017, ISBN: 978-3-319-61176-1.
@inproceedings{nunez2017fallout,
title = {The fallout of key compromise in a proxy-mediated key agreement protocol},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2017fallout.pdf},
doi = {10.1007/978-3-319-61176-1_25},
isbn = {978-3-319-61176-1},
year = {2017},
date = {2017-07-01},
urldate = {2017-07-01},
booktitle = {31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’17)},
volume = {LNCS 10359},
pages = {453-472},
publisher = {Springer},
address = {Philadelphia, USA},
organization = {Springer},
abstract = {In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.
Fernandez, Gerardo; Nieto, Ana
Configuración de honeypots adaptativos para análisis de malware Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), pp. 91-98, Servicio de Publicaciones de la URJC Servicio de Publicaciones de la URJC, Madrid (Spain), 2017, ISBN: 978-84-608-4659-8.
@inproceedings{1650,
title = {Configuraci\'{o}n de honeypots adaptativos para an\'{a}lisis de malware},
author = {Gerardo Fernandez and Ana Nieto},
url = {/wp-content/papers/1650.pdf
https://eciencia.urjc.es/handle/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
pages = {91-98},
publisher = {Servicio de Publicaciones de la URJC},
address = {Madrid (Spain)},
organization = {Servicio de Publicaciones de la URJC},
abstract = {Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados din\'{a}micamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aqu\'{i} dise\~{n}ados tomar\'{a}n como base informaci\'{o}n de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, as\'{i} como informaci\'{o}n de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento ser\'{a} empleado para configurar honeypots de manera din\'{a}mica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados dinámicamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aquí diseñados tomarán como base información de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, así como información de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento será empleado para configurar honeypots de manera dinámica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation Journal Article
In: Journal of Network and Computer Applications, vol. 87, pp. 193-209, 2017, ISSN: 1084-8045.
@article{nunez2017proxy,
title = {Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2017proxy.pdf},
doi = {10.1016/j.jnca.2017.03.005},
issn = {1084-8045},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
journal = {Journal of Network and Computer Applications},
volume = {87},
pages = {193-209},
publisher = {Elsevier},
abstract = {This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.
Rios, Ruben; Nuñez, David; Lopez, Javier
Query Privacy in Sensing-as-a-Service Platforms Proceedings Article
In: Vimercati, Sabrina De Capitani; Martinelli, Fabio (Ed.): 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), pp. 141–154, Springer Springer, Roma, Italy, 2017.
@inproceedings{Rios2017query,
title = {Query Privacy in Sensing-as-a-Service Platforms},
author = {Ruben Rios and David Nu\~{n}ez and Javier Lopez},
editor = {Sabrina De Capitani Vimercati and Fabio Martinelli},
url = {/wp-content/papers/Rios2017query.pdf},
doi = {10.1007/978-3-319-58469-0_10},
year = {2017},
date = {2017-05-01},
urldate = {2017-05-01},
booktitle = {32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017)},
volume = {502},
pages = {141\textendash154},
publisher = {Springer},
address = {Roma, Italy},
organization = {Springer},
series = {IFIP Advances in Information and Communication Technology (AICT)},
abstract = {The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S^2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S^2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S^2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S^2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.
Nieto, Ana; Rios, Ruben; Lopez, Javier
PRoFIT: modelo forense-IoT con integración de requisitos de privacidad Proceedings Article
In: XIII Jornadas de Ingeniería Telemática (JITEL 2017), pp. 302-309, Editorial Universitat Politècnica de València Editorial Universitat Politècnica de València, Valencia, 2017, ISBN: 978-84-9048-595-8.
@inproceedings{1655,
title = {PRoFIT: modelo forense-IoT con integraci\'{o}n de requisitos de privacidad},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1655.pdf
http://jlloret.webs.upv.es/jitel2017/files/ACTASJITEL2017.pdf},
doi = {10.4995/JITEL2017.2017.7061},
isbn = {978-84-9048-595-8},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {XIII Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2017)},
volume = {Libro de actas},
pages = {302-309},
publisher = {Editorial Universitat Polit\`{e}cnica de Val\`{e}ncia},
address = {Valencia},
organization = {Editorial Universitat Polit\`{e}cnica de Val\`{e}ncia},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nieto, Ana; Rios, Ruben
Requisitos y soluciones de privacidad para la testificación digital Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), pp. 51-58, Servicio de Publicaciones de la URJC Servicio de Publicaciones de la URJC, Madrid (Spain), 2017, ISBN: 978-84-608-4659-8.
@inproceedings{1648,
title = {Requisitos y soluciones de privacidad para la testificaci\'{o}n digital},
author = {Ana Nieto and Ruben Rios},
url = {/wp-content/papers/1648.pdf
https://eciencia.urjc.es/handle/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
volume = {Actas del JNIC 2017},
pages = {51-58},
publisher = {Servicio de Publicaciones de la URJC},
address = {Madrid (Spain)},
organization = {Servicio de Publicaciones de la URJC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems Proceedings Article
In: The 11th International Conference on Critical Information Infrastructures Security, pp. 176-188, 2017.
@inproceedings{1600,
title = {Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1600.pdf},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {The 11th International Conference on Critical Information Infrastructures Security},
volume = {10242},
pages = {176-188},
abstract = {The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.
Alcaraz, Cristina; Cazorla, Lorena; Lopez, Javier
Cyber-Physical Systems for Wide-Area Situational Awareness Book Section
In: Cyber-Physical Systems: Foundations, Principles and Applications, pp. 305 - 317, Academic Press, Boston, 2017, ISBN: 978-0-12-803801-7.
@incollection{1590,
title = {Cyber-Physical Systems for Wide-Area Situational Awareness},
author = {Cristina Alcaraz and Lorena Cazorla and Javier Lopez},
url = {/wp-content/papers/1590.pdf},
doi = {10.1016/B978-0-12-803801-7.00020-1},
isbn = {978-0-12-803801-7},
year = {2017},
date = {2017-00-01},
urldate = {2017-00-01},
booktitle = {Cyber-Physical Systems: Foundations, Principles and Applications},
pages = {305 - 317},
publisher = {Academic Press},
address = {Boston},
chapter = {20},
organization = {Academic Press},
series = {Intelligent Data-Centric Systems},
abstract = {Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Arquitectura funcional para la cadena de custodia digital en objetos de la IoT Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 2016, ISBN: 978-84-608-9470-4.
@inproceedings{1582,
title = {Arquitectura funcional para la cadena de custodia digital en objetos de la IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1582.pdf},
isbn = {978-84-608-9470-4},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {168-173},
abstract = {En la Internet de los Objetos (IoT, por sus siglas en ingl\'{e}s), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayud\'{a}ndose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboraci\'{o}n de \'{e}stos para denunciar posibles abusos telem\'{a}ticos a\'{u}n est\'{a} por definir. Los testigos digitales son dispositivos concebidos para definir la participaci\'{o}n de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este art\'{i}culo proponemos una arquitectura funcional para la implementaci\'{o}n del concepto de testigo digital en dispositivos heterog\'{e}neos de la IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En la Internet de los Objetos (IoT, por sus siglas en inglés), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayudándose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboración de éstos para denunciar posibles abusos telemáticos aún está por definir. Los testigos digitales son dispositivos concebidos para definir la participación de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este artículo proponemos una arquitectura funcional para la implementación del concepto de testigo digital en dispositivos heterogéneos de la IoT.
Rios, Ruben; Lopez, Javier
Evolución y nuevos desafios de privacidad en la Internet de las Cosas Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 209-213, Mahón, Menorca, Islas Baleares, 2016.
@inproceedings{Rios2016a,
title = {Evoluci\'{o}n y nuevos desafios de privacidad en la Internet de las Cosas},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2016a.pdf},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {209-213},
address = {Mah\'{o}n, Menorca, Islas Baleares},
abstract = {La Internet de las Cosas (en ingl\'{e}s, emphInternet of Things (IoT)) es una evoluci\'{o}n de la Internet tal y como lo conocemos. Esta nueva versi\'{o}n de Internet incorpora objetos de la vida cotidiana, rompiendo as\'{i} barrera de los digital y extendi\'{e}ndose al mundo f\'{i}sico. Estos objetos interactuar\'{a}n entre s\'{i} y con otras entidades tanto de manera local como remota, y estar\'{a}n dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traer\'{a} consigo un sinf\'{i}n de posibilidades y nuevos servicios, pero tambi\'{e}n dar\'{a} lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este art\'{i}culo, estudiamos los problemas de privacidad actuales de una de las tecnolog\'{i}as claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La Internet de las Cosas (en inglés, emphInternet of Things (IoT)) es una evolución de la Internet tal y como lo conocemos. Esta nueva versión de Internet incorpora objetos de la vida cotidiana, rompiendo así barrera de los digital y extendiéndose al mundo físico. Estos objetos interactuarán entre sí y con otras entidades tanto de manera local como remota, y estarán dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traerá consigo un sinfín de posibilidades y nuevos servicios, pero también dará lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este artículo, estudiamos los problemas de privacidad actuales de una de las tecnologías claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.
Nuñez, David; Agudo, Isaac; Lopez, Javier
On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption Journal Article
In: Security and Communication Networks, vol. 9, pp. 1769-1785, 2016, ISSN: 1939-0114.
@article{nunez2016application,
title = {On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2016application.pdf},
doi = {10.1002/sec.1434},
issn = {1939-0114},
year = {2016},
date = {2016-08-01},
urldate = {2016-08-01},
journal = {Security and Communication Networks},
volume = {9},
pages = {1769-1785},
publisher = {Wiley},
abstract = {Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki\textendashOkamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki\textendashOkamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki–Okamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki–Okamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT Proceedings Article
In: II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 2016, ISBN: 978-84-608-8070-7.
@inproceedings{1578,
title = {Testigo digital: delegaci\'{o}n vinculante de evidencias electr\'{o}nicas para escenarios IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1578.pdf
http://ucys.ugr.es/jnic2016/docs/ActasJNIC2016.pdf, },
isbn = {978-84-608-8070-7},
year = {2016},
date = {2016-06-01},
urldate = {2016-06-01},
booktitle = {II Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2016)},
pages = {109-116},
abstract = {En un mundo en el que los usuarios dependen cada vez m\'{a}s de sus dispositivos, \'{e}stos almacenan gran cantidad de datos y son una fuente muy valiosa de informaci\'{o}n sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, caracter\'{i}sticas propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este art\'{i}culo definimos el concepto de testigo digital: funcionalidad que permitir\'{a} a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, ampar\'{a}ndose en la colaboraci\'{o}n de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de \'{e}stas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.
Agudo, Isaac; Kaafarani, Ali El; Nuñez, David; Pearson, Siani
A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains Proceedings Article
In: 10th International IFIP Summer School on Privacy and Identity Management, pp. 187-204, 2016, ISBN: 978-3-319-41762-2.
@inproceedings{agudo2016technique,
title = {A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains},
author = {Isaac Agudo and Ali El Kaafarani and David Nu\~{n}ez and Siani Pearson},
url = {/wp-content/papers/agudo2016technique.pdf},
doi = {10.1007/978-3-319-41763-9_13},
isbn = {978-3-319-41762-2},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
booktitle = {10th International IFIP Summer School on Privacy and Identity Management},
pages = {187-204},
abstract = {Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.
Alcaraz, Cristina; Lopez, Javier; Choo, Kim-Kwang Raymond
Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems Proceedings Article
In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, Lisboa, 2016, ISBN: 978-989-758-196-0.
@inproceedings{1585,
title = {Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/1585.pdf},
doi = {10.5220/0005942000190027},
isbn = {978-989-758-196-0},
year = {2016},
date = {2016-00-01},
urldate = {2016-00-01},
booktitle = {Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016)},
pages = {19-27},
address = {Lisboa},
abstract = {Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).
Nieto, Ana; Lopez, Javier
Contextualising Heterogeneous Information in Unified Communications with Security Restrictions Journal Article
In: Computer Communications, vol. 68, pp. 33-46, 2015, ISSN: 0140-3664.
@article{NL-COMCOM15,
title = {Contextualising Heterogeneous Information in Unified Communications with Security Restrictions},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/NL-COMCOM15.pdf
http://www.sciencedirect.com/science/article/pii/S0140366415002534},
doi = {10.1016/j.comcom.2015.07.015},
issn = {0140-3664},
year = {2015},
date = {2015-09-01},
urldate = {2015-09-01},
journal = {Computer Communications},
volume = {68},
pages = {33-46},
publisher = {Elsevier},
abstract = {The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.
Moyano, Francisco; Fernandez-Gago, Carmen; Beckers, Kristian; Heisel, Maritta
Engineering Trust- and Reputation-based Security Controls for Future Internet Systems Proceedings Article
In: The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015), pp. 1344-1349, Salamanca, Spain, 2015, ISBN: 978-1-4503-3196-8.
@inproceedings{moyano15SAC,
title = {Engineering Trust- and Reputation-based Security Controls for Future Internet Systems},
author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel},
url = {/wp-content/papers/moyano15SAC.pdf},
doi = {10.1145/2695664.2695713},
isbn = {978-1-4503-3196-8},
year = {2015},
date = {2015-08-01},
urldate = {2015-08-01},
booktitle = {The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015)},
pages = {1344-1349},
address = {Salamanca, Spain},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nuñez, David; Agudo, Isaac; Lopez, Javier
A Parametric Family of Attack Models for Proxy Re-Encryption Proceedings Article
In: 28th IEEE Computer Security Foundations Symposium, pp. 290-301, IEEE Computer Society IEEE Computer Society, Verona, Italy, 2015, ISSN: 1063-6900.
@inproceedings{nunez2015parametric,
title = {A Parametric Family of Attack Models for Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2015parametric.pdf},
doi = {10.1109/CSF.2015.27},
issn = {1063-6900},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
booktitle = {28th IEEE Computer Security Foundations Symposium},
pages = {290-301},
publisher = {IEEE Computer Society},
address = {Verona, Italy},
organization = {IEEE Computer Society},
series = {CSF’15},
abstract = {Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ‘‘plain’’ IND-CPA to ‘‘full’’ IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ‘‘CCA1- secure’’ scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ‘‘plain’’ IND-CPA to ‘‘full’’ IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ‘‘CCA1- secure’’ scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.
Alcaraz, Cristina; Cazorla, Lorena; Fernandez, Gerardo
Context-Awareness using Anomaly-based Detectors for Smart Grid Domains Proceedings Article
In: 9th International Conference on Risks and Security of Internet and Systems, pp. 17-34, Springer International Publishing Springer International Publishing, Trento, 2015, ISBN: 978-3-319-17126-5.
@inproceedings{931,
title = {Context-Awareness using Anomaly-based Detectors for Smart Grid Domains},
author = {Cristina Alcaraz and Lorena Cazorla and Gerardo Fernandez},
url = {/wp-content/papers/931.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-17127-2_2$#$},
doi = {10.1007/978-3-319-17127-2_2},
isbn = {978-3-319-17126-5},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {9th International Conference on Risks and Security of Internet and Systems},
volume = {8924},
pages = {17-34},
publisher = {Springer International Publishing},
address = {Trento},
organization = {Springer International Publishing},
abstract = {Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.
Nuñez, David; Agudo, Isaac; Lopez, Javier
NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU Proceedings Article
In: 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), pp. 179-189, 2015, ISBN: 978-1-4503-3245-3.
@inproceedings{nunez2015ntrureencrypt,
title = {NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2015ntrureencrypt.pdf},
doi = {10.1145/2714576.2714585},
isbn = {978-1-4503-3245-3},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS)},
pages = {179-189},
abstract = {The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehl\'{e} and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Privacy-Preserving Identity Management as a Service Book Section
In: Felici, Massimo; Fernandez-Gago, Carmen (Ed.): Accountability and Security in the Cloud, vol. 8937, pp. 114-125, Springer International Publishing, 2015, ISBN: 978-3-319-17198-2.
@incollection{nunez15privacy,
title = {Privacy-Preserving Identity Management as a Service},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
editor = {Massimo Felici and Carmen Fernandez-Gago},
doi = {10.1007/978-3-319-17199-9_5},
isbn = {978-3-319-17198-2},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {Accountability and Security in the Cloud},
volume = {8937},
pages = {114-125},
publisher = {Springer International Publishing},
organization = {Springer International Publishing},
series = {Lecture Notes in Computer Science},
abstract = {In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Awareness and Reaction Strategies for Critical Infrastructure Protection Journal Article
In: Computers and Electrical Engineering, vol. 47, pp. 299-317, 2015, ISSN: 0045-7906.
@article{cazorla2015b,
title = {Awareness and Reaction Strategies for Critical Infrastructure Protection},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2015b.pdf},
doi = {10.1016/j.compeleceng.2015.08.010},
issn = {0045-7906},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers and Electrical Engineering},
volume = {47},
pages = {299-317},
publisher = {Elsevier},
abstract = {Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
A Three-Stage Analysis of IDS for Critical Infrastructures Journal Article
In: Computers & Security, vol. 55, no. November, pp. 235-250, 2015, ISSN: 0167-4048.
@article{lorena2015c,
title = {A Three-Stage Analysis of IDS for Critical Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/lorena2015c.pdf},
issn = {0167-4048},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers \& Security},
volume = {55},
number = {November},
pages = {235-250},
publisher = {Elsevier},
abstract = {The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Delegated Access for Hadoop Clusters in the Cloud Proceedings Article
In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2014), pp. 374-379, IEEE IEEE, Singapore, 2014, ISBN: 978-1-4799-4093-6.
@inproceedings{nunez2014delegated,
title = {Delegated Access for Hadoop Clusters in the Cloud},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2014delegated.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7037691},
doi = {10.1109/CloudCom.2014.50},
isbn = {978-1-4799-4093-6},
year = {2014},
date = {2014-12-01},
urldate = {2014-12-01},
booktitle = {IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2014)},
pages = {374-379},
publisher = {IEEE},
address = {Singapore},
organization = {IEEE},
abstract = {Among Big Data technologies, Hadoop stands out for its capacity to store and process large-scale datasets. However, although Hadoop was not designed with security in mind, it is widely used by plenty of organizations, some of which have strong data protection requirements. Traditional access control solutions are not enough, and cryptographic solutions must be put in place to protect sensitive information. In this paper, we describe a cryptographically-enforced access control system for Hadoop, based on proxy re-encryption. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated. Experimental results show that the overhead produced by our solution is manageable, which makes it suitable for some applications.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Among Big Data technologies, Hadoop stands out for its capacity to store and process large-scale datasets. However, although Hadoop was not designed with security in mind, it is widely used by plenty of organizations, some of which have strong data protection requirements. Traditional access control solutions are not enough, and cryptographic solutions must be put in place to protect sensitive information. In this paper, we describe a cryptographically-enforced access control system for Hadoop, based on proxy re-encryption. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated. Experimental results show that the overhead produced by our solution is manageable, which makes it suitable for some applications.
Onieva, Jose A.; Rios, Ruben; Palenciano, Bernardo
Análisis y Desarrollo de un Canal Encubierto en una Red de Sensores Proceedings Article
In: XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2014), pp. 333-338, Universidad de Alicante Universidad de Alicante, Alicante, Spain, 2014, ISBN: 978-84-9717-323-0.
@inproceedings{onieva2014,
title = {An\'{a}lisis y Desarrollo de un Canal Encubierto en una Red de Sensores},
author = {Jose A. Onieva and Ruben Rios and Bernardo Palenciano},
url = {/wp-content/papers/onieva2014.pdf},
isbn = {978-84-9717-323-0},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {XIII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2014)},
pages = {333-338},
publisher = {Universidad de Alicante},
address = {Alicante, Spain},
organization = {Universidad de Alicante},
abstract = {Continuamente aparecen nuevos estudios as\'{i} como nuevos desarrollos de canales encubiertos. Como veremos, existen m\'{a}s de cien dise\~{n}os distintos para redes de ordenadores, pero no hemos encontrado en la literatura ning\'{u}n an\'{a}lisis, dise\~{n}o e implementaci\'{o}n de canales encubiertos sobre redes de sensores. En este art\'{i}culo presentamos los resultados del dise\~{n}o e implementaci\'{o}n de un canal multitasa basado en los tiempos de monitorizaci\'{o}n sobre una red de sensores. En este proceso se han establecido las principales propiedades necesarias y, en base a ellas, se desarrolla e implementa el canal encubierto. Se describe el proceso de desarrollo y se analiza su detectabilidad.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Continuamente aparecen nuevos estudios así como nuevos desarrollos de canales encubiertos. Como veremos, existen más de cien diseños distintos para redes de ordenadores, pero no hemos encontrado en la literatura ningún análisis, diseño e implementación de canales encubiertos sobre redes de sensores. En este artículo presentamos los resultados del diseño e implementación de un canal multitasa basado en los tiempos de monitorización sobre una red de sensores. En este proceso se han establecido las principales propiedades necesarias y, en base a ellas, se desarrolla e implementa el canal encubierto. Se describe el proceso de desarrollo y se analiza su detectabilidad.
Nieto, Ana; Lopez, Javier
Herramienta para la Compensación de Parámetros de QoS y Seguridad Proceedings Article
In: XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2014), pp. 303-308, Alicante (España)., 2014, ISBN: 978-84-9717-323-0.
@inproceedings{909,
title = {Herramienta para la Compensaci\'{o}n de Par\'{a}metros de QoS y Seguridad},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/909.pdf},
isbn = {978-84-9717-323-0},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {XIII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2014)},
pages = {303-308},
address = {Alicante (Espa\~{n}a).},
abstract = {El an\'{a}lisis conjunto de mecanismos de seguridad y QoS es esencial para las redes heterog\'{e}neas donde diversos dispositivos pueden coexistir en entornos din\'{a}micos. En concreto, los dispositivos no siempre pueden ser conocidos, por lo que diferentes requisitos y mecanismos pueden surgir para el an\'{a}lisis. En este art\'{i}culo, proponemos una herramienta para facilitar la configuraci\'{o}n de entornos basada en el an\'{a}lisis param\'{e}trico de dependencias, tomando como base de conocimiento un conjunto de par\'{a}metros de seguridad y QoS. Esta forma de an\'{a}lisis de par\'{a}metros a alto nivel permite considerar las dependencias y la compensaci\'{o}n entre mecanismos con independencia del sistema de informaci\'{o}n subyacente. Posibilita por tanto evaluar el impacto que tales mecanismos, y otros definidos acorde al modelo, tienen sobre un sistema previo a su despliegue.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El análisis conjunto de mecanismos de seguridad y QoS es esencial para las redes heterogéneas donde diversos dispositivos pueden coexistir en entornos dinámicos. En concreto, los dispositivos no siempre pueden ser conocidos, por lo que diferentes requisitos y mecanismos pueden surgir para el análisis. En este artículo, proponemos una herramienta para facilitar la configuración de entornos basada en el análisis paramétrico de dependencias, tomando como base de conocimiento un conjunto de parámetros de seguridad y QoS. Esta forma de análisis de parámetros a alto nivel permite considerar las dependencias y la compensación entre mecanismos con independencia del sistema de información subyacente. Posibilita por tanto evaluar el impacto que tales mecanismos, y otros definidos acorde al modelo, tienen sobre un sistema previo a su despliegue.
Nieto, Ana; Lopez, Javier
Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems Proceedings Article
In: 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14), pp. 25-32, ACM ACM, Montréal (Canada), 2014, ISBN: 978-1-4503-3027-5.
@inproceedings{932,
title = {Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/932.pdf},
doi = {10.1145/2642687.2642689},
isbn = {978-1-4503-3027-5},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14)},
pages = {25-32},
publisher = {ACM},
address = {Montr\'{e}al (Canada)},
organization = {ACM},
abstract = {Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.
Nieto, Ana; Lopez, Javier
A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments Proceedings Article
In: IEEE International Conference on Communications (ICC’14), pp. 755-760, IEEE Communications Society IEEE Communications Society, Sydney (Australia), 2014, ISBN: 978-1-4799-2003-7.
@inproceedings{431,
title = {A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/431.pdf},
doi = {10.1109/ICC.2014.6883410},
isbn = {978-1-4799-2003-7},
year = {2014},
date = {2014-06-01},
urldate = {2014-06-01},
booktitle = {IEEE International Conference on Communications (ICC’14)},
pages = {755-760},
publisher = {IEEE Communications Society},
address = {Sydney (Australia)},
organization = {IEEE Communications Society},
abstract = {Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.
Nieto, Ana; Lopez, Javier
A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms Journal Article
In: Mobile Networks and Applications (MONET) Journal, vol. 19, pp. 64-78, 2014, ISSN: 1383-469X.
@article{nieto2013mone,
title = {A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/nieto2013mone.pdf
},
doi = {10.1007/s11036-013-0462-y},
issn = {1383-469X},
year = {2014},
date = {2014-02-01},
urldate = {2014-02-01},
journal = {Mobile Networks and Applications (MONET) Journal},
volume = {19},
pages = {64-78},
publisher = {Springer US},
abstract = {Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.
Nieto, Ana
Evaluation of Dynamic Instantiation in CPRM-based Systems Proceedings Article
In: 9th International Conference on Risk and Security of Internet and Systems (CRiSIS’14), pp. 52-66, Springer Springer, Trento (Italy), 2014, ISBN: 978-3-319-17127-2.
@inproceedings{933,
title = {Evaluation of Dynamic Instantiation in CPRM-based Systems},
author = {Ana Nieto},
url = {/wp-content/papers/933.pdf},
doi = {10.1007/978-3-319-17127-2_4},
isbn = {978-3-319-17127-2},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {9th International Conference on Risk and Security of Internet and Systems (CRiSIS’14)},
volume = {8924},
pages = {52-66},
publisher = {Springer},
address = {Trento (Italy)},
organization = {Springer},
abstract = {Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.
Nuñez, David; Agudo, Isaac
BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service Journal Article
In: International Journal of Information Security, vol. 13, pp. 199-215, 2014, ISSN: 1615-5262.
@article{nunez2014blindidm,
title = {BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service},
author = {David Nu\~{n}ez and Isaac Agudo},
url = {/wp-content/papers/nunez2014blindidm.pdf},
doi = {10.1007/s10207-014-0230-4},
issn = {1615-5262},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {International Journal of Information Security},
volume = {13},
pages = {199-215},
publisher = {Springer},
abstract = {Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data con
dentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data con
dentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.
Nuñez, David; Fernandez-Gago, Carmen; Pearson, Siani; Felici, Massimo
A Metamodel for Measuring Accountability Attributes in the Cloud Proceedings Article
In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 355-362, IEEE IEEE, Bristol, UK, 2013, ISBN: 978-0-7685-5095-4.
@inproceedings{nunez2013metamodel,
title = {A Metamodel for Measuring Accountability Attributes in the Cloud},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Siani Pearson and Massimo Felici},
url = {/wp-content/papers/nunez2013metamodel.pdf},
doi = {10.1109/CloudCom.2013.53},
isbn = {978-0-7685-5095-4},
year = {2013},
date = {2013-12-01},
urldate = {2013-12-01},
booktitle = {2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)},
pages = {355-362},
publisher = {IEEE},
address = {Bristol, UK},
organization = {IEEE},
abstract = {Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Framework for Enabling Trust Requirements in Social Cloud Applications Journal Article
In: Requirements Engineering, vol. 18, pp. 321-341, 2013, ISSN: 0947-3602.
@article{moyano2013re,
title = {A Framework for Enabling Trust Requirements in Social Cloud Applications},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/moyano2013re.pdf},
doi = {10.1007/s00766-013-0171-x},
issn = {0947-3602},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Requirements Engineering},
volume = {18},
pages = {321-341},
publisher = {Springer London},
abstract = {Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption Proceedings Article
In: Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013, Málaga, Spain, 2013.
@inproceedings{nunez2013leveraging,
title = {Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2013leveraging.pdf},
year = {2013},
date = {2013-09-01},
urldate = {2013-09-01},
booktitle = {Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013},
address = {M\'{a}laga, Spain},
abstract = {The advent of cloud computing has provided the opportunity to externalize the identity management processes, shaping what has been called Identity Management as a Service (IDaaS). However, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. As part of this PhD thesis, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection through the use of proxy re-encryption.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The advent of cloud computing has provided the opportunity to externalize the identity management processes, shaping what has been called Identity Management as a Service (IDaaS). However, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. As part of this PhD thesis, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection through the use of proxy re-encryption.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services Proceedings Article
In: IEEE CloudCom 2012, pp. 241 - 248, IEEE Computer Society IEEE Computer Society, Taipei, Taiwan, 2012, ISSN: 978-1-4673-4509-5.
@inproceedings{nunez2012integrating,
title = {Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2012integrating.pdf},
doi = {10.1109/CloudCom.2012.6427551},
issn = {978-1-4673-4509-5},
year = {2012},
date = {2012-12-01},
urldate = {2012-12-01},
booktitle = {IEEE CloudCom 2012},
pages = {241 - 248},
publisher = {IEEE Computer Society},
address = {Taipei, Taiwan},
organization = {IEEE Computer Society},
abstract = {The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.
Nuñez, David; Agudo, Isaac; Egorov, Michael; Wilkison, MacLane
Sistema de Acceso Delegado a Información Cifrada para Apache Hadoop Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad, pp. 174-175, URJC URJC, Madrid, 2017, ISBN: 978-84-608-4659-8.
@inproceedings{nunez2017sistema,
title = {Sistema de Acceso Delegado a Informaci\'{o}n Cifrada para Apache Hadoop},
author = {David Nu\~{n}ez and Isaac Agudo and Michael Egorov and MacLane Wilkison},
url = {http://hdl.handle.net/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad},
pages = {174-175},
publisher = {URJC},
address = {Madrid},
organization = {URJC},
abstract = {En este art\'{i}culo presentamos un sistema que permite delegaci\'{o}n de acceso a informaci\'{o}n cifrada para Apache Hadoop, de forma segura y transparente al usuario. Para ello usamos t\'{e}cnicas criptogr\'{a}ficas avanzadas basadas en el recifrado delegado. Con este sistema, es posible almacenar en Hadoop los datos de forma cifrada y delegar de forma segura el acceso a los nodos de computaci\'{o}n. El funcionamiento es transparente ya que se integra con la capa del sistema de ficheros nativa HDFS. Adem\'{a}s, el recifrado delegado permite hacer rotaci\'{o}n de claves de cifrado de forma segura y r\'{a}pida.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En este artículo presentamos un sistema que permite delegación de acceso a información cifrada para Apache Hadoop, de forma segura y transparente al usuario. Para ello usamos técnicas criptográficas avanzadas basadas en el recifrado delegado. Con este sistema, es posible almacenar en Hadoop los datos de forma cifrada y delegar de forma segura el acceso a los nodos de computación. El funcionamiento es transparente ya que se integra con la capa del sistema de ficheros nativa HDFS. Además, el recifrado delegado permite hacer rotación de claves de cifrado de forma segura y rápida.
Alcaraz, Cristina; Lopez, Javier
A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability Journal Article
In: IEEE Systems Journal, vol. 12, pp. 3543-3554, 2018, ISSN: 1932-8184.
@article{alcarazlopez-IEEESystems-2017,
title = {A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcarazlopez-IEEESystems-2017.pdf
http://ieeexplore.ieee.org/document/8057984/},
doi = {10.1109/JSYST.2017.2740719},
issn = {1932-8184},
year = {2018},
date = {2018-12-01},
urldate = {2018-12-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {3543-3554},
publisher = {IEEE},
abstract = {The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Cyber Stealth Attacks in Critical Information Infrastructures Journal Article
In: IEEE Systems Journal, vol. 12, pp. 1778-1792, 2018, ISSN: 1932-8184.
@article{cazorla2016cyber,
title = {Cyber Stealth Attacks in Critical Information Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2016cyber.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},
doi = {10.1109/JSYST.2015.2487684},
issn = {1932-8184},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {1778-1792},
publisher = {IEEE},
abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
Nieto, Ana; Rios, Ruben; Lopez, Javier
IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations Journal Article
In: Sensors, vol. 18, no. 492, 2018, ISSN: 1424-8220.
@article{nrlSensors2018,
title = {IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/nrlSensors2018.pdf
http://www.mdpi.com/1424-8220/18/2/492},
doi = {10.3390/s18020492},
issn = {1424-8220},
year = {2018},
date = {2018-02-01},
urldate = {2018-02-01},
journal = {Sensors},
volume = {18},
number = {492},
publisher = {MDPI},
abstract = {IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.
Roman, Rodrigo; Lopez, Javier; Mambo, Masahiro
Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges Journal Article
In: Future Generation Computer Systems, vol. 78, pp. 680-698, 2018, ISSN: 0167-739X.
@article{RomanFog16,
title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges},
author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo},
url = {/wp-content/papers/RomanFog16.pdf
https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ},
doi = {10.1016/j.future.2016.11.009},
issn = {0167-739X},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {Future Generation Computer Systems},
volume = {78},
pages = {680-698},
publisher = {Elsevier},
abstract = {For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.
Nieto, Ana; Nomikos, Nikolaos; Lopez, Javier; Skianis, Charalambos
Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data Journal Article
In: IEEE Systems Journal, vol. 11, no. 99, pp. 2479-2489, 2017, ISSN: 1932-8184.
@article{NietNLS15,
title = {Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data},
author = {Ana Nieto and Nikolaos Nomikos and Javier Lopez and Charalambos Skianis},
url = {/wp-content/papers/NietNLS15.pdf},
doi = {10.1109/JSYST.2015.2477782},
issn = {1932-8184},
year = {2017},
date = {2017-12-01},
urldate = {2017-12-01},
journal = {IEEE Systems Journal},
volume = {11},
number = {99},
pages = {2479-2489},
publisher = {IEEE},
abstract = {The growing number of parameters in heteroge- neous networks, as is the case of the emphfifth generation (5G) Green networks, greatly complicates the analysis of the emphSecurity and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The growing number of parameters in heteroge- neous networks, as is the case of the emphfifth generation (5G) Green networks, greatly complicates the analysis of the emphSecurity and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities.
Alcaraz, Cristina
Resilient Industrial Control Systems based on Multiple Redundancy Journal Article
In: International Journal of Critical Infrastructures (IJCIS), vol. 13, no. 2/3, pp. 278 - 295, 2017, ISSN: 1741-8038.
@article{Alcaraz:2017:IJCIS,
title = {Resilient Industrial Control Systems based on Multiple Redundancy},
author = {Cristina Alcaraz},
doi = {10.1504/IJCIS.2017.10009287},
issn = {1741-8038},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {International Journal of Critical Infrastructures (IJCIS)},
volume = {13},
number = {2/3},
pages = {278 - 295},
publisher = {Inderscience Publisher},
address = {London, UK},
abstract = {The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The incessant search for cost-effective recovery solutions for structural controllability has led to one of the most challenging research areas within the field of critical infrastructure protection. The resilience of large heterogeneous distributions, like industrial control scenarios, is proving to be a complicated mission due to the inherent non-locality problems of structural controllability and its susceptibility to advanced threats. To address these issues, this paper proposes a new repair approach based on multiple redundant pathways and the lessons learnt from the work presented in [1]. From [1], we have adapted the local measures, to combine them with each of the five strategies of remote reconnection described in this paper. To validate the sustainability of the combined approaches, two practical case studies are presented here, showing that a local dependence on a brother driver node together with remote dependence is enough to reach optimal states in linear times.
Alcaraz, Cristina; Lopez, Javier; Choo, Kim-Kwang Raymond
Resilient Interconnection in Cyber-Physical Control Systems Journal Article
In: Computers & Security, vol. 71, pp. 2-14, 2017, ISSN: 0167-4048.
@article{Alcaraz2017COSE,
title = {Resilient Interconnection in Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/Alcaraz2017COSE.pdf
http://www.sciencedirect.com/science/article/pii/S0167404817300573},
doi = {10.1016/j.cose.2017.03.004},
issn = {0167-4048},
year = {2017},
date = {2017-11-01},
urldate = {2017-11-01},
journal = {Computers \& Security},
volume = {71},
pages = {2-14},
publisher = {Elsevier},
abstract = {Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.
Lopez, Javier; Rios, Ruben; Bao, Feng; Wang, Guilin
Evolving privacy: From sensors to the Internet of Things Journal Article
In: Future Generation Computer Systems, vol. 75, pp. 46–57, 2017, ISSN: 0167-739X.
@article{Lopez2017iotpriv,
title = {Evolving privacy: From sensors to the Internet of Things},
author = {Javier Lopez and Ruben Rios and Feng Bao and Guilin Wang},
url = {/wp-content/papers/Lopez2017iotpriv.pdf},
doi = {10.1016/j.future.2017.04.045},
issn = {0167-739X},
year = {2017},
date = {2017-10-01},
urldate = {2017-10-01},
journal = {Future Generation Computer Systems},
volume = {75},
pages = {46\textendash57},
publisher = {Elsevier},
abstract = {The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Recommender System for Privacy-Preserving Solutions in Smart Metering Journal Article
In: Pervasive and Mobile Computing, vol. 41, pp. 205-218, 2017, ISSN: 1574-1192.
@article{rubiorecommender17,
title = {Recommender System for Privacy-Preserving Solutions in Smart Metering},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/rubiorecommender17.pdf},
issn = {1574-1192},
year = {2017},
date = {2017-10-01},
urldate = {2017-10-01},
journal = {Pervasive and Mobile Computing},
volume = {41},
pages = {205-218},
publisher = {Pervasive and Mobile Computing},
abstract = {Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.
Nieto, Ana; Rios, Ruben; Lopez, Javier
Digital Witness and Privacy in IoT: Anonymous Witnessing Approach Proceedings Article
In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 642-649, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
@inproceedings{1654,
title = {Digital Witness and Privacy in IoT: Anonymous Witnessing Approach},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1654.pdf},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.295},
issn = {2324-9013},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)},
pages = {642-649},
publisher = {IEEE},
address = {Sydney (Australia)},
organization = {IEEE},
abstract = {The emphdigital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a emphDigital Chain of Custody to an authorised entity. As one of the cores of the digital witness, emphbinding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, emphdigital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The emphdigital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a emphDigital Chain of Custody to an authorised entity. As one of the cores of the digital witness, emphbinding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, emphdigital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.
Nieto, Ana; Rios, Ruben; Lopez, Javier
A Methodology for Privacy-Aware IoT-Forensics Proceedings Article
In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 626-633, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
@inproceedings{1652,
title = {A Methodology for Privacy-Aware IoT-Forensics},
author = {Ana Nieto and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/1652.pdf},
doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.293},
issn = {2324-9013},
year = {2017},
date = {2017-08-01},
urldate = {2017-08-01},
booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)},
pages = {626-633},
publisher = {IEEE},
address = {Sydney (Australia)},
organization = {IEEE},
abstract = {The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.
Nuñez, David; Agudo, Isaac; Lopez, Javier
The fallout of key compromise in a proxy-mediated key agreement protocol Proceedings Article
In: 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’17), pp. 453-472, Springer Springer, Philadelphia, USA, 2017, ISBN: 978-3-319-61176-1.
@inproceedings{nunez2017fallout,
title = {The fallout of key compromise in a proxy-mediated key agreement protocol},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2017fallout.pdf},
doi = {10.1007/978-3-319-61176-1_25},
isbn = {978-3-319-61176-1},
year = {2017},
date = {2017-07-01},
urldate = {2017-07-01},
booktitle = {31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’17)},
volume = {LNCS 10359},
pages = {453-472},
publisher = {Springer},
address = {Philadelphia, USA},
organization = {Springer},
abstract = {In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.
Fernandez, Gerardo; Nieto, Ana
Configuración de honeypots adaptativos para análisis de malware Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), pp. 91-98, Servicio de Publicaciones de la URJC Servicio de Publicaciones de la URJC, Madrid (Spain), 2017, ISBN: 978-84-608-4659-8.
@inproceedings{1650,
title = {Configuraci\'{o}n de honeypots adaptativos para an\'{a}lisis de malware},
author = {Gerardo Fernandez and Ana Nieto},
url = {/wp-content/papers/1650.pdf
https://eciencia.urjc.es/handle/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
pages = {91-98},
publisher = {Servicio de Publicaciones de la URJC},
address = {Madrid (Spain)},
organization = {Servicio de Publicaciones de la URJC},
abstract = {Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados din\'{a}micamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aqu\'{i} dise\~{n}ados tomar\'{a}n como base informaci\'{o}n de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, as\'{i} como informaci\'{o}n de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento ser\'{a} empleado para configurar honeypots de manera din\'{a}mica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados dinámicamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aquí diseñados tomarán como base información de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, así como información de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento será empleado para configurar honeypots de manera dinámica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation Journal Article
In: Journal of Network and Computer Applications, vol. 87, pp. 193-209, 2017, ISSN: 1084-8045.
@article{nunez2017proxy,
title = {Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2017proxy.pdf},
doi = {10.1016/j.jnca.2017.03.005},
issn = {1084-8045},
year = {2017},
date = {2017-06-01},
urldate = {2017-06-01},
journal = {Journal of Network and Computer Applications},
volume = {87},
pages = {193-209},
publisher = {Elsevier},
abstract = {This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.
Rios, Ruben; Nuñez, David; Lopez, Javier
Query Privacy in Sensing-as-a-Service Platforms Proceedings Article
In: Vimercati, Sabrina De Capitani; Martinelli, Fabio (Ed.): 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), pp. 141–154, Springer Springer, Roma, Italy, 2017.
@inproceedings{Rios2017query,
title = {Query Privacy in Sensing-as-a-Service Platforms},
author = {Ruben Rios and David Nu\~{n}ez and Javier Lopez},
editor = {Sabrina De Capitani Vimercati and Fabio Martinelli},
url = {/wp-content/papers/Rios2017query.pdf},
doi = {10.1007/978-3-319-58469-0_10},
year = {2017},
date = {2017-05-01},
urldate = {2017-05-01},
booktitle = {32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017)},
volume = {502},
pages = {141\textendash154},
publisher = {Springer},
address = {Roma, Italy},
organization = {Springer},
series = {IFIP Advances in Information and Communication Technology (AICT)},
abstract = {The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S^2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S^2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S^2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S^2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.
Alcaraz, Cristina; Lopez, Javier; Wolthusen, Stephen
OCPP Protocol: Security Threats and Challenges Journal Article
In: IEEE Transactions on Smart Grid, vol. 8, pp. 2452 - 2459, 2017, ISSN: 1949-3053.
@article{AlcarazLopezWolthusen2017,
title = {OCPP Protocol: Security Threats and Challenges},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/AlcarazLopezWolthusen2017.pdf},
doi = {10.1109/TSG.2017.2669647},
issn = {1949-3053},
year = {2017},
date = {2017-02-01},
urldate = {2017-02-01},
journal = {IEEE Transactions on Smart Grid},
volume = {8},
pages = {2452 - 2459},
publisher = {IEEE},
abstract = {One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.
Alcaraz, Cristina; Lopez, Javier
Secure Interoperability in Cyber-Physical Systems Book Section
In: Security Solutions and Applied Cryptography in Smart Grid Communications, IGI Global, USA, pp. 137-158, IGI Global, USA, 2017, ISBN: 9781522518297.
@incollection{1603,
title = {Secure Interoperability in Cyber-Physical Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1603.pdf},
doi = {10.4018/978-1-5225-1829-7.ch008},
isbn = {9781522518297},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {Security Solutions and Applied Cryptography in Smart Grid Communications, IGI Global, USA},
pages = {137-158},
publisher = {IGI Global},
address = {USA},
chapter = {8},
organization = {IGI Global},
abstract = {Transparency in control transactions under a secure network architecture is a key topic that must be discussed when aspects related to interconnection between heterogeneous cyber-physical systems (CPSs) arise. The interconnection of these systems can be addressed through an enforcement policy system responsible for managing access control according to the contextual conditions. However, this architecture is not always adequate to ensure a rapid interoperability in extreme crisis situations, and can require an interconnection strategy that permits the timely authorized access from anywhere at any time. To do this, a set of interconnection strategies through the Internet must be studied to explore the ability of control entities to connect to the remote CPSs and expedite their operations, taking into account the context conditions. This research constitutes the contribution of this chapter, where a set of control requirements and interoperability properties are identified to discern the most suitable interconnection strategies.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Transparency in control transactions under a secure network architecture is a key topic that must be discussed when aspects related to interconnection between heterogeneous cyber-physical systems (CPSs) arise. The interconnection of these systems can be addressed through an enforcement policy system responsible for managing access control according to the contextual conditions. However, this architecture is not always adequate to ensure a rapid interoperability in extreme crisis situations, and can require an interconnection strategy that permits the timely authorized access from anywhere at any time. To do this, a set of interconnection strategies through the Internet must be studied to explore the ability of control entities to connect to the remote CPSs and expedite their operations, taking into account the context conditions. This research constitutes the contribution of this chapter, where a set of control requirements and interoperability properties are identified to discern the most suitable interconnection strategies.
Rubio, Juan E.; Alcaraz, Cristina; Roman, Rodrigo; Lopez, Javier
Analysis of Intrusion Detection Systems in Industrial Ecosystems Proceedings Article
In: 14th International Conference on Security and Cryptography (SECRYPT 2017), pp. 116-128, SciTePress SciTePress, 2017, ISBN: 978-989-758-259-2.
@inproceedings{1662,
title = {Analysis of Intrusion Detection Systems in Industrial Ecosystems},
author = {Juan E. Rubio and Cristina Alcaraz and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1662.pdf},
doi = {10.5220/0006426301160128},
isbn = {978-989-758-259-2},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {14th International Conference on Security and Cryptography (SECRYPT 2017)},
volume = {6},
pages = {116-128},
publisher = {SciTePress},
organization = {SciTePress},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alcaraz, Cristina; Rodriguez, Jesús; Roman, Rodrigo; Rubio, Juan E.
Estado y Evolución de la Detección de Intrusiones en los Sistemas Industriales Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), 2017.
@inproceedings{1653,
title = {Estado y Evoluci\'{o}n de la Detecci\'{o}n de Intrusiones en los Sistemas Industriales},
author = {Cristina Alcaraz and Jes\'{u}s Rodriguez and Rodrigo Roman and Juan E. Rubio},
url = {/wp-content/papers/1653.pdf},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
abstract = {Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomal\'{i}as e intrusiones. Es por tanto el objetivo de este art\'{i}culo analizar el estado y la evoluci\'{o}n, tanto acad\'{e}mica como industrial, de los mecanismos de detecci\'{o}n de intrusiones en este campo, as\'{i} como estudiar su aplicabilidad actual y futura.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomalías e intrusiones. Es por tanto el objetivo de este artículo analizar el estado y la evolución, tanto académica como industrial, de los mecanismos de detección de intrusiones en este campo, así como estudiar su aplicabilidad actual y futura.
Nieto, Ana; Rios, Ruben
Requisitos y soluciones de privacidad para la testificación digital Proceedings Article
In: III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), pp. 51-58, Servicio de Publicaciones de la URJC Servicio de Publicaciones de la URJC, Madrid (Spain), 2017, ISBN: 978-84-608-4659-8.
@inproceedings{1648,
title = {Requisitos y soluciones de privacidad para la testificaci\'{o}n digital},
author = {Ana Nieto and Ruben Rios},
url = {/wp-content/papers/1648.pdf
https://eciencia.urjc.es/handle/10115/14540},
isbn = {978-84-608-4659-8},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {III Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2017)},
volume = {Actas del JNIC 2017},
pages = {51-58},
publisher = {Servicio de Publicaciones de la URJC},
address = {Madrid (Spain)},
organization = {Servicio de Publicaciones de la URJC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rubio, Juan E.; Alcaraz, Cristina; Lopez, Javier
Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems Proceedings Article
In: The 11th International Conference on Critical Information Infrastructures Security, pp. 176-188, 2017.
@inproceedings{1600,
title = {Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems},
author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1600.pdf},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {The 11th International Conference on Critical Information Infrastructures Security},
volume = {10242},
pages = {176-188},
abstract = {The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.
Fernandez-Gago, Carmen; Moyano, Francisco; Lopez, Javier
Modelling Trust Dynamics in the Internet of Things Journal Article
In: Information Sciences, vol. 396, pp. 72-82, 2017, ISSN: 0020-0255.
@article{Fer_IS17,
title = {Modelling Trust Dynamics in the Internet of Things},
author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/Fer_IS17.pdf},
doi = {10.1016/j.ins.2017.02.039},
issn = {0020-0255},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
journal = {Information Sciences},
volume = {396},
pages = {72-82},
publisher = {Elsevier},
abstract = {The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.
Alcaraz, Cristina; Cazorla, Lorena; Lopez, Javier
Cyber-Physical Systems for Wide-Area Situational Awareness Book Section
In: Cyber-Physical Systems: Foundations, Principles and Applications, pp. 305 - 317, Academic Press, Boston, 2017, ISBN: 978-0-12-803801-7.
@incollection{1590,
title = {Cyber-Physical Systems for Wide-Area Situational Awareness},
author = {Cristina Alcaraz and Lorena Cazorla and Javier Lopez},
url = {/wp-content/papers/1590.pdf},
doi = {10.1016/B978-0-12-803801-7.00020-1},
isbn = {978-0-12-803801-7},
year = {2017},
date = {2017-00-01},
urldate = {2017-00-01},
booktitle = {Cyber-Physical Systems: Foundations, Principles and Applications},
pages = {305 - 317},
publisher = {Academic Press},
address = {Boston},
chapter = {20},
organization = {Academic Press},
series = {Intelligent Data-Centric Systems},
abstract = {Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Arquitectura funcional para la cadena de custodia digital en objetos de la IoT Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 2016, ISBN: 978-84-608-9470-4.
@inproceedings{1582,
title = {Arquitectura funcional para la cadena de custodia digital en objetos de la IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1582.pdf},
isbn = {978-84-608-9470-4},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {168-173},
abstract = {En la Internet de los Objetos (IoT, por sus siglas en ingl\'{e}s), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayud\'{a}ndose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboraci\'{o}n de \'{e}stos para denunciar posibles abusos telem\'{a}ticos a\'{u}n est\'{a} por definir. Los testigos digitales son dispositivos concebidos para definir la participaci\'{o}n de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este art\'{i}culo proponemos una arquitectura funcional para la implementaci\'{o}n del concepto de testigo digital en dispositivos heterog\'{e}neos de la IoT.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En la Internet de los Objetos (IoT, por sus siglas en inglés), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayudándose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboración de éstos para denunciar posibles abusos telemáticos aún está por definir. Los testigos digitales son dispositivos concebidos para definir la participación de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este artículo proponemos una arquitectura funcional para la implementación del concepto de testigo digital en dispositivos heterogéneos de la IoT.
Rios, Ruben; Lopez, Javier
Evolución y nuevos desafios de privacidad en la Internet de las Cosas Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 209-213, Mahón, Menorca, Islas Baleares, 2016.
@inproceedings{Rios2016a,
title = {Evoluci\'{o}n y nuevos desafios de privacidad en la Internet de las Cosas},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2016a.pdf},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {209-213},
address = {Mah\'{o}n, Menorca, Islas Baleares},
abstract = {La Internet de las Cosas (en ingl\'{e}s, emphInternet of Things (IoT)) es una evoluci\'{o}n de la Internet tal y como lo conocemos. Esta nueva versi\'{o}n de Internet incorpora objetos de la vida cotidiana, rompiendo as\'{i} barrera de los digital y extendi\'{e}ndose al mundo f\'{i}sico. Estos objetos interactuar\'{a}n entre s\'{i} y con otras entidades tanto de manera local como remota, y estar\'{a}n dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traer\'{a} consigo un sinf\'{i}n de posibilidades y nuevos servicios, pero tambi\'{e}n dar\'{a} lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este art\'{i}culo, estudiamos los problemas de privacidad actuales de una de las tecnolog\'{i}as claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La Internet de las Cosas (en inglés, emphInternet of Things (IoT)) es una evolución de la Internet tal y como lo conocemos. Esta nueva versión de Internet incorpora objetos de la vida cotidiana, rompiendo así barrera de los digital y extendiéndose al mundo físico. Estos objetos interactuarán entre sí y con otras entidades tanto de manera local como remota, y estarán dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traerá consigo un sinfín de posibilidades y nuevos servicios, pero también dará lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este artículo, estudiamos los problemas de privacidad actuales de una de las tecnologías claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Nuevas nociones de seguridad y transformaciones genéricas para criptosistemas de recifrado delegado Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 174-179, Mahón, Menorca, Islas Baleares, 2016, ISBN: 978-84-608-9470-4.
@inproceedings{nunez2016nuevas,
title = {Nuevas nociones de seguridad y transformaciones gen\'{e}ricas para criptosistemas de recifrado delegado},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2016nuevas.pdf},
isbn = {978-84-608-9470-4},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {174-179},
address = {Mah\'{o}n, Menorca, Islas Baleares},
abstract = {El recifrado delegado (emphproxy re-encryption) es un tipo de cifrado de clave p\'{u}blica que permite delegar la capacidad de transformar textos cifrados de una clave p\'{u}blica a otra, sin que se pueda obtener ninguna informaci\'{o}n sobre el mensaje subyacente. Por este motivo, representa un candidato natural para construir mecanismos criptogr\'{a}ficos de control de acceso. En este art\'{i}culo estudiamos algunos de los problemas de seguridad de este tipo de criptosistemas. En primer lugar, examinamos las nociones de seguridad e identificamos una nueva familia param\'{e}trica de modelos de ataque, que considera la disponibilidad tanto del or\'{a}culo de descifrado como de recifrado. En segundo lugar, estudiamos la aplicabilidad de transformaciones gen\'{e}ricas para mejorar la seguridad, centr\'{a}ndonos en la transformaci\'{o}n Fujisaki-Okamoto, y formulamos las condiciones que nos permiten aplicarla.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El recifrado delegado (emphproxy re-encryption) es un tipo de cifrado de clave pública que permite delegar la capacidad de transformar textos cifrados de una clave pública a otra, sin que se pueda obtener ninguna información sobre el mensaje subyacente. Por este motivo, representa un candidato natural para construir mecanismos criptográficos de control de acceso. En este artículo estudiamos algunos de los problemas de seguridad de este tipo de criptosistemas. En primer lugar, examinamos las nociones de seguridad e identificamos una nueva familia paramétrica de modelos de ataque, que considera la disponibilidad tanto del oráculo de descifrado como de recifrado. En segundo lugar, estudiamos la aplicabilidad de transformaciones genéricas para mejorar la seguridad, centrándonos en la transformación Fujisaki-Okamoto, y formulamos las condiciones que nos permiten aplicarla.
Rios, Ruben; Fernandez-Gago, Carmen; Lopez, Javier
Privacy-Aware Trust Negotiation Proceedings Article
In: 12th International Workshop on Security and Trust Management (STM), pp. 98-105, Springer Springer, Heraklion, Crete, Greece, 2016, ISSN: 0302-9743.
@inproceedings{rios2016b,
title = {Privacy-Aware Trust Negotiation},
author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/rios2016b.pdf
http://link.springer.com/chapter/10.1007/978-3-319-46598-2_7, },
doi = {10.1007/978-3-319-46598-2 7},
issn = {0302-9743},
year = {2016},
date = {2016-09-01},
urldate = {2016-09-01},
booktitle = {12th International Workshop on Security and Trust Management (STM)},
volume = {LNCS 9871},
pages = {98-105},
publisher = {Springer},
address = {Heraklion, Crete, Greece},
organization = {Springer},
abstract = {Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.
Nuñez, David; Agudo, Isaac; Lopez, Javier
On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption Journal Article
In: Security and Communication Networks, vol. 9, pp. 1769-1785, 2016, ISSN: 1939-0114.
@article{nunez2016application,
title = {On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2016application.pdf},
doi = {10.1002/sec.1434},
issn = {1939-0114},
year = {2016},
date = {2016-08-01},
urldate = {2016-08-01},
journal = {Security and Communication Networks},
volume = {9},
pages = {1769-1785},
publisher = {Wiley},
abstract = {Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki\textendashOkamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki\textendashOkamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki–Okamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki–Okamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it
Nieto, Ana; Roman, Rodrigo; Lopez, Javier
Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT Proceedings Article
In: II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 2016, ISBN: 978-84-608-8070-7.
@inproceedings{1578,
title = {Testigo digital: delegaci\'{o}n vinculante de evidencias electr\'{o}nicas para escenarios IoT},
author = {Ana Nieto and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/1578.pdf
http://ucys.ugr.es/jnic2016/docs/ActasJNIC2016.pdf, },
isbn = {978-84-608-8070-7},
year = {2016},
date = {2016-06-01},
urldate = {2016-06-01},
booktitle = {II Jornadas Nacionales de Investigaci\'{o}n en Ciberseguridad (JNIC 2016)},
pages = {109-116},
abstract = {En un mundo en el que los usuarios dependen cada vez m\'{a}s de sus dispositivos, \'{e}stos almacenan gran cantidad de datos y son una fuente muy valiosa de informaci\'{o}n sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, caracter\'{i}sticas propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este art\'{i}culo definimos el concepto de testigo digital: funcionalidad que permitir\'{a} a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, ampar\'{a}ndose en la colaboraci\'{o}n de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de \'{e}stas.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Model-driven Approach for Engineering Trust and Reputation into Software Services Journal Article
In: Journal of Network and Computer Applications, vol. 69, pp. 134-151, 2016, ISSN: 1084-8045.
@article{JNCA16,
title = {A Model-driven Approach for Engineering Trust and Reputation into Software Services},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/JNCA16.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-04-01},
urldate = {2016-04-01},
journal = {Journal of Network and Computer Applications},
volume = {69},
pages = {134-151},
publisher = {Elsevier},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alcaraz, Cristina; Lopez, Javier
Safeguarding Structural Controllability in Cyber-Physical Control Systems Proceedings Article
In: The 21st European Symposium on Research in Computer Security (ESORICS 2016), pp. 471-489, Springer Springer, Crete, Greece, 2016, ISBN: 978-3-319-45741-3.
@inproceedings{1598,
title = {Safeguarding Structural Controllability in Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1598.pdf},
isbn = {978-3-319-45741-3},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
booktitle = {The 21st European Symposium on Research in Computer Security (ESORICS 2016)},
volume = {9879},
pages = {471-489},
publisher = {Springer},
address = {Crete, Greece},
organization = {Springer},
abstract = {Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.
Alcaraz, Cristina; Lopez, Javier; Wolthusen, Stephen
Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems Journal Article
In: Journal of Network and Computer Applications, vol. 59, pp. 301–314, 2016, ISSN: 1084-8045.
@article{alcaraz2016POL,
title = {Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/alcaraz2016POL.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {Journal of Network and Computer Applications},
volume = {59},
pages = {301\textendash314},
publisher = {Elsevier},
abstract = {Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.
Alcaraz, Cristina; Lopez, Javier; Choo, Kim-Kwang Raymond
Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems Proceedings Article
In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, Lisboa, 2016, ISBN: 978-989-758-196-0.
@inproceedings{1585,
title = {Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo},
url = {/wp-content/papers/1585.pdf},
doi = {10.5220/0005942000190027},
isbn = {978-989-758-196-0},
year = {2016},
date = {2016-00-01},
urldate = {2016-00-01},
booktitle = {Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016)},
pages = {19-27},
address = {Lisboa},
abstract = {Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).
Nieto, Ana; Lopez, Javier
Contextualising Heterogeneous Information in Unified Communications with Security Restrictions Journal Article
In: Computer Communications, vol. 68, pp. 33-46, 2015, ISSN: 0140-3664.
@article{NL-COMCOM15,
title = {Contextualising Heterogeneous Information in Unified Communications with Security Restrictions},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/NL-COMCOM15.pdf
http://www.sciencedirect.com/science/article/pii/S0140366415002534},
doi = {10.1016/j.comcom.2015.07.015},
issn = {0140-3664},
year = {2015},
date = {2015-09-01},
urldate = {2015-09-01},
journal = {Computer Communications},
volume = {68},
pages = {33-46},
publisher = {Elsevier},
abstract = {The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.
Moyano, Francisco; Fernandez-Gago, Carmen; Beckers, Kristian; Heisel, Maritta
Engineering Trust- and Reputation-based Security Controls for Future Internet Systems Proceedings Article
In: The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015), pp. 1344-1349, Salamanca, Spain, 2015, ISBN: 978-1-4503-3196-8.
@inproceedings{moyano15SAC,
title = {Engineering Trust- and Reputation-based Security Controls for Future Internet Systems},
author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel},
url = {/wp-content/papers/moyano15SAC.pdf},
doi = {10.1145/2695664.2695713},
isbn = {978-1-4503-3196-8},
year = {2015},
date = {2015-08-01},
urldate = {2015-08-01},
booktitle = {The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015)},
pages = {1344-1349},
address = {Salamanca, Spain},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Probabilistic receiver-location privacy protection in wireless sensor networks Journal Article
In: Information Sciences, vol. 321, pp. 205 - 223, 2015, ISSN: 0020-0255.
@article{rios2015,
title = {Probabilistic receiver-location privacy protection in wireless sensor networks},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
url = {/wp-content/papers/rios2015.pdf},
doi = {10.1016/j.ins.2015.01.016},
issn = {0020-0255},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
journal = {Information Sciences},
volume = {321},
pages = {205 - 223},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.
Nuñez, David; Agudo, Isaac; Lopez, Javier
NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU Proceedings Article
In: 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), pp. 179-189, 2015, ISBN: 978-1-4503-3245-3.
@inproceedings{nunez2015ntrureencrypt,
title = {NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2015ntrureencrypt.pdf},
doi = {10.1145/2714576.2714585},
isbn = {978-1-4503-3245-3},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS)},
pages = {179-189},
abstract = {The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehl\'{e} and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Awareness and Reaction Strategies for Critical Infrastructure Protection Journal Article
In: Computers and Electrical Engineering, vol. 47, pp. 299-317, 2015, ISSN: 0045-7906.
@article{cazorla2015b,
title = {Awareness and Reaction Strategies for Critical Infrastructure Protection},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2015b.pdf},
doi = {10.1016/j.compeleceng.2015.08.010},
issn = {0045-7906},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers and Electrical Engineering},
volume = {47},
pages = {299-317},
publisher = {Elsevier},
abstract = {Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.
Nuñez, David; Fernandez-Gago, Carmen; Luna, Jesús
Eliciting Metrics for Accountability of Cloud Systems Journal Article
In: Computers & Security, vol. 62, pp. 149-164, 2016, ISSN: 0167-4048.
@article{nunez2016eliciting,
title = {Eliciting Metrics for Accountability of Cloud Systems},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Jes\'{u}s Luna},
url = {/wp-content/papers/nunez2016eliciting.pdf},
doi = {10.1016/j.cose.2016.07.003},
issn = {0167-4048},
year = {2016},
date = {2016-08-01},
urldate = {2016-08-01},
journal = {Computers \& Security},
volume = {62},
pages = {149-164},
publisher = {Elsevier},
abstract = {Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.
Agudo, Isaac; Kaafarani, Ali El; Nuñez, David; Pearson, Siani
A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains Proceedings Article
In: 10th International IFIP Summer School on Privacy and Identity Management, pp. 187-204, 2016, ISBN: 978-3-319-41762-2.
@inproceedings{agudo2016technique,
title = {A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains},
author = {Isaac Agudo and Ali El Kaafarani and David Nu\~{n}ez and Siani Pearson},
url = {/wp-content/papers/agudo2016technique.pdf},
doi = {10.1007/978-3-319-41763-9_13},
isbn = {978-3-319-41762-2},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
booktitle = {10th International IFIP Summer School on Privacy and Identity Management},
pages = {187-204},
abstract = {Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.
Fernandez-Gago, Carmen; Felici, Massimo
Accountability and Security in the Cloud Book
2015.
@book{1517,
title = {Accountability and Security in the Cloud},
author = {Carmen Fernandez-Gago and Massimo Felici},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
volume = {8937},
series = {Lecture Notes in Computer Science},
keywords = {},
pubstate = {published},
tppubtype = {book}
}
Fernandez-Gago, Carmen; Nuñez, David
Metrics for Accountability in the Cloud Book Section
In: Accountability and Security in the Cloud, vol. 8937, pp. 129-153, 2015.
@incollection{1512,
title = {Metrics for Accountability in the Cloud},
author = {Carmen Fernandez-Gago and David Nu\~{n}ez},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {Accountability and Security in the Cloud},
volume = {8937},
pages = {129-153},
series = {LNCS Tutorial},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Fernandez-Gago, Carmen; Tountopoulos, Vasilis; Fischer-Hübner, Simone; Alnemr, Rehab; Nuñez, David; Angulo, Julio; Pulls, Tobias; Koulouris, Theo
Tools for Cloud Accountability: A4Cloud Tutorial Proceedings Article
In: 9th IFIP Summer School on Privacy and Identity Management for the Future Internet in the Age of Globalisation, pp. 219-236, Springer IFIP AICT Springer IFIP AICT, Patras (Greece), 2015, ISSN: 978-3-319-18621-4.
@inproceedings{1516,
title = {Tools for Cloud Accountability: A4Cloud Tutorial},
author = {Carmen Fernandez-Gago and Vasilis Tountopoulos and Simone Fischer-H\"{u}bner and Rehab Alnemr and David Nu\~{n}ez and Julio Angulo and Tobias Pulls and Theo Koulouris},
url = {/wp-content/papers/1516.pdf},
doi = {10.1007/978-3-319-18621-4_15},
issn = {978-3-319-18621-4},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {9th IFIP Summer School on Privacy and Identity Management for the Future Internet in the Age of Globalisation},
volume = {457},
pages = {219-236},
publisher = {Springer IFIP AICT},
address = {Patras (Greece)},
organization = {Springer IFIP AICT},
abstract = {Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).
Nuñez, David; Fernandez-Gago, Carmen; Pearson, Siani; Felici, Massimo
A Metamodel for Measuring Accountability Attributes in the Cloud Proceedings Article
In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 355-362, IEEE IEEE, Bristol, UK, 2013, ISBN: 978-0-7685-5095-4.
@inproceedings{nunez2013metamodel,
title = {A Metamodel for Measuring Accountability Attributes in the Cloud},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Siani Pearson and Massimo Felici},
url = {/wp-content/papers/nunez2013metamodel.pdf},
doi = {10.1109/CloudCom.2013.53},
isbn = {978-0-7685-5095-4},
year = {2013},
date = {2013-12-01},
urldate = {2013-12-01},
booktitle = {2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)},
pages = {355-362},
publisher = {IEEE},
address = {Bristol, UK},
organization = {IEEE},
abstract = {Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.
Sorry, no publications matched your criteria.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Cyber Stealth Attacks in Critical Information Infrastructures Journal Article
In: IEEE Systems Journal, vol. 12, pp. 1778-1792, 2018, ISSN: 1932-8184.
@article{cazorla2016cyber,
title = {Cyber Stealth Attacks in Critical Information Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2016cyber.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},
doi = {10.1109/JSYST.2015.2487684},
issn = {1932-8184},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {1778-1792},
publisher = {IEEE},
abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Nuevas nociones de seguridad y transformaciones genéricas para criptosistemas de recifrado delegado Proceedings Article
In: XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 174-179, Mahón, Menorca, Islas Baleares, 2016, ISBN: 978-84-608-9470-4.
@inproceedings{nunez2016nuevas,
title = {Nuevas nociones de seguridad y transformaciones gen\'{e}ricas para criptosistemas de recifrado delegado},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2016nuevas.pdf},
isbn = {978-84-608-9470-4},
year = {2016},
date = {2016-10-01},
urldate = {2016-10-01},
booktitle = {XIV Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {174-179},
address = {Mah\'{o}n, Menorca, Islas Baleares},
abstract = {El recifrado delegado (emphproxy re-encryption) es un tipo de cifrado de clave p\'{u}blica que permite delegar la capacidad de transformar textos cifrados de una clave p\'{u}blica a otra, sin que se pueda obtener ninguna informaci\'{o}n sobre el mensaje subyacente. Por este motivo, representa un candidato natural para construir mecanismos criptogr\'{a}ficos de control de acceso. En este art\'{i}culo estudiamos algunos de los problemas de seguridad de este tipo de criptosistemas. En primer lugar, examinamos las nociones de seguridad e identificamos una nueva familia param\'{e}trica de modelos de ataque, que considera la disponibilidad tanto del or\'{a}culo de descifrado como de recifrado. En segundo lugar, estudiamos la aplicabilidad de transformaciones gen\'{e}ricas para mejorar la seguridad, centr\'{a}ndonos en la transformaci\'{o}n Fujisaki-Okamoto, y formulamos las condiciones que nos permiten aplicarla.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El recifrado delegado (emphproxy re-encryption) es un tipo de cifrado de clave pública que permite delegar la capacidad de transformar textos cifrados de una clave pública a otra, sin que se pueda obtener ninguna información sobre el mensaje subyacente. Por este motivo, representa un candidato natural para construir mecanismos criptográficos de control de acceso. En este artículo estudiamos algunos de los problemas de seguridad de este tipo de criptosistemas. En primer lugar, examinamos las nociones de seguridad e identificamos una nueva familia paramétrica de modelos de ataque, que considera la disponibilidad tanto del oráculo de descifrado como de recifrado. En segundo lugar, estudiamos la aplicabilidad de transformaciones genéricas para mejorar la seguridad, centrándonos en la transformación Fujisaki-Okamoto, y formulamos las condiciones que nos permiten aplicarla.
Nuñez, David; Agudo, Isaac; Lopez, Javier
On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption Journal Article
In: Security and Communication Networks, vol. 9, pp. 1769-1785, 2016, ISSN: 1939-0114.
@article{nunez2016application,
title = {On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2016application.pdf},
doi = {10.1002/sec.1434},
issn = {1939-0114},
year = {2016},
date = {2016-08-01},
urldate = {2016-08-01},
journal = {Security and Communication Networks},
volume = {9},
pages = {1769-1785},
publisher = {Wiley},
abstract = {Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki\textendashOkamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki\textendashOkamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki–Okamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki–Okamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it
Agudo, Isaac; Kaafarani, Ali El; Nuñez, David; Pearson, Siani
A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains Proceedings Article
In: 10th International IFIP Summer School on Privacy and Identity Management, pp. 187-204, 2016, ISBN: 978-3-319-41762-2.
@inproceedings{agudo2016technique,
title = {A Technique for Enhanced Provision of Appropriate Access to Evidence across Service Provision Chains},
author = {Isaac Agudo and Ali El Kaafarani and David Nu\~{n}ez and Siani Pearson},
url = {/wp-content/papers/agudo2016technique.pdf},
doi = {10.1007/978-3-319-41763-9_13},
isbn = {978-3-319-41762-2},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
booktitle = {10th International IFIP Summer School on Privacy and Identity Management},
pages = {187-204},
abstract = {Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Transparency and verifiability are necessary aspects of accountability, but care needs to be taken that auditing is done in a privacy friendly way. There are situations where it would be useful for certain actors to be able to make restricted views within service provision chains on accountability evidence, including logs, available to other actors with specific governance roles. For example, a data subject or a Data Protection Authority (DPA) might want to authorize an accountability agent to act on their behalf, and be given access to certain logs in a way that does not compromise the privacy of other actors or the security of involved data processors. In this paper two cryptographic-based techniques that may address this issue are proposed and assessed.
Alcaraz, Cristina; Lopez, Javier; Wolthusen, Stephen
Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems Journal Article
In: Journal of Network and Computer Applications, vol. 59, pp. 301–314, 2016, ISSN: 1084-8045.
@article{alcaraz2016POL,
title = {Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/alcaraz2016POL.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {Journal of Network and Computer Applications},
volume = {59},
pages = {301\textendash314},
publisher = {Elsevier},
abstract = {Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.
Nieto, Ana; Lopez, Javier
Contextualising Heterogeneous Information in Unified Communications with Security Restrictions Journal Article
In: Computer Communications, vol. 68, pp. 33-46, 2015, ISSN: 0140-3664.
@article{NL-COMCOM15,
title = {Contextualising Heterogeneous Information in Unified Communications with Security Restrictions},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/NL-COMCOM15.pdf
http://www.sciencedirect.com/science/article/pii/S0140366415002534},
doi = {10.1016/j.comcom.2015.07.015},
issn = {0140-3664},
year = {2015},
date = {2015-09-01},
urldate = {2015-09-01},
journal = {Computer Communications},
volume = {68},
pages = {33-46},
publisher = {Elsevier},
abstract = {The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.
Moyano, Francisco; Fernandez-Gago, Carmen; Beckers, Kristian; Heisel, Maritta
Engineering Trust- and Reputation-based Security Controls for Future Internet Systems Proceedings Article
In: The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015), pp. 1344-1349, Salamanca, Spain, 2015, ISBN: 978-1-4503-3196-8.
@inproceedings{moyano15SAC,
title = {Engineering Trust- and Reputation-based Security Controls for Future Internet Systems},
author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel},
url = {/wp-content/papers/moyano15SAC.pdf},
doi = {10.1145/2695664.2695713},
isbn = {978-1-4503-3196-8},
year = {2015},
date = {2015-08-01},
urldate = {2015-08-01},
booktitle = {The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015)},
pages = {1344-1349},
address = {Salamanca, Spain},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Nuñez, David; Agudo, Isaac; Lopez, Javier
A Parametric Family of Attack Models for Proxy Re-Encryption Proceedings Article
In: 28th IEEE Computer Security Foundations Symposium, pp. 290-301, IEEE Computer Society IEEE Computer Society, Verona, Italy, 2015, ISSN: 1063-6900.
@inproceedings{nunez2015parametric,
title = {A Parametric Family of Attack Models for Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2015parametric.pdf},
doi = {10.1109/CSF.2015.27},
issn = {1063-6900},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
booktitle = {28th IEEE Computer Security Foundations Symposium},
pages = {290-301},
publisher = {IEEE Computer Society},
address = {Verona, Italy},
organization = {IEEE Computer Society},
series = {CSF’15},
abstract = {Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ‘‘plain’’ IND-CPA to ‘‘full’’ IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ‘‘CCA1- secure’’ scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ‘‘plain’’ IND-CPA to ‘‘full’’ IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ‘‘CCA1- secure’’ scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Probabilistic receiver-location privacy protection in wireless sensor networks Journal Article
In: Information Sciences, vol. 321, pp. 205 - 223, 2015, ISSN: 0020-0255.
@article{rios2015,
title = {Probabilistic receiver-location privacy protection in wireless sensor networks},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
url = {/wp-content/papers/rios2015.pdf},
doi = {10.1016/j.ins.2015.01.016},
issn = {0020-0255},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
journal = {Information Sciences},
volume = {321},
pages = {205 - 223},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.
Nuñez, David; Agudo, Isaac; Lopez, Javier
NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU Proceedings Article
In: 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), pp. 179-189, 2015, ISBN: 978-1-4503-3245-3.
@inproceedings{nunez2015ntrureencrypt,
title = {NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2015ntrureencrypt.pdf},
doi = {10.1145/2714576.2714585},
isbn = {978-1-4503-3245-3},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS)},
pages = {179-189},
abstract = {The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehl\'{e} and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.
Fernandez-Gago, Carmen; Nuñez, David
Metrics for Accountability in the Cloud Book Section
In: Accountability and Security in the Cloud, vol. 8937, pp. 129-153, 2015.
@incollection{1512,
title = {Metrics for Accountability in the Cloud},
author = {Carmen Fernandez-Gago and David Nu\~{n}ez},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {Accountability and Security in the Cloud},
volume = {8937},
pages = {129-153},
series = {LNCS Tutorial},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Nuñez, David; Agudo, Isaac; Lopez, Javier
Privacy-Preserving Identity Management as a Service Book Section
In: Felici, Massimo; Fernandez-Gago, Carmen (Ed.): Accountability and Security in the Cloud, vol. 8937, pp. 114-125, Springer International Publishing, 2015, ISBN: 978-3-319-17198-2.
@incollection{nunez15privacy,
title = {Privacy-Preserving Identity Management as a Service},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
editor = {Massimo Felici and Carmen Fernandez-Gago},
doi = {10.1007/978-3-319-17199-9_5},
isbn = {978-3-319-17198-2},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {Accountability and Security in the Cloud},
volume = {8937},
pages = {114-125},
publisher = {Springer International Publishing},
organization = {Springer International Publishing},
series = {Lecture Notes in Computer Science},
abstract = {In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.
Fernandez-Gago, Carmen; Tountopoulos, Vasilis; Fischer-Hübner, Simone; Alnemr, Rehab; Nuñez, David; Angulo, Julio; Pulls, Tobias; Koulouris, Theo
Tools for Cloud Accountability: A4Cloud Tutorial Proceedings Article
In: 9th IFIP Summer School on Privacy and Identity Management for the Future Internet in the Age of Globalisation, pp. 219-236, Springer IFIP AICT Springer IFIP AICT, Patras (Greece), 2015, ISSN: 978-3-319-18621-4.
@inproceedings{1516,
title = {Tools for Cloud Accountability: A4Cloud Tutorial},
author = {Carmen Fernandez-Gago and Vasilis Tountopoulos and Simone Fischer-H\"{u}bner and Rehab Alnemr and David Nu\~{n}ez and Julio Angulo and Tobias Pulls and Theo Koulouris},
url = {/wp-content/papers/1516.pdf},
doi = {10.1007/978-3-319-18621-4_15},
issn = {978-3-319-18621-4},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {9th IFIP Summer School on Privacy and Identity Management for the Future Internet in the Age of Globalisation},
volume = {457},
pages = {219-236},
publisher = {Springer IFIP AICT},
address = {Patras (Greece)},
organization = {Springer IFIP AICT},
abstract = {Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Awareness and Reaction Strategies for Critical Infrastructure Protection Journal Article
In: Computers and Electrical Engineering, vol. 47, pp. 299-317, 2015, ISSN: 0045-7906.
@article{cazorla2015b,
title = {Awareness and Reaction Strategies for Critical Infrastructure Protection},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2015b.pdf},
doi = {10.1016/j.compeleceng.2015.08.010},
issn = {0045-7906},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers and Electrical Engineering},
volume = {47},
pages = {299-317},
publisher = {Elsevier},
abstract = {Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
A Three-Stage Analysis of IDS for Critical Infrastructures Journal Article
In: Computers & Security, vol. 55, no. November, pp. 235-250, 2015, ISSN: 0167-4048.
@article{lorena2015c,
title = {A Three-Stage Analysis of IDS for Critical Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/lorena2015c.pdf},
issn = {0167-4048},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers \& Security},
volume = {55},
number = {November},
pages = {235-250},
publisher = {Elsevier},
abstract = {The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Delegated Access for Hadoop Clusters in the Cloud Proceedings Article
In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2014), pp. 374-379, IEEE IEEE, Singapore, 2014, ISBN: 978-1-4799-4093-6.
@inproceedings{nunez2014delegated,
title = {Delegated Access for Hadoop Clusters in the Cloud},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2014delegated.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7037691},
doi = {10.1109/CloudCom.2014.50},
isbn = {978-1-4799-4093-6},
year = {2014},
date = {2014-12-01},
urldate = {2014-12-01},
booktitle = {IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2014)},
pages = {374-379},
publisher = {IEEE},
address = {Singapore},
organization = {IEEE},
abstract = {Among Big Data technologies, Hadoop stands out for its capacity to store and process large-scale datasets. However, although Hadoop was not designed with security in mind, it is widely used by plenty of organizations, some of which have strong data protection requirements. Traditional access control solutions are not enough, and cryptographic solutions must be put in place to protect sensitive information. In this paper, we describe a cryptographically-enforced access control system for Hadoop, based on proxy re-encryption. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated. Experimental results show that the overhead produced by our solution is manageable, which makes it suitable for some applications.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Among Big Data technologies, Hadoop stands out for its capacity to store and process large-scale datasets. However, although Hadoop was not designed with security in mind, it is widely used by plenty of organizations, some of which have strong data protection requirements. Traditional access control solutions are not enough, and cryptographic solutions must be put in place to protect sensitive information. In this paper, we describe a cryptographically-enforced access control system for Hadoop, based on proxy re-encryption. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated. Experimental results show that the overhead produced by our solution is manageable, which makes it suitable for some applications.
Nieto, Ana; Lopez, Javier
Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems Proceedings Article
In: 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14), pp. 25-32, ACM ACM, Montréal (Canada), 2014, ISBN: 978-1-4503-3027-5.
@inproceedings{932,
title = {Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/932.pdf},
doi = {10.1145/2642687.2642689},
isbn = {978-1-4503-3027-5},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14)},
pages = {25-32},
publisher = {ACM},
address = {Montr\'{e}al (Canada)},
organization = {ACM},
abstract = {Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.
Lopez, Javier; Rios, Ruben; Cuellar, Jorge
Preserving Receiver-Location Privacy in Wireless Sensor Networks Proceedings Article
In: Information Security Practice and Experience (ISPEC 2014), pp. 15-27, Springer Springer, Fuzhou, China, 2014, ISSN: 0302-9743.
@inproceedings{Lopez2014prl,
title = {Preserving Receiver-Location Privacy in Wireless Sensor Networks},
author = {Javier Lopez and Ruben Rios and Jorge Cuellar},
url = {/wp-content/papers/Lopez2014prl.pdf
http://link.springer.com/chapter/10.1007/978-3-319-06320-1_3$#$, },
doi = {10.1007/978-3-319-06320-1_3},
issn = {0302-9743},
year = {2014},
date = {2014-05-01},
urldate = {2014-05-01},
booktitle = {Information Security Practice and Experience (ISPEC 2014)},
volume = {8434},
pages = {15-27},
publisher = {Springer},
address = {Fuzhou, China},
organization = {Springer},
abstract = {Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution
Rios, Ruben; Lopez, Javier; Cuellar, Jorge
Location Privacy in WSNs: Solutions, Challenges, and Future Trends Book Section
In: Foundations of Security Analysis and Design VII, vol. 8604, pp. 244-282, Springer, 2014, ISSN: 0302-9743.
@incollection{ruben2014a,
title = {Location Privacy in WSNs: Solutions, Challenges, and Future Trends},
author = {Ruben Rios and Javier Lopez and Jorge Cuellar},
url = {/wp-content/papers/ruben2014a.pdf},
doi = {10.1007/978-3-319-10082-1_9},
issn = {0302-9743},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {Foundations of Security Analysis and Design VII},
volume = {8604},
pages = {244-282},
publisher = {Springer},
organization = {Springer},
series = {LNCS},
abstract = {Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.
Nieto, Ana
Evaluation of Dynamic Instantiation in CPRM-based Systems Proceedings Article
In: 9th International Conference on Risk and Security of Internet and Systems (CRiSIS’14), pp. 52-66, Springer Springer, Trento (Italy), 2014, ISBN: 978-3-319-17127-2.
@inproceedings{933,
title = {Evaluation of Dynamic Instantiation in CPRM-based Systems},
author = {Ana Nieto},
url = {/wp-content/papers/933.pdf},
doi = {10.1007/978-3-319-17127-2_4},
isbn = {978-3-319-17127-2},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {9th International Conference on Risk and Security of Internet and Systems (CRiSIS’14)},
volume = {8924},
pages = {52-66},
publisher = {Springer},
address = {Trento (Italy)},
organization = {Springer},
abstract = {Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.
Nuñez, David; Agudo, Isaac
BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service Journal Article
In: International Journal of Information Security, vol. 13, pp. 199-215, 2014, ISSN: 1615-5262.
@article{nunez2014blindidm,
title = {BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service},
author = {David Nu\~{n}ez and Isaac Agudo},
url = {/wp-content/papers/nunez2014blindidm.pdf},
doi = {10.1007/s10207-014-0230-4},
issn = {1615-5262},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {International Journal of Information Security},
volume = {13},
pages = {199-215},
publisher = {Springer},
abstract = {Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data con
dentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data con
dentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.
Alcaraz, Cristina; Lopez, Javier
Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection Journal Article
In: Computer Standards & Interfaces, vol. 36, pp. 501-512, 2014, ISSN: 0920-5489.
@article{alcaraz2013a,
title = {Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013a.pdf},
doi = {10.1016/j.csi.2013.10.002},
issn = {0920-5489},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Computer Standards \& Interfaces},
volume = {36},
pages = {501-512},
publisher = {Elsevier},
abstract = {Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.
Alcaraz, Cristina; Lopez, Javier
WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids Journal Article
In: Future Generation Computer Systems, vol. 30, pp. 146-154, 2014, ISSN: 0167-739X.
@article{alcaraz2013b,
title = {WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013b.pdf},
doi = {10.1016/j.future.2013.06.030},
issn = {0167-739X},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Future Generation Computer Systems},
volume = {30},
pages = {146-154},
publisher = {Elsevier},
abstract = {Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.
Nuñez, David; Fernandez-Gago, Carmen; Pearson, Siani; Felici, Massimo
A Metamodel for Measuring Accountability Attributes in the Cloud Proceedings Article
In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 355-362, IEEE IEEE, Bristol, UK, 2013, ISBN: 978-0-7685-5095-4.
@inproceedings{nunez2013metamodel,
title = {A Metamodel for Measuring Accountability Attributes in the Cloud},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Siani Pearson and Massimo Felici},
url = {/wp-content/papers/nunez2013metamodel.pdf},
doi = {10.1109/CloudCom.2013.53},
isbn = {978-0-7685-5095-4},
year = {2013},
date = {2013-12-01},
urldate = {2013-12-01},
booktitle = {2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)},
pages = {355-362},
publisher = {IEEE},
address = {Bristol, UK},
organization = {IEEE},
abstract = {Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.
Rios, Ruben; Onieva, Jose A.; Lopez, Javier
Covert Communications through Network Configuration Messages Journal Article
In: Computers & Security, vol. 39, Part A, pp. 34 - 46, 2013, ISSN: 0167-4048.
@article{rios2013a,
title = {Covert Communications through Network Configuration Messages},
author = {Ruben Rios and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/rios2013a.pdf},
doi = {10.1016/j.cose.2013.03.004},
issn = {0167-4048},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Computers \& Security},
volume = {39, Part A},
pages = {34 - 46},
publisher = {Elsevier},
abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.
Lopez, Javier; Alcaraz, Cristina; Roman, Rodrigo
Smart Control of Operational Threats in Control Substations Journal Article
In: Computers & Security, vol. 38, pp. 14-27, 2013, ISSN: 0167-4048.
@article{1770,
title = {Smart Control of Operational Threats in Control Substations},
author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/1770.pdf
http://www.sciencedirect.com/science/article/pii/S0167404813000588},
doi = {10.1016/j.cose.2013.03.013},
issn = {0167-4048},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Computers \& Security},
volume = {38},
pages = {14-27},
publisher = {Elsevier},
abstract = {Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption Proceedings Article
In: Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013, Málaga, Spain, 2013.
@inproceedings{nunez2013leveraging,
title = {Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2013leveraging.pdf},
year = {2013},
date = {2013-09-01},
urldate = {2013-09-01},
booktitle = {Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013},
address = {M\'{a}laga, Spain},
abstract = {The advent of cloud computing has provided the opportunity to externalize the identity management processes, shaping what has been called Identity Management as a Service (IDaaS). However, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. As part of this PhD thesis, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection through the use of proxy re-encryption.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The advent of cloud computing has provided the opportunity to externalize the identity management processes, shaping what has been called Identity Management as a Service (IDaaS). However, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. As part of this PhD thesis, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection through the use of proxy re-encryption.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Towards Automatic Critical Infrastructure Protection through Machine Learning Proceedings Article
In: 8th International Conference on Critical Information Infrastructures Security, pp. 197-203, Springer Springer, Amsterdam, The Netherlands, 2013, ISSN: 0302-9743.
@inproceedings{1805,
title = {Towards Automatic Critical Infrastructure Protection through Machine Learning},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1805.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-03964-0_18},
issn = {0302-9743},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {8th International Conference on Critical Information Infrastructures Security},
volume = {8328},
pages = {197-203},
publisher = {Springer},
address = {Amsterdam, The Netherlands},
organization = {Springer},
abstract = {Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology
Nieto, Ana; Lopez, Javier
Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet Journal Article
In: Security and Communication Networks (SCN) Journal, vol. 7, pp. 2778-2803, 2013, ISSN: 1939-0114.
@article{nietoscn13,
title = {Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/nietoscn13.pdf
http://onlinelibrary.wiley.com/doi/10.1002/sec.809/abstract?deniedAccessCustomisedMessage=\&userIsAuthenticated=false},
doi = {10.1002/sec.809},
issn = {1939-0114},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
journal = {Security and Communication Networks (SCN) Journal},
volume = {7},
pages = {2778-2803},
publisher = {Wiley-Blackwell},
abstract = {Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things Journal Article
In: Ad Hoc Networks, vol. 11, pp. 1091–1104, 2013, ISSN: 1570-8705.
@article{1752,
title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1752.pdf},
doi = {10.1016/j.adhoc.2012.12.001},
issn = {1570-8705},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {Ad Hoc Networks},
volume = {11},
pages = {1091\textendash1104},
publisher = {Elsevier},
abstract = {The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services Proceedings Article
In: IEEE CloudCom 2012, pp. 241 - 248, IEEE Computer Society IEEE Computer Society, Taipei, Taiwan, 2012, ISSN: 978-1-4673-4509-5.
@inproceedings{nunez2012integrating,
title = {Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2012integrating.pdf},
doi = {10.1109/CloudCom.2012.6427551},
issn = {978-1-4673-4509-5},
year = {2012},
date = {2012-12-01},
urldate = {2012-12-01},
booktitle = {IEEE CloudCom 2012},
pages = {241 - 248},
publisher = {IEEE Computer Society},
address = {Taipei, Taiwan},
organization = {IEEE Computer Society},
abstract = {The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.
Alcaraz, Cristina; Lopez, Javier
Addressing Situational Awareness in Critical Domains of a Smart Grid Proceedings Article
In: 6th International Conference on Network and System Security (NSS 2012), pp. 58-71, Springer-Verlag Springer-Verlag, Wu Yi Shan, Fujian, China, 2012, ISSN: 978-3-642-34600-2.
@inproceedings{1729,
title = {Addressing Situational Awareness in Critical Domains of a Smart Grid},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1729.pdf},
doi = {10.1007/978-3-642-34601-9_5},
issn = {978-3-642-34600-2},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
booktitle = {6th International Conference on Network and System Security (NSS 2012)},
volume = {7645},
pages = {58-71},
publisher = {Springer-Verlag},
address = {Wu Yi Shan, Fujian, China},
organization = {Springer-Verlag},
series = {LNCS 7645},
abstract = {Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.
Nieto, Ana; Fernandez, Gerardo
Sistema Colaborativo de Detección y Reacción ante Intrusiones basado en Intel vPro Proceedings Article
In: XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), pp. 45-50, San Sebastián, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{NF_RECSI12,
title = {Sistema Colaborativo de Detecci\'{o}n y Reacci\'{o}n ante Intrusiones basado en Intel vPro},
author = {Ana Nieto and Gerardo Fernandez},
url = {/wp-content/papers/NF_RECSI12.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2012)},
pages = {45-50},
address = {San Sebasti\'{a}n},
abstract = {En este trabajo proponemos una plataforma para el desarrollo de un sistema colaborativo para la detecci\'{o}n y reacci\'{o}n ante intrusiones, empleando como base las tecnolog\'{i}as presentes en Intel vPro. La soluci\'{o}n presentada est\'{a} dirigida a solventar la necesidad de implantaci\'{o}n de nuevas tecnolog\'{i}as que posibiliten la reacci\'{o}n ante ataques, independientemente del sistema operativo usado. Con este fin, en este trabajo abordamos tres puntos fundamentales: la detecci\'{o}n de intrusiones colaborativa, la respuesta autom\'{a}tica de los nodos ante la detecci\'{o}n de una intrusi\'{o}n y el uso de herramientas que posibiliten asegurar la confianza en un nodo. En un sistema colaborativo como el que se propone aqu\'{i}, un aspecto clave para la seguridad es la protecci\'{o}n de las comunicaciones entre los mecanismos de detecci\'{o}n y reacci\'{o}n frente a intrusiones. La modificaci\'{o}n o el simple acceso a los datos intercambiados por tales sistemas supone un grave riesgo para la seguridad del entorno. Como resultado hemos desarrollado un prototipo preliminar para probar la soluci\'{o}n propuesta en un escenario de ataque real.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En este trabajo proponemos una plataforma para el desarrollo de un sistema colaborativo para la detección y reacción ante intrusiones, empleando como base las tecnologías presentes en Intel vPro. La solución presentada está dirigida a solventar la necesidad de implantación de nuevas tecnologías que posibiliten la reacción ante ataques, independientemente del sistema operativo usado. Con este fin, en este trabajo abordamos tres puntos fundamentales: la detección de intrusiones colaborativa, la respuesta automática de los nodos ante la detección de una intrusión y el uso de herramientas que posibiliten asegurar la confianza en un nodo. En un sistema colaborativo como el que se propone aquí, un aspecto clave para la seguridad es la protección de las comunicaciones entre los mecanismos de detección y reacción frente a intrusiones. La modificación o el simple acceso a los datos intercambiados por tales sistemas supone un grave riesgo para la seguridad del entorno. Como resultado hemos desarrollado un prototipo preliminar para probar la solución propuesta en un escenario de ataque real.
Nieto, Ana; Lopez, Javier
Security and QoS tradeoffs: towards a FI perspective Proceedings Article
In: Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pp. 745-750, IEEE IEEE, Fukuoka (Japan), 2012, ISBN: 978-0-7695-4652-0/12.
@inproceedings{Nieto2012b,
title = {Security and QoS tradeoffs: towards a FI perspective},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012b.pdf},
doi = {10.1109/WAINA.2012.204},
isbn = {978-0-7695-4652-0/12},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on},
pages = {745-750},
publisher = {IEEE},
address = {Fukuoka (Japan)},
organization = {IEEE},
abstract = {Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.
Nieto, Ana; Lopez, Javier
Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks Proceedings Article
In: Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pp. 607-612, IEEE IEEE, Fukuoka (Japan), 2012, ISBN: 978-0-7695-4652-0/12.
@inproceedings{Nieto2012a,
title = {Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012a.pdf},
doi = {10.1109/WAINA.2012.202},
isbn = {978-0-7695-4652-0/12},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on},
pages = {607-612},
publisher = {IEEE},
address = {Fukuoka (Japan)},
organization = {IEEE},
abstract = {Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Implementing Trust and Reputation Systems: A Framework for Developers’ Usage Proceedings Article
In: International Workshop on Quantitative Aspects in Security Assurance, Pisa, 2012.
@inproceedings{moyano12qasa,
title = {Implementing Trust and Reputation Systems: A Framework for Developers’ Usage},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/moyano12qasa.pdf},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {International Workshop on Quantitative Aspects in Security Assurance},
address = {Pisa},
abstract = {During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.
Nieto, Ana; Lopez, Javier
Security and QoS relationships in Mobile Platforms Proceedings Article
In: The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012), pp. 13-21, Springer Netherlands Springer Netherlands, Jeju (Korea), 2012, ISBN: 978-94-007-5699-1.
@inproceedings{Nieto2012c,
title = {Security and QoS relationships in Mobile Platforms},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012c.pdf},
doi = {10.1007/978-94-007-5699-1_2},
isbn = {978-94-007-5699-1},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
booktitle = {The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012)},
volume = {203},
pages = {13-21},
publisher = {Springer Netherlands},
address = {Jeju (Korea)},
organization = {Springer Netherlands},
series = {Lecture Notes in Electrical Engineering},
abstract = {Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.
Alcaraz, Cristina; Lopez, Javier
Analysis of Requirements for Critical Control Systems Journal Article
In: International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, pp. 137–145, 2012, ISSN: 1874-5482.
@article{1730,
title = {Analysis of Requirements for Critical Control Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1730.pdf
http://www.sciencedirect.com/science/article/pii/S1874548212000455},
doi = {10.1016/j.ijcip.2012.08.003},
issn = {1874-5482},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
volume = {5},
pages = {137\textendash145},
publisher = {Elsevier},
abstract = {The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Cyber Stealth Attacks in Critical Information Infrastructures Journal Article
In: IEEE Systems Journal, vol. 12, pp. 1778-1792, 2018, ISSN: 1932-8184.
@article{cazorla2016cyber,
title = {Cyber Stealth Attacks in Critical Information Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2016cyber.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},
doi = {10.1109/JSYST.2015.2487684},
issn = {1932-8184},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {1778-1792},
publisher = {IEEE},
abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
Alcaraz, Cristina; Lopez, Javier; Wolthusen, Stephen
Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems Journal Article
In: Journal of Network and Computer Applications, vol. 59, pp. 301–314, 2016, ISSN: 1084-8045.
@article{alcaraz2016POL,
title = {Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems},
author = {Cristina Alcaraz and Javier Lopez and Stephen Wolthusen},
url = {/wp-content/papers/alcaraz2016POL.pdf},
issn = {1084-8045},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {Journal of Network and Computer Applications},
volume = {59},
pages = {301\textendash314},
publisher = {Elsevier},
abstract = {Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the emphrole-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on emphstructural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the emphsupernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the emphinteroperability.
Alcaraz, Cristina; Miciolino, Estefania Etcheves; Wolthusen, Stephen
Multi-Round Attacks on Structural Controllability Properties for Non-Complete Random Graphs Proceedings Article
In: The 16th Information Security Conference (ISC), pp. 140–151, Springer Springer, Springer International Publishing Switzerland, 2015.
@inproceedings{alcaraz2013controla,
title = {Multi-Round Attacks on Structural Controllability Properties for Non-Complete Random Graphs},
author = {Cristina Alcaraz and Estefania Etcheves Miciolino and Stephen Wolthusen},
url = {/wp-content/papers/alcaraz2013controla.pdf},
doi = {10.1007/978-3-319-27659-5 10},
year = {2015},
date = {2015-09-01},
urldate = {2015-09-01},
booktitle = {The 16th Information Security Conference (ISC)},
volume = {7807},
pages = {140\textendash151},
publisher = {Springer},
address = {Springer International Publishing Switzerland},
organization = {Springer},
abstract = {The notion of controllability, informally the ability to force a system into a desired state in a finite time or number of steps, is most closely associated with control systems such as those used to maintain power networks and other critical infrastructures, but has wider relevance in distributed systems. It is clearly highly desirable to understand under which conditions attackers may be able to disrupt legitimate control, or to force overriding controllability themselves. Following recent results by Liu et al., there has been considerable interest also in graph-theoretical interpretation of Kalman controllability originally introduced by Lin, structural controllability. This permits the identification of sets of driver nodes with the desired state-forcing property, but determining such nodes is aW[2]-hard problem. To extract these nodes and represent the control relation, here we apply the POWER DOMINATING SET problem and investigate the effects of targeted iterative multiple-vertex removal. We report the impact that different attack strategies with multiple edge and vertex removal will have, based on underlying non-complete graphs, with an emphasis on power-law random graphs with different degree sequences.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The notion of controllability, informally the ability to force a system into a desired state in a finite time or number of steps, is most closely associated with control systems such as those used to maintain power networks and other critical infrastructures, but has wider relevance in distributed systems. It is clearly highly desirable to understand under which conditions attackers may be able to disrupt legitimate control, or to force overriding controllability themselves. Following recent results by Liu et al., there has been considerable interest also in graph-theoretical interpretation of Kalman controllability originally introduced by Lin, structural controllability. This permits the identification of sets of driver nodes with the desired state-forcing property, but determining such nodes is aW[2]-hard problem. To extract these nodes and represent the control relation, here we apply the POWER DOMINATING SET problem and investigate the effects of targeted iterative multiple-vertex removal. We report the impact that different attack strategies with multiple edge and vertex removal will have, based on underlying non-complete graphs, with an emphasis on power-law random graphs with different degree sequences.
Alcaraz, Cristina; Cazorla, Lorena; Fernandez, Gerardo
Context-Awareness using Anomaly-based Detectors for Smart Grid Domains Proceedings Article
In: 9th International Conference on Risks and Security of Internet and Systems, pp. 17-34, Springer International Publishing Springer International Publishing, Trento, 2015, ISBN: 978-3-319-17126-5.
@inproceedings{931,
title = {Context-Awareness using Anomaly-based Detectors for Smart Grid Domains},
author = {Cristina Alcaraz and Lorena Cazorla and Gerardo Fernandez},
url = {/wp-content/papers/931.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-17127-2_2$#$},
doi = {10.1007/978-3-319-17127-2_2},
isbn = {978-3-319-17126-5},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {9th International Conference on Risks and Security of Internet and Systems},
volume = {8924},
pages = {17-34},
publisher = {Springer International Publishing},
address = {Trento},
organization = {Springer International Publishing},
abstract = {Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Awareness and Reaction Strategies for Critical Infrastructure Protection Journal Article
In: Computers and Electrical Engineering, vol. 47, pp. 299-317, 2015, ISSN: 0045-7906.
@article{cazorla2015b,
title = {Awareness and Reaction Strategies for Critical Infrastructure Protection},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2015b.pdf},
doi = {10.1016/j.compeleceng.2015.08.010},
issn = {0045-7906},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers and Electrical Engineering},
volume = {47},
pages = {299-317},
publisher = {Elsevier},
abstract = {Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP.
Alcaraz, Cristina; Zeadally, Sherali
Critical Infrastructure Protection: Requirements and Challenges for the 21st Century Journal Article
In: International Journal of Critical Infrastructure Protection (IJCIP), vol. 8, pp. 53–66, 2015, ISSN: 1874-5482.
@article{alcaraz2015CRI,
title = {Critical Infrastructure Protection: Requirements and Challenges for the 21st Century},
author = {Cristina Alcaraz and Sherali Zeadally},
url = {/wp-content/papers/alcaraz2015CRI.pdf
http://www.sciencedirect.com/science/article/pii/S1874548214000791},
doi = {10.1016/j.ijcip.2014.12.002},
issn = {1874-5482},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
volume = {8},
pages = {53\textendash66},
publisher = {Elsevier Science},
abstract = {Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
A Three-Stage Analysis of IDS for Critical Infrastructures Journal Article
In: Computers & Security, vol. 55, no. November, pp. 235-250, 2015, ISSN: 0167-4048.
@article{lorena2015c,
title = {A Three-Stage Analysis of IDS for Critical Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/lorena2015c.pdf},
issn = {0167-4048},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
journal = {Computers \& Security},
volume = {55},
number = {November},
pages = {235-250},
publisher = {Elsevier},
abstract = {The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.
Alcaraz, Cristina; Wolthusen, Stephen
Recovery of Structural Controllability for Control Systems Proceedings Article
In: Eighth IFIP WG 11.10 International Conference on Critical Infrastructure Protection, SRI International, Arlington, Virginia, USA, pp. 47-63, Springer Springer, Arlington, Virginia, USA, 2014, ISSN: 1868-4238.
@inproceedings{430,
title = {Recovery of Structural Controllability for Control Systems},
author = {Cristina Alcaraz and Stephen Wolthusen},
url = {/wp-content/papers/430.pdf},
doi = {10.1007/978-3-662-45355-1_4},
issn = {1868-4238},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {Eighth IFIP WG 11.10 International Conference on Critical Infrastructure Protection, SRI International, Arlington, Virginia, USA},
volume = {441},
pages = {47-63},
publisher = {Springer},
address = {Arlington, Virginia, USA},
organization = {Springer},
abstract = {Fundamental problems in control systems theory are controllability and observability, and designing control systems so that these properties are satisfied or approximated sufficiently. However, it is prudent to as- sume that an attacker will not only be able to subvert measurements but also control the system. Moreover, an advanced adversary with an understanding of the control system may seek to take over control of the entire system or parts thereof, or deny the legitimate operator this capability. The effectiveness of such attacks has been demonstrated in previous work. Indeed, these attacks cannot be ruled out given the likely existence of unknown vulnerabilities, increasing connectivity of nominally air-gapped systems and supply chain issues. The ability to rapidly recover control after an attack has been initiated and to detect an adversary’s presence is, therefore, critical. This paper focuses on the problem of structural controllability, which has recently attracted substantial attention through the equivalent problem of the power dom- inating set introduced in the context of electrical power network control. However, these problems are known to be NP-hard with poor approx- imability. Given their relevance to many networks, especially power networks, this paper studies strategies for the efficient restoration of controllability following attacks and attacker-defender interactions in power-law networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Fundamental problems in control systems theory are controllability and observability, and designing control systems so that these properties are satisfied or approximated sufficiently. However, it is prudent to as- sume that an attacker will not only be able to subvert measurements but also control the system. Moreover, an advanced adversary with an understanding of the control system may seek to take over control of the entire system or parts thereof, or deny the legitimate operator this capability. The effectiveness of such attacks has been demonstrated in previous work. Indeed, these attacks cannot be ruled out given the likely existence of unknown vulnerabilities, increasing connectivity of nominally air-gapped systems and supply chain issues. The ability to rapidly recover control after an attack has been initiated and to detect an adversary’s presence is, therefore, critical. This paper focuses on the problem of structural controllability, which has recently attracted substantial attention through the equivalent problem of the power dom- inating set introduced in the context of electrical power network control. However, these problems are known to be NP-hard with poor approx- imability. Given their relevance to many networks, especially power networks, this paper studies strategies for the efficient restoration of controllability following attacks and attacker-defender interactions in power-law networks.
Hernández-Ardieta, Jorge L.; Santos, David; Parra, Pascual; Tapiador, Juan E.; Peris-López, Pedro; Lopez, Javier; Fernandez, Gerardo
An Intelligent and Adaptive Live Simulator: A new Concept for Cybersecurity Training Proceedings Article
In: 9th Future Security Conference, Berlin, 2014.
@inproceedings{1637,
title = {An Intelligent and Adaptive Live Simulator: A new Concept for Cybersecurity Training},
author = {Jorge L. Hern\'{a}ndez-Ardieta and David Santos and Pascual Parra and Juan E. Tapiador and Pedro Peris-L\'{o}pez and Javier Lopez and Gerardo Fernandez},
url = {/wp-content/papers/1637.pdf},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {9th Future Security Conference},
address = {Berlin},
abstract = {The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a potential solution for cybersecurity training. However, in spite of the advances achieved, there is still an urgent need to address some open challenges. In this paper we present a novel simulator that solves some these challenges. First, we analyse the main properties that any cybersecurity training solution should comprise, and evaluate to what extent training simulators can meet them. Next, we introduce the functional architecture and innovative features of the simulator, of which a functional prototype has already been released. Finally, we demonstrate how these capabilities are put into practice in training courses already available in the simulator.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a potential solution for cybersecurity training. However, in spite of the advances achieved, there is still an urgent need to address some open challenges. In this paper we present a novel simulator that solves some these challenges. First, we analyse the main properties that any cybersecurity training solution should comprise, and evaluate to what extent training simulators can meet them. Next, we introduce the functional architecture and innovative features of the simulator, of which a functional prototype has already been released. Finally, we demonstrate how these capabilities are put into practice in training courses already available in the simulator.
Rios, Ruben; Onieva, Jose A.; Lopez, Javier
HIDE_DHCP: Covert Communications Through Network Configuration Messages Proceedings Article
In: Gritzalis, Dimitris; Furnell, Steven; Theoharidou, Marianthi (Ed.): Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012), pp. 162-173, Springer Boston Springer Boston, Heraklion, Crete, Greece, 2012, ISSN: 1868-4238.
@inproceedings{Rios2012,
title = {HIDE_DHCP: Covert Communications Through Network Configuration Messages},
author = {Ruben Rios and Jose A. Onieva and Javier Lopez},
editor = {Dimitris Gritzalis and Steven Furnell and Marianthi Theoharidou},
url = {/wp-content/papers/Rios2012.pdf},
doi = {10.1007/978-3-642-30436-1_14},
issn = {1868-4238},
year = {2012},
date = {2012-06-01},
urldate = {2012-06-01},
booktitle = {Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012)},
volume = {376},
pages = {162-173},
publisher = {Springer Boston},
address = {Heraklion, Crete, Greece},
organization = {Springer Boston},
series = {IFIP AICT},
abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements
Sorry, no publications matched your criteria.
Alcaraz, Cristina; Cazorla, Lorena; Fernandez, Gerardo
Context-Awareness using Anomaly-based Detectors for Smart Grid Domains Proceedings Article
In: 9th International Conference on Risks and Security of Internet and Systems, pp. 17-34, Springer International Publishing Springer International Publishing, Trento, 2015, ISBN: 978-3-319-17126-5.
@inproceedings{931,
title = {Context-Awareness using Anomaly-based Detectors for Smart Grid Domains},
author = {Cristina Alcaraz and Lorena Cazorla and Gerardo Fernandez},
url = {/wp-content/papers/931.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-17127-2_2$#$},
doi = {10.1007/978-3-319-17127-2_2},
isbn = {978-3-319-17126-5},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {9th International Conference on Risks and Security of Internet and Systems},
volume = {8924},
pages = {17-34},
publisher = {Springer International Publishing},
address = {Trento},
organization = {Springer International Publishing},
abstract = {Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.
Onieva, Jose A.; Rios, Ruben; Palenciano, Bernardo
Análisis y Desarrollo de un Canal Encubierto en una Red de Sensores Proceedings Article
In: XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2014), pp. 333-338, Universidad de Alicante Universidad de Alicante, Alicante, Spain, 2014, ISBN: 978-84-9717-323-0.
@inproceedings{onieva2014,
title = {An\'{a}lisis y Desarrollo de un Canal Encubierto en una Red de Sensores},
author = {Jose A. Onieva and Ruben Rios and Bernardo Palenciano},
url = {/wp-content/papers/onieva2014.pdf},
isbn = {978-84-9717-323-0},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {XIII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2014)},
pages = {333-338},
publisher = {Universidad de Alicante},
address = {Alicante, Spain},
organization = {Universidad de Alicante},
abstract = {Continuamente aparecen nuevos estudios as\'{i} como nuevos desarrollos de canales encubiertos. Como veremos, existen m\'{a}s de cien dise\~{n}os distintos para redes de ordenadores, pero no hemos encontrado en la literatura ning\'{u}n an\'{a}lisis, dise\~{n}o e implementaci\'{o}n de canales encubiertos sobre redes de sensores. En este art\'{i}culo presentamos los resultados del dise\~{n}o e implementaci\'{o}n de un canal multitasa basado en los tiempos de monitorizaci\'{o}n sobre una red de sensores. En este proceso se han establecido las principales propiedades necesarias y, en base a ellas, se desarrolla e implementa el canal encubierto. Se describe el proceso de desarrollo y se analiza su detectabilidad.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Continuamente aparecen nuevos estudios así como nuevos desarrollos de canales encubiertos. Como veremos, existen más de cien diseños distintos para redes de ordenadores, pero no hemos encontrado en la literatura ningún análisis, diseño e implementación de canales encubiertos sobre redes de sensores. En este artículo presentamos los resultados del diseño e implementación de un canal multitasa basado en los tiempos de monitorización sobre una red de sensores. En este proceso se han establecido las principales propiedades necesarias y, en base a ellas, se desarrolla e implementa el canal encubierto. Se describe el proceso de desarrollo y se analiza su detectabilidad.
Nieto, Ana; Lopez, Javier
Herramienta para la Compensación de Parámetros de QoS y Seguridad Proceedings Article
In: XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2014), pp. 303-308, Alicante (España)., 2014, ISBN: 978-84-9717-323-0.
@inproceedings{909,
title = {Herramienta para la Compensaci\'{o}n de Par\'{a}metros de QoS y Seguridad},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/909.pdf},
isbn = {978-84-9717-323-0},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {XIII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2014)},
pages = {303-308},
address = {Alicante (Espa\~{n}a).},
abstract = {El an\'{a}lisis conjunto de mecanismos de seguridad y QoS es esencial para las redes heterog\'{e}neas donde diversos dispositivos pueden coexistir en entornos din\'{a}micos. En concreto, los dispositivos no siempre pueden ser conocidos, por lo que diferentes requisitos y mecanismos pueden surgir para el an\'{a}lisis. En este art\'{i}culo, proponemos una herramienta para facilitar la configuraci\'{o}n de entornos basada en el an\'{a}lisis param\'{e}trico de dependencias, tomando como base de conocimiento un conjunto de par\'{a}metros de seguridad y QoS. Esta forma de an\'{a}lisis de par\'{a}metros a alto nivel permite considerar las dependencias y la compensaci\'{o}n entre mecanismos con independencia del sistema de informaci\'{o}n subyacente. Posibilita por tanto evaluar el impacto que tales mecanismos, y otros definidos acorde al modelo, tienen sobre un sistema previo a su despliegue.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El análisis conjunto de mecanismos de seguridad y QoS es esencial para las redes heterogéneas donde diversos dispositivos pueden coexistir en entornos dinámicos. En concreto, los dispositivos no siempre pueden ser conocidos, por lo que diferentes requisitos y mecanismos pueden surgir para el análisis. En este artículo, proponemos una herramienta para facilitar la configuración de entornos basada en el análisis paramétrico de dependencias, tomando como base de conocimiento un conjunto de parámetros de seguridad y QoS. Esta forma de análisis de parámetros a alto nivel permite considerar las dependencias y la compensación entre mecanismos con independencia del sistema de información subyacente. Posibilita por tanto evaluar el impacto que tales mecanismos, y otros definidos acorde al modelo, tienen sobre un sistema previo a su despliegue.
Nieto, Ana; Lopez, Javier
Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems Proceedings Article
In: 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14), pp. 25-32, ACM ACM, Montréal (Canada), 2014, ISBN: 978-1-4503-3027-5.
@inproceedings{932,
title = {Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/932.pdf},
doi = {10.1145/2642687.2642689},
isbn = {978-1-4503-3027-5},
year = {2014},
date = {2014-09-01},
urldate = {2014-09-01},
booktitle = {10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet’14)},
pages = {25-32},
publisher = {ACM},
address = {Montr\'{e}al (Canada)},
organization = {ACM},
abstract = {Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.
Nieto, Ana; Lopez, Javier
A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments Proceedings Article
In: IEEE International Conference on Communications (ICC’14), pp. 755-760, IEEE Communications Society IEEE Communications Society, Sydney (Australia), 2014, ISBN: 978-1-4799-2003-7.
@inproceedings{431,
title = {A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/431.pdf},
doi = {10.1109/ICC.2014.6883410},
isbn = {978-1-4799-2003-7},
year = {2014},
date = {2014-06-01},
urldate = {2014-06-01},
booktitle = {IEEE International Conference on Communications (ICC’14)},
pages = {755-760},
publisher = {IEEE Communications Society},
address = {Sydney (Australia)},
organization = {IEEE Communications Society},
abstract = {Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.
Lopez, Javier; Rios, Ruben; Cuellar, Jorge
Preserving Receiver-Location Privacy in Wireless Sensor Networks Proceedings Article
In: Information Security Practice and Experience (ISPEC 2014), pp. 15-27, Springer Springer, Fuzhou, China, 2014, ISSN: 0302-9743.
@inproceedings{Lopez2014prl,
title = {Preserving Receiver-Location Privacy in Wireless Sensor Networks},
author = {Javier Lopez and Ruben Rios and Jorge Cuellar},
url = {/wp-content/papers/Lopez2014prl.pdf
http://link.springer.com/chapter/10.1007/978-3-319-06320-1_3$#$, },
doi = {10.1007/978-3-319-06320-1_3},
issn = {0302-9743},
year = {2014},
date = {2014-05-01},
urldate = {2014-05-01},
booktitle = {Information Security Practice and Experience (ISPEC 2014)},
volume = {8434},
pages = {15-27},
publisher = {Springer},
address = {Fuzhou, China},
organization = {Springer},
abstract = {Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution
Nieto, Ana; Lopez, Javier
A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms Journal Article
In: Mobile Networks and Applications (MONET) Journal, vol. 19, pp. 64-78, 2014, ISSN: 1383-469X.
@article{nieto2013mone,
title = {A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/nieto2013mone.pdf
},
doi = {10.1007/s11036-013-0462-y},
issn = {1383-469X},
year = {2014},
date = {2014-02-01},
urldate = {2014-02-01},
journal = {Mobile Networks and Applications (MONET) Journal},
volume = {19},
pages = {64-78},
publisher = {Springer US},
abstract = {Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.
Rios, Ruben; Lopez, Javier; Cuellar, Jorge
Location Privacy in WSNs: Solutions, Challenges, and Future Trends Book Section
In: Foundations of Security Analysis and Design VII, vol. 8604, pp. 244-282, Springer, 2014, ISSN: 0302-9743.
@incollection{ruben2014a,
title = {Location Privacy in WSNs: Solutions, Challenges, and Future Trends},
author = {Ruben Rios and Javier Lopez and Jorge Cuellar},
url = {/wp-content/papers/ruben2014a.pdf},
doi = {10.1007/978-3-319-10082-1_9},
issn = {0302-9743},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {Foundations of Security Analysis and Design VII},
volume = {8604},
pages = {244-282},
publisher = {Springer},
organization = {Springer},
series = {LNCS},
abstract = {Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.
Nieto, Ana
Evaluation of Dynamic Instantiation in CPRM-based Systems Proceedings Article
In: 9th International Conference on Risk and Security of Internet and Systems (CRiSIS’14), pp. 52-66, Springer Springer, Trento (Italy), 2014, ISBN: 978-3-319-17127-2.
@inproceedings{933,
title = {Evaluation of Dynamic Instantiation in CPRM-based Systems},
author = {Ana Nieto},
url = {/wp-content/papers/933.pdf},
doi = {10.1007/978-3-319-17127-2_4},
isbn = {978-3-319-17127-2},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {9th International Conference on Risk and Security of Internet and Systems (CRiSIS’14)},
volume = {8924},
pages = {52-66},
publisher = {Springer},
address = {Trento (Italy)},
organization = {Springer},
abstract = {Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.
Alcaraz, Cristina; Wolthusen, Stephen
Recovery of Structural Controllability for Control Systems Proceedings Article
In: Eighth IFIP WG 11.10 International Conference on Critical Infrastructure Protection, SRI International, Arlington, Virginia, USA, pp. 47-63, Springer Springer, Arlington, Virginia, USA, 2014, ISSN: 1868-4238.
@inproceedings{430,
title = {Recovery of Structural Controllability for Control Systems},
author = {Cristina Alcaraz and Stephen Wolthusen},
url = {/wp-content/papers/430.pdf},
doi = {10.1007/978-3-662-45355-1_4},
issn = {1868-4238},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {Eighth IFIP WG 11.10 International Conference on Critical Infrastructure Protection, SRI International, Arlington, Virginia, USA},
volume = {441},
pages = {47-63},
publisher = {Springer},
address = {Arlington, Virginia, USA},
organization = {Springer},
abstract = {Fundamental problems in control systems theory are controllability and observability, and designing control systems so that these properties are satisfied or approximated sufficiently. However, it is prudent to as- sume that an attacker will not only be able to subvert measurements but also control the system. Moreover, an advanced adversary with an understanding of the control system may seek to take over control of the entire system or parts thereof, or deny the legitimate operator this capability. The effectiveness of such attacks has been demonstrated in previous work. Indeed, these attacks cannot be ruled out given the likely existence of unknown vulnerabilities, increasing connectivity of nominally air-gapped systems and supply chain issues. The ability to rapidly recover control after an attack has been initiated and to detect an adversary’s presence is, therefore, critical. This paper focuses on the problem of structural controllability, which has recently attracted substantial attention through the equivalent problem of the power dom- inating set introduced in the context of electrical power network control. However, these problems are known to be NP-hard with poor approx- imability. Given their relevance to many networks, especially power networks, this paper studies strategies for the efficient restoration of controllability following attacks and attacker-defender interactions in power-law networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Fundamental problems in control systems theory are controllability and observability, and designing control systems so that these properties are satisfied or approximated sufficiently. However, it is prudent to as- sume that an attacker will not only be able to subvert measurements but also control the system. Moreover, an advanced adversary with an understanding of the control system may seek to take over control of the entire system or parts thereof, or deny the legitimate operator this capability. The effectiveness of such attacks has been demonstrated in previous work. Indeed, these attacks cannot be ruled out given the likely existence of unknown vulnerabilities, increasing connectivity of nominally air-gapped systems and supply chain issues. The ability to rapidly recover control after an attack has been initiated and to detect an adversary’s presence is, therefore, critical. This paper focuses on the problem of structural controllability, which has recently attracted substantial attention through the equivalent problem of the power dom- inating set introduced in the context of electrical power network control. However, these problems are known to be NP-hard with poor approx- imability. Given their relevance to many networks, especially power networks, this paper studies strategies for the efficient restoration of controllability following attacks and attacker-defender interactions in power-law networks.
Nuñez, David; Agudo, Isaac
BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service Journal Article
In: International Journal of Information Security, vol. 13, pp. 199-215, 2014, ISSN: 1615-5262.
@article{nunez2014blindidm,
title = {BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service},
author = {David Nu\~{n}ez and Isaac Agudo},
url = {/wp-content/papers/nunez2014blindidm.pdf},
doi = {10.1007/s10207-014-0230-4},
issn = {1615-5262},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {International Journal of Information Security},
volume = {13},
pages = {199-215},
publisher = {Springer},
abstract = {Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data con
dentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data con
dentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.
Alcaraz, Cristina; Lopez, Javier
Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection Journal Article
In: Computer Standards & Interfaces, vol. 36, pp. 501-512, 2014, ISSN: 0920-5489.
@article{alcaraz2013a,
title = {Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013a.pdf},
doi = {10.1016/j.csi.2013.10.002},
issn = {0920-5489},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Computer Standards \& Interfaces},
volume = {36},
pages = {501-512},
publisher = {Elsevier},
abstract = {Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.
Alcaraz, Cristina; Lopez, Javier
WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids Journal Article
In: Future Generation Computer Systems, vol. 30, pp. 146-154, 2014, ISSN: 0167-739X.
@article{alcaraz2013b,
title = {WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013b.pdf},
doi = {10.1016/j.future.2013.06.030},
issn = {0167-739X},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Future Generation Computer Systems},
volume = {30},
pages = {146-154},
publisher = {Elsevier},
abstract = {Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.
Rios, Ruben; Onieva, Jose A.; Lopez, Javier
Covert Communications through Network Configuration Messages Journal Article
In: Computers & Security, vol. 39, Part A, pp. 34 - 46, 2013, ISSN: 0167-4048.
@article{rios2013a,
title = {Covert Communications through Network Configuration Messages},
author = {Ruben Rios and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/rios2013a.pdf},
doi = {10.1016/j.cose.2013.03.004},
issn = {0167-4048},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Computers \& Security},
volume = {39, Part A},
pages = {34 - 46},
publisher = {Elsevier},
abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.
Agudo, Isaac; Rios, Ruben; Lopez, Javier
A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control Journal Article
In: Computers & Security, vol. 39 (B), pp. 117-126, 2013, ISSN: 0167-4048.
@article{agudo2013,
title = {A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control},
author = {Isaac Agudo and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/agudo2013.pdf},
doi = {10.1016/j.cose.2013.05.004},
issn = {0167-4048},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Computers \& Security},
volume = {39 (B)},
pages = {117-126},
publisher = {Elsevier},
abstract = {Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.
Lopez, Javier; Alcaraz, Cristina; Roman, Rodrigo
Smart Control of Operational Threats in Control Substations Journal Article
In: Computers & Security, vol. 38, pp. 14-27, 2013, ISSN: 0167-4048.
@article{1770,
title = {Smart Control of Operational Threats in Control Substations},
author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/1770.pdf
http://www.sciencedirect.com/science/article/pii/S0167404813000588},
doi = {10.1016/j.cose.2013.03.013},
issn = {0167-4048},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Computers \& Security},
volume = {38},
pages = {14-27},
publisher = {Elsevier},
abstract = {Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
User-centric secure integration of personal RFID tags and sensor networks Journal Article
In: Security and Communication Networks, vol. 6, pp. 1177–1197, 2013, ISSN: 1939-0114.
@article{najerascn12,
title = {User-centric secure integration of personal RFID tags and sensor networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
doi = {10.1002/sec.684},
issn = {1939-0114},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Security and Communication Networks},
volume = {6},
pages = {1177\textendash1197},
publisher = {Wiley-Blackwell},
abstract = {A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
On the features and challenges of security and privacy in distributed internet of things Journal Article
In: Computer Networks, vol. 57, pp. 2266–2279, 2013, ISSN: 1389-1286.
@article{roman2013iot,
title = {On the features and challenges of security and privacy in distributed internet of things},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/roman2013iot.pdf
http://www.sciencedirect.com/science/article/pii/S1389128613000054},
doi = {10.1016/j.comnet.2012.12.018},
issn = {1389-1286},
year = {2013},
date = {2013-07-01},
urldate = {2013-07-01},
journal = {Computer Networks},
volume = {57},
pages = {2266\textendash2279},
publisher = {Elsevier},
abstract = {In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages \textendash not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.
Rios, Ruben; Lopez, Javier
(Un)Suitability of Anonymous Communication Systems to WSN Journal Article
In: IEEE Systems Journal, vol. 7, no. 2, pp. 298 - 310, 2013, ISSN: 1932-8184.
@article{Rios2012a,
title = {(Un)Suitability of Anonymous Communication Systems to WSN},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2012a.pdf},
doi = {10.1109/JSYST.2012.2221956},
issn = {1932-8184},
year = {2013},
date = {2013-06-01},
urldate = {2013-06-01},
journal = {IEEE Systems Journal},
volume = {7},
number = {2},
pages = {298 - 310},
publisher = {IEEE Systems Council},
abstract = {Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Building Trust and Reputation In: A Development Framework for Trust Models Implementation Proceedings Article
In: Jøsang, Audung; Samarati, Pierangela; Petrocchi, Marinella (Ed.): 8th International Workshop on Security and Trust Management (STM 2012), pp. 113-128, Springer Springer, Pisa, 2013, ISSN: 0302-9743.
@inproceedings{moyano2012stm,
title = {Building Trust and Reputation In: A Development Framework for Trust Models Implementation},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Audung J\osang and Pierangela Samarati and Marinella Petrocchi},
url = {/wp-content/papers/moyano2012stm.pdf},
doi = {10.1007/978-3-642-38004-4},
issn = {0302-9743},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {8th International Workshop on Security and Trust Management (STM 2012)},
volume = {7783},
pages = {113-128},
publisher = {Springer},
address = {Pisa},
organization = {Springer},
series = {LNCS},
abstract = {During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Towards Automatic Critical Infrastructure Protection through Machine Learning Proceedings Article
In: 8th International Conference on Critical Information Infrastructures Security, pp. 197-203, Springer Springer, Amsterdam, The Netherlands, 2013, ISSN: 0302-9743.
@inproceedings{1805,
title = {Towards Automatic Critical Infrastructure Protection through Machine Learning},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1805.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-03964-0_18},
issn = {0302-9743},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {8th International Conference on Critical Information Infrastructures Security},
volume = {8328},
pages = {197-203},
publisher = {Springer},
address = {Amsterdam, The Netherlands},
organization = {Springer},
abstract = {Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology
Nieto, Ana; Lopez, Javier
Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet Journal Article
In: Security and Communication Networks (SCN) Journal, vol. 7, pp. 2778-2803, 2013, ISSN: 1939-0114.
@article{nietoscn13,
title = {Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/nietoscn13.pdf
http://onlinelibrary.wiley.com/doi/10.1002/sec.809/abstract?deniedAccessCustomisedMessage=\&userIsAuthenticated=false},
doi = {10.1002/sec.809},
issn = {1939-0114},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
journal = {Security and Communication Networks (SCN) Journal},
volume = {7},
pages = {2778-2803},
publisher = {Wiley-Blackwell},
abstract = {Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things Journal Article
In: Ad Hoc Networks, vol. 11, pp. 1091–1104, 2013, ISSN: 1570-8705.
@article{1752,
title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1752.pdf},
doi = {10.1016/j.adhoc.2012.12.001},
issn = {1570-8705},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {Ad Hoc Networks},
volume = {11},
pages = {1091\textendash1104},
publisher = {Elsevier},
abstract = {The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.
Alcaraz, Cristina; Lopez, Javier
Wide-Area Situational Awareness for Critical Infrastructure Protection Journal Article
In: IEEE Computer, vol. 46, no. 4, pp. 30-37, 2013, ISSN: 0018-9162.
@article{1761,
title = {Wide-Area Situational Awareness for Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1761.pdf
http://doi.ieeecomputersociety.org/10.1109/MC.2013.72},
doi = {10.1109/MC.2013.72},
issn = {0018-9162},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {IEEE Computer},
volume = {46},
number = {4},
pages = {30-37},
publisher = {IEEE Computer Society},
abstract = {Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions
Alcaraz, Cristina; Lopez, Javier
Addressing Situational Awareness in Critical Domains of a Smart Grid Proceedings Article
In: 6th International Conference on Network and System Security (NSS 2012), pp. 58-71, Springer-Verlag Springer-Verlag, Wu Yi Shan, Fujian, China, 2012, ISSN: 978-3-642-34600-2.
@inproceedings{1729,
title = {Addressing Situational Awareness in Critical Domains of a Smart Grid},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1729.pdf},
doi = {10.1007/978-3-642-34601-9_5},
issn = {978-3-642-34600-2},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
booktitle = {6th International Conference on Network and System Security (NSS 2012)},
volume = {7645},
pages = {58-71},
publisher = {Springer-Verlag},
address = {Wu Yi Shan, Fujian, China},
organization = {Springer-Verlag},
series = {LNCS 7645},
abstract = {Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.
Alcaraz, Cristina; Fernandez, Gerardo; Carvajal, Fernando
Security Aspects of SCADA and DCS Environments Book Section
In: Lopez, Javier; Wolthusen, Stephen; Setola, Roberto (Ed.): Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense, vol. 7130, pp. 120-149, Springer-Verlag, Heidelberger (Berlin, Alemania), 2012, ISSN: 0302-9743.
@incollection{BC2011Alcaraz,
title = {Security Aspects of SCADA and DCS Environments},
author = {Cristina Alcaraz and Gerardo Fernandez and Fernando Carvajal},
editor = {Javier Lopez and Stephen Wolthusen and Roberto Setola},
url = {/wp-content/papers/BC2011Alcaraz.pdf},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense},
volume = {7130},
pages = {120-149},
publisher = {Springer-Verlag},
address = {Heidelberger (Berlin, Alemania)},
organization = {Springer-Verlag},
series = {Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense. LNCS 7130.},
abstract = {SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations.
Rios, Ruben; Lopez, Javier
Adecuación de soluciones de anonimato al problema de la privacidad de localización en WSN Proceedings Article
In: Zurutuza, Urko; Uribeetxeberria, Roberto; Arenaza-Nuño, Ignacio (Ed.): XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), pp. 309-314, Donostia-San Sebastián, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{Rios2012b,
title = {Adecuaci\'{o}n de soluciones de anonimato al problema de la privacidad de localizaci\'{o}n en WSN},
author = {Ruben Rios and Javier Lopez},
editor = {Urko Zurutuza and Roberto Uribeetxeberria and Ignacio Arenaza-Nu\~{n}o},
url = {/wp-content/papers/Rios2012b.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2012)},
pages = {309-314},
address = {Donostia-San Sebasti\'{a}n},
abstract = {Los patrones de tr\'{a}fico caracter\'{i}sticos de las redes inal\'{a}mbricas de sensores (WSNs) dan lugar al problema de la privacidad de localizaci\'{o}n. De manera similar, el tr\'{a}fico de los usuarios en Internet revela informaci\'{o}n sensible que puede ser protegida mediante sistemas de comunicaci\'{o}n an\'{o}nima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones hab\'{i}an sido rechazadas sin un an\'{a}lisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los patrones de tráfico característicos de las redes inalámbricas de sensores (WSNs) dan lugar al problema de la privacidad de localización. De manera similar, el tráfico de los usuarios en Internet revela información sensible que puede ser protegida mediante sistemas de comunicación anónima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones habían sido rechazadas sin un análisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.
Onieva, Jose A.; Agudo, Isaac; Lopez, Javier; Draper-Gil, Gerard; Hinarejos, M. Francisca
Como proteger la privacidad de los usuarios en Internet. Verificación anónima de la mayoría de edad Proceedings Article
In: XII Reunión Española sobre Criptología y Seguridad de la Información - RECSI 2012, pp. 297-302, Mondragon Mondragon, San Sebastian (Spain), 2012, ISBN: 978-84-615-9933-2.
@inproceedings{onieva2012,
title = {Como proteger la privacidad de los usuarios en Internet. Verificaci\'{o}n an\'{o}nima de la mayor\'{i}a de edad},
author = {Jose A. Onieva and Isaac Agudo and Javier Lopez and Gerard Draper-Gil and M. Francisca Hinarejos},
url = {/wp-content/papers/onieva2012.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n - RECSI 2012},
pages = {297-302},
publisher = {Mondragon},
address = {San Sebastian (Spain)},
organization = {Mondragon},
abstract = {La identidad digital est\'{a} tomando una dimensi\'{o}n que se escapa de los esquemas tradicionales. Ha pasado de ser un mero identificador a un conjunto de caracter\'{i}sticas que nos definen. Cada vez compartimos m\'{a}s informaci\'{o}n personal en la red, en gran medida porque los modelos de interacci\'{o}n online requieren que la compartamos.
Las grandes empresas de Internet se est\'{a}n acostumbrando a tener a su disposici\'{o}n o a exigir m\'{a}s informaci\'{o}n de la estrictamente necesaria para ofrecer sus servicios. Ante esta tendencia surge el denominado principio de minimizaci\'{o}n de datos contenido en la Directiva 95/46/CE sobre protecci\'{o}n de datos que nos anima a utilizar mecanismos de protecci\'{o}n de nuestra privacidad.
En este art\'{i}culo se presenta una soluci\'{o}n para la verificaci\'{o}n an\'{o}nima de la mayor\'{i}a de edad que hace uso de la tecnolog\'{i}a de Information cards para acceder a los servicios y del DNIe en la
fase de registro con el Proveedor de Identidad.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La identidad digital está tomando una dimensión que se escapa de los esquemas tradicionales. Ha pasado de ser un mero identificador a un conjunto de características que nos definen. Cada vez compartimos más información personal en la red, en gran medida porque los modelos de interacción online requieren que la compartamos.
Las grandes empresas de Internet se están acostumbrando a tener a su disposición o a exigir más información de la estrictamente necesaria para ofrecer sus servicios. Ante esta tendencia surge el denominado principio de minimización de datos contenido en la Directiva 95/46/CE sobre protección de datos que nos anima a utilizar mecanismos de protección de nuestra privacidad.
En este artículo se presenta una solución para la verificación anónima de la mayoría de edad que hace uso de la tecnología de Information cards para acceder a los servicios y del DNIe en la
fase de registro con el Proveedor de Identidad.
Las grandes empresas de Internet se están acostumbrando a tener a su disposición o a exigir más información de la estrictamente necesaria para ofrecer sus servicios. Ante esta tendencia surge el denominado principio de minimización de datos contenido en la Directiva 95/46/CE sobre protección de datos que nos anima a utilizar mecanismos de protección de nuestra privacidad.
En este artículo se presenta una solución para la verificación anónima de la mayoría de edad que hace uso de la tecnología de Information cards para acceder a los servicios y del DNIe en la
fase de registro con el Proveedor de Identidad.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Conceptual Framework for Trust Models Proceedings Article
In: Fischer-Hübner, Simone; Katsikas, Sokratis K.; Quirchmayr, Gerald (Ed.): 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), pp. 93-104, Springer Verlag Springer Verlag, Vienna, 2012, ISSN: 0302-9743.
@inproceedings{moyano2012trustbus,
title = {A Conceptual Framework for Trust Models},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Simone Fischer-H\"{u}bner and Sokratis K. Katsikas and Gerald Quirchmayr},
url = {/wp-content/papers/moyano2012trustbus.pdf},
doi = {10.1007/978-3-642-32287-7},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {9th International Conference on Trust, Privacy \& Security in Digital Business (TrustBus 2012)},
volume = {7449},
pages = {93-104},
publisher = {Springer Verlag},
address = {Vienna},
organization = {Springer Verlag},
series = {LNCS},
abstract = {During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN Proceedings Article
In: Foresti, Sara; Yung, Moti; Martinelli, Fabio (Ed.): 17th European Symposium on Research in Computer Security (ESORICS 2012), pp. 163-180, Springer Springer, Pisa, Italy, 2012, ISSN: 0302-9743.
@inproceedings{Rios2012d,
title = {Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
editor = {Sara Foresti and Moti Yung and Fabio Martinelli},
url = {/wp-content/papers/Rios2012d.pdf},
doi = {10.1007/978-3-642-33167-1_10},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {17th European Symposium on Research in Computer Security (ESORICS 2012)},
volume = {7459},
pages = {163-180},
publisher = {Springer},
address = {Pisa, Italy},
organization = {Springer},
series = {LNCS},
abstract = {The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.
Nieto, Ana; Fernandez, Gerardo
Sistema Colaborativo de Detección y Reacción ante Intrusiones basado en Intel vPro Proceedings Article
In: XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), pp. 45-50, San Sebastián, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{NF_RECSI12,
title = {Sistema Colaborativo de Detecci\'{o}n y Reacci\'{o}n ante Intrusiones basado en Intel vPro},
author = {Ana Nieto and Gerardo Fernandez},
url = {/wp-content/papers/NF_RECSI12.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2012)},
pages = {45-50},
address = {San Sebasti\'{a}n},
abstract = {En este trabajo proponemos una plataforma para el desarrollo de un sistema colaborativo para la detecci\'{o}n y reacci\'{o}n ante intrusiones, empleando como base las tecnolog\'{i}as presentes en Intel vPro. La soluci\'{o}n presentada est\'{a} dirigida a solventar la necesidad de implantaci\'{o}n de nuevas tecnolog\'{i}as que posibiliten la reacci\'{o}n ante ataques, independientemente del sistema operativo usado. Con este fin, en este trabajo abordamos tres puntos fundamentales: la detecci\'{o}n de intrusiones colaborativa, la respuesta autom\'{a}tica de los nodos ante la detecci\'{o}n de una intrusi\'{o}n y el uso de herramientas que posibiliten asegurar la confianza en un nodo. En un sistema colaborativo como el que se propone aqu\'{i}, un aspecto clave para la seguridad es la protecci\'{o}n de las comunicaciones entre los mecanismos de detecci\'{o}n y reacci\'{o}n frente a intrusiones. La modificaci\'{o}n o el simple acceso a los datos intercambiados por tales sistemas supone un grave riesgo para la seguridad del entorno. Como resultado hemos desarrollado un prototipo preliminar para probar la soluci\'{o}n propuesta en un escenario de ataque real.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En este trabajo proponemos una plataforma para el desarrollo de un sistema colaborativo para la detección y reacción ante intrusiones, empleando como base las tecnologías presentes en Intel vPro. La solución presentada está dirigida a solventar la necesidad de implantación de nuevas tecnologías que posibiliten la reacción ante ataques, independientemente del sistema operativo usado. Con este fin, en este trabajo abordamos tres puntos fundamentales: la detección de intrusiones colaborativa, la respuesta automática de los nodos ante la detección de una intrusión y el uso de herramientas que posibiliten asegurar la confianza en un nodo. En un sistema colaborativo como el que se propone aquí, un aspecto clave para la seguridad es la protección de las comunicaciones entre los mecanismos de detección y reacción frente a intrusiones. La modificación o el simple acceso a los datos intercambiados por tales sistemas supone un grave riesgo para la seguridad del entorno. Como resultado hemos desarrollado un prototipo preliminar para probar la solución propuesta en un escenario de ataque real.
Draper-Gil, Gerard; Ferrer-Gomila, Josep L.; Hinarejos, M. Francisca; Onieva, Jose A.; Lopez, Javier
Un protocolo para la firma de contratos en escenarios multi-two-party con atomicidad Proceedings Article
In: XII Reunión Española de Criptología y Seguridad de la Información, pp. 357-362, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{422,
title = {Un protocolo para la firma de contratos en escenarios multi-two-party con atomicidad},
author = {Gerard Draper-Gil and Josep L. Ferrer-Gomila and M. Francisca Hinarejos and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/422.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola de Criptolog\'{i}a y Seguridad de la Informaci\'{o}n},
pages = {357-362},
abstract = {Los avances tecnol\'{o}gicos que est\'{a} experimentando el mundo digital (Internet, comunicaciones, etc.) est\'{a}n acercando a consumidores y proveedores. Los proveedores pueden ofrecer sus productos directamente a los consumidores finales, y \'{e}stos son capaces de acceder a los proveedores desde cualquier lugar y en cualquier momento. A la hora de adquirir productos o servicios, esta facilidad de acceso permite a los consumidores consultar distintas ofertas de diferentes proveedores. Pero en el caso de que el consumidor quiera m\'{u}ltiples productos, como los paquetes tur\'{i}sticos, formados por vuelos, hoteles, excursiones, etc, los consumidores carecen de herramientas que les permitan realizar la contrataci\'{o}n multi-two-party de manera at\'{o}mica. En este art\'{i}culo presentamos un protocolo de firma de contratos multi-two-party con atomicidad que garantiza la equitatividad de todas las partes.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los avances tecnológicos que está experimentando el mundo digital (Internet, comunicaciones, etc.) están acercando a consumidores y proveedores. Los proveedores pueden ofrecer sus productos directamente a los consumidores finales, y éstos son capaces de acceder a los proveedores desde cualquier lugar y en cualquier momento. A la hora de adquirir productos o servicios, esta facilidad de acceso permite a los consumidores consultar distintas ofertas de diferentes proveedores. Pero en el caso de que el consumidor quiera múltiples productos, como los paquetes turísticos, formados por vuelos, hoteles, excursiones, etc, los consumidores carecen de herramientas que les permitan realizar la contratación multi-two-party de manera atómica. En este artículo presentamos un protocolo de firma de contratos multi-two-party con atomicidad que garantiza la equitatividad de todas las partes.
Rios, Ruben; Onieva, Jose A.; Lopez, Javier
HIDE_DHCP: Covert Communications Through Network Configuration Messages Proceedings Article
In: Gritzalis, Dimitris; Furnell, Steven; Theoharidou, Marianthi (Ed.): Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012), pp. 162-173, Springer Boston Springer Boston, Heraklion, Crete, Greece, 2012, ISSN: 1868-4238.
@inproceedings{Rios2012,
title = {HIDE_DHCP: Covert Communications Through Network Configuration Messages},
author = {Ruben Rios and Jose A. Onieva and Javier Lopez},
editor = {Dimitris Gritzalis and Steven Furnell and Marianthi Theoharidou},
url = {/wp-content/papers/Rios2012.pdf},
doi = {10.1007/978-3-642-30436-1_14},
issn = {1868-4238},
year = {2012},
date = {2012-06-01},
urldate = {2012-06-01},
booktitle = {Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012)},
volume = {376},
pages = {162-173},
publisher = {Springer Boston},
address = {Heraklion, Crete, Greece},
organization = {Springer Boston},
series = {IFIP AICT},
abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements
Nieto, Ana; Lopez, Javier
Security and QoS tradeoffs: towards a FI perspective Proceedings Article
In: Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pp. 745-750, IEEE IEEE, Fukuoka (Japan), 2012, ISBN: 978-0-7695-4652-0/12.
@inproceedings{Nieto2012b,
title = {Security and QoS tradeoffs: towards a FI perspective},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012b.pdf},
doi = {10.1109/WAINA.2012.204},
isbn = {978-0-7695-4652-0/12},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on},
pages = {745-750},
publisher = {IEEE},
address = {Fukuoka (Japan)},
organization = {IEEE},
abstract = {Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Implementing Trust and Reputation Systems: A Framework for Developers’ Usage Proceedings Article
In: International Workshop on Quantitative Aspects in Security Assurance, Pisa, 2012.
@inproceedings{moyano12qasa,
title = {Implementing Trust and Reputation Systems: A Framework for Developers’ Usage},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/moyano12qasa.pdf},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {International Workshop on Quantitative Aspects in Security Assurance},
address = {Pisa},
abstract = {During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Secure architecure for the integration of RFID and sensors in personal networks Proceedings Article
In: 7th International Workshop on Security and Trust Management (STM’11), pp. 207-222, Springer Springer, Copenhagen, Denmark, 2012, ISBN: 978-3-642-29962-9.
@inproceedings{Najera_STM11,
title = {Secure architecure for the integration of RFID and sensors in personal networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Najera_STM11.pdf},
doi = {10.1007/978-3-642-29963-6_15},
isbn = {978-3-642-29962-9},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {7th International Workshop on Security and Trust Management (STM’11)},
volume = {7170},
pages = {207-222},
publisher = {Springer},
address = {Copenhagen, Denmark},
organization = {Springer},
series = {LNCS},
abstract = {The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.
Galindo, David; Roman, Rodrigo; Lopez, Javier
On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks Journal Article
In: Wireless Communications and Mobile Computing, vol. 12, pp. 133-143, 2012, ISSN: 1530-8669.
@article{Galindo2010,
title = {On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks},
author = {David Galindo and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Galindo2010.pdf},
doi = {10.1002/wcm.894},
issn = {1530-8669},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {12},
pages = {133-143},
publisher = {Wiley},
abstract = {Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).
Alcaraz, Cristina; Lopez, Javier
Analysis of Requirements for Critical Control Systems Journal Article
In: International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, pp. 137–145, 2012, ISSN: 1874-5482.
@article{1730,
title = {Analysis of Requirements for Critical Control Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1730.pdf
http://www.sciencedirect.com/science/article/pii/S1874548212000455},
doi = {10.1016/j.ijcip.2012.08.003},
issn = {1874-5482},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
volume = {5},
pages = {137\textendash145},
publisher = {Elsevier},
abstract = {The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.
Rios, Ruben; Lopez, Javier
Analysis of Location Privacy Solutions in Wireless Sensor Networks Journal Article
In: IET Communications, vol. 5, pp. 2518 - 2532, 2011, ISSN: 1751-8628.
@article{Rios2011a,
title = {Analysis of Location Privacy Solutions in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2011a.pdf},
doi = {10.1049/iet-com.2010.0825},
issn = {1751-8628},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IET Communications},
volume = {5},
pages = {2518 - 2532},
publisher = {Institution of Engineering and Technology},
abstract = {Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.
Alcaraz, Cristina; Fernandez-Gago, Carmen; Lopez, Javier
An Early Warning System based on Reputation for Energy Control Systems Journal Article
In: IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 827-834, 2011, ISSN: 1949-3053.
@article{Alcaraz2011,
title = {An Early Warning System based on Reputation for Energy Control Systems},
author = {Cristina Alcaraz and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Alcaraz2011.pdf},
doi = {10.1109/TSG.2011.2161498},
issn = {1949-3053},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IEEE Transactions on Smart Grid},
volume = {2},
number = {4},
pages = {827-834},
publisher = {IEEE},
abstract = {Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Acceso seguro a nodos RFID en una arquitectura de red personal Proceedings Article
In: Hackbarth, Klaus; Agüero, Ramón; Sanz, Roberto (Ed.): X Jornadas de Ingeniería Telemática (JITEL 2011), pp. 104 - 111, Universidad de Cantabria Universidad de Cantabria, Santander, Spain, 2011, ISBN: 978-84-694-5948-5.
@inproceedings{Najera_JITEL11,
title = {Acceso seguro a nodos RFID en una arquitectura de red personal},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
editor = {Klaus Hackbarth and Ram\'{o}n Ag\"{u}ero and Roberto Sanz},
isbn = {978-84-694-5948-5},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
booktitle = {X Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2011)},
pages = {104 - 111},
publisher = {Universidad de Cantabria},
address = {Santander, Spain},
organization = {Universidad de Cantabria},
abstract = {El paradigma de red personal (PN) permitir\'{a} la interacci\'{o}n y colaboraci\'{o}n del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno m\'{u}ltiples tecnolog\'{i}as heterog\'{e}neas con diversas capacidades computacionales y de comunicaci\'{o}n de forma segura. En particular, la incorporaci\'{o}n de la tecnolog\'{i}a RFID en objetos personales conlleva m\'{u}ltiples riesgos de seguridad y privacidad que han suscitado un elevado inter\'{e}s de la comunidad investigadora en los \'{u}ltimos a\~{n}os. M\'{a}s all\'{a} de su seguridad de forma aislada, su integraci\'{o}n en la PN y la interacci\'{o}n de \'{e}sta con redes de \'{a}rea extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este art\'{i}culo proporciona los fundamentos de tal arquitectura segura incluyendo el an\'{a}lisis de aspectos como la incorporaci\'{o}n e inicializaci\'{o}n de las restringidas etiquetas RFID en la red personal, la autenticaci\'{o}n tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnolog\'{i}as de contexto, el control de las pol\'{i}ticas de privacidad y el establecimiento de canales seguros de comunicaci\'{o}n supervisados.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El paradigma de red personal (PN) permitirá la interacción y colaboración del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno múltiples tecnologías heterogéneas con diversas capacidades computacionales y de comunicación de forma segura. En particular, la incorporación de la tecnología RFID en objetos personales conlleva múltiples riesgos de seguridad y privacidad que han suscitado un elevado interés de la comunidad investigadora en los últimos años. Más allá de su seguridad de forma aislada, su integración en la PN y la interacción de ésta con redes de área extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este artículo proporciona los fundamentos de tal arquitectura segura incluyendo el análisis de aspectos como la incorporación e inicialización de las restringidas etiquetas RFID en la red personal, la autenticación tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnologías de contexto, el control de las políticas de privacidad y el establecimiento de canales seguros de comunicación supervisados.
Rios, Ruben; Lopez, Javier
Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks Journal Article
In: The Computer Journal, vol. 54, pp. 1603-1615, 2011, ISSN: 0010-4620.
@article{Rios2011b,
title = {Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2011b.pdf},
doi = {10.1093/comjnl/bxr055},
issn = {0010-4620},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {The Computer Journal},
volume = {54},
pages = {1603-1615},
publisher = {Oxford University Press},
abstract = {The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.
Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Securing the Internet of Things Journal Article
In: IEEE Computer, vol. 44, no. 9, pp. 51 -58, 2011, ISSN: 0018-9162.
@article{1633,
title = {Securing the Internet of Things},
author = {Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1633.pdf},
doi = {10.1109/MC.2011.291},
issn = {0018-9162},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {IEEE Computer},
volume = {44},
number = {9},
pages = {51 -58},
publisher = {IEEE},
abstract = {This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.
Alcaraz, Cristina; Lopez, Javier; Zhou, Jianying; Roman, Rodrigo
Secure SCADA Framework for the Protection of Energy Control Systems Journal Article
In: Concurrency and Computation Practice & Experience, vol. 23, no. 12, pp. 1414-1430, 2011, ISSN: 1532-0626.
@article{Alcaraz2011a,
title = {Secure SCADA Framework for the Protection of Energy Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Jianying Zhou and Rodrigo Roman},
url = {/wp-content/papers/Alcaraz2011a.pdf},
doi = {10.1002/cpe.1679},
issn = {1532-0626},
year = {2011},
date = {2011-08-01},
urldate = {2011-08-01},
journal = {Concurrency and Computation Practice \& Experience},
volume = {23},
number = {12},
pages = {1414-1430},
publisher = {John Wiley \& Sons, Inc.},
abstract = {Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.
Agudo, Isaac; Nuñez, David; Giammatteo, Gabriele; Rizomiliotis, Panagiotis; Lambrinoudakis, Costas
Cryptography Goes to the Cloud Proceedings Article
In: Lee, Changhoon; Seigneur, Jean-Marc; Park, James J.; Wagner, Roland R. (Ed.): 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 190-197, Springer Springer, 2011, ISBN: 978-3-642-22364-8.
@inproceedings{agudo2011cryptography,
title = {Cryptography Goes to the Cloud},
author = {Isaac Agudo and David Nu\~{n}ez and Gabriele Giammatteo and Panagiotis Rizomiliotis and Costas Lambrinoudakis},
editor = {Changhoon Lee and Jean-Marc Seigneur and James J. Park and Roland R. Wagner},
url = {/wp-content/papers/agudo2011cryptography.pdf},
doi = {10.1007/978-3-642-22365-5_23},
isbn = {978-3-642-22364-8},
year = {2011},
date = {2011-06-01},
urldate = {2011-06-01},
booktitle = {1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011)},
volume = {187},
pages = {190-197},
publisher = {Springer},
organization = {Springer},
series = {Communications in Computer and Information Science},
abstract = {In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.
Leon, Olga; Roman, Rodrigo; Serrano, Juan Hernandez
Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks Proceedings Article
In: Workshop on Wireless Cooperative Network Security (WCNS’11), Springer Springer, 2011.
@inproceedings{Leon11,
title = {Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks},
author = {Olga Leon and Rodrigo Roman and Juan Hernandez Serrano},
url = {/wp-content/papers/Leon11.pdf
http://www.networking2011.org/workshops/WCNS.html},
doi = {10.1007/978-3-642-23041-7_22},
year = {2011},
date = {2011-05-01},
urldate = {2011-05-01},
booktitle = {Workshop on Wireless Cooperative Network Security (WCNS’11)},
publisher = {Springer},
organization = {Springer},
series = {LNCS},
abstract = {Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.
Roman, Rodrigo; Lopez, Javier; Alcaraz, Cristina; Chen, Hsiao-Hwa
SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks Proceedings Article
In: 5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE IEEE, Singapore, 2011.
@inproceedings{Roman11SK,
title = {SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks},
author = {Rodrigo Roman and Javier Lopez and Cristina Alcaraz and Hsiao-Hwa Chen},
url = {/wp-content/papers/Roman11SK.pdf
http://www.ftrai.org/smpe2011/},
doi = {10.1109/WAINA.2011.78},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
booktitle = {5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11)},
publisher = {IEEE},
address = {Singapore},
organization = {IEEE},
abstract = {Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier; Sklavos, Nicolas
Key management systems for sensor networks in the context of the Internet of Things Journal Article
In: Computers & Electrical Engineering, vol. 37, pp. 147-159, 2011, ISSN: 0045-7906.
@article{roman2011,
title = {Key management systems for sensor networks in the context of the Internet of Things},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Nicolas Sklavos},
url = {/wp-content/papers/roman2011.pdf
http://www.sciencedirect.com/science/article/B6V25-527FRSD-1/2/62661c595153993639c43b9b331d8d66},
doi = {10.1016/j.compeleceng.2011.01.009},
issn = {0045-7906},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
journal = {Computers \& Electrical Engineering},
volume = {37},
pages = {147-159},
publisher = {Elsevier},
abstract = {If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.
Roman, Rodrigo; Lopez, Javier; Najera, Pablo
A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures Journal Article
In: Wireless Communications and Mobile Computing, vol. 11, pp. 267-276, 2011, ISSN: 1530-8669.
@article{Roman2010,
title = {A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures},
author = {Rodrigo Roman and Javier Lopez and Pablo Najera},
url = {/wp-content/papers/Roman2010.pdf},
doi = {10.1002/wcm.1006},
issn = {1530-8669},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {11},
pages = {267-276},
publisher = {Wiley},
abstract = {The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
Najera, Pablo; Lopez, Javier
Real-time Location and Inpatient Care Systems Based on Passive RFID Journal Article
In: Journal of Network and Computer Applications, vol. 34, pp. pp. 980-989, 2011, ISSN: 1084-8045.
@article{Najera2010,
title = {Real-time Location and Inpatient Care Systems Based on Passive RFID},
author = {Pablo Najera and Javier Lopez},
url = {/wp-content/papers/Najera2010.pdf
http://www.sciencedirect.com/science/article/B6WKB-5023KSB-1/2/3b970ad38b2ce768888c4eec24ea472a},
doi = {10.1016/j.jnca.2010.04.011},
issn = {1084-8045},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
journal = {Journal of Network and Computer Applications},
volume = {34},
pages = {pp. 980-989},
publisher = {Elsevier},
abstract = {RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient’s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient’s safety. Considerations regarding lessons learned and challenges faced are exposed.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient’s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient’s safety. Considerations regarding lessons learned and challenges faced are exposed.
Alcaraz, Cristina; Agudo, Isaac; Nuñez, David; Lopez, Javier
Managing Incidents in Smart Grids à la Cloud Proceedings Article
In: IEEE CloudCom 2011, pp. 527-531, IEEE Computer Society IEEE Computer Society, Athens, Greece, 2011, ISBN: 978-0-7695-4622-3.
@inproceedings{1643,
title = {Managing Incidents in Smart Grids \`{a} la Cloud},
author = {Cristina Alcaraz and Isaac Agudo and David Nu\~{n}ez and Javier Lopez},
url = {/wp-content/papers/1643.pdf},
doi = {10.1109/CloudCom.2011.79},
isbn = {978-0-7695-4622-3},
year = {2011},
date = {2011-00-01},
urldate = {2011-00-01},
booktitle = {IEEE CloudCom 2011},
pages = {527-531},
publisher = {IEEE Computer Society},
address = {Athens, Greece},
organization = {IEEE Computer Society},
abstract = {During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.
Alcaraz, Cristina; Najera, Pablo; Lopez, Javier; Roman, Rodrigo
Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration? Proceedings Article
In: 1st International Workshop on the Security of the Internet of Things (SecIoT’10), pp. xxxx, IEEE IEEE, Tokyo (Japan), 2010.
@inproceedings{calcaraz10,
title = {Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?},
author = {Cristina Alcaraz and Pablo Najera and Javier Lopez and Rodrigo Roman},
url = {/wp-content/papers/calcaraz10.pdf},
year = {2010},
date = {2010-12-01},
urldate = {2010-12-01},
booktitle = {1st International Workshop on the Security of the Internet of Things (SecIoT’10)},
pages = {xxxx},
publisher = {IEEE},
address = {Tokyo (Japan)},
organization = {IEEE},
abstract = {Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Acceso seguro a redes de sensores en SCADA a través de Internet Proceedings Article
In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, Tarragona (Spain), 2010, ISBN: 978-84-693-3304-4.
@inproceedings{Alcaraz2010,
title = {Acceso seguro a redes de sensores en SCADA a trav\'{e}s de Internet},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010.pdf
http://crises-deim.urv.cat/recsi2010/},
isbn = {978-84-693-3304-4},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {XI Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2010)},
pages = {337-342},
address = {Tarragona (Spain)},
abstract = {Las Infraestructuras Cr\'{i}ticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisici\'{o}n de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria est\'{a} actualmente demandando la integraci\'{o}n en el modelo tradicional de dos avances tecnol\'{o}gicos: Internet y las redes de sensores inal\'{a}mbricas. Sin embargo, su incorporaci\'{o}n requiere analizar los requisitos de seguridad que surgen en dicho contexto, as\'{i} como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimizaci\'{o}n) y, en base a estos, la estrategia de integraci\'{o}n m\'{a}s adecuada para satisfacer dichos requisitos. Este art\'{i}culo proporciona dicho an\'{a}lisis en profundidad con el fin de ofrecer un modelo de integraci\'{o}n seguro adecuado para entornos cr\'{i}ticos.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.
Alcaraz, Cristina; Balastegui, Angel; Lopez, Javier
Early Warning System for Cascading Effect Control in Energy Control Systems Proceedings Article
In: 5th International conference on Critical Information Infrastructures Security (CRITIS’10), pp. 55-67, Springer Springer, Athens, Greece, 2010, ISSN: 0302-9743.
@inproceedings{Alcaraz2010b,
title = {Early Warning System for Cascading Effect Control in Energy Control Systems},
author = {Cristina Alcaraz and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010b.pdf
http://critis.net/2010/},
issn = {0302-9743},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {5th International conference on Critical Information Infrastructures Security (CRITIS’10)},
volume = {6712},
pages = {55-67},
publisher = {Springer},
address = {Athens, Greece},
organization = {Springer},
series = {LNCS},
abstract = {A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.
Rios, Ruben; Lopez, Javier
Source Location Privacy Considerations in Wireless Sensor Networks Proceedings Article
In: Fuentes, Lidia; Gámez, Nadia; Bravo, José (Ed.): 4th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI’10), pp. 29 - 38, IBERGARCETA PUBLICACIONES, S.L. IBERGARCETA PUBLICACIONES, S.L., Valencia (Spain), 2010, ISBN: 978-84-92812-61-5.
@inproceedings{Rios2010,
title = {Source Location Privacy Considerations in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
editor = {Lidia Fuentes and Nadia G\'{a}mez and Jos\'{e} Bravo},
url = {/wp-content/papers/Rios2010.pdf},
isbn = {978-84-92812-61-5},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {4th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI’10)},
pages = {29 - 38},
publisher = {IBERGARCETA PUBLICACIONES, S.L.},
address = {Valencia (Spain)},
organization = {IBERGARCETA PUBLICACIONES, S.L.},
abstract = {Wireless Sensor Networks are considered to be one of the cornerstones of Ambient Intelligence since they can be used in countless applications, where sensors are unobtrusively embedded into the environment to perform operations like monitoring, tracking and reporting. In such scenarios, privacy issues must be carefully considered since the mere observation of the network operation might reveal great amounts of private information to unauthorised parties. One of the problems that is gaining more attention in the realm of privacy, is the location privacy problem, which aims to prevent an attacker from obtaining the location of specific nodes of interest to him. In this paper we provide a general overview of the proposed solutions to counter this threat. Finally, we will also discuss some open challenges and future directions of research for a convenient management of privacy issues in smart environments.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks are considered to be one of the cornerstones of Ambient Intelligence since they can be used in countless applications, where sensors are unobtrusively embedded into the environment to perform operations like monitoring, tracking and reporting. In such scenarios, privacy issues must be carefully considered since the mere observation of the network operation might reveal great amounts of private information to unauthorised parties. One of the problems that is gaining more attention in the realm of privacy, is the location privacy problem, which aims to prevent an attacker from obtaining the location of specific nodes of interest to him. In this paper we provide a general overview of the proposed solutions to counter this threat. Finally, we will also discuss some open challenges and future directions of research for a convenient management of privacy issues in smart environments.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
A Scale Based Trust Model for Multi-Context Environments Journal Article
In: Computers and Mathematics with Applications, vol. 60, pp. 209-216, 2010, ISSN: 0898-1221.
@article{Agudo2010b,
title = {A Scale Based Trust Model for Multi-Context Environments},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2010b.pdf},
doi = {10.1016/j.camwa.2010.02.009},
issn = {0898-1221},
year = {2010},
date = {2010-07-01},
urldate = {2010-07-01},
journal = {Computers and Mathematics with Applications},
volume = {60},
pages = {209-216},
publisher = {Elsevier},
abstract = {When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.
Alcaraz, Cristina; Lopez, Javier
A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems Journal Article
In: IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 40, no. 4, pp. 419-428, 2010, ISSN: 1094-6977.
@article{Alcaraz2010a,
title = {A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010a.pdf
http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=\&arnumber=5443456\&queryText%253DC.+Alcaraz%2526openedRefinements%253D*%2526searchField%253DSearch+All\&fromGateway=true},
doi = {10.1109/TSMCC.2010.2045373},
issn = {1094-6977},
year = {2010},
date = {2010-07-01},
urldate = {2010-07-01},
journal = {IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews},
volume = {40},
number = {4},
pages = {419-428},
publisher = {IEEE},
abstract = {Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.
Forne, Jordi; Hinarejos, M. Francisca; Marin, Andres; Almenarez, Florina; Lopez, Javier; Montenegro, Jose A.; Lacoste, Marc; Diaz, Daniel
Pervasive Authentication and Authorization Infrastructures for Mobile Users Journal Article
In: Computer and Security, vol. 29, pp. 501-514, 2010, ISSN: 0167-4048.
@article{JordiForne2009,
title = {Pervasive Authentication and Authorization Infrastructures for Mobile Users},
author = {Jordi Forne and M. Francisca Hinarejos and Andres Marin and Florina Almenarez and Javier Lopez and Jose A. Montenegro and Marc Lacoste and Daniel Diaz},
url = {/wp-content/papers/JordiForne2009.pdf},
doi = {10.1016/j.cose.2009.09.001},
issn = {0167-4048},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer and Security},
volume = {29},
pages = {501-514},
publisher = {elsevier},
abstract = {Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.
Lopez, Javier; Roman, Rodrigo; Agudo, Isaac; Fernandez-Gago, Carmen
Trust Management Systems for Wireless Sensor Networks: Best practices Journal Article
In: Computer Communications, vol. 33, no. 9, pp. 0140-3664, 2010, ISSN: 0140-3664.
@article{JavierLopezMunoz2010,
title = {Trust Management Systems for Wireless Sensor Networks: Best practices},
author = {Javier Lopez and Rodrigo Roman and Isaac Agudo and Carmen Fernandez-Gago},
url = {/wp-content/papers/JavierLopezMunoz2010.pdf},
doi = {10.1016/j.comcom.2010.02.006},
issn = {0140-3664},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer Communications},
volume = {33},
number = {9},
pages = {0140-3664},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.
Montenegro, Jose A.; Lopez, Javier; Peralta, Rene
Computacion Segura Multiparte Aplicada a Subastas Electrónicas Proceedings Article
In: IX Jornadas de Ingeniería Telemenatica (JITEL 2010), 2010.
@inproceedings{JoseA.Montenegro2010,
title = {Computacion Segura Multiparte Aplicada a Subastas Electr\'{o}nicas},
author = {Jose A. Montenegro and Javier Lopez and Rene Peralta},
url = {/wp-content/papers/JoseA.Montenegro2010.pdf},
year = {2010},
date = {2010-00-01},
urldate = {2010-00-01},
booktitle = {IX Jornadas de Ingenier\'{i}a Telemenatica (JITEL 2010)},
abstract = {La confidencialidad ha pasado de ser un requisito de seguridad a ser considerado como requisito funcional y de obligado cumplimiento e inclusi\'{o}n en todos los sistemas de comunicaciones. Un inconveniente que presenta las t\'{e}cnicas criptogr\'{a}ficas, utilizadas para obtener la confidencialidad de la informaci\'{o}n, surge cuando varias entidades se ven forzadas a compartir informaci\'{o}n secreta para realizar tareas puntuales de colaboraci\'{o}n, ya que las primitivas tradicionales utilizadas para conseguir la confidencialidad resultan poco flexibles. La situaci\'{o}n ideal permitir\'{i}a hacer posible dicha colaboraci\'{o}n sin que ninguna de las partes revele la informaci\'{o}n aportada. En este escenario entra en juego la tecnolog\'{i}a de Computaci\'{o}n Segura Multiparte (CSM) que posibilita realizar operaciones con la informaci\'{o}n compartida sin tener que hacerla p\'{u}blica. Este trabajo muestra una soluci\'{o}n CSM aplicada a una subasta electr\'{o}nica que permite la realizaci\'{o}n de la subasta sin que las apuestas sean reveladas a ning\'{u}n participante, incluyendo el subastador, por lo que no necesita el estableciendo de ninguna autoridad confiable. Aunque la literatura ofrece una amplia variedad de propuestas te\'{o}ricas de CSM desde su creaci\'{o}n en la d\'{e}cada de los ochenta, no es com\'{u}n su aplicacion pr\'{a}ctica en situaciones reales.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La confidencialidad ha pasado de ser un requisito de seguridad a ser considerado como requisito funcional y de obligado cumplimiento e inclusión en todos los sistemas de comunicaciones. Un inconveniente que presenta las técnicas criptográficas, utilizadas para obtener la confidencialidad de la información, surge cuando varias entidades se ven forzadas a compartir información secreta para realizar tareas puntuales de colaboración, ya que las primitivas tradicionales utilizadas para conseguir la confidencialidad resultan poco flexibles. La situación ideal permitiría hacer posible dicha colaboración sin que ninguna de las partes revele la información aportada. En este escenario entra en juego la tecnología de Computación Segura Multiparte (CSM) que posibilita realizar operaciones con la información compartida sin tener que hacerla pública. Este trabajo muestra una solución CSM aplicada a una subasta electrónica que permite la realización de la subasta sin que las apuestas sean reveladas a ningún participante, incluyendo el subastador, por lo que no necesita el estableciendo de ninguna autoridad confiable. Aunque la literatura ofrece una amplia variedad de propuestas teóricas de CSM desde su creación en la década de los ochenta, no es común su aplicacion práctica en situaciones reales.
Roman, Rodrigo; Lopez, Javier; Alcaraz, Cristina
Do Wireless Sensor Networks Need to be Completely Integrated into the Internet? Proceedings Article
In: 3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems, pp. xxxx, xxxx xxxx, Brussels (Belgium), 2009.
@inproceedings{roman2009,
title = {Do Wireless Sensor Networks Need to be Completely Integrated into the Internet?},
author = {Rodrigo Roman and Javier Lopez and Cristina Alcaraz},
url = {/wp-content/papers/roman2009.pdf},
year = {2009},
date = {2009-12-01},
urldate = {2009-12-01},
booktitle = {3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems},
pages = {xxxx},
publisher = {xxxx},
address = {Brussels (Belgium)},
organization = {xxxx},
abstract = {Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.
Alcaraz, Cristina; Agudo, Isaac; Fernandez-Gago, Carmen; Roman, Rodrigo; Fernandez, Gerardo; Lopez, Javier
Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems Proceedings Article
In: 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), pp. 86-94, Springer-Verlag Springer-Verlag, Linz, Austria, 2009, ISBN: 978-3-642-03747-4.
@inproceedings{Alcaraz2009,
title = {Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems},
author = {Cristina Alcaraz and Isaac Agudo and Carmen Fernandez-Gago and Rodrigo Roman and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/Alcaraz2009.pdf},
doi = {10.1007/978-3-642-03748-1_9},
isbn = {978-3-642-03747-4},
year = {2009},
date = {2009-09-01},
urldate = {2009-09-01},
booktitle = {6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09)},
pages = {86-94},
publisher = {Springer-Verlag},
address = {Linz, Austria},
organization = {Springer-Verlag},
series = {LNCS},
abstract = {SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.
Lopez, Javier; Roman, Rodrigo; Alcaraz, Cristina
Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks Proceedings Article
In: Foundations of Security Analysis and Design 2009, pp. 289-338, Springer Berlin/Heidelberg Springer Berlin/Heidelberg, Bertinoro (Italy), 2009, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Lopez2009,
title = {Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks},
author = {Javier Lopez and Rodrigo Roman and Cristina Alcaraz},
url = {/wp-content/papers/Lopez2009.pdf
http://www.springerlink.com/content/u8h4882831k474n6/},
doi = {10.1007/978-3-642-03829-7_10},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2009},
date = {2009-08-01},
urldate = {2009-08-01},
booktitle = {Foundations of Security Analysis and Design 2009},
volume = {5705},
pages = {289-338},
publisher = {Springer Berlin/Heidelberg},
address = {Bertinoro (Italy)},
organization = {Springer Berlin/Heidelberg},
series = {LNCS},
abstract = {As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.
Roman, Rodrigo; Lopez, Javier
Integrating Wireless Sensor Networks and the Internet: A Security Analysis Journal Article
In: Internet Research, vol. 19, no. 2, pp. 246-259, 2009, ISSN: 1066-2243.
@article{roman2009a,
title = {Integrating Wireless Sensor Networks and the Internet: A Security Analysis},
author = {Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/roman2009a.pdf},
doi = {10.1108/10662240910952373},
issn = {1066-2243},
year = {2009},
date = {2009-03-01},
urldate = {2009-03-01},
journal = {Internet Research},
volume = {19},
number = {2},
pages = {246-259},
publisher = {Emerald},
abstract = {Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Najera, Pablo; Moyano, Francisco; Lopez, Javier
Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents Journal Article
In: Journal of Universal Computer Science, vol. 15, pp. 970-991, 2009, ISSN: 0948-695X.
@article{Najera2009,
title = {Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents},
author = {Pablo Najera and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/Najera2009.pdf
http://www.jucs.org/jucs_15_5/security_mechanisms_and_access},
doi = {10.3217/jucs-015-05-0970},
issn = {0948-695X},
year = {2009},
date = {2009-01-01},
urldate = {2009-01-01},
journal = {Journal of Universal Computer Science},
volume = {15},
pages = {970-991},
abstract = {Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.
Alcaraz, Cristina; Fernandez, Gerardo; Roman, Rodrigo; Balastegui, Angel; Lopez, Javier
Gestión segura de redes SCADA Journal Article
In: Nuevas tendencias en gestión de redes, Novática, no. 196, pp. 20-25, 2008, ISSN: 0211-2124.
@article{Alcaraz2008a,
title = {Gesti\'{o}n segura de redes SCADA},
author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008a.pdf
http://www.ati.es/novatica/indice.html$#$196},
issn = {0211-2124},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
journal = {Nuevas tendencias en gesti\'{o}n de redes, Nov\'{a}tica},
number = {196},
pages = {20-25},
publisher = {CEPIS},
abstract = {En el momento que se introduce en el mercado nuevas tecnolog\'{i}as basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupci\'{o}n en uno de sus componentes podr\'{i}a suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes an\'{a}lisis de seguridad para as\'{i} mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gesti\'{o}n de red fiable y siempre disponible.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
En el momento que se introduce en el mercado nuevas tecnologías basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupción en uno de sus componentes podría suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes análisis de seguridad para así mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gestión de red fiable y siempre disponible.
Alcaraz, Cristina; Fernandez, Gerardo; Roman, Rodrigo; Balastegui, Angel; Lopez, Javier
Secure Management of SCADA Networks Journal Article
In: Novatica, New Trends in Network Management, vol. 9, no. 6, pp. 22-28, 2008, ISSN: 1684-5285.
@article{Alcaraz2008b,
title = {Secure Management of SCADA Networks},
author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008b.pdf
http://www.upgrade-cepis.org/issues/2008/6/up9-6Alcaraz.pdf},
issn = {1684-5285},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
journal = {Novatica, New Trends in Network Management},
volume = {9},
number = {6},
pages = {22-28},
publisher = {Cepis UPGRADE},
abstract = {When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
Delegating Privileges over Finite Resources: A Quota Based Delegation Approach Proceedings Article
In: 5th International Workshop on Formal Aspects in Security and Trust (FAST’08), pp. 302-315, Springer Springer, Malaga (Spain), 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Agudo2008,
title = {Delegating Privileges over Finite Resources: A Quota Based Delegation Approach},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2008.pdf},
doi = {10.1007/978-3-642-01465-9},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2008},
date = {2008-01-01},
urldate = {2008-01-01},
booktitle = {5th International Workshop on Formal Aspects in Security and Trust (FAST’08)},
volume = {5491},
pages = {302-315},
publisher = {Springer},
address = {Malaga (Spain)},
organization = {Springer},
series = {LNCS},
abstract = {When delegation in real world scenarios is considered, the delegator (the entity that posses the privileges) usually passes the privileges on to the delegatee (the entity that receives the privileges) in such a way that the former looses these privileges while the delegation is effective. If we think of a physical key that opens a door, the privilege being delegated by the owner of the key is opening the door. Once the owner of the key delegates this privilege to another entity, by handing over the key, he is not able to open the door any longer. This is due to the fact that the key is not copied and handed over but handed over to the delegatee. When delegation takes place in the electronic world, the delegator usually retains also the privileges. Thus, both users have them simultaneously. This situation, which in most cases is not a problem, may be undesirable when dealing with certain kind of resources. In particular, if we think of finite resources, those in which the number of users accessing simultaneously is finite, we can not allow that a user delegating his access privilege is also granted access when the delegation if effective. In this paper we propose an approach where each user is delegated an access quota for a resource. If further delegating of the delegated quota occurs, this is subtracted from his quota. That is, when delegating, part of the quota remains with the delegator and another part goes to the delegatee. This allows a more fairly access to the resource. Moreover, we show that this approach can also be applied to any kind of resources by defining appropriate authorization policies.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
When delegation in real world scenarios is considered, the delegator (the entity that posses the privileges) usually passes the privileges on to the delegatee (the entity that receives the privileges) in such a way that the former looses these privileges while the delegation is effective. If we think of a physical key that opens a door, the privilege being delegated by the owner of the key is opening the door. Once the owner of the key delegates this privilege to another entity, by handing over the key, he is not able to open the door any longer. This is due to the fact that the key is not copied and handed over but handed over to the delegatee. When delegation takes place in the electronic world, the delegator usually retains also the privileges. Thus, both users have them simultaneously. This situation, which in most cases is not a problem, may be undesirable when dealing with certain kind of resources. In particular, if we think of finite resources, those in which the number of users accessing simultaneously is finite, we can not allow that a user delegating his access privilege is also granted access when the delegation if effective. In this paper we propose an approach where each user is delegated an access quota for a resource. If further delegating of the delegated quota occurs, this is subtracted from his quota. That is, when delegating, part of the quota remains with the delegator and another part goes to the delegatee. This allows a more fairly access to the resource. Moreover, we show that this approach can also be applied to any kind of resources by defining appropriate authorization policies.
Benjumea, Vicente; Lopez, Javier; Troya, Jose M.
Anonymity Analysis in Credentials-based Systems: A Formal Framework Journal Article
In: Computer Standards & Interfaces, vol. 30, no. 4, pp. 253-261, 2008, ISSN: 0920-5489.
@article{VicenteBenjumea2008,
title = {Anonymity Analysis in Credentials-based Systems: A Formal Framework},
author = {Vicente Benjumea and Javier Lopez and Jose M. Troya},
url = {/wp-content/papers/VicenteBenjumea2008.pdf},
issn = {0920-5489},
year = {2008},
date = {2008-01-01},
urldate = {2008-01-01},
journal = {Computer Standards \& Interfaces},
volume = {30},
number = {4},
pages = {253-261},
publisher = {Elsevier},
abstract = {Anonymity has been formalized and some metrics have been defined in the scope of anonymizing communication channels. In this paper, such formalization has been extended to cope with anonymity in those scenarios where users must anonymously prove that they own certain privileges to perform remote transactions. In these types of scenarios, the authorization policy states the privileges required to perform a given remote transaction. The paper presents a framework to analyze the actual degree of anonymity reached in a given transaction and allows its comparison with an ideal anonymity degree as defined by the authorization policy, providinga tool to model, design and analyze anonymous systems in different scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Anonymity has been formalized and some metrics have been defined in the scope of anonymizing communication channels. In this paper, such formalization has been extended to cope with anonymity in those scenarios where users must anonymously prove that they own certain privileges to perform remote transactions. In these types of scenarios, the authorization policy states the privileges required to perform a given remote transaction. The paper presents a framework to analyze the actual degree of anonymity reached in a given transaction and allows its comparison with an ideal anonymity degree as defined by the authorization policy, providinga tool to model, design and analyze anonymous systems in different scenarios.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Cyber Stealth Attacks in Critical Information Infrastructures Journal Article
In: IEEE Systems Journal, vol. 12, pp. 1778-1792, 2018, ISSN: 1932-8184.
@article{cazorla2016cyber,
title = {Cyber Stealth Attacks in Critical Information Infrastructures},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/cazorla2016cyber.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=\&arnumber=7445136\&isnumber=8350419},
doi = {10.1109/JSYST.2015.2487684},
issn = {1932-8184},
year = {2018},
date = {2018-06-01},
urldate = {2018-06-01},
journal = {IEEE Systems Journal},
volume = {12},
pages = {1778-1792},
publisher = {IEEE},
abstract = {Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
Alcaraz, Cristina; Cazorla, Lorena; Fernandez, Gerardo
Context-Awareness using Anomaly-based Detectors for Smart Grid Domains Proceedings Article
In: 9th International Conference on Risks and Security of Internet and Systems, pp. 17-34, Springer International Publishing Springer International Publishing, Trento, 2015, ISBN: 978-3-319-17126-5.
@inproceedings{931,
title = {Context-Awareness using Anomaly-based Detectors for Smart Grid Domains},
author = {Cristina Alcaraz and Lorena Cazorla and Gerardo Fernandez},
url = {/wp-content/papers/931.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-17127-2_2$#$},
doi = {10.1007/978-3-319-17127-2_2},
isbn = {978-3-319-17126-5},
year = {2015},
date = {2015-04-01},
urldate = {2015-04-01},
booktitle = {9th International Conference on Risks and Security of Internet and Systems},
volume = {8924},
pages = {17-34},
publisher = {Springer International Publishing},
address = {Trento},
organization = {Springer International Publishing},
abstract = {Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.
Alcaraz, Cristina; Lopez, Javier
Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection Journal Article
In: Computer Standards & Interfaces, vol. 36, pp. 501-512, 2014, ISSN: 0920-5489.
@article{alcaraz2013a,
title = {Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013a.pdf},
doi = {10.1016/j.csi.2013.10.002},
issn = {0920-5489},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Computer Standards \& Interfaces},
volume = {36},
pages = {501-512},
publisher = {Elsevier},
abstract = {Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.
Alcaraz, Cristina; Lopez, Javier
WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids Journal Article
In: Future Generation Computer Systems, vol. 30, pp. 146-154, 2014, ISSN: 0167-739X.
@article{alcaraz2013b,
title = {WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/alcaraz2013b.pdf},
doi = {10.1016/j.future.2013.06.030},
issn = {0167-739X},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Future Generation Computer Systems},
volume = {30},
pages = {146-154},
publisher = {Elsevier},
abstract = {Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.
Alcaraz, Cristina; Lopez, Javier
FACIES: online identification of Failure and Attack on interdependent Critical InfrastructurES Journal Article
In: European CIIP Newsletter, vol. 7, pp. 11-13, 2013.
@article{alcaraz2013ecn,
title = {FACIES: online identification of Failure and Attack on interdependent Critical InfrastructurES},
author = {Cristina Alcaraz and Javier Lopez},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {European CIIP Newsletter},
volume = {7},
pages = {11-13},
publisher = {European_CIIP_Newsletter},
abstract = {FACIES aims to protect water treatment systems and their control systems against accidental or intentional incidents such as failures, anomalies and cyber-attacks with a particular emphasis on stealth attacks.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
FACIES aims to protect water treatment systems and their control systems against accidental or intentional incidents such as failures, anomalies and cyber-attacks with a particular emphasis on stealth attacks.
Cazorla, Lorena; Alcaraz, Cristina; Lopez, Javier
Towards Automatic Critical Infrastructure Protection through Machine Learning Proceedings Article
In: 8th International Conference on Critical Information Infrastructures Security, pp. 197-203, Springer Springer, Amsterdam, The Netherlands, 2013, ISSN: 0302-9743.
@inproceedings{1805,
title = {Towards Automatic Critical Infrastructure Protection through Machine Learning},
author = {Lorena Cazorla and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1805.pdf
http://link.springer.com/chapter/10.1007%2F978-3-319-03964-0_18},
issn = {0302-9743},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {8th International Conference on Critical Information Infrastructures Security},
volume = {8328},
pages = {197-203},
publisher = {Springer},
address = {Amsterdam, The Netherlands},
organization = {Springer},
abstract = {Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Probabilistic receiver-location privacy protection in wireless sensor networks Journal Article
In: Information Sciences, vol. 321, pp. 205 - 223, 2015, ISSN: 0020-0255.
@article{rios2015,
title = {Probabilistic receiver-location privacy protection in wireless sensor networks},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
url = {/wp-content/papers/rios2015.pdf},
doi = {10.1016/j.ins.2015.01.016},
issn = {0020-0255},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
journal = {Information Sciences},
volume = {321},
pages = {205 - 223},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.
Moyano, Francisco; Fernandez-Gago, Carmen; Beckers, Kristian; Heisel, Maritta
Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements Proceedings Article
In: Cuellar, Jorge (Ed.): Smart Grid Security - Second International Workshop, pp. 166-180, Springer Springer, Munich, 2014, ISSN: 0302-9743.
@inproceedings{moyano14smartgridsec,
title = {Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements},
author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel},
editor = {Jorge Cuellar},
url = {/wp-content/papers/moyano14smartgridsec.pdf},
doi = {10.1007/978-3-319-10329-7_11},
issn = {0302-9743},
year = {2014},
date = {2014-08-01},
urldate = {2014-08-01},
booktitle = {Smart Grid Security - Second International Workshop},
volume = {8448},
pages = {166-180},
publisher = {Springer},
address = {Munich},
organization = {Springer},
series = {LNCS},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Moyano, Francisco; Beckers, Kristian; Fernandez-Gago, Carmen
Trust-Aware Decision-Making Methodology for Cloud Sourcing Proceedings Article
In: Jarke, Matthias; Mylopoulos, John; Quix, Christoph; Rolland, Colette; Manolopoulos, Yannis; Mouratidis, Haralambos; Horkoff, Jennifer (Ed.): 26th International Conference on Advanced Information Systems Engineering (CAiSE 2014), pp. 136-149, Springer Springer, Thessaloniki, 2014, ISSN: 0302-9743.
@inproceedings{moyano14caise,
title = {Trust-Aware Decision-Making Methodology for Cloud Sourcing},
author = {Francisco Moyano and Kristian Beckers and Carmen Fernandez-Gago},
editor = {Matthias Jarke and John Mylopoulos and Christoph Quix and Colette Rolland and Yannis Manolopoulos and Haralambos Mouratidis and Jennifer Horkoff},
url = {/wp-content/papers/moyano14caise.pdf},
doi = {10.1007/978-3-319-07881-6},
issn = {0302-9743},
year = {2014},
date = {2014-06-01},
urldate = {2014-06-01},
booktitle = {26th International Conference on Advanced Information Systems Engineering (CAiSE 2014)},
volume = {8484},
pages = {136-149},
publisher = {Springer},
address = {Thessaloniki},
organization = {Springer},
series = {LCNS},
abstract = {Cloud sourcing consists of outsourcing data, services and infrastructure to cloud providers. Even when this outsourcing model brings advantages to cloud customers, new threats also arise as sensitive data and critical IT services are beyond customers’ control. When an organization considers moving to the cloud, IT decision makers must select a cloud provider and must decide which parts of the organization will be outsourced and to which extent. This paper proposes a methodology that allows decision makers to evaluate their trust in cloud providers. The methodology provides a systematic way to elicit knowledge about cloud providers, quantify their trust factors and aggregate them into trust values that can assist the decision-making process. The trust model that we propose is based on trust intervals, which allow capturing uncertainty during the evaluation, and we define an operator for aggregating these trust intervals. The methodology is applied to an eHealth scenario.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud sourcing consists of outsourcing data, services and infrastructure to cloud providers. Even when this outsourcing model brings advantages to cloud customers, new threats also arise as sensitive data and critical IT services are beyond customers’ control. When an organization considers moving to the cloud, IT decision makers must select a cloud provider and must decide which parts of the organization will be outsourced and to which extent. This paper proposes a methodology that allows decision makers to evaluate their trust in cloud providers. The methodology provides a systematic way to elicit knowledge about cloud providers, quantify their trust factors and aggregate them into trust values that can assist the decision-making process. The trust model that we propose is based on trust intervals, which allow capturing uncertainty during the evaluation, and we define an operator for aggregating these trust intervals. The methodology is applied to an eHealth scenario.
Lopez, Javier; Rios, Ruben; Cuellar, Jorge
Preserving Receiver-Location Privacy in Wireless Sensor Networks Proceedings Article
In: Information Security Practice and Experience (ISPEC 2014), pp. 15-27, Springer Springer, Fuzhou, China, 2014, ISSN: 0302-9743.
@inproceedings{Lopez2014prl,
title = {Preserving Receiver-Location Privacy in Wireless Sensor Networks},
author = {Javier Lopez and Ruben Rios and Jorge Cuellar},
url = {/wp-content/papers/Lopez2014prl.pdf
http://link.springer.com/chapter/10.1007/978-3-319-06320-1_3$#$, },
doi = {10.1007/978-3-319-06320-1_3},
issn = {0302-9743},
year = {2014},
date = {2014-05-01},
urldate = {2014-05-01},
booktitle = {Information Security Practice and Experience (ISPEC 2014)},
volume = {8434},
pages = {15-27},
publisher = {Springer},
address = {Fuzhou, China},
organization = {Springer},
abstract = {Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution
Moyano, Francisco; Fernandez-Gago, Carmen; Baudry, Benoit; Lopez, Javier
Engineering Trust-Awareness and Self-adaptability in Services and Systems Book Section
In: Engineering Secure Future Internet Services and Systems, vol. 8431, pp. 180-209, Springer, 2014, ISSN: 0302-9743.
@incollection{moyano14esfi,
title = {Engineering Trust-Awareness and Self-adaptability in Services and Systems},
author = {Francisco Moyano and Carmen Fernandez-Gago and Benoit Baudry and Javier Lopez},
url = {/wp-content/papers/moyano14esfi.pdf},
doi = {10.1007/978-3-319-07452-8_8},
issn = {0302-9743},
year = {2014},
date = {2014-03-01},
urldate = {2014-03-01},
booktitle = {Engineering Secure Future Internet Services and Systems},
volume = {8431},
pages = {180-209},
publisher = {Springer},
chapter = {8},
organization = {Springer},
series = {LNCS},
abstract = {The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Models@run.time is a promising model-driven approach that supports the runtime adaptation of distributed, heterogeneous systems. Yet frameworks that accommodate this paradigm have limited support to address security concerns, hindering their usage in real scenarios. We address this challenge by enhancing models@run.time with the concepts of trust and reputation. Trust improves decision-making processes under risk and uncertainty and constitutes a distributed and flexible mechanism that does not entail heavyweight administration. This chapter introduces a trust and reputation framework that is integrated into a distributed component model that implements the models@run.time paradigm, thus allowing software components to include trust in their reasoning process. The framework is illustrated in a smart grid scenario.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Models@run.time is a promising model-driven approach that supports the runtime adaptation of distributed, heterogeneous systems. Yet frameworks that accommodate this paradigm have limited support to address security concerns, hindering their usage in real scenarios. We address this challenge by enhancing models@run.time with the concepts of trust and reputation. Trust improves decision-making processes under risk and uncertainty and constitutes a distributed and flexible mechanism that does not entail heavyweight administration. This chapter introduces a trust and reputation framework that is integrated into a distributed component model that implements the models@run.time paradigm, thus allowing software components to include trust in their reasoning process. The framework is illustrated in a smart grid scenario.
Rios, Ruben; Lopez, Javier; Cuellar, Jorge
Location Privacy in WSNs: Solutions, Challenges, and Future Trends Book Section
In: Foundations of Security Analysis and Design VII, vol. 8604, pp. 244-282, Springer, 2014, ISSN: 0302-9743.
@incollection{ruben2014a,
title = {Location Privacy in WSNs: Solutions, Challenges, and Future Trends},
author = {Ruben Rios and Javier Lopez and Jorge Cuellar},
url = {/wp-content/papers/ruben2014a.pdf},
doi = {10.1007/978-3-319-10082-1_9},
issn = {0302-9743},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {Foundations of Security Analysis and Design VII},
volume = {8604},
pages = {244-282},
publisher = {Springer},
organization = {Springer},
series = {LNCS},
abstract = {Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.
Fernandez-Gago, Carmen; Agudo, Isaac; Lopez, Javier
Building Trust from Context Similarity Measures Journal Article
In: Computer Standards & Interfaces, Special Issue on Security in Information Systems, vol. 36, pp. 792-800, 2014, ISSN: 0920-5489.
@article{CSI13,
title = {Building Trust from Context Similarity Measures},
author = {Carmen Fernandez-Gago and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/CSI13.pdf},
doi = {10.1016/j.csi.2013.12.012},
issn = {0920-5489},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Computer Standards \& Interfaces, Special Issue on Security in Information Systems},
volume = {36},
pages = {792-800},
publisher = {Elsevier},
abstract = {Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.
Paci, Federica; Fernandez-Gago, Carmen; Moyano, Francisco
Detecting Insider Threats: a Trust-Aware Framework Proceedings Article
In: 8th International Conference on Availability, Reliability and Security, pp. 121-130, IEEE IEEE, Regensburg, Germany, 2013, ISBN: 978-0-7695-5008-4.
@inproceedings{moyano2013ares,
title = {Detecting Insider Threats: a Trust-Aware Framework},
author = {Federica Paci and Carmen Fernandez-Gago and Francisco Moyano},
url = {/wp-content/papers/moyano2013ares.pdf},
doi = {10.1109/ARES.2013.22},
isbn = {978-0-7695-5008-4},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
booktitle = {8th International Conference on Availability, Reliability and Security},
pages = {121-130},
publisher = {IEEE},
address = {Regensburg, Germany},
organization = {IEEE},
abstract = {The number of insider threats hitting organizations and big enterprises is rapidly growing. Insider threats occur when trusted employees misuse their permissions on organizational assets. Since insider threats know the organization and its processes, very often they end up undetected. Therefore, there is a pressing need for organizations to adopt preventive mechanisms to defend against insider threats. In this paper, we propose a framework for insiders identification during the early requirement analysis of organizational settings and of its IT systems. The framework supports security engineers in the detection of insider threats and in the prioritization of them based on the risk they represent to the organization. To enable the automatic detection of insider threats, we extend the SI* requirement modeling language with an asset model and a trust model. The asset model allows associating security properties and sensitivity levels to assets. The trust model allows specifying the trust level that a user places in another user with respect to a given permission on an asset. The insider threats identification leverages the trust levels associated with the permissions assigned to users, as well as the sensitivity of the assets to which access is granted. We illustrate the approach based on a patient monitoring scenario.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The number of insider threats hitting organizations and big enterprises is rapidly growing. Insider threats occur when trusted employees misuse their permissions on organizational assets. Since insider threats know the organization and its processes, very often they end up undetected. Therefore, there is a pressing need for organizations to adopt preventive mechanisms to defend against insider threats. In this paper, we propose a framework for insiders identification during the early requirement analysis of organizational settings and of its IT systems. The framework supports security engineers in the detection of insider threats and in the prioritization of them based on the risk they represent to the organization. To enable the automatic detection of insider threats, we extend the SI* requirement modeling language with an asset model and a trust model. The asset model allows associating security properties and sensitivity levels to assets. The trust model allows specifying the trust level that a user places in another user with respect to a given permission on an asset. The insider threats identification leverages the trust levels associated with the permissions assigned to users, as well as the sensitivity of the assets to which access is granted. We illustrate the approach based on a patient monitoring scenario.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Framework for Enabling Trust Requirements in Social Cloud Applications Journal Article
In: Requirements Engineering, vol. 18, pp. 321-341, 2013, ISSN: 0947-3602.
@article{moyano2013re,
title = {A Framework for Enabling Trust Requirements in Social Cloud Applications},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/moyano2013re.pdf},
doi = {10.1007/s00766-013-0171-x},
issn = {0947-3602},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Requirements Engineering},
volume = {18},
pages = {321-341},
publisher = {Springer London},
abstract = {Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.
Agudo, Isaac; Rios, Ruben; Lopez, Javier
A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control Journal Article
In: Computers & Security, vol. 39 (B), pp. 117-126, 2013, ISSN: 0167-4048.
@article{agudo2013,
title = {A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control},
author = {Isaac Agudo and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/agudo2013.pdf},
doi = {10.1016/j.cose.2013.05.004},
issn = {0167-4048},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Computers \& Security},
volume = {39 (B)},
pages = {117-126},
publisher = {Elsevier},
abstract = {Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Ocultación de la estación base en redes inalámbricas de sensores Proceedings Article
In: Verdejo, Jesús E. Díaz; Ortiz, Jorge Navarro; Muñoz, Juan J. Ramos (Ed.): XI Jornadas de Ingeniería Telemática (JITEL 2013), pp. 481-486, Asociación de Telemática Asociación de Telemática, Granada, 2013, ISBN: 978-84-616-5597-7.
@inproceedings{rios2013b,
title = {Ocultaci\'{o}n de la estaci\'{o}n base en redes inal\'{a}mbricas de sensores},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
editor = {Jes\'{u}s E. D\'{i}az Verdejo and Jorge Navarro Ortiz and Juan J. Ramos Mu\~{n}oz},
url = {/wp-content/papers/rios2013b.pdf},
isbn = {978-84-616-5597-7},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
booktitle = {XI Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2013)},
pages = {481-486},
publisher = {Asociaci\'{o}n de Telem\'{a}tica},
address = {Granada},
organization = {Asociaci\'{o}n de Telem\'{a}tica},
abstract = {La estaci\'{o}n base es el elemento m\'{a}s importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de t\'{e}cnicas de an\'{a}lisis de tr\'{a}fico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera est\'{a} dedicada a homogeneizar los patrones de tr\'{a}fico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estaci\'{o}n base fuera del alcance del atacante con un coste computacional insignificante y un consumo energ\'{e}tico moderado. La validez de nuestro esquema ha sido validada anal\'{i}ticamente y a trav\'{e}s de numerosas simulaciones.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La estación base es el elemento más importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de técnicas de análisis de tráfico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera está dedicada a homogeneizar los patrones de tráfico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estación base fuera del alcance del atacante con un coste computacional insignificante y un consumo energético moderado. La validez de nuestro esquema ha sido validada analíticamente y a través de numerosas simulaciones.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Towards Engineering Trust-aware Future Internet Systems Proceedings Article
In: Franch, Xavier; Soffer, Pnina (Ed.): 3rd International Workshop on Information Systems Security Engineering (WISSE 2013), pp. 490-501, Springer-Verlag Springer-Verlag, Valencia, 2013, ISSN: 1865-1348.
@inproceedings{moyano13wisse,
title = {Towards Engineering Trust-aware Future Internet Systems},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Xavier Franch and Pnina Soffer},
url = {/wp-content/papers/moyano13wisse.pdf
http://link.springer.com/book/10.1007/978-3-642-38490-5/page/3},
doi = {10.1007/978-3-642-38490-5},
issn = {1865-1348},
year = {2013},
date = {2013-06-01},
urldate = {2013-06-01},
booktitle = {3rd International Workshop on Information Systems Security Engineering (WISSE 2013)},
volume = {148},
pages = {490-501},
publisher = {Springer-Verlag},
address = {Valencia},
organization = {Springer-Verlag},
series = {LNBIP},
abstract = {Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.
Moyano, Francisco; Baudry, Benoit; Lopez, Javier
Towards Trust-Aware and Self-Adaptive Systems Proceedings Article
In: Fernandez-Gago, Carmen; Agudo, Isaac; Martinelli, Fabio; Pearson, Siani (Ed.): 7th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2013), pp. 255-262, Springer Springer, Malaga, 2013, ISSN: 1868-4238.
@inproceedings{moyano2013ifiptm,
title = {Towards Trust-Aware and Self-Adaptive Systems},
author = {Francisco Moyano and Benoit Baudry and Javier Lopez},
editor = {Carmen Fernandez-Gago and Isaac Agudo and Fabio Martinelli and Siani Pearson},
url = {/wp-content/papers/moyano2013ifiptm.pdf},
doi = {10.1007/978-3-642-38323-6},
issn = {1868-4238},
year = {2013},
date = {2013-06-01},
urldate = {2013-06-01},
booktitle = {7th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2013)},
volume = {401},
pages = {255-262},
publisher = {Springer},
address = {Malaga},
organization = {Springer},
series = {AICT},
abstract = {The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Software engineering currently provides frameworks to develop reasoning engines that automatically take reconfiguration decisions and that support the runtime adaptation of distributed, heterogeneous applications. However, these frameworks have very limited support to address security concerns of these application, hindering their usage for FI scenarios. We address this challenge by enhancing self-adaptive systems with the concepts of trust and reputation. Trust will improve decision-making processes under risk and uncertainty, in turn improving security of self-adaptive FI applications. This paper presents an approach that includes a trust and reputation framework into a platform for adaptive, distributed component-based systems, thus providing software components with new abilities to include trust in their reasoning process.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Software engineering currently provides frameworks to develop reasoning engines that automatically take reconfiguration decisions and that support the runtime adaptation of distributed, heterogeneous applications. However, these frameworks have very limited support to address security concerns of these application, hindering their usage for FI scenarios. We address this challenge by enhancing self-adaptive systems with the concepts of trust and reputation. Trust will improve decision-making processes under risk and uncertainty, in turn improving security of self-adaptive FI applications. This paper presents an approach that includes a trust and reputation framework into a platform for adaptive, distributed component-based systems, thus providing software components with new abilities to include trust in their reasoning process.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Building Trust and Reputation In: A Development Framework for Trust Models Implementation Proceedings Article
In: Jøsang, Audung; Samarati, Pierangela; Petrocchi, Marinella (Ed.): 8th International Workshop on Security and Trust Management (STM 2012), pp. 113-128, Springer Springer, Pisa, 2013, ISSN: 0302-9743.
@inproceedings{moyano2012stm,
title = {Building Trust and Reputation In: A Development Framework for Trust Models Implementation},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Audung J\osang and Pierangela Samarati and Marinella Petrocchi},
url = {/wp-content/papers/moyano2012stm.pdf},
doi = {10.1007/978-3-642-38004-4},
issn = {0302-9743},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {8th International Workshop on Security and Trust Management (STM 2012)},
volume = {7783},
pages = {113-128},
publisher = {Springer},
address = {Pisa},
organization = {Springer},
series = {LNCS},
abstract = {During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Trust and Reputation Framework Proceedings Article
In: Heisel, Maritta; Marchetti, Eda (Ed.): Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2013), pp. 7-12, CEUR-WS CEUR-WS, París, 2013, ISSN: 1613-0073.
@inproceedings{moyano2013essosds,
title = {A Trust and Reputation Framework},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Maritta Heisel and Eda Marchetti},
url = {/wp-content/papers/moyano2013essosds.pdf
http://ceur-ws.org/Vol-965/},
issn = {1613-0073},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2013)},
volume = {965},
pages = {7-12},
publisher = {CEUR-WS},
address = {Par\'{i}s},
organization = {CEUR-WS},
series = {CEUR-WS},
abstract = {The Future Internet is posing new security challenges as their scenarios are bringing together a huge amount of stakeholders and devices that must interact under unforeseeable conditions. In addition, in these scenarios we cannot expect entities to know each other beforehand, and therefore, they must be involved in risky and uncertain collaborations. In order to minimize threats and security breaches, it is required that a well-informed decision-making process is in place, and it is here where trust and reputation can play a crucial role. Unfortunately, services and applications developers are often unarmed to address trust and reputation requirements in these scenarios. To overcome this limitation, we propose a trust and reputation framework that allows developers to create trust- and reputation-aware applications.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Future Internet is posing new security challenges as their scenarios are bringing together a huge amount of stakeholders and devices that must interact under unforeseeable conditions. In addition, in these scenarios we cannot expect entities to know each other beforehand, and therefore, they must be involved in risky and uncertain collaborations. In order to minimize threats and security breaches, it is required that a well-informed decision-making process is in place, and it is here where trust and reputation can play a crucial role. Unfortunately, services and applications developers are often unarmed to address trust and reputation requirements in these scenarios. To overcome this limitation, we propose a trust and reputation framework that allows developers to create trust- and reputation-aware applications.
Alcaraz, Cristina; Lopez, Javier
Wide-Area Situational Awareness for Critical Infrastructure Protection Journal Article
In: IEEE Computer, vol. 46, no. 4, pp. 30-37, 2013, ISSN: 0018-9162.
@article{1761,
title = {Wide-Area Situational Awareness for Critical Infrastructure Protection},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1761.pdf
http://doi.ieeecomputersociety.org/10.1109/MC.2013.72},
doi = {10.1109/MC.2013.72},
issn = {0018-9162},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {IEEE Computer},
volume = {46},
number = {4},
pages = {30-37},
publisher = {IEEE Computer Society},
abstract = {Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions
Rios, Ruben; Lopez, Javier
Adecuación de soluciones de anonimato al problema de la privacidad de localización en WSN Proceedings Article
In: Zurutuza, Urko; Uribeetxeberria, Roberto; Arenaza-Nuño, Ignacio (Ed.): XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), pp. 309-314, Donostia-San Sebastián, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{Rios2012b,
title = {Adecuaci\'{o}n de soluciones de anonimato al problema de la privacidad de localizaci\'{o}n en WSN},
author = {Ruben Rios and Javier Lopez},
editor = {Urko Zurutuza and Roberto Uribeetxeberria and Ignacio Arenaza-Nu\~{n}o},
url = {/wp-content/papers/Rios2012b.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2012)},
pages = {309-314},
address = {Donostia-San Sebasti\'{a}n},
abstract = {Los patrones de tr\'{a}fico caracter\'{i}sticos de las redes inal\'{a}mbricas de sensores (WSNs) dan lugar al problema de la privacidad de localizaci\'{o}n. De manera similar, el tr\'{a}fico de los usuarios en Internet revela informaci\'{o}n sensible que puede ser protegida mediante sistemas de comunicaci\'{o}n an\'{o}nima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones hab\'{i}an sido rechazadas sin un an\'{a}lisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los patrones de tráfico característicos de las redes inalámbricas de sensores (WSNs) dan lugar al problema de la privacidad de localización. De manera similar, el tráfico de los usuarios en Internet revela información sensible que puede ser protegida mediante sistemas de comunicación anónima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones habían sido rechazadas sin un análisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Conceptual Framework for Trust Models Proceedings Article
In: Fischer-Hübner, Simone; Katsikas, Sokratis K.; Quirchmayr, Gerald (Ed.): 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), pp. 93-104, Springer Verlag Springer Verlag, Vienna, 2012, ISSN: 0302-9743.
@inproceedings{moyano2012trustbus,
title = {A Conceptual Framework for Trust Models},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Simone Fischer-H\"{u}bner and Sokratis K. Katsikas and Gerald Quirchmayr},
url = {/wp-content/papers/moyano2012trustbus.pdf},
doi = {10.1007/978-3-642-32287-7},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {9th International Conference on Trust, Privacy \& Security in Digital Business (TrustBus 2012)},
volume = {7449},
pages = {93-104},
publisher = {Springer Verlag},
address = {Vienna},
organization = {Springer Verlag},
series = {LNCS},
abstract = {During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN Proceedings Article
In: Foresti, Sara; Yung, Moti; Martinelli, Fabio (Ed.): 17th European Symposium on Research in Computer Security (ESORICS 2012), pp. 163-180, Springer Springer, Pisa, Italy, 2012, ISSN: 0302-9743.
@inproceedings{Rios2012d,
title = {Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
editor = {Sara Foresti and Moti Yung and Fabio Martinelli},
url = {/wp-content/papers/Rios2012d.pdf},
doi = {10.1007/978-3-642-33167-1_10},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {17th European Symposium on Research in Computer Security (ESORICS 2012)},
volume = {7459},
pages = {163-180},
publisher = {Springer},
address = {Pisa, Italy},
organization = {Springer},
series = {LNCS},
abstract = {The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.
Rios, Ruben; Onieva, Jose A.; Lopez, Javier
HIDE_DHCP: Covert Communications Through Network Configuration Messages Proceedings Article
In: Gritzalis, Dimitris; Furnell, Steven; Theoharidou, Marianthi (Ed.): Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012), pp. 162-173, Springer Boston Springer Boston, Heraklion, Crete, Greece, 2012, ISSN: 1868-4238.
@inproceedings{Rios2012,
title = {HIDE_DHCP: Covert Communications Through Network Configuration Messages},
author = {Ruben Rios and Jose A. Onieva and Javier Lopez},
editor = {Dimitris Gritzalis and Steven Furnell and Marianthi Theoharidou},
url = {/wp-content/papers/Rios2012.pdf},
doi = {10.1007/978-3-642-30436-1_14},
issn = {1868-4238},
year = {2012},
date = {2012-06-01},
urldate = {2012-06-01},
booktitle = {Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012)},
volume = {376},
pages = {162-173},
publisher = {Springer Boston},
address = {Heraklion, Crete, Greece},
organization = {Springer Boston},
series = {IFIP AICT},
abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements
Cuellar, Jorge; Ochoa, Martin; Rios, Ruben
Indistinguishable Regions in Geographic Privacy Proceedings Article
In: Ossowski, Sascha; Lecca, Paola (Ed.): Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), pp. 1463-1469, ACM ACM, Riva del Garda (Trento), Italy, 2012, ISBN: 978-1-4503-0857-1.
@inproceedings{Cuellar2012,
title = {Indistinguishable Regions in Geographic Privacy},
author = {Jorge Cuellar and Martin Ochoa and Ruben Rios},
editor = {Sascha Ossowski and Paola Lecca},
url = {/wp-content/papers/Cuellar2012.pdf},
doi = {10.1145/2245276.2232010},
isbn = {978-1-4503-0857-1},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012)},
pages = {1463-1469},
publisher = {ACM},
address = {Riva del Garda (Trento), Italy},
organization = {ACM},
abstract = {The ubiquity of positioning devices poses a natural security challenge: users want to take advantage of location-related services as well as social sharing of their position but at the same time have security concerns about how much information should be shared about their exact position. This paper discusses different location-privacy problems, their formalization and the novel notion of indistinguishability regions that allows one to proof that a given obfuscation function provides a good trade-off between location sharing and privacy.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The ubiquity of positioning devices poses a natural security challenge: users want to take advantage of location-related services as well as social sharing of their position but at the same time have security concerns about how much information should be shared about their exact position. This paper discusses different location-privacy problems, their formalization and the novel notion of indistinguishability regions that allows one to proof that a given obfuscation function provides a good trade-off between location sharing and privacy.
Moyano, Francisco; Fernandez-Gago, Carmen; Agudo, Isaac; Lopez, Javier
A Task Ordering Approach for Automatic Trust Establishment Proceedings Article
In: Barthe, Gilles; Livshits, Ben; Scandariato, Riccardo (Ed.): Proceedings of the 2012 International Symposium on Engineering Secure Software and Systems (ESSoS 2012), pp. 76–89, Springer Springer, Eindhoven, The Netherlands, 2012.
@inproceedings{Moyano_ESSoS12,
title = {A Task Ordering Approach for Automatic Trust Establishment},
author = {Francisco Moyano and Carmen Fernandez-Gago and Isaac Agudo and Javier Lopez},
editor = {Gilles Barthe and Ben Livshits and Riccardo Scandariato},
url = {/wp-content/papers/Moyano_ESSoS12.pdf},
doi = {10.1007/978-3-642-28166-2_8},
year = {2012},
date = {2012-02-01},
urldate = {2012-02-01},
booktitle = {Proceedings of the 2012 International Symposium on Engineering Secure Software and Systems (ESSoS 2012)},
volume = {7159},
pages = {76\textendash89},
publisher = {Springer},
address = {Eindhoven, The Netherlands},
organization = {Springer},
series = {LNCS},
abstract = {Trust has become essential in computer science as a way of assisting the process of decision-making, such as access control. In any system, several tasks may be performed, and each of these tasks might pose different associated trust values between the entities of the system. For instance, in a file system, reading and overwriting a file are two tasks that pose different trust values between the users who can carry out these tasks. In this paper, we propose a simple model for automatically establishing trust relationships between entities considering an established order among tasks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Trust has become essential in computer science as a way of assisting the process of decision-making, such as access control. In any system, several tasks may be performed, and each of these tasks might pose different associated trust values between the entities of the system. For instance, in a file system, reading and overwriting a file are two tasks that pose different trust values between the users who can carry out these tasks. In this paper, we propose a simple model for automatically establishing trust relationships between entities considering an established order among tasks.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Implementing Trust and Reputation Systems: A Framework for Developers’ Usage Proceedings Article
In: International Workshop on Quantitative Aspects in Security Assurance, Pisa, 2012.
@inproceedings{moyano12qasa,
title = {Implementing Trust and Reputation Systems: A Framework for Developers’ Usage},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/moyano12qasa.pdf},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {International Workshop on Quantitative Aspects in Security Assurance},
address = {Pisa},
abstract = {During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Secure architecure for the integration of RFID and sensors in personal networks Proceedings Article
In: 7th International Workshop on Security and Trust Management (STM’11), pp. 207-222, Springer Springer, Copenhagen, Denmark, 2012, ISBN: 978-3-642-29962-9.
@inproceedings{Najera_STM11,
title = {Secure architecure for the integration of RFID and sensors in personal networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Najera_STM11.pdf},
doi = {10.1007/978-3-642-29963-6_15},
isbn = {978-3-642-29962-9},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {7th International Workshop on Security and Trust Management (STM’11)},
volume = {7170},
pages = {207-222},
publisher = {Springer},
address = {Copenhagen, Denmark},
organization = {Springer},
series = {LNCS},
abstract = {The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Service-Oriented Trust and Reputation Architecture Proceedings Article
In: Cuellar, Jorge; Koch, Nora (Ed.): Proceedings of the Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2012), pp. 41-46, CEUR-WS CEUR-WS, Eindhoven, 2012, ISSN: 1613-0073, (Partner:UMA, Project:NESSoS).
@inproceedings{moyano2012essosds,
title = {Service-Oriented Trust and Reputation Architecture},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Jorge Cuellar and Nora Koch},
url = {/wp-content/papers/moyano2012essosds.pdf
http://ceur-ws.org/Vol-834/paper7_essosds2012.pdf},
issn = {1613-0073},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {Proceedings of the Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2012)},
volume = {834},
pages = {41-46},
publisher = {CEUR-WS},
address = {Eindhoven},
organization = {CEUR-WS},
series = {CEUR-WS},
abstract = {As the Future Internet arrives, more complex, service-based applications are spreading. These applications pose several challenges, including the huge amount of entities that must interact and their het- erogeneity. The success of these applications depends on the collaboration and communication of these entities, that might belong to different or- ganizations and administrative domains. Therefore, trust and reputation become two crucial issues. We propose the specification and design of a service-based security architecture that stresses the delivery of trust and reputation services to any application that might require them.},
note = {Partner:UMA, Project:NESSoS},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
As the Future Internet arrives, more complex, service-based applications are spreading. These applications pose several challenges, including the huge amount of entities that must interact and their het- erogeneity. The success of these applications depends on the collaboration and communication of these entities, that might belong to different or- ganizations and administrative domains. Therefore, trust and reputation become two crucial issues. We propose the specification and design of a service-based security architecture that stresses the delivery of trust and reputation services to any application that might require them.
Alcaraz, Cristina; Fernandez-Gago, Carmen; Lopez, Javier
An Early Warning System based on Reputation for Energy Control Systems Journal Article
In: IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 827-834, 2011, ISSN: 1949-3053.
@article{Alcaraz2011,
title = {An Early Warning System based on Reputation for Energy Control Systems},
author = {Cristina Alcaraz and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Alcaraz2011.pdf},
doi = {10.1109/TSG.2011.2161498},
issn = {1949-3053},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IEEE Transactions on Smart Grid},
volume = {2},
number = {4},
pages = {827-834},
publisher = {IEEE},
abstract = {Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Acceso seguro a nodos RFID en una arquitectura de red personal Proceedings Article
In: Hackbarth, Klaus; Agüero, Ramón; Sanz, Roberto (Ed.): X Jornadas de Ingeniería Telemática (JITEL 2011), pp. 104 - 111, Universidad de Cantabria Universidad de Cantabria, Santander, Spain, 2011, ISBN: 978-84-694-5948-5.
@inproceedings{Najera_JITEL11,
title = {Acceso seguro a nodos RFID en una arquitectura de red personal},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
editor = {Klaus Hackbarth and Ram\'{o}n Ag\"{u}ero and Roberto Sanz},
isbn = {978-84-694-5948-5},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
booktitle = {X Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2011)},
pages = {104 - 111},
publisher = {Universidad de Cantabria},
address = {Santander, Spain},
organization = {Universidad de Cantabria},
abstract = {El paradigma de red personal (PN) permitir\'{a} la interacci\'{o}n y colaboraci\'{o}n del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno m\'{u}ltiples tecnolog\'{i}as heterog\'{e}neas con diversas capacidades computacionales y de comunicaci\'{o}n de forma segura. En particular, la incorporaci\'{o}n de la tecnolog\'{i}a RFID en objetos personales conlleva m\'{u}ltiples riesgos de seguridad y privacidad que han suscitado un elevado inter\'{e}s de la comunidad investigadora en los \'{u}ltimos a\~{n}os. M\'{a}s all\'{a} de su seguridad de forma aislada, su integraci\'{o}n en la PN y la interacci\'{o}n de \'{e}sta con redes de \'{a}rea extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este art\'{i}culo proporciona los fundamentos de tal arquitectura segura incluyendo el an\'{a}lisis de aspectos como la incorporaci\'{o}n e inicializaci\'{o}n de las restringidas etiquetas RFID en la red personal, la autenticaci\'{o}n tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnolog\'{i}as de contexto, el control de las pol\'{i}ticas de privacidad y el establecimiento de canales seguros de comunicaci\'{o}n supervisados.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El paradigma de red personal (PN) permitirá la interacción y colaboración del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno múltiples tecnologías heterogéneas con diversas capacidades computacionales y de comunicación de forma segura. En particular, la incorporación de la tecnología RFID en objetos personales conlleva múltiples riesgos de seguridad y privacidad que han suscitado un elevado interés de la comunidad investigadora en los últimos años. Más allá de su seguridad de forma aislada, su integración en la PN y la interacción de ésta con redes de área extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este artículo proporciona los fundamentos de tal arquitectura segura incluyendo el análisis de aspectos como la incorporación e inicialización de las restringidas etiquetas RFID en la red personal, la autenticación tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnologías de contexto, el control de las políticas de privacidad y el establecimiento de canales seguros de comunicación supervisados.
Rios, Ruben; Lopez, Javier
Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks Journal Article
In: The Computer Journal, vol. 54, pp. 1603-1615, 2011, ISSN: 0010-4620.
@article{Rios2011b,
title = {Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2011b.pdf},
doi = {10.1093/comjnl/bxr055},
issn = {0010-4620},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {The Computer Journal},
volume = {54},
pages = {1603-1615},
publisher = {Oxford University Press},
abstract = {The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.
Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Securing the Internet of Things Journal Article
In: IEEE Computer, vol. 44, no. 9, pp. 51 -58, 2011, ISSN: 0018-9162.
@article{1633,
title = {Securing the Internet of Things},
author = {Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1633.pdf},
doi = {10.1109/MC.2011.291},
issn = {0018-9162},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {IEEE Computer},
volume = {44},
number = {9},
pages = {51 -58},
publisher = {IEEE},
abstract = {This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.
Nuñez, David; Agudo, Isaac; Drogkaris, Prokopios; Gritzalis, Stefanos
Identity Management Challenges for Intercloud Applications Proceedings Article
In: 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 198-204, Crete (Greece), 2011.
@inproceedings{DNunez11,
title = {Identity Management Challenges for Intercloud Applications},
author = {David Nu\~{n}ez and Isaac Agudo and Prokopios Drogkaris and Stefanos Gritzalis},
url = {/wp-content/papers/DNunez11.pdf},
doi = {10.1007/978-3-642-22365-5_24},
year = {2011},
date = {2011-06-01},
urldate = {2011-06-01},
booktitle = {1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011)},
volume = {187},
pages = {198-204},
address = {Crete (Greece)},
abstract = {Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.
Joosen, Wouter; Lopez, Javier; Martinelli, Fabio; Massacci, Fabio
Engineering Secure Future Internet Services Proceedings Article
In: Future Internet Assembly 2011: Achievements and Technological Promises (FIA 2011), pp. 177-191, Springer Berlin Heidelberg Springer Berlin Heidelberg, Budapest, 2011, ISSN: 0302-9743.
@inproceedings{1622,
title = {Engineering Secure Future Internet Services},
author = {Wouter Joosen and Javier Lopez and Fabio Martinelli and Fabio Massacci},
url = {/wp-content/papers/1622.pdf},
issn = {0302-9743},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
booktitle = {Future Internet Assembly 2011: Achievements and Technological Promises (FIA 2011)},
volume = {6656},
pages = {177-191},
publisher = {Springer Berlin Heidelberg},
address = {Budapest},
organization = {Springer Berlin Heidelberg},
series = {LNCS},
abstract = {In this paper we analyze the need and the opportunity forestablishing a discipline for engineering secure Future Internet Services,typically based on research in the areas of software engineering, of serviceengineering and security engineering. Generic solutions that ignore thecharacteristics of Future Internet services will fail, yet it seems obviousto build on best practices and results that have emerged from variousresearch communities.The paper sketches various lines of research and strands within each lineto illustrate the needs and to sketch a community wide research plan. Itwill be essential to integrate various activities that need to be addressedin the scope of secure service engineering into comprehensive softwareand service life cycle support. Such a life cycle support must deliverassurance to the stakeholders and enable risk and cost management forthe business stakeholders in particular. The paper should be considereda call for contribution to any researcher in the related sub domains inorder to jointly enable the security and trustworthiness of Future Internetservices.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we analyze the need and the opportunity forestablishing a discipline for engineering secure Future Internet Services,typically based on research in the areas of software engineering, of serviceengineering and security engineering. Generic solutions that ignore thecharacteristics of Future Internet services will fail, yet it seems obviousto build on best practices and results that have emerged from variousresearch communities.The paper sketches various lines of research and strands within each lineto illustrate the needs and to sketch a community wide research plan. Itwill be essential to integrate various activities that need to be addressedin the scope of secure service engineering into comprehensive softwareand service life cycle support. Such a life cycle support must deliverassurance to the stakeholders and enable risk and cost management forthe business stakeholders in particular. The paper should be considereda call for contribution to any researcher in the related sub domains inorder to jointly enable the security and trustworthiness of Future Internetservices.
Nieto, Ana; Lopez, Javier
A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments Proceedings Article
In: IEEE International Conference on Communications (ICC’14), pp. 755-760, IEEE Communications Society IEEE Communications Society, Sydney (Australia), 2014, ISBN: 978-1-4799-2003-7.
@inproceedings{431,
title = {A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/431.pdf},
doi = {10.1109/ICC.2014.6883410},
isbn = {978-1-4799-2003-7},
year = {2014},
date = {2014-06-01},
urldate = {2014-06-01},
booktitle = {IEEE International Conference on Communications (ICC’14)},
pages = {755-760},
publisher = {IEEE Communications Society},
address = {Sydney (Australia)},
organization = {IEEE Communications Society},
abstract = {Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.
Nieto, Ana; Lopez, Javier
A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms Journal Article
In: Mobile Networks and Applications (MONET) Journal, vol. 19, pp. 64-78, 2014, ISSN: 1383-469X.
@article{nieto2013mone,
title = {A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/nieto2013mone.pdf
},
doi = {10.1007/s11036-013-0462-y},
issn = {1383-469X},
year = {2014},
date = {2014-02-01},
urldate = {2014-02-01},
journal = {Mobile Networks and Applications (MONET) Journal},
volume = {19},
pages = {64-78},
publisher = {Springer US},
abstract = {Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.
Fernandez-Gago, Carmen; Agudo, Isaac; Lopez, Javier
Building Trust from Context Similarity Measures Journal Article
In: Computer Standards & Interfaces, Special Issue on Security in Information Systems, vol. 36, pp. 792-800, 2014, ISSN: 0920-5489.
@article{CSI13,
title = {Building Trust from Context Similarity Measures},
author = {Carmen Fernandez-Gago and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/CSI13.pdf},
doi = {10.1016/j.csi.2013.12.012},
issn = {0920-5489},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
journal = {Computer Standards \& Interfaces, Special Issue on Security in Information Systems},
volume = {36},
pages = {792-800},
publisher = {Elsevier},
abstract = {Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.
Nuñez, David; Fernandez-Gago, Carmen; Pearson, Siani; Felici, Massimo
A Metamodel for Measuring Accountability Attributes in the Cloud Proceedings Article
In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 355-362, IEEE IEEE, Bristol, UK, 2013, ISBN: 978-0-7685-5095-4.
@inproceedings{nunez2013metamodel,
title = {A Metamodel for Measuring Accountability Attributes in the Cloud},
author = {David Nu\~{n}ez and Carmen Fernandez-Gago and Siani Pearson and Massimo Felici},
url = {/wp-content/papers/nunez2013metamodel.pdf},
doi = {10.1109/CloudCom.2013.53},
isbn = {978-0-7685-5095-4},
year = {2013},
date = {2013-12-01},
urldate = {2013-12-01},
booktitle = {2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013)},
pages = {355-362},
publisher = {IEEE},
address = {Bristol, UK},
organization = {IEEE},
abstract = {Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.
Rios, Ruben; Onieva, Jose A.; Lopez, Javier
Covert Communications through Network Configuration Messages Journal Article
In: Computers & Security, vol. 39, Part A, pp. 34 - 46, 2013, ISSN: 0167-4048.
@article{rios2013a,
title = {Covert Communications through Network Configuration Messages},
author = {Ruben Rios and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/rios2013a.pdf},
doi = {10.1016/j.cose.2013.03.004},
issn = {0167-4048},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Computers \& Security},
volume = {39, Part A},
pages = {34 - 46},
publisher = {Elsevier},
abstract = {Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.
Agudo, Isaac; Rios, Ruben; Lopez, Javier
A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control Journal Article
In: Computers & Security, vol. 39 (B), pp. 117-126, 2013, ISSN: 0167-4048.
@article{agudo2013,
title = {A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control},
author = {Isaac Agudo and Ruben Rios and Javier Lopez},
url = {/wp-content/papers/agudo2013.pdf},
doi = {10.1016/j.cose.2013.05.004},
issn = {0167-4048},
year = {2013},
date = {2013-11-01},
urldate = {2013-11-01},
journal = {Computers \& Security},
volume = {39 (B)},
pages = {117-126},
publisher = {Elsevier},
abstract = {Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Ocultación de la estación base en redes inalámbricas de sensores Proceedings Article
In: Verdejo, Jesús E. Díaz; Ortiz, Jorge Navarro; Muñoz, Juan J. Ramos (Ed.): XI Jornadas de Ingeniería Telemática (JITEL 2013), pp. 481-486, Asociación de Telemática Asociación de Telemática, Granada, 2013, ISBN: 978-84-616-5597-7.
@inproceedings{rios2013b,
title = {Ocultaci\'{o}n de la estaci\'{o}n base en redes inal\'{a}mbricas de sensores},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
editor = {Jes\'{u}s E. D\'{i}az Verdejo and Jorge Navarro Ortiz and Juan J. Ramos Mu\~{n}oz},
url = {/wp-content/papers/rios2013b.pdf},
isbn = {978-84-616-5597-7},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
booktitle = {XI Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2013)},
pages = {481-486},
publisher = {Asociaci\'{o}n de Telem\'{a}tica},
address = {Granada},
organization = {Asociaci\'{o}n de Telem\'{a}tica},
abstract = {La estaci\'{o}n base es el elemento m\'{a}s importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de t\'{e}cnicas de an\'{a}lisis de tr\'{a}fico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera est\'{a} dedicada a homogeneizar los patrones de tr\'{a}fico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estaci\'{o}n base fuera del alcance del atacante con un coste computacional insignificante y un consumo energ\'{e}tico moderado. La validez de nuestro esquema ha sido validada anal\'{i}ticamente y a trav\'{e}s de numerosas simulaciones.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La estación base es el elemento más importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de técnicas de análisis de tráfico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera está dedicada a homogeneizar los patrones de tráfico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estación base fuera del alcance del atacante con un coste computacional insignificante y un consumo energético moderado. La validez de nuestro esquema ha sido validada analíticamente y a través de numerosas simulaciones.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
User-centric secure integration of personal RFID tags and sensor networks Journal Article
In: Security and Communication Networks, vol. 6, pp. 1177–1197, 2013, ISSN: 1939-0114.
@article{najerascn12,
title = {User-centric secure integration of personal RFID tags and sensor networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
doi = {10.1002/sec.684},
issn = {1939-0114},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Security and Communication Networks},
volume = {6},
pages = {1177\textendash1197},
publisher = {Wiley-Blackwell},
abstract = {A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.
Roman, Rodrigo; Zhou, Jianying; Lopez, Javier
On the features and challenges of security and privacy in distributed internet of things Journal Article
In: Computer Networks, vol. 57, pp. 2266–2279, 2013, ISSN: 1389-1286.
@article{roman2013iot,
title = {On the features and challenges of security and privacy in distributed internet of things},
author = {Rodrigo Roman and Jianying Zhou and Javier Lopez},
url = {/wp-content/papers/roman2013iot.pdf
http://www.sciencedirect.com/science/article/pii/S1389128613000054},
doi = {10.1016/j.comnet.2012.12.018},
issn = {1389-1286},
year = {2013},
date = {2013-07-01},
urldate = {2013-07-01},
journal = {Computer Networks},
volume = {57},
pages = {2266\textendash2279},
publisher = {Elsevier},
abstract = {In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages \textendash not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.
Rios, Ruben; Lopez, Javier
(Un)Suitability of Anonymous Communication Systems to WSN Journal Article
In: IEEE Systems Journal, vol. 7, no. 2, pp. 298 - 310, 2013, ISSN: 1932-8184.
@article{Rios2012a,
title = {(Un)Suitability of Anonymous Communication Systems to WSN},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2012a.pdf},
doi = {10.1109/JSYST.2012.2221956},
issn = {1932-8184},
year = {2013},
date = {2013-06-01},
urldate = {2013-06-01},
journal = {IEEE Systems Journal},
volume = {7},
number = {2},
pages = {298 - 310},
publisher = {IEEE Systems Council},
abstract = {Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
Building Trust and Reputation In: A Development Framework for Trust Models Implementation Proceedings Article
In: Jøsang, Audung; Samarati, Pierangela; Petrocchi, Marinella (Ed.): 8th International Workshop on Security and Trust Management (STM 2012), pp. 113-128, Springer Springer, Pisa, 2013, ISSN: 0302-9743.
@inproceedings{moyano2012stm,
title = {Building Trust and Reputation In: A Development Framework for Trust Models Implementation},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Audung J\osang and Pierangela Samarati and Marinella Petrocchi},
url = {/wp-content/papers/moyano2012stm.pdf},
doi = {10.1007/978-3-642-38004-4},
issn = {0302-9743},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
booktitle = {8th International Workshop on Security and Trust Management (STM 2012)},
volume = {7783},
pages = {113-128},
publisher = {Springer},
address = {Pisa},
organization = {Springer},
series = {LNCS},
abstract = {During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.
Nieto, Ana; Lopez, Javier
Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet Journal Article
In: Security and Communication Networks (SCN) Journal, vol. 7, pp. 2778-2803, 2013, ISSN: 1939-0114.
@article{nietoscn13,
title = {Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/nietoscn13.pdf
http://onlinelibrary.wiley.com/doi/10.1002/sec.809/abstract?deniedAccessCustomisedMessage=\&userIsAuthenticated=false},
doi = {10.1002/sec.809},
issn = {1939-0114},
year = {2013},
date = {2013-01-01},
urldate = {2013-01-01},
journal = {Security and Communication Networks (SCN) Journal},
volume = {7},
pages = {2778-2803},
publisher = {Wiley-Blackwell},
abstract = {Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things Journal Article
In: Ad Hoc Networks, vol. 11, pp. 1091–1104, 2013, ISSN: 1570-8705.
@article{1752,
title = {Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1752.pdf},
doi = {10.1016/j.adhoc.2012.12.001},
issn = {1570-8705},
year = {2013},
date = {2013-00-01},
urldate = {2013-00-01},
journal = {Ad Hoc Networks},
volume = {11},
pages = {1091\textendash1104},
publisher = {Elsevier},
abstract = {The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.
Nuñez, David; Agudo, Isaac; Lopez, Javier
Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services Proceedings Article
In: IEEE CloudCom 2012, pp. 241 - 248, IEEE Computer Society IEEE Computer Society, Taipei, Taiwan, 2012, ISSN: 978-1-4673-4509-5.
@inproceedings{nunez2012integrating,
title = {Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services},
author = {David Nu\~{n}ez and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/nunez2012integrating.pdf},
doi = {10.1109/CloudCom.2012.6427551},
issn = {978-1-4673-4509-5},
year = {2012},
date = {2012-12-01},
urldate = {2012-12-01},
booktitle = {IEEE CloudCom 2012},
pages = {241 - 248},
publisher = {IEEE Computer Society},
address = {Taipei, Taiwan},
organization = {IEEE Computer Society},
abstract = {The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.
Alcaraz, Cristina; Lopez, Javier
Addressing Situational Awareness in Critical Domains of a Smart Grid Proceedings Article
In: 6th International Conference on Network and System Security (NSS 2012), pp. 58-71, Springer-Verlag Springer-Verlag, Wu Yi Shan, Fujian, China, 2012, ISSN: 978-3-642-34600-2.
@inproceedings{1729,
title = {Addressing Situational Awareness in Critical Domains of a Smart Grid},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1729.pdf},
doi = {10.1007/978-3-642-34601-9_5},
issn = {978-3-642-34600-2},
year = {2012},
date = {2012-11-01},
urldate = {2012-11-01},
booktitle = {6th International Conference on Network and System Security (NSS 2012)},
volume = {7645},
pages = {58-71},
publisher = {Springer-Verlag},
address = {Wu Yi Shan, Fujian, China},
organization = {Springer-Verlag},
series = {LNCS 7645},
abstract = {Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.
Alcaraz, Cristina; Fernandez, Gerardo; Carvajal, Fernando
Security Aspects of SCADA and DCS Environments Book Section
In: Lopez, Javier; Wolthusen, Stephen; Setola, Roberto (Ed.): Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense, vol. 7130, pp. 120-149, Springer-Verlag, Heidelberger (Berlin, Alemania), 2012, ISSN: 0302-9743.
@incollection{BC2011Alcaraz,
title = {Security Aspects of SCADA and DCS Environments},
author = {Cristina Alcaraz and Gerardo Fernandez and Fernando Carvajal},
editor = {Javier Lopez and Stephen Wolthusen and Roberto Setola},
url = {/wp-content/papers/BC2011Alcaraz.pdf},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense},
volume = {7130},
pages = {120-149},
publisher = {Springer-Verlag},
address = {Heidelberger (Berlin, Alemania)},
organization = {Springer-Verlag},
series = {Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense. LNCS 7130.},
abstract = {SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations.
Rios, Ruben; Lopez, Javier
Adecuación de soluciones de anonimato al problema de la privacidad de localización en WSN Proceedings Article
In: Zurutuza, Urko; Uribeetxeberria, Roberto; Arenaza-Nuño, Ignacio (Ed.): XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), pp. 309-314, Donostia-San Sebastián, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{Rios2012b,
title = {Adecuaci\'{o}n de soluciones de anonimato al problema de la privacidad de localizaci\'{o}n en WSN},
author = {Ruben Rios and Javier Lopez},
editor = {Urko Zurutuza and Roberto Uribeetxeberria and Ignacio Arenaza-Nu\~{n}o},
url = {/wp-content/papers/Rios2012b.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2012)},
pages = {309-314},
address = {Donostia-San Sebasti\'{a}n},
abstract = {Los patrones de tr\'{a}fico caracter\'{i}sticos de las redes inal\'{a}mbricas de sensores (WSNs) dan lugar al problema de la privacidad de localizaci\'{o}n. De manera similar, el tr\'{a}fico de los usuarios en Internet revela informaci\'{o}n sensible que puede ser protegida mediante sistemas de comunicaci\'{o}n an\'{o}nima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones hab\'{i}an sido rechazadas sin un an\'{a}lisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los patrones de tráfico característicos de las redes inalámbricas de sensores (WSNs) dan lugar al problema de la privacidad de localización. De manera similar, el tráfico de los usuarios en Internet revela información sensible que puede ser protegida mediante sistemas de comunicación anónima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones habían sido rechazadas sin un análisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.
Moyano, Francisco; Fernandez-Gago, Carmen; Lopez, Javier
A Conceptual Framework for Trust Models Proceedings Article
In: Fischer-Hübner, Simone; Katsikas, Sokratis K.; Quirchmayr, Gerald (Ed.): 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), pp. 93-104, Springer Verlag Springer Verlag, Vienna, 2012, ISSN: 0302-9743.
@inproceedings{moyano2012trustbus,
title = {A Conceptual Framework for Trust Models},
author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez},
editor = {Simone Fischer-H\"{u}bner and Sokratis K. Katsikas and Gerald Quirchmayr},
url = {/wp-content/papers/moyano2012trustbus.pdf},
doi = {10.1007/978-3-642-32287-7},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {9th International Conference on Trust, Privacy \& Security in Digital Business (TrustBus 2012)},
volume = {7449},
pages = {93-104},
publisher = {Springer Verlag},
address = {Vienna},
organization = {Springer Verlag},
series = {LNCS},
abstract = {During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN Proceedings Article
In: Foresti, Sara; Yung, Moti; Martinelli, Fabio (Ed.): 17th European Symposium on Research in Computer Security (ESORICS 2012), pp. 163-180, Springer Springer, Pisa, Italy, 2012, ISSN: 0302-9743.
@inproceedings{Rios2012d,
title = {Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
editor = {Sara Foresti and Moti Yung and Fabio Martinelli},
url = {/wp-content/papers/Rios2012d.pdf},
doi = {10.1007/978-3-642-33167-1_10},
issn = {0302-9743},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {17th European Symposium on Research in Computer Security (ESORICS 2012)},
volume = {7459},
pages = {163-180},
publisher = {Springer},
address = {Pisa, Italy},
organization = {Springer},
series = {LNCS},
abstract = {The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.
Nieto, Ana; Fernandez, Gerardo
Sistema Colaborativo de Detección y Reacción ante Intrusiones basado en Intel vPro Proceedings Article
In: XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), pp. 45-50, San Sebastián, 2012, ISBN: 978-84-615-9933-2.
@inproceedings{NF_RECSI12,
title = {Sistema Colaborativo de Detecci\'{o}n y Reacci\'{o}n ante Intrusiones basado en Intel vPro},
author = {Ana Nieto and Gerardo Fernandez},
url = {/wp-content/papers/NF_RECSI12.pdf},
isbn = {978-84-615-9933-2},
year = {2012},
date = {2012-09-01},
urldate = {2012-09-01},
booktitle = {XII Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2012)},
pages = {45-50},
address = {San Sebasti\'{a}n},
abstract = {En este trabajo proponemos una plataforma para el desarrollo de un sistema colaborativo para la detecci\'{o}n y reacci\'{o}n ante intrusiones, empleando como base las tecnolog\'{i}as presentes en Intel vPro. La soluci\'{o}n presentada est\'{a} dirigida a solventar la necesidad de implantaci\'{o}n de nuevas tecnolog\'{i}as que posibiliten la reacci\'{o}n ante ataques, independientemente del sistema operativo usado. Con este fin, en este trabajo abordamos tres puntos fundamentales: la detecci\'{o}n de intrusiones colaborativa, la respuesta autom\'{a}tica de los nodos ante la detecci\'{o}n de una intrusi\'{o}n y el uso de herramientas que posibiliten asegurar la confianza en un nodo. En un sistema colaborativo como el que se propone aqu\'{i}, un aspecto clave para la seguridad es la protecci\'{o}n de las comunicaciones entre los mecanismos de detecci\'{o}n y reacci\'{o}n frente a intrusiones. La modificaci\'{o}n o el simple acceso a los datos intercambiados por tales sistemas supone un grave riesgo para la seguridad del entorno. Como resultado hemos desarrollado un prototipo preliminar para probar la soluci\'{o}n propuesta en un escenario de ataque real.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En este trabajo proponemos una plataforma para el desarrollo de un sistema colaborativo para la detección y reacción ante intrusiones, empleando como base las tecnologías presentes en Intel vPro. La solución presentada está dirigida a solventar la necesidad de implantación de nuevas tecnologías que posibiliten la reacción ante ataques, independientemente del sistema operativo usado. Con este fin, en este trabajo abordamos tres puntos fundamentales: la detección de intrusiones colaborativa, la respuesta automática de los nodos ante la detección de una intrusión y el uso de herramientas que posibiliten asegurar la confianza en un nodo. En un sistema colaborativo como el que se propone aquí, un aspecto clave para la seguridad es la protección de las comunicaciones entre los mecanismos de detección y reacción frente a intrusiones. La modificación o el simple acceso a los datos intercambiados por tales sistemas supone un grave riesgo para la seguridad del entorno. Como resultado hemos desarrollado un prototipo preliminar para probar la solución propuesta en un escenario de ataque real.
Nieto, Ana; Lopez, Javier
Security and QoS tradeoffs: towards a FI perspective Proceedings Article
In: Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pp. 745-750, IEEE IEEE, Fukuoka (Japan), 2012, ISBN: 978-0-7695-4652-0/12.
@inproceedings{Nieto2012b,
title = {Security and QoS tradeoffs: towards a FI perspective},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012b.pdf},
doi = {10.1109/WAINA.2012.204},
isbn = {978-0-7695-4652-0/12},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on},
pages = {745-750},
publisher = {IEEE},
address = {Fukuoka (Japan)},
organization = {IEEE},
abstract = {Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.
Nieto, Ana; Lopez, Javier
Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks Proceedings Article
In: Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pp. 607-612, IEEE IEEE, Fukuoka (Japan), 2012, ISBN: 978-0-7695-4652-0/12.
@inproceedings{Nieto2012a,
title = {Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012a.pdf},
doi = {10.1109/WAINA.2012.202},
isbn = {978-0-7695-4652-0/12},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on},
pages = {607-612},
publisher = {IEEE},
address = {Fukuoka (Japan)},
organization = {IEEE},
abstract = {Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Secure architecure for the integration of RFID and sensors in personal networks Proceedings Article
In: 7th International Workshop on Security and Trust Management (STM’11), pp. 207-222, Springer Springer, Copenhagen, Denmark, 2012, ISBN: 978-3-642-29962-9.
@inproceedings{Najera_STM11,
title = {Secure architecure for the integration of RFID and sensors in personal networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Najera_STM11.pdf},
doi = {10.1007/978-3-642-29963-6_15},
isbn = {978-3-642-29962-9},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
booktitle = {7th International Workshop on Security and Trust Management (STM’11)},
volume = {7170},
pages = {207-222},
publisher = {Springer},
address = {Copenhagen, Denmark},
organization = {Springer},
series = {LNCS},
abstract = {The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.
Nieto, Ana; Lopez, Javier
Security and QoS relationships in Mobile Platforms Proceedings Article
In: The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012), pp. 13-21, Springer Netherlands Springer Netherlands, Jeju (Korea), 2012, ISBN: 978-94-007-5699-1.
@inproceedings{Nieto2012c,
title = {Security and QoS relationships in Mobile Platforms},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012c.pdf},
doi = {10.1007/978-94-007-5699-1_2},
isbn = {978-94-007-5699-1},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
booktitle = {The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012)},
volume = {203},
pages = {13-21},
publisher = {Springer Netherlands},
address = {Jeju (Korea)},
organization = {Springer Netherlands},
series = {Lecture Notes in Electrical Engineering},
abstract = {Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.
Alcaraz, Cristina; Lopez, Javier
Analysis of Requirements for Critical Control Systems Journal Article
In: International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, pp. 137–145, 2012, ISSN: 1874-5482.
@article{1730,
title = {Analysis of Requirements for Critical Control Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/1730.pdf
http://www.sciencedirect.com/science/article/pii/S1874548212000455},
doi = {10.1016/j.ijcip.2012.08.003},
issn = {1874-5482},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
journal = {International Journal of Critical Infrastructure Protection (IJCIP)},
volume = {5},
pages = {137\textendash145},
publisher = {Elsevier},
abstract = {The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.
Rios, Ruben; Lopez, Javier
Analysis of Location Privacy Solutions in Wireless Sensor Networks Journal Article
In: IET Communications, vol. 5, pp. 2518 - 2532, 2011, ISSN: 1751-8628.
@article{Rios2011a,
title = {Analysis of Location Privacy Solutions in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2011a.pdf},
doi = {10.1049/iet-com.2010.0825},
issn = {1751-8628},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IET Communications},
volume = {5},
pages = {2518 - 2532},
publisher = {Institution of Engineering and Technology},
abstract = {Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.
Alcaraz, Cristina; Fernandez-Gago, Carmen; Lopez, Javier
An Early Warning System based on Reputation for Energy Control Systems Journal Article
In: IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 827-834, 2011, ISSN: 1949-3053.
@article{Alcaraz2011,
title = {An Early Warning System based on Reputation for Energy Control Systems},
author = {Cristina Alcaraz and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Alcaraz2011.pdf},
doi = {10.1109/TSG.2011.2161498},
issn = {1949-3053},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IEEE Transactions on Smart Grid},
volume = {2},
number = {4},
pages = {827-834},
publisher = {IEEE},
abstract = {Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario. keywords = Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
Acceso seguro a nodos RFID en una arquitectura de red personal Proceedings Article
In: Hackbarth, Klaus; Agüero, Ramón; Sanz, Roberto (Ed.): X Jornadas de Ingeniería Telemática (JITEL 2011), pp. 104 - 111, Universidad de Cantabria Universidad de Cantabria, Santander, Spain, 2011, ISBN: 978-84-694-5948-5.
@inproceedings{Najera_JITEL11,
title = {Acceso seguro a nodos RFID en una arquitectura de red personal},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
editor = {Klaus Hackbarth and Ram\'{o}n Ag\"{u}ero and Roberto Sanz},
isbn = {978-84-694-5948-5},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
booktitle = {X Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2011)},
pages = {104 - 111},
publisher = {Universidad de Cantabria},
address = {Santander, Spain},
organization = {Universidad de Cantabria},
abstract = {El paradigma de red personal (PN) permitir\'{a} la interacci\'{o}n y colaboraci\'{o}n del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno m\'{u}ltiples tecnolog\'{i}as heterog\'{e}neas con diversas capacidades computacionales y de comunicaci\'{o}n de forma segura. En particular, la incorporaci\'{o}n de la tecnolog\'{i}a RFID en objetos personales conlleva m\'{u}ltiples riesgos de seguridad y privacidad que han suscitado un elevado inter\'{e}s de la comunidad investigadora en los \'{u}ltimos a\~{n}os. M\'{a}s all\'{a} de su seguridad de forma aislada, su integraci\'{o}n en la PN y la interacci\'{o}n de \'{e}sta con redes de \'{a}rea extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este art\'{i}culo proporciona los fundamentos de tal arquitectura segura incluyendo el an\'{a}lisis de aspectos como la incorporaci\'{o}n e inicializaci\'{o}n de las restringidas etiquetas RFID en la red personal, la autenticaci\'{o}n tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnolog\'{i}as de contexto, el control de las pol\'{i}ticas de privacidad y el establecimiento de canales seguros de comunicaci\'{o}n supervisados.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El paradigma de red personal (PN) permitirá la interacción y colaboración del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno múltiples tecnologías heterogéneas con diversas capacidades computacionales y de comunicación de forma segura. En particular, la incorporación de la tecnología RFID en objetos personales conlleva múltiples riesgos de seguridad y privacidad que han suscitado un elevado interés de la comunidad investigadora en los últimos años. Más allá de su seguridad de forma aislada, su integración en la PN y la interacción de ésta con redes de área extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este artículo proporciona los fundamentos de tal arquitectura segura incluyendo el análisis de aspectos como la incorporación e inicialización de las restringidas etiquetas RFID en la red personal, la autenticación tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnologías de contexto, el control de las políticas de privacidad y el establecimiento de canales seguros de comunicación supervisados.
Rios, Ruben; Lopez, Javier
Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks Journal Article
In: The Computer Journal, vol. 54, pp. 1603-1615, 2011, ISSN: 0010-4620.
@article{Rios2011b,
title = {Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2011b.pdf},
doi = {10.1093/comjnl/bxr055},
issn = {0010-4620},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {The Computer Journal},
volume = {54},
pages = {1603-1615},
publisher = {Oxford University Press},
abstract = {The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.
Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Securing the Internet of Things Journal Article
In: IEEE Computer, vol. 44, no. 9, pp. 51 -58, 2011, ISSN: 0018-9162.
@article{1633,
title = {Securing the Internet of Things},
author = {Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/1633.pdf},
doi = {10.1109/MC.2011.291},
issn = {0018-9162},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
journal = {IEEE Computer},
volume = {44},
number = {9},
pages = {51 -58},
publisher = {IEEE},
abstract = {This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.
Alcaraz, Cristina; Lopez, Javier; Zhou, Jianying; Roman, Rodrigo
Secure SCADA Framework for the Protection of Energy Control Systems Journal Article
In: Concurrency and Computation Practice & Experience, vol. 23, no. 12, pp. 1414-1430, 2011, ISSN: 1532-0626.
@article{Alcaraz2011a,
title = {Secure SCADA Framework for the Protection of Energy Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Jianying Zhou and Rodrigo Roman},
url = {/wp-content/papers/Alcaraz2011a.pdf},
doi = {10.1002/cpe.1679},
issn = {1532-0626},
year = {2011},
date = {2011-08-01},
urldate = {2011-08-01},
journal = {Concurrency and Computation Practice \& Experience},
volume = {23},
number = {12},
pages = {1414-1430},
publisher = {John Wiley \& Sons, Inc.},
abstract = {Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.
Leon, Olga; Roman, Rodrigo; Serrano, Juan Hernandez
Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks Proceedings Article
In: Workshop on Wireless Cooperative Network Security (WCNS’11), Springer Springer, 2011.
@inproceedings{Leon11,
title = {Towards a Cooperative Intrusion Detection System for Cognitive Radio Networks},
author = {Olga Leon and Rodrigo Roman and Juan Hernandez Serrano},
url = {/wp-content/papers/Leon11.pdf
http://www.networking2011.org/workshops/WCNS.html},
doi = {10.1007/978-3-642-23041-7_22},
year = {2011},
date = {2011-05-01},
urldate = {2011-05-01},
booktitle = {Workshop on Wireless Cooperative Network Security (WCNS’11)},
publisher = {Springer},
organization = {Springer},
series = {LNCS},
abstract = {Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.
Roman, Rodrigo; Lopez, Javier; Alcaraz, Cristina; Chen, Hsiao-Hwa
SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks Proceedings Article
In: 5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE IEEE, Singapore, 2011.
@inproceedings{Roman11SK,
title = {SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks},
author = {Rodrigo Roman and Javier Lopez and Cristina Alcaraz and Hsiao-Hwa Chen},
url = {/wp-content/papers/Roman11SK.pdf
http://www.ftrai.org/smpe2011/},
doi = {10.1109/WAINA.2011.78},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
booktitle = {5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11)},
publisher = {IEEE},
address = {Singapore},
organization = {IEEE},
abstract = {Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier; Sklavos, Nicolas
Key management systems for sensor networks in the context of the Internet of Things Journal Article
In: Computers & Electrical Engineering, vol. 37, pp. 147-159, 2011, ISSN: 0045-7906.
@article{roman2011,
title = {Key management systems for sensor networks in the context of the Internet of Things},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez and Nicolas Sklavos},
url = {/wp-content/papers/roman2011.pdf
http://www.sciencedirect.com/science/article/B6V25-527FRSD-1/2/62661c595153993639c43b9b331d8d66},
doi = {10.1016/j.compeleceng.2011.01.009},
issn = {0045-7906},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
journal = {Computers \& Electrical Engineering},
volume = {37},
pages = {147-159},
publisher = {Elsevier},
abstract = {If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.
Roman, Rodrigo; Lopez, Javier; Najera, Pablo
A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures Journal Article
In: Wireless Communications and Mobile Computing, vol. 11, pp. 267-276, 2011, ISSN: 1530-8669.
@article{Roman2010,
title = {A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures},
author = {Rodrigo Roman and Javier Lopez and Pablo Najera},
url = {/wp-content/papers/Roman2010.pdf},
doi = {10.1002/wcm.1006},
issn = {1530-8669},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {11},
pages = {267-276},
publisher = {Wiley},
abstract = {The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
Najera, Pablo; Lopez, Javier
Real-time Location and Inpatient Care Systems Based on Passive RFID Journal Article
In: Journal of Network and Computer Applications, vol. 34, pp. pp. 980-989, 2011, ISSN: 1084-8045.
@article{Najera2010,
title = {Real-time Location and Inpatient Care Systems Based on Passive RFID},
author = {Pablo Najera and Javier Lopez},
url = {/wp-content/papers/Najera2010.pdf
http://www.sciencedirect.com/science/article/B6WKB-5023KSB-1/2/3b970ad38b2ce768888c4eec24ea472a},
doi = {10.1016/j.jnca.2010.04.011},
issn = {1084-8045},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
journal = {Journal of Network and Computer Applications},
volume = {34},
pages = {pp. 980-989},
publisher = {Elsevier},
abstract = {RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient’s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient’s safety. Considerations regarding lessons learned and challenges faced are exposed.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient’s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient’s safety. Considerations regarding lessons learned and challenges faced are exposed.
Alcaraz, Cristina; Najera, Pablo; Lopez, Javier; Roman, Rodrigo
Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration? Proceedings Article
In: 1st International Workshop on the Security of the Internet of Things (SecIoT’10), pp. xxxx, IEEE IEEE, Tokyo (Japan), 2010.
@inproceedings{calcaraz10,
title = {Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?},
author = {Cristina Alcaraz and Pablo Najera and Javier Lopez and Rodrigo Roman},
url = {/wp-content/papers/calcaraz10.pdf},
year = {2010},
date = {2010-12-01},
urldate = {2010-12-01},
booktitle = {1st International Workshop on the Security of the Internet of Things (SecIoT’10)},
pages = {xxxx},
publisher = {IEEE},
address = {Tokyo (Japan)},
organization = {IEEE},
abstract = {Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Acceso seguro a redes de sensores en SCADA a través de Internet Proceedings Article
In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, Tarragona (Spain), 2010, ISBN: 978-84-693-3304-4.
@inproceedings{Alcaraz2010,
title = {Acceso seguro a redes de sensores en SCADA a trav\'{e}s de Internet},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010.pdf
http://crises-deim.urv.cat/recsi2010/},
isbn = {978-84-693-3304-4},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {XI Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2010)},
pages = {337-342},
address = {Tarragona (Spain)},
abstract = {Las Infraestructuras Cr\'{i}ticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisici\'{o}n de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria est\'{a} actualmente demandando la integraci\'{o}n en el modelo tradicional de dos avances tecnol\'{o}gicos: Internet y las redes de sensores inal\'{a}mbricas. Sin embargo, su incorporaci\'{o}n requiere analizar los requisitos de seguridad que surgen en dicho contexto, as\'{i} como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimizaci\'{o}n) y, en base a estos, la estrategia de integraci\'{o}n m\'{a}s adecuada para satisfacer dichos requisitos. Este art\'{i}culo proporciona dicho an\'{a}lisis en profundidad con el fin de ofrecer un modelo de integraci\'{o}n seguro adecuado para entornos cr\'{i}ticos.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.
Agudo, Isaac; Onieva, Jose A.; Merida, Daniel
Distribución segura de componentes software basada en OpenID Proceedings Article
In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), Tarragona, Spain, 2010, ISBN: 978-84-693-3304-4.
@inproceedings{Agudo2010,
title = {Distribuci\'{o}n segura de componentes software basada en OpenID},
author = {Isaac Agudo and Jose A. Onieva and Daniel Merida},
url = {/wp-content/papers/Agudo2010.pdf},
isbn = {978-84-693-3304-4},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {XI Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2010)},
address = {Tarragona, Spain},
abstract = {En la actualidad, cada vez son m\'{a}s frecuentes los ataques software mediante la utilizaci\'{o}n de malware o sustituci\'{o}n de programas (o componentes) en los repositorios a los cuales los usuarios finales (o m\'{a}quinas) acceden. Esta situaci\'{o}n se ve de alguna manera acentuada con el dinamismo existente en la programaci\'{o}n y ejecuci\'{o}n de estos componentes, en la que distintos desarrolladores pueden participar para desplegar un determinado servicio o parte de \'{e}l. Por ello, en este art\'{i}culo se presenta una soluci\'{o}n para la distribuci\'{o}n de c\'{o}digo de forma segura usando OpenID y firmas con certificados de clave p\'{u}blica de corta duraci\'{o}n. De esta forma, se consigue un compromiso de seguridad que permite distribuir c\'{o}digo firmado sin la necesidad de que los desarrolladores dispongan a priori de un certificado espec\'{i}fico. Presentamos adem\'{a}s algunos detalles acerca de la implementaci\'{o}n realizada para hacer realidad este dise\~{n}o.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En la actualidad, cada vez son más frecuentes los ataques software mediante la utilización de malware o sustitución de programas (o componentes) en los repositorios a los cuales los usuarios finales (o máquinas) acceden. Esta situación se ve de alguna manera acentuada con el dinamismo existente en la programación y ejecución de estos componentes, en la que distintos desarrolladores pueden participar para desplegar un determinado servicio o parte de él. Por ello, en este artículo se presenta una solución para la distribución de código de forma segura usando OpenID y firmas con certificados de clave pública de corta duración. De esta forma, se consigue un compromiso de seguridad que permite distribuir código firmado sin la necesidad de que los desarrolladores dispongan a priori de un certificado específico. Presentamos además algunos detalles acerca de la implementación realizada para hacer realidad este diseño.
Alcaraz, Cristina; Balastegui, Angel; Lopez, Javier
Early Warning System for Cascading Effect Control in Energy Control Systems Proceedings Article
In: 5th International conference on Critical Information Infrastructures Security (CRITIS’10), pp. 55-67, Springer Springer, Athens, Greece, 2010, ISSN: 0302-9743.
@inproceedings{Alcaraz2010b,
title = {Early Warning System for Cascading Effect Control in Energy Control Systems},
author = {Cristina Alcaraz and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010b.pdf
http://critis.net/2010/},
issn = {0302-9743},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {5th International conference on Critical Information Infrastructures Security (CRITIS’10)},
volume = {6712},
pages = {55-67},
publisher = {Springer},
address = {Athens, Greece},
organization = {Springer},
series = {LNCS},
abstract = {A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.
Rios, Ruben; Agudo, Isaac; Gonzalez, Jose L.
Implementación de un esquema de localización privada y segura para interiores Proceedings Article
In: Dimitriadis, Yannis; Pérez, María Jesús Verdú (Ed.): IX Jornadas de Ingeniería Telemática (JITEL’10), pp. 237 - 244, Valladolid (Spain), 2010, ISBN: 978-84-693-5398-1.
@inproceedings{Rios2010a,
title = {Implementaci\'{o}n de un esquema de localizaci\'{o}n privada y segura para interiores},
author = {Ruben Rios and Isaac Agudo and Jose L. Gonzalez},
editor = {Yannis Dimitriadis and Mar\'{i}a Jes\'{u}s Verd\'{u} P\'{e}rez},
url = {/wp-content/papers/Rios2010a.pdf},
isbn = {978-84-693-5398-1},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {IX Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL’10)},
pages = {237 - 244},
address = {Valladolid (Spain)},
abstract = {Las aplicaciones basadas en localizaci\'{o}n proporcionan a los usuarios servicios personalizados dependiendo de su ubicaci\'{o}n. Las estimaciones prev\'{e}n que estos servicios se extender\'{a}n enormemente en los pr\'{o}ximos a\~{n}os reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilizaci\'{o}n de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localizaci\'{o}n que da soporte a la provisi\'{o}n de servicios basados en localizaci\'{o}n para entornos indoor y que se fundamenta en la tecnolog\'{i}a de redes de sensores inal\'{a}mbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atenci\'{o}n a la limitaci\'{o}n extrema de recursos caracter\'{i}stica de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del \'{a}mbito del proyecto OSAmI.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las aplicaciones basadas en localización proporcionan a los usuarios servicios personalizados dependiendo de su ubicación. Las estimaciones prevén que estos servicios se extenderán enormemente en los próximos años reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilización de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localización que da soporte a la provisión de servicios basados en localización para entornos indoor y que se fundamenta en la tecnología de redes de sensores inalámbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atención a la limitación extrema de recursos característica de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del ámbito del proyecto OSAmI.
Rios, Ruben; Lopez, Javier
Source Location Privacy Considerations in Wireless Sensor Networks Proceedings Article
In: Fuentes, Lidia; Gámez, Nadia; Bravo, José (Ed.): 4th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI’10), pp. 29 - 38, IBERGARCETA PUBLICACIONES, S.L. IBERGARCETA PUBLICACIONES, S.L., Valencia (Spain), 2010, ISBN: 978-84-92812-61-5.
@inproceedings{Rios2010,
title = {Source Location Privacy Considerations in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
editor = {Lidia Fuentes and Nadia G\'{a}mez and Jos\'{e} Bravo},
url = {/wp-content/papers/Rios2010.pdf},
isbn = {978-84-92812-61-5},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {4th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI’10)},
pages = {29 - 38},
publisher = {IBERGARCETA PUBLICACIONES, S.L.},
address = {Valencia (Spain)},
organization = {IBERGARCETA PUBLICACIONES, S.L.},
abstract = {Wireless Sensor Networks are considered to be one of the cornerstones of Ambient Intelligence since they can be used in countless applications, where sensors are unobtrusively embedded into the environment to perform operations like monitoring, tracking and reporting. In such scenarios, privacy issues must be carefully considered since the mere observation of the network operation might reveal great amounts of private information to unauthorised parties. One of the problems that is gaining more attention in the realm of privacy, is the location privacy problem, which aims to prevent an attacker from obtaining the location of specific nodes of interest to him. In this paper we provide a general overview of the proposed solutions to counter this threat. Finally, we will also discuss some open challenges and future directions of research for a convenient management of privacy issues in smart environments.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks are considered to be one of the cornerstones of Ambient Intelligence since they can be used in countless applications, where sensors are unobtrusively embedded into the environment to perform operations like monitoring, tracking and reporting. In such scenarios, privacy issues must be carefully considered since the mere observation of the network operation might reveal great amounts of private information to unauthorised parties. One of the problems that is gaining more attention in the realm of privacy, is the location privacy problem, which aims to prevent an attacker from obtaining the location of specific nodes of interest to him. In this paper we provide a general overview of the proposed solutions to counter this threat. Finally, we will also discuss some open challenges and future directions of research for a convenient management of privacy issues in smart environments.
Lopez, Javier; Roman, Rodrigo; Najera, Pablo
Los Desafíos de Seguridad en la Internet de los Objetos Journal Article
In: Revista SIC, vol. 88, pp. 66-73, 2010, ISSN: 1136-0623.
@article{jlopez09,
title = {Los Desaf\'{i}os de Seguridad en la Internet de los Objetos},
author = {Javier Lopez and Rodrigo Roman and Pablo Najera},
url = {/wp-content/papers/jlopez09.pdf},
issn = {1136-0623},
year = {2010},
date = {2010-02-01},
urldate = {2010-02-01},
journal = {Revista SIC},
volume = {88},
pages = {66-73},
publisher = {Ediciones CODA},
abstract = {El paradigma de la Internet de los Objetos, donde todos aquellos objetos f\'{i}sicos que nos rodean tendr\'{a}n la capacidad de generar y consumir informaci\'{o}n en el \'{a}mbito de un mundo virtual, se encuentra cada vez m\'{a}s cerca. Es ahora un buen momento para llamar la atenci\'{o}n sobre sus principales desaf\'{i}os de seguridad, tanto desde un punto de vista global como asociados a sus elementos m\'{a}s importantes (la tecnolog\'{i}a RFID y las redes de sensores). As\'{i}, este paradigma puede ser plenamente comprendido y protegido, evolucionando hacia uno de los nuevos pilares del futuro.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
El paradigma de la Internet de los Objetos, donde todos aquellos objetos físicos que nos rodean tendrán la capacidad de generar y consumir información en el ámbito de un mundo virtual, se encuentra cada vez más cerca. Es ahora un buen momento para llamar la atención sobre sus principales desafíos de seguridad, tanto desde un punto de vista global como asociados a sus elementos más importantes (la tecnología RFID y las redes de sensores). Así, este paradigma puede ser plenamente comprendido y protegido, evolucionando hacia uno de los nuevos pilares del futuro.
Roman, Rodrigo; Lopez, Javier; Alcaraz, Cristina
Do Wireless Sensor Networks Need to be Completely Integrated into the Internet? Proceedings Article
In: 3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems, pp. xxxx, xxxx xxxx, Brussels (Belgium), 2009.
@inproceedings{roman2009,
title = {Do Wireless Sensor Networks Need to be Completely Integrated into the Internet?},
author = {Rodrigo Roman and Javier Lopez and Cristina Alcaraz},
url = {/wp-content/papers/roman2009.pdf},
year = {2009},
date = {2009-12-01},
urldate = {2009-12-01},
booktitle = {3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems},
pages = {xxxx},
publisher = {xxxx},
address = {Brussels (Belgium)},
organization = {xxxx},
abstract = {Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.
Sorry, no publications matched your criteria.
Rios, Ruben; Cuellar, Jorge; Lopez, Javier
Ocultación de la estación base en redes inalámbricas de sensores Proceedings Article
In: Verdejo, Jesús E. Díaz; Ortiz, Jorge Navarro; Muñoz, Juan J. Ramos (Ed.): XI Jornadas de Ingeniería Telemática (JITEL 2013), pp. 481-486, Asociación de Telemática Asociación de Telemática, Granada, 2013, ISBN: 978-84-616-5597-7.
@inproceedings{rios2013b,
title = {Ocultaci\'{o}n de la estaci\'{o}n base en redes inal\'{a}mbricas de sensores},
author = {Ruben Rios and Jorge Cuellar and Javier Lopez},
editor = {Jes\'{u}s E. D\'{i}az Verdejo and Jorge Navarro Ortiz and Juan J. Ramos Mu\~{n}oz},
url = {/wp-content/papers/rios2013b.pdf},
isbn = {978-84-616-5597-7},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
booktitle = {XI Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL 2013)},
pages = {481-486},
publisher = {Asociaci\'{o}n de Telem\'{a}tica},
address = {Granada},
organization = {Asociaci\'{o}n de Telem\'{a}tica},
abstract = {La estaci\'{o}n base es el elemento m\'{a}s importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de t\'{e}cnicas de an\'{a}lisis de tr\'{a}fico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera est\'{a} dedicada a homogeneizar los patrones de tr\'{a}fico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estaci\'{o}n base fuera del alcance del atacante con un coste computacional insignificante y un consumo energ\'{e}tico moderado. La validez de nuestro esquema ha sido validada anal\'{i}ticamente y a trav\'{e}s de numerosas simulaciones.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La estación base es el elemento más importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de técnicas de análisis de tráfico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera está dedicada a homogeneizar los patrones de tráfico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estación base fuera del alcance del atacante con un coste computacional insignificante y un consumo energético moderado. La validez de nuestro esquema ha sido validada analíticamente y a través de numerosas simulaciones.
Najera, Pablo; Roman, Rodrigo; Lopez, Javier
User-centric secure integration of personal RFID tags and sensor networks Journal Article
In: Security and Communication Networks, vol. 6, pp. 1177–1197, 2013, ISSN: 1939-0114.
@article{najerascn12,
title = {User-centric secure integration of personal RFID tags and sensor networks},
author = {Pablo Najera and Rodrigo Roman and Javier Lopez},
doi = {10.1002/sec.684},
issn = {1939-0114},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Security and Communication Networks},
volume = {6},
pages = {1177\textendash1197},
publisher = {Wiley-Blackwell},
abstract = {A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.
Rios, Ruben; Lopez, Javier
(Un)Suitability of Anonymous Communication Systems to WSN Journal Article
In: IEEE Systems Journal, vol. 7, no. 2, pp. 298 - 310, 2013, ISSN: 1932-8184.
@article{Rios2012a,
title = {(Un)Suitability of Anonymous Communication Systems to WSN},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2012a.pdf},
doi = {10.1109/JSYST.2012.2221956},
issn = {1932-8184},
year = {2013},
date = {2013-06-01},
urldate = {2013-06-01},
journal = {IEEE Systems Journal},
volume = {7},
number = {2},
pages = {298 - 310},
publisher = {IEEE Systems Council},
abstract = {Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.
Nieto, Ana; Lopez, Javier
Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks Proceedings Article
In: Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pp. 607-612, IEEE IEEE, Fukuoka (Japan), 2012, ISBN: 978-0-7695-4652-0/12.
@inproceedings{Nieto2012a,
title = {Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012a.pdf},
doi = {10.1109/WAINA.2012.202},
isbn = {978-0-7695-4652-0/12},
year = {2012},
date = {2012-03-01},
urldate = {2012-03-01},
booktitle = {Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on},
pages = {607-612},
publisher = {IEEE},
address = {Fukuoka (Japan)},
organization = {IEEE},
abstract = {Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.
Nieto, Ana; Lopez, Javier
Security and QoS relationships in Mobile Platforms Proceedings Article
In: The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012), pp. 13-21, Springer Netherlands Springer Netherlands, Jeju (Korea), 2012, ISBN: 978-94-007-5699-1.
@inproceedings{Nieto2012c,
title = {Security and QoS relationships in Mobile Platforms},
author = {Ana Nieto and Javier Lopez},
url = {/wp-content/papers/Nieto2012c.pdf},
doi = {10.1007/978-94-007-5699-1_2},
isbn = {978-94-007-5699-1},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
booktitle = {The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012)},
volume = {203},
pages = {13-21},
publisher = {Springer Netherlands},
address = {Jeju (Korea)},
organization = {Springer Netherlands},
series = {Lecture Notes in Electrical Engineering},
abstract = {Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.
Rios, Ruben; Lopez, Javier
Analysis of Location Privacy Solutions in Wireless Sensor Networks Journal Article
In: IET Communications, vol. 5, pp. 2518 - 2532, 2011, ISSN: 1751-8628.
@article{Rios2011a,
title = {Analysis of Location Privacy Solutions in Wireless Sensor Networks},
author = {Ruben Rios and Javier Lopez},
url = {/wp-content/papers/Rios2011a.pdf},
doi = {10.1049/iet-com.2010.0825},
issn = {1751-8628},
year = {2011},
date = {2011-11-01},
urldate = {2011-11-01},
journal = {IET Communications},
volume = {5},
pages = {2518 - 2532},
publisher = {Institution of Engineering and Technology},
abstract = {Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.
Dai, Naci; Bermejo, Jesus; Latasa, Felix Cuadrado; López, Alejandra Ruiz; Agudo, Isaac; Zeeb, Elmar; Krueger, Jan; Dohndorf, Oliver; Thronicke, Wolfgang; Fiehe, Christoph; Litvina, Anna
OSAMI Commons: An open dynamic services platform for ambient intelligence Proceedings Article
In: IEEE 16th Conference on Emerging Technologies Factory Automation (ETFA 2011), pp. 1-10, IEEE IEEE, Toulouse, France, 2011, ISSN: 1946-0740.
@inproceedings{6059235,
title = {OSAMI Commons: An open dynamic services platform for ambient intelligence},
author = {Naci Dai and Jesus Bermejo and Felix Cuadrado Latasa and Alejandra Ruiz L\'{o}pez and Isaac Agudo and Elmar Zeeb and Jan Krueger and Oliver Dohndorf and Wolfgang Thronicke and Christoph Fiehe and Anna Litvina},
doi = {10.1109/ETFA.2011.6059235},
issn = {1946-0740},
year = {2011},
date = {2011-09-01},
urldate = {2011-09-01},
booktitle = {IEEE 16th Conference on Emerging Technologies Factory Automation (ETFA 2011)},
pages = {1-10},
publisher = {IEEE},
address = {Toulouse, France},
organization = {IEEE},
abstract = {Today we live in an environment surrounded with networked converging devices. Human computer interactions are becoming personalized and a new concept of a global and cross-domain platform is emerging to exploit the full potential of the network in all business areas. In this convergence process, the software platform should be able to personalize itself dynamically in devices according to the context. OSAmI-Commons, an ITEA2 project for developing an open-source common approach to such a dynamic service-based platform, allows any type of device to connect and exchange information and services. OSAMI consortium is contributing to defining the foundations of a cross-platform open-services ecosystem. The sustainability of this platform is an objective beyond the project duration.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Today we live in an environment surrounded with networked converging devices. Human computer interactions are becoming personalized and a new concept of a global and cross-domain platform is emerging to exploit the full potential of the network in all business areas. In this convergence process, the software platform should be able to personalize itself dynamically in devices according to the context. OSAmI-Commons, an ITEA2 project for developing an open-source common approach to such a dynamic service-based platform, allows any type of device to connect and exchange information and services. OSAMI consortium is contributing to defining the foundations of a cross-platform open-services ecosystem. The sustainability of this platform is an objective beyond the project duration.
Agudo, Isaac; Onieva, Jose A.; Merida, Daniel
Distribución segura de componentes software basada en OpenID Proceedings Article
In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), Tarragona, Spain, 2010, ISBN: 978-84-693-3304-4.
@inproceedings{Agudo2010,
title = {Distribuci\'{o}n segura de componentes software basada en OpenID},
author = {Isaac Agudo and Jose A. Onieva and Daniel Merida},
url = {/wp-content/papers/Agudo2010.pdf},
isbn = {978-84-693-3304-4},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {XI Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2010)},
address = {Tarragona, Spain},
abstract = {En la actualidad, cada vez son m\'{a}s frecuentes los ataques software mediante la utilizaci\'{o}n de malware o sustituci\'{o}n de programas (o componentes) en los repositorios a los cuales los usuarios finales (o m\'{a}quinas) acceden. Esta situaci\'{o}n se ve de alguna manera acentuada con el dinamismo existente en la programaci\'{o}n y ejecuci\'{o}n de estos componentes, en la que distintos desarrolladores pueden participar para desplegar un determinado servicio o parte de \'{e}l. Por ello, en este art\'{i}culo se presenta una soluci\'{o}n para la distribuci\'{o}n de c\'{o}digo de forma segura usando OpenID y firmas con certificados de clave p\'{u}blica de corta duraci\'{o}n. De esta forma, se consigue un compromiso de seguridad que permite distribuir c\'{o}digo firmado sin la necesidad de que los desarrolladores dispongan a priori de un certificado espec\'{i}fico. Presentamos adem\'{a}s algunos detalles acerca de la implementaci\'{o}n realizada para hacer realidad este dise\~{n}o.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
En la actualidad, cada vez son más frecuentes los ataques software mediante la utilización de malware o sustitución de programas (o componentes) en los repositorios a los cuales los usuarios finales (o máquinas) acceden. Esta situación se ve de alguna manera acentuada con el dinamismo existente en la programación y ejecución de estos componentes, en la que distintos desarrolladores pueden participar para desplegar un determinado servicio o parte de él. Por ello, en este artículo se presenta una solución para la distribución de código de forma segura usando OpenID y firmas con certificados de clave pública de corta duración. De esta forma, se consigue un compromiso de seguridad que permite distribuir código firmado sin la necesidad de que los desarrolladores dispongan a priori de un certificado específico. Presentamos además algunos detalles acerca de la implementación realizada para hacer realidad este diseño.
Rios, Ruben; Agudo, Isaac; Gonzalez, Jose L.
Implementación de un esquema de localización privada y segura para interiores Proceedings Article
In: Dimitriadis, Yannis; Pérez, María Jesús Verdú (Ed.): IX Jornadas de Ingeniería Telemática (JITEL’10), pp. 237 - 244, Valladolid (Spain), 2010, ISBN: 978-84-693-5398-1.
@inproceedings{Rios2010a,
title = {Implementaci\'{o}n de un esquema de localizaci\'{o}n privada y segura para interiores},
author = {Ruben Rios and Isaac Agudo and Jose L. Gonzalez},
editor = {Yannis Dimitriadis and Mar\'{i}a Jes\'{u}s Verd\'{u} P\'{e}rez},
url = {/wp-content/papers/Rios2010a.pdf},
isbn = {978-84-693-5398-1},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {IX Jornadas de Ingenier\'{i}a Telem\'{a}tica (JITEL’10)},
pages = {237 - 244},
address = {Valladolid (Spain)},
abstract = {Las aplicaciones basadas en localizaci\'{o}n proporcionan a los usuarios servicios personalizados dependiendo de su ubicaci\'{o}n. Las estimaciones prev\'{e}n que estos servicios se extender\'{a}n enormemente en los pr\'{o}ximos a\~{n}os reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilizaci\'{o}n de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localizaci\'{o}n que da soporte a la provisi\'{o}n de servicios basados en localizaci\'{o}n para entornos indoor y que se fundamenta en la tecnolog\'{i}a de redes de sensores inal\'{a}mbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atenci\'{o}n a la limitaci\'{o}n extrema de recursos caracter\'{i}stica de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del \'{a}mbito del proyecto OSAmI.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las aplicaciones basadas en localización proporcionan a los usuarios servicios personalizados dependiendo de su ubicación. Las estimaciones prevén que estos servicios se extenderán enormemente en los próximos años reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilización de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localización que da soporte a la provisión de servicios basados en localización para entornos indoor y que se fundamenta en la tecnología de redes de sensores inalámbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atención a la limitación extrema de recursos característica de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del ámbito del proyecto OSAmI.
Lopez, Javier; Alcaraz, Cristina; Roman, Rodrigo
Smart Control of Operational Threats in Control Substations Journal Article
In: Computers & Security, vol. 38, pp. 14-27, 2013, ISSN: 0167-4048.
@article{1770,
title = {Smart Control of Operational Threats in Control Substations},
author = {Javier Lopez and Cristina Alcaraz and Rodrigo Roman},
url = {/wp-content/papers/1770.pdf
http://www.sciencedirect.com/science/article/pii/S0167404813000588},
doi = {10.1016/j.cose.2013.03.013},
issn = {0167-4048},
year = {2013},
date = {2013-10-01},
urldate = {2013-10-01},
journal = {Computers \& Security},
volume = {38},
pages = {14-27},
publisher = {Elsevier},
abstract = {Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.
Muñoz, Antonio
A performance-oriented monitoring system for security properties in cloud computing applications Journal Article
In: The Computer Journal, 2012, ISSN: 1460-2067.
@article{munoz2012,
title = {A performance-oriented monitoring system for security properties in cloud computing applications},
author = {Antonio Mu\~{n}oz},
editor = {Javier Gonz\'{a}lez},
url = {/wp-content/papers/munoz2012.pdf},
issn = {1460-2067},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
journal = {The Computer Journal},
publisher = {Oxford Academic},
address = {Reino Unido},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Libor, Neumann; Halman, Tomas; Pavel, Rotek; Boettcher, Alexander; Stecklina, Julian; Sojka, Michal; Nuñez, David; Agudo, Isaac
Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity Proceedings Article
In: Pohlmann, Norbert; Reimer, Helmut; Schneider, Wolfgang (Ed.): Information Security Solutions Europe 2012, pp. 195-206, Springer Vieweg Springer Vieweg, Brussels, Belgium, 2012, ISBN: 978-3-658-00332-6.
@inproceedings{neumann2012strong,
title = {Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity},
author = {Neumann Libor and Tomas Halman and Rotek Pavel and Alexander Boettcher and Julian Stecklina and Michal Sojka and David Nu\~{n}ez and Isaac Agudo},
editor = {Norbert Pohlmann and Helmut Reimer and Wolfgang Schneider},
doi = {10.1007/978-3-658-00333-3_19},
isbn = {978-3-658-00332-6},
year = {2012},
date = {2012-00-01},
urldate = {2012-00-01},
booktitle = {Information Security Solutions Europe 2012},
pages = {195-206},
publisher = {Springer Vieweg},
address = {Brussels, Belgium},
organization = {Springer Vieweg},
abstract = {The paper describes the experience with integration of automatic cyber identity technology with policy controlled virtualisation environment. One identity technology has been used to enable strong authentication of users (human beings) as well as machines (host systems) to the virtualization management system. The real experimental evaluation has been done in PASSIVE project (Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments - SEVENTH FRAMEWORK PROGRAMME THEME ICT-2009.1.4 INFORMATION AND COMMUNICATION TECHNOLOGIES - Small or medium-scale focused research project - Grant agreement no.: 257644).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The paper describes the experience with integration of automatic cyber identity technology with policy controlled virtualisation environment. One identity technology has been used to enable strong authentication of users (human beings) as well as machines (host systems) to the virtualization management system. The real experimental evaluation has been done in PASSIVE project (Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments - SEVENTH FRAMEWORK PROGRAMME THEME ICT-2009.1.4 INFORMATION AND COMMUNICATION TECHNOLOGIES - Small or medium-scale focused research project - Grant agreement no.: 257644).
Agudo, Isaac; Nuñez, David; Giammatteo, Gabriele; Rizomiliotis, Panagiotis; Lambrinoudakis, Costas
Cryptography Goes to the Cloud Proceedings Article
In: Lee, Changhoon; Seigneur, Jean-Marc; Park, James J.; Wagner, Roland R. (Ed.): 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 190-197, Springer Springer, 2011, ISBN: 978-3-642-22364-8.
@inproceedings{agudo2011cryptography,
title = {Cryptography Goes to the Cloud},
author = {Isaac Agudo and David Nu\~{n}ez and Gabriele Giammatteo and Panagiotis Rizomiliotis and Costas Lambrinoudakis},
editor = {Changhoon Lee and Jean-Marc Seigneur and James J. Park and Roland R. Wagner},
url = {/wp-content/papers/agudo2011cryptography.pdf},
doi = {10.1007/978-3-642-22365-5_23},
isbn = {978-3-642-22364-8},
year = {2011},
date = {2011-06-01},
urldate = {2011-06-01},
booktitle = {1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011)},
volume = {187},
pages = {190-197},
publisher = {Springer},
organization = {Springer},
series = {Communications in Computer and Information Science},
abstract = {In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.
Nuñez, David; Agudo, Isaac; Drogkaris, Prokopios; Gritzalis, Stefanos
Identity Management Challenges for Intercloud Applications Proceedings Article
In: 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 198-204, Crete (Greece), 2011.
@inproceedings{DNunez11,
title = {Identity Management Challenges for Intercloud Applications},
author = {David Nu\~{n}ez and Isaac Agudo and Prokopios Drogkaris and Stefanos Gritzalis},
url = {/wp-content/papers/DNunez11.pdf},
doi = {10.1007/978-3-642-22365-5_24},
year = {2011},
date = {2011-06-01},
urldate = {2011-06-01},
booktitle = {1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011)},
volume = {187},
pages = {198-204},
address = {Crete (Greece)},
abstract = {Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.
Alcaraz, Cristina; Agudo, Isaac; Nuñez, David; Lopez, Javier
Managing Incidents in Smart Grids à la Cloud Proceedings Article
In: IEEE CloudCom 2011, pp. 527-531, IEEE Computer Society IEEE Computer Society, Athens, Greece, 2011, ISBN: 978-0-7695-4622-3.
@inproceedings{1643,
title = {Managing Incidents in Smart Grids \`{a} la Cloud},
author = {Cristina Alcaraz and Isaac Agudo and David Nu\~{n}ez and Javier Lopez},
url = {/wp-content/papers/1643.pdf},
doi = {10.1109/CloudCom.2011.79},
isbn = {978-0-7695-4622-3},
year = {2011},
date = {2011-00-01},
urldate = {2011-00-01},
booktitle = {IEEE CloudCom 2011},
pages = {527-531},
publisher = {IEEE Computer Society},
address = {Athens, Greece},
organization = {IEEE Computer Society},
abstract = {During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.
Vivas, Jose L.; Agudo, Isaac; Lopez, Javier
A methodology for security assurance-driven system development Journal Article
In: Requirements Engineering, vol. 16, no. 1, pp. 55-73, 2011, ISSN: 0947-3602.
@article{vivas2010,
title = {A methodology for security assurance-driven system development},
author = {Jose L. Vivas and Isaac Agudo and Javier Lopez},
url = {/wp-content/papers/vivas2010.pdf},
doi = {10.1007/s00766-010-0114-8},
issn = {0947-3602},
year = {2011},
date = {2011-03-01},
urldate = {2011-03-01},
journal = {Requirements Engineering},
volume = {16},
number = {1},
pages = {55-73},
publisher = {Springer},
abstract = {In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.
Roman, Rodrigo; Lopez, Javier; Dugeon, Olivier; Lacoste, Marc; Tron, Pierre Plaza; Bel, Marta
Advanced Secure Multimedia Services for Digital Homes Journal Article
In: Information Systems Frontiers, vol. 14, pp. 527-540, 2012, ISSN: 1387-3326.
@article{Roman2010a,
title = {Advanced Secure Multimedia Services for Digital Homes},
author = {Rodrigo Roman and Javier Lopez and Olivier Dugeon and Marc Lacoste and Pierre Plaza Tron and Marta Bel},
url = {/wp-content/papers/Roman2010a.pdf
http://www.springerlink.com/content/1785645v5246006u/},
doi = {10.1007/s10796-010-9258-9},
issn = {1387-3326},
year = {2012},
date = {2012-07-01},
urldate = {2012-07-01},
journal = {Information Systems Frontiers},
volume = {14},
pages = {527-540},
publisher = {Springer},
abstract = {Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
A Scale Based Trust Model for Multi-Context Environments Journal Article
In: Computers and Mathematics with Applications, vol. 60, pp. 209-216, 2010, ISSN: 0898-1221.
@article{Agudo2010b,
title = {A Scale Based Trust Model for Multi-Context Environments},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2010b.pdf},
doi = {10.1016/j.camwa.2010.02.009},
issn = {0898-1221},
year = {2010},
date = {2010-07-01},
urldate = {2010-07-01},
journal = {Computers and Mathematics with Applications},
volume = {60},
pages = {209-216},
publisher = {Elsevier},
abstract = {When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.
Lopez, Javier; Roman, Rodrigo; Agudo, Isaac; Fernandez-Gago, Carmen
Trust Management Systems for Wireless Sensor Networks: Best practices Journal Article
In: Computer Communications, vol. 33, no. 9, pp. 0140-3664, 2010, ISSN: 0140-3664.
@article{JavierLopezMunoz2010,
title = {Trust Management Systems for Wireless Sensor Networks: Best practices},
author = {Javier Lopez and Rodrigo Roman and Isaac Agudo and Carmen Fernandez-Gago},
url = {/wp-content/papers/JavierLopezMunoz2010.pdf},
doi = {10.1016/j.comcom.2010.02.006},
issn = {0140-3664},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer Communications},
volume = {33},
number = {9},
pages = {0140-3664},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
Concurrent access control for multi-user and multi-processor systems based on trust relationships Journal Article
In: Concurrency and Computation: Practice and Experience, vol. 21, pp. 1389-1403, 2009, ISSN: 1532-0626.
@article{Agudo2009,
title = {Concurrent access control for multi-user and multi-processor systems based on trust relationships},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2009.pdf},
doi = {10.1002/cpe.1430},
issn = {1532-0626},
year = {2009},
date = {2009-07-01},
urldate = {2009-07-01},
journal = {Concurrency and Computation: Practice and Experience},
volume = {21},
pages = {1389-1403},
publisher = {John Wiley \& Sons},
abstract = {Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
Delegating Privileges over Finite Resources: A Quota Based Delegation Approach Proceedings Article
In: 5th International Workshop on Formal Aspects in Security and Trust (FAST’08), pp. 302-315, Springer Springer, Malaga (Spain), 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Agudo2008,
title = {Delegating Privileges over Finite Resources: A Quota Based Delegation Approach},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2008.pdf},
doi = {10.1007/978-3-642-01465-9},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2008},
date = {2008-01-01},
urldate = {2008-01-01},
booktitle = {5th International Workshop on Formal Aspects in Security and Trust (FAST’08)},
volume = {5491},
pages = {302-315},
publisher = {Springer},
address = {Malaga (Spain)},
organization = {Springer},
series = {LNCS},
abstract = {When delegation in real world scenarios is considered, the delegator (the entity that posses the privileges) usually passes the privileges on to the delegatee (the entity that receives the privileges) in such a way that the former looses these privileges while the delegation is effective. If we think of a physical key that opens a door, the privilege being delegated by the owner of the key is opening the door. Once the owner of the key delegates this privilege to another entity, by handing over the key, he is not able to open the door any longer. This is due to the fact that the key is not copied and handed over but handed over to the delegatee. When delegation takes place in the electronic world, the delegator usually retains also the privileges. Thus, both users have them simultaneously. This situation, which in most cases is not a problem, may be undesirable when dealing with certain kind of resources. In particular, if we think of finite resources, those in which the number of users accessing simultaneously is finite, we can not allow that a user delegating his access privilege is also granted access when the delegation if effective. In this paper we propose an approach where each user is delegated an access quota for a resource. If further delegating of the delegated quota occurs, this is subtracted from his quota. That is, when delegating, part of the quota remains with the delegator and another part goes to the delegatee. This allows a more fairly access to the resource. Moreover, we show that this approach can also be applied to any kind of resources by defining appropriate authorization policies.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
When delegation in real world scenarios is considered, the delegator (the entity that posses the privileges) usually passes the privileges on to the delegatee (the entity that receives the privileges) in such a way that the former looses these privileges while the delegation is effective. If we think of a physical key that opens a door, the privilege being delegated by the owner of the key is opening the door. Once the owner of the key delegates this privilege to another entity, by handing over the key, he is not able to open the door any longer. This is due to the fact that the key is not copied and handed over but handed over to the delegatee. When delegation takes place in the electronic world, the delegator usually retains also the privileges. Thus, both users have them simultaneously. This situation, which in most cases is not a problem, may be undesirable when dealing with certain kind of resources. In particular, if we think of finite resources, those in which the number of users accessing simultaneously is finite, we can not allow that a user delegating his access privilege is also granted access when the delegation if effective. In this paper we propose an approach where each user is delegated an access quota for a resource. If further delegating of the delegated quota occurs, this is subtracted from his quota. That is, when delegating, part of the quota remains with the delegator and another part goes to the delegatee. This allows a more fairly access to the resource. Moreover, we show that this approach can also be applied to any kind of resources by defining appropriate authorization policies.
Alcaraz, Cristina; Lopez, Javier; Zhou, Jianying; Roman, Rodrigo
Secure SCADA Framework for the Protection of Energy Control Systems Journal Article
In: Concurrency and Computation Practice & Experience, vol. 23, no. 12, pp. 1414-1430, 2011, ISSN: 1532-0626.
@article{Alcaraz2011a,
title = {Secure SCADA Framework for the Protection of Energy Control Systems},
author = {Cristina Alcaraz and Javier Lopez and Jianying Zhou and Rodrigo Roman},
url = {/wp-content/papers/Alcaraz2011a.pdf},
doi = {10.1002/cpe.1679},
issn = {1532-0626},
year = {2011},
date = {2011-08-01},
urldate = {2011-08-01},
journal = {Concurrency and Computation Practice \& Experience},
volume = {23},
number = {12},
pages = {1414-1430},
publisher = {John Wiley \& Sons, Inc.},
abstract = {Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular benetextasciimacronts of the integration of those new technologies, and also the etextregisteredects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of ditextregisterederent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.
Alcaraz, Cristina; Roman, Rodrigo; Najera, Pablo; Lopez, Javier
Acceso seguro a redes de sensores en SCADA a través de Internet Proceedings Article
In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, Tarragona (Spain), 2010, ISBN: 978-84-693-3304-4.
@inproceedings{Alcaraz2010,
title = {Acceso seguro a redes de sensores en SCADA a trav\'{e}s de Internet},
author = {Cristina Alcaraz and Rodrigo Roman and Pablo Najera and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010.pdf
http://crises-deim.urv.cat/recsi2010/},
isbn = {978-84-693-3304-4},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {XI Reuni\'{o}n Espa\~{n}ola sobre Criptolog\'{i}a y Seguridad de la Informaci\'{o}n (RECSI 2010)},
pages = {337-342},
address = {Tarragona (Spain)},
abstract = {Las Infraestructuras Cr\'{i}ticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisici\'{o}n de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria est\'{a} actualmente demandando la integraci\'{o}n en el modelo tradicional de dos avances tecnol\'{o}gicos: Internet y las redes de sensores inal\'{a}mbricas. Sin embargo, su incorporaci\'{o}n requiere analizar los requisitos de seguridad que surgen en dicho contexto, as\'{i} como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimizaci\'{o}n) y, en base a estos, la estrategia de integraci\'{o}n m\'{a}s adecuada para satisfacer dichos requisitos. Este art\'{i}culo proporciona dicho an\'{a}lisis en profundidad con el fin de ofrecer un modelo de integraci\'{o}n seguro adecuado para entornos cr\'{i}ticos.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.
Alcaraz, Cristina; Balastegui, Angel; Lopez, Javier
Early Warning System for Cascading Effect Control in Energy Control Systems Proceedings Article
In: 5th International conference on Critical Information Infrastructures Security (CRITIS’10), pp. 55-67, Springer Springer, Athens, Greece, 2010, ISSN: 0302-9743.
@inproceedings{Alcaraz2010b,
title = {Early Warning System for Cascading Effect Control in Energy Control Systems},
author = {Cristina Alcaraz and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010b.pdf
http://critis.net/2010/},
issn = {0302-9743},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
booktitle = {5th International conference on Critical Information Infrastructures Security (CRITIS’10)},
volume = {6712},
pages = {55-67},
publisher = {Springer},
address = {Athens, Greece},
organization = {Springer},
series = {LNCS},
abstract = {A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.
Alcaraz, Cristina; Agudo, Isaac; Fernandez-Gago, Carmen; Roman, Rodrigo; Fernandez, Gerardo; Lopez, Javier
Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems Proceedings Article
In: 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), pp. 86-94, Springer-Verlag Springer-Verlag, Linz, Austria, 2009, ISBN: 978-3-642-03747-4.
@inproceedings{Alcaraz2009,
title = {Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems},
author = {Cristina Alcaraz and Isaac Agudo and Carmen Fernandez-Gago and Rodrigo Roman and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/Alcaraz2009.pdf},
doi = {10.1007/978-3-642-03748-1_9},
isbn = {978-3-642-03747-4},
year = {2009},
date = {2009-09-01},
urldate = {2009-09-01},
booktitle = {6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09)},
pages = {86-94},
publisher = {Springer-Verlag},
address = {Linz, Austria},
organization = {Springer-Verlag},
series = {LNCS},
abstract = {SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Sorry, no publications matched your criteria.
Galindo, David; Roman, Rodrigo; Lopez, Javier
On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks Journal Article
In: Wireless Communications and Mobile Computing, vol. 12, pp. 133-143, 2012, ISSN: 1530-8669.
@article{Galindo2010,
title = {On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks},
author = {David Galindo and Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/Galindo2010.pdf},
doi = {10.1002/wcm.894},
issn = {1530-8669},
year = {2012},
date = {2012-01-01},
urldate = {2012-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {12},
pages = {133-143},
publisher = {Wiley},
abstract = {Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).
Vivas, Jose L.; Fernandez-Gago, Carmen; Benjumea, Andres; Lopez, Javier
A security framework for a workflow-based grid development platform. Journal Article
In: Computer Standards and Interfaces, vol. 32, no. 5-6, pp. 230-245, 2010, ISSN: 0920-5489.
@article{vivas2009,
title = {A security framework for a workflow-based grid development platform.},
author = {Jose L. Vivas and Carmen Fernandez-Gago and Andres Benjumea and Javier Lopez},
url = {/wp-content/papers/vivas2009.pdf},
doi = {10.1016/j.csi.2009.04.001},
issn = {0920-5489},
year = {2010},
date = {2010-10-01},
urldate = {2010-10-01},
journal = {Computer Standards and Interfaces},
volume = {32},
number = {5-6},
pages = {230-245},
publisher = {Elsevier},
abstract = {This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
A Scale Based Trust Model for Multi-Context Environments Journal Article
In: Computers and Mathematics with Applications, vol. 60, pp. 209-216, 2010, ISSN: 0898-1221.
@article{Agudo2010b,
title = {A Scale Based Trust Model for Multi-Context Environments},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2010b.pdf},
doi = {10.1016/j.camwa.2010.02.009},
issn = {0898-1221},
year = {2010},
date = {2010-07-01},
urldate = {2010-07-01},
journal = {Computers and Mathematics with Applications},
volume = {60},
pages = {209-216},
publisher = {Elsevier},
abstract = {When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.
Alcaraz, Cristina; Lopez, Javier
A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems Journal Article
In: IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 40, no. 4, pp. 419-428, 2010, ISSN: 1094-6977.
@article{Alcaraz2010a,
title = {A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems},
author = {Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Alcaraz2010a.pdf
http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=\&arnumber=5443456\&queryText%253DC.+Alcaraz%2526openedRefinements%253D*%2526searchField%253DSearch+All\&fromGateway=true},
doi = {10.1109/TSMCC.2010.2045373},
issn = {1094-6977},
year = {2010},
date = {2010-07-01},
urldate = {2010-07-01},
journal = {IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews},
volume = {40},
number = {4},
pages = {419-428},
publisher = {IEEE},
abstract = {Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.
Forne, Jordi; Hinarejos, M. Francisca; Marin, Andres; Almenarez, Florina; Lopez, Javier; Montenegro, Jose A.; Lacoste, Marc; Diaz, Daniel
Pervasive Authentication and Authorization Infrastructures for Mobile Users Journal Article
In: Computer and Security, vol. 29, pp. 501-514, 2010, ISSN: 0167-4048.
@article{JordiForne2009,
title = {Pervasive Authentication and Authorization Infrastructures for Mobile Users},
author = {Jordi Forne and M. Francisca Hinarejos and Andres Marin and Florina Almenarez and Javier Lopez and Jose A. Montenegro and Marc Lacoste and Daniel Diaz},
url = {/wp-content/papers/JordiForne2009.pdf},
doi = {10.1016/j.cose.2009.09.001},
issn = {0167-4048},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer and Security},
volume = {29},
pages = {501-514},
publisher = {elsevier},
abstract = {Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.
Lopez, Javier; Roman, Rodrigo; Agudo, Isaac; Fernandez-Gago, Carmen
Trust Management Systems for Wireless Sensor Networks: Best practices Journal Article
In: Computer Communications, vol. 33, no. 9, pp. 0140-3664, 2010, ISSN: 0140-3664.
@article{JavierLopezMunoz2010,
title = {Trust Management Systems for Wireless Sensor Networks: Best practices},
author = {Javier Lopez and Rodrigo Roman and Isaac Agudo and Carmen Fernandez-Gago},
url = {/wp-content/papers/JavierLopezMunoz2010.pdf},
doi = {10.1016/j.comcom.2010.02.006},
issn = {0140-3664},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer Communications},
volume = {33},
number = {9},
pages = {0140-3664},
publisher = {Elsevier},
abstract = {Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.
Alcaraz, Cristina; Agudo, Isaac; Fernandez-Gago, Carmen; Roman, Rodrigo; Fernandez, Gerardo; Lopez, Javier
Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems Proceedings Article
In: 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), pp. 86-94, Springer-Verlag Springer-Verlag, Linz, Austria, 2009, ISBN: 978-3-642-03747-4.
@inproceedings{Alcaraz2009,
title = {Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems},
author = {Cristina Alcaraz and Isaac Agudo and Carmen Fernandez-Gago and Rodrigo Roman and Gerardo Fernandez and Javier Lopez},
url = {/wp-content/papers/Alcaraz2009.pdf},
doi = {10.1007/978-3-642-03748-1_9},
isbn = {978-3-642-03747-4},
year = {2009},
date = {2009-09-01},
urldate = {2009-09-01},
booktitle = {6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09)},
pages = {86-94},
publisher = {Springer-Verlag},
address = {Linz, Austria},
organization = {Springer-Verlag},
series = {LNCS},
abstract = {SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.
Lopez, Javier; Roman, Rodrigo; Alcaraz, Cristina
Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks Proceedings Article
In: Foundations of Security Analysis and Design 2009, pp. 289-338, Springer Berlin/Heidelberg Springer Berlin/Heidelberg, Bertinoro (Italy), 2009, ISSN: 0302-9743 (Print) 1611-3349 (Online).
@inproceedings{Lopez2009,
title = {Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks},
author = {Javier Lopez and Rodrigo Roman and Cristina Alcaraz},
url = {/wp-content/papers/Lopez2009.pdf
http://www.springerlink.com/content/u8h4882831k474n6/},
doi = {10.1007/978-3-642-03829-7_10},
issn = {0302-9743 (Print) 1611-3349 (Online)},
year = {2009},
date = {2009-08-01},
urldate = {2009-08-01},
booktitle = {Foundations of Security Analysis and Design 2009},
volume = {5705},
pages = {289-338},
publisher = {Springer Berlin/Heidelberg},
address = {Bertinoro (Italy)},
organization = {Springer Berlin/Heidelberg},
series = {LNCS},
abstract = {As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.
Agudo, Isaac; Fernandez-Gago, Carmen; Lopez, Javier
Concurrent access control for multi-user and multi-processor systems based on trust relationships Journal Article
In: Concurrency and Computation: Practice and Experience, vol. 21, pp. 1389-1403, 2009, ISSN: 1532-0626.
@article{Agudo2009,
title = {Concurrent access control for multi-user and multi-processor systems based on trust relationships},
author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez},
url = {/wp-content/papers/Agudo2009.pdf},
doi = {10.1002/cpe.1430},
issn = {1532-0626},
year = {2009},
date = {2009-07-01},
urldate = {2009-07-01},
journal = {Concurrency and Computation: Practice and Experience},
volume = {21},
pages = {1389-1403},
publisher = {John Wiley \& Sons},
abstract = {Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level.
Roman, Rodrigo; Lopez, Javier
Integrating Wireless Sensor Networks and the Internet: A Security Analysis Journal Article
In: Internet Research, vol. 19, no. 2, pp. 246-259, 2009, ISSN: 1066-2243.
@article{roman2009a,
title = {Integrating Wireless Sensor Networks and the Internet: A Security Analysis},
author = {Rodrigo Roman and Javier Lopez},
url = {/wp-content/papers/roman2009a.pdf},
doi = {10.1108/10662240910952373},
issn = {1066-2243},
year = {2009},
date = {2009-03-01},
urldate = {2009-03-01},
journal = {Internet Research},
volume = {19},
number = {2},
pages = {246-259},
publisher = {Emerald},
abstract = {Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.
Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.
Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.
Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.
Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.
Najera, Pablo; Moyano, Francisco; Lopez, Javier
Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents Journal Article
In: Journal of Universal Computer Science, vol. 15, pp. 970-991, 2009, ISSN: 0948-695X.
@article{Najera2009,
title = {Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents},
author = {Pablo Najera and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/Najera2009.pdf
http://www.jucs.org/jucs_15_5/security_mechanisms_and_access},
doi = {10.3217/jucs-015-05-0970},
issn = {0948-695X},
year = {2009},
date = {2009-01-01},
urldate = {2009-01-01},
journal = {Journal of Universal Computer Science},
volume = {15},
pages = {970-991},
abstract = {Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.
Alcaraz, Cristina; Fernandez, Gerardo; Roman, Rodrigo; Balastegui, Angel; Lopez, Javier
Gestión segura de redes SCADA Journal Article
In: Nuevas tendencias en gestión de redes, Novática, no. 196, pp. 20-25, 2008, ISSN: 0211-2124.
@article{Alcaraz2008a,
title = {Gesti\'{o}n segura de redes SCADA},
author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008a.pdf
http://www.ati.es/novatica/indice.html$#$196},
issn = {0211-2124},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
journal = {Nuevas tendencias en gesti\'{o}n de redes, Nov\'{a}tica},
number = {196},
pages = {20-25},
publisher = {CEPIS},
abstract = {En el momento que se introduce en el mercado nuevas tecnolog\'{i}as basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupci\'{o}n en uno de sus componentes podr\'{i}a suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes an\'{a}lisis de seguridad para as\'{i} mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gesti\'{o}n de red fiable y siempre disponible.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
En el momento que se introduce en el mercado nuevas tecnologías basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupción en uno de sus componentes podría suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes análisis de seguridad para así mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gestión de red fiable y siempre disponible.
Alcaraz, Cristina; Fernandez, Gerardo; Roman, Rodrigo; Balastegui, Angel; Lopez, Javier
Secure Management of SCADA Networks Journal Article
In: Novatica, New Trends in Network Management, vol. 9, no. 6, pp. 22-28, 2008, ISSN: 1684-5285.
@article{Alcaraz2008b,
title = {Secure Management of SCADA Networks},
author = {Cristina Alcaraz and Gerardo Fernandez and Rodrigo Roman and Angel Balastegui and Javier Lopez},
url = {/wp-content/papers/Alcaraz2008b.pdf
http://www.upgrade-cepis.org/issues/2008/6/up9-6Alcaraz.pdf},
issn = {1684-5285},
year = {2008},
date = {2008-12-01},
urldate = {2008-12-01},
journal = {Novatica, New Trends in Network Management},
volume = {9},
number = {6},
pages = {22-28},
publisher = {Cepis UPGRADE},
abstract = {When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.
Roman, Rodrigo; Lopez, Javier; Gritzalis, Stefanos
Situation Awareness Mechanisms for Wireless Sensor Networks Journal Article
In: IEEE Communications Magazine, vol. 46, no. 4, pp. 102-107, 2008, ISSN: 0163-6804.
@article{Roman2008a,
title = {Situation Awareness Mechanisms for Wireless Sensor Networks},
author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},
url = {/wp-content/papers/Roman2008a.pdf},
doi = {10.1109/MCOM.2008.4481348},
issn = {0163-6804},
year = {2008},
date = {2008-04-01},
urldate = {2008-04-01},
journal = {IEEE Communications Magazine},
volume = {46},
number = {4},
pages = {102-107},
publisher = {IEEE},
abstract = {A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.
Benjumea, Vicente; Lopez, Javier; Troya, Jose M.
Anonymity Analysis in Credentials-based Systems: A Formal Framework Journal Article
In: Computer Standards & Interfaces, vol. 30, no. 4, pp. 253-261, 2008, ISSN: 0920-5489.
@article{VicenteBenjumea2008,
title = {Anonymity Analysis in Credentials-based Systems: A Formal Framework},
author = {Vicente Benjumea and Javier Lopez and Jose M. Troya},
url = {/wp-content/papers/VicenteBenjumea2008.pdf},
issn = {0920-5489},
year = {2008},
date = {2008-01-01},
urldate = {2008-01-01},
journal = {Computer Standards \& Interfaces},
volume = {30},
number = {4},
pages = {253-261},
publisher = {Elsevier},
abstract = {Anonymity has been formalized and some metrics have been defined in the scope of anonymizing communication channels. In this paper, such formalization has been extended to cope with anonymity in those scenarios where users must anonymously prove that they own certain privileges to perform remote transactions. In these types of scenarios, the authorization policy states the privileges required to perform a given remote transaction. The paper presents a framework to analyze the actual degree of anonymity reached in a given transaction and allows its comparison with an ideal anonymity degree as defined by the authorization policy, providinga tool to model, design and analyze anonymous systems in different scenarios.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Anonymity has been formalized and some metrics have been defined in the scope of anonymizing communication channels. In this paper, such formalization has been extended to cope with anonymity in those scenarios where users must anonymously prove that they own certain privileges to perform remote transactions. In these types of scenarios, the authorization policy states the privileges required to perform a given remote transaction. The paper presents a framework to analyze the actual degree of anonymity reached in a given transaction and allows its comparison with an ideal anonymity degree as defined by the authorization policy, providinga tool to model, design and analyze anonymous systems in different scenarios.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier
A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes Journal Article
In: Mobile Networks and Applications, vol. 12, no. 4, pp. 231-244, 2007, ISSN: 1383-469X.
@article{Roman2007,
title = {A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Roman2007.pdf
http://www.springerlink.com/content/3785k818327456gq/},
doi = {10.1007/s11036-007-0024-2},
issn = {1383-469X},
year = {2007},
date = {2007-08-01},
urldate = {2007-08-01},
journal = {Mobile Networks and Applications},
volume = {12},
number = {4},
pages = {231-244},
publisher = {Springer},
abstract = {In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.
Roman, Rodrigo; Lopez, Javier; Najera, Pablo
A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures Journal Article
In: Wireless Communications and Mobile Computing, vol. 11, pp. 267-276, 2011, ISSN: 1530-8669.
@article{Roman2010,
title = {A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures},
author = {Rodrigo Roman and Javier Lopez and Pablo Najera},
url = {/wp-content/papers/Roman2010.pdf},
doi = {10.1002/wcm.1006},
issn = {1530-8669},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
journal = {Wireless Communications and Mobile Computing},
volume = {11},
pages = {267-276},
publisher = {Wiley},
abstract = {The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
Caro, Rafael J.; Garrido, David; Plaza, Pierre; Roman, Rodrigo; Sanz, Nuria; Serrano, Jose L.
Middleware Seguro EP2P: un Desafío para las Redes Sociales Proceedings Article
In: XVIII Jornadas Telecom I+D, Bilbao (Spain), 2008.
@inproceedings{Benito2008,
title = {Middleware Seguro EP2P: un Desaf\'{i}o para las Redes Sociales},
author = {Rafael J. Caro and David Garrido and Pierre Plaza and Rodrigo Roman and Nuria Sanz and Jose L. Serrano},
url = {/wp-content/papers/Benito2008.pdf},
year = {2008},
date = {2008-10-01},
urldate = {2008-10-01},
booktitle = {XVIII Jornadas Telecom I+D},
address = {Bilbao (Spain)},
abstract = {Los sistemas distribuidos en dispositivos embebidos representan un nuevo reto en el desarrollo de software. Estos sistemas han supuesto una importante revoluci\'{o}n en el paradigma de la computaci\'{o}n distribuida donde se intenta fragmentar un problema grande en m\'{u}ltiples problemas m\'{a}s peque\~{n}os. El nuevo escenario tiende entonces hacia sistemas en los cuales todos los elementos de la red se consideran iguales y los mecanismos de comunicaci\'{o}n est\~{a}n basados en redes ad-hoc que se forman din\'{a}micamente. De esta forma cualquier usuario de la red (en realidad cualquier elemento, hasta el m\'{a}s simple dispositivo) adquiere valor, a mayor colaboraci\'{o}n, mayor \'{e}xito del sistema. Sin embargo, desde el punto de vista de la seguridad, estos sistemas son extremadamente vulnerables. En este art\'{i}culo se presenta SMEPP, un middleware dise\~{n}ado especialmente para sistemas P2P incluyendo aspectos de seguridad. SMEPP est\'{a} dise\~{n}ado para poder ser ejecutado en un amplio rango de dispositivos (desde redes de sensores hasta PC), y trata de facilitar el desarrollo de aplicaciones ocultando los detalles de la plataforma y otros aspectos tales como escalabilidad, adaptabilidad e interoperabilidad. Adem\'{a}s el art\'{i}culo presenta dos aplicaciones de alto nivel que utilizando este middleware pasan a ser m\'{a}s personales, m\'{a}s sociales y m\'{a}s baratas, haciendo que todos los usuarios de la red cobren mayor importancia.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Los sistemas distribuidos en dispositivos embebidos representan un nuevo reto en el desarrollo de software. Estos sistemas han supuesto una importante revolución en el paradigma de la computación distribuida donde se intenta fragmentar un problema grande en múltiples problemas más pequeños. El nuevo escenario tiende entonces hacia sistemas en los cuales todos los elementos de la red se consideran iguales y los mecanismos de comunicación estãn basados en redes ad-hoc que se forman dinámicamente. De esta forma cualquier usuario de la red (en realidad cualquier elemento, hasta el más simple dispositivo) adquiere valor, a mayor colaboración, mayor éxito del sistema. Sin embargo, desde el punto de vista de la seguridad, estos sistemas son extremadamente vulnerables. En este artículo se presenta SMEPP, un middleware diseñado especialmente para sistemas P2P incluyendo aspectos de seguridad. SMEPP está diseñado para poder ser ejecutado en un amplio rango de dispositivos (desde redes de sensores hasta PC), y trata de facilitar el desarrollo de aplicaciones ocultando los detalles de la plataforma y otros aspectos tales como escalabilidad, adaptabilidad e interoperabilidad. Además el artículo presenta dos aplicaciones de alto nivel que utilizando este middleware pasan a ser más personales, más sociales y más baratas, haciendo que todos los usuarios de la red cobren mayor importancia.
Roman, Rodrigo; Lopez, Javier; Gritzalis, Stefanos
Situation Awareness Mechanisms for Wireless Sensor Networks Journal Article
In: IEEE Communications Magazine, vol. 46, no. 4, pp. 102-107, 2008, ISSN: 0163-6804.
@article{Roman2008a,
title = {Situation Awareness Mechanisms for Wireless Sensor Networks},
author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis},
url = {/wp-content/papers/Roman2008a.pdf},
doi = {10.1109/MCOM.2008.4481348},
issn = {0163-6804},
year = {2008},
date = {2008-04-01},
urldate = {2008-04-01},
journal = {IEEE Communications Magazine},
volume = {46},
number = {4},
pages = {102-107},
publisher = {IEEE},
abstract = {A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.
Roman, Rodrigo; Alcaraz, Cristina; Lopez, Javier
A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes Journal Article
In: Mobile Networks and Applications, vol. 12, no. 4, pp. 231-244, 2007, ISSN: 1383-469X.
@article{Roman2007,
title = {A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes},
author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez},
url = {/wp-content/papers/Roman2007.pdf
http://www.springerlink.com/content/3785k818327456gq/},
doi = {10.1007/s11036-007-0024-2},
issn = {1383-469X},
year = {2007},
date = {2007-08-01},
urldate = {2007-08-01},
journal = {Mobile Networks and Applications},
volume = {12},
number = {4},
pages = {231-244},
publisher = {Springer},
abstract = {In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.
Rosado, David G.; Fernandez-Medina, Eduardo; Lopez, Javier; Piattini, Mario
Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid systems Journal Article
In: IEICE Trans. on Information and Systems, vol. E94-D, pp. 243-254, 2011, ISSN: 0916-8532.
@article{rosado2009,
title = {Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid systems},
author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini},
url = {/wp-content/papers/rosado2009.pdf},
doi = {10.1587/transinf.E94.D.243},
issn = {0916-8532},
year = {2011},
date = {2011-02-01},
urldate = {2011-02-01},
journal = {IEICE Trans. on Information and Systems},
volume = {E94-D},
pages = {243-254},
publisher = {IEICE},
abstract = {The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.
Rosado, David G.; Fernandez-Medina, Eduardo; Piattini, Mario; Lopez, Javier
Analysis of Secure Mobile Grid Systems: A systematic approach Proceedings Article
In: XVI Jornadas de Ingeniería del Software y Bases de Datos (JISBD 2011), pp. 487-491, Servizo de publicacións da Universidade da Coruña Servizo de publicacións da Universidade da Coruña, A Coruña, Spain, 2011, ISBN: 978-84-9749-486-1.
@inproceedings{1642,
title = {Analysis of Secure Mobile Grid Systems: A systematic approach},
author = {David G. Rosado and Eduardo Fernandez-Medina and Mario Piattini and Javier Lopez},
url = {/wp-content/papers/1642.pdf},
isbn = {978-84-9749-486-1},
year = {2011},
date = {2011-00-01},
urldate = {2011-00-01},
booktitle = {XVI Jornadas de Ingenier\'{i}a del Software y Bases de Datos (JISBD 2011)},
pages = {487-491},
publisher = {Servizo de publicaci\'{o}ns da Universidade da Coru\~{n}a},
address = {A Coru\~{n}a, Spain},
organization = {Servizo de publicaci\'{o}ns da Universidade da Coru\~{n}a},
abstract = {Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system’s requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. Generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system’s requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. Generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments.
Vivas, Jose L.; Fernandez-Gago, Carmen; Benjumea, Andres; Lopez, Javier
A security framework for a workflow-based grid development platform. Journal Article
In: Computer Standards and Interfaces, vol. 32, no. 5-6, pp. 230-245, 2010, ISSN: 0920-5489.
@article{vivas2009,
title = {A security framework for a workflow-based grid development platform.},
author = {Jose L. Vivas and Carmen Fernandez-Gago and Andres Benjumea and Javier Lopez},
url = {/wp-content/papers/vivas2009.pdf},
doi = {10.1016/j.csi.2009.04.001},
issn = {0920-5489},
year = {2010},
date = {2010-10-01},
urldate = {2010-10-01},
journal = {Computer Standards and Interfaces},
volume = {32},
number = {5-6},
pages = {230-245},
publisher = {Elsevier},
abstract = {This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.
Rosado, David G.; Fernandez-Medina, Eduardo; Lopez, Javier; Piattini, Mario
Developing a Secure Mobile Grid System through a UML Extension Journal Article
In: Journal of Universal Computer Science, vol. 16, no. 17, pp. 2333-2352, 2010, ISSN: 0948-695x.
@article{rofelopi,
title = {Developing a Secure Mobile Grid System through a UML Extension},
author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini},
doi = {10.3217/jucs-016-17-2333},
issn = {0948-695x},
year = {2010},
date = {2010-09-01},
urldate = {2010-09-01},
journal = {Journal of Universal Computer Science},
volume = {16},
number = {17},
pages = {2333-2352},
publisher = {Springer},
abstract = {The idea of developing software through systematic development processes toimprove software quality is not new. Nevertheless, there are still many information systemssuch as those of Grid Computing which are not developed through methodologies that areadapted to their most differentiating features. A systematic development process for Gridsystems that supports the participation of mobile nodes and incorporates security aspects intothe entire software lifecycle will thus play a significant role in the development of systemsbased on Grid computing. We are creating a development process for the construction ofinformation systems based on Grid Computing, which is highly dependent on mobile devices,in which security plays a highly important role. One of the activities in this process is that ofanalysis which is focused on ensuring that the system’s security and functional requirements areelicited, specified and modelled. In our approach, this activity is driven by use cases andsupported by the reusable repository. This obtains, builds, defines and refines the use cases ofthe secure Mobile Grid systems which represent the functional and non-functional requirementsof this kind of systems. In this paper, we present the proposed development process throughwhich we introduce the main aspects of the UML profile defined for building use case diagramsin the mobile Grid context through which it is possible to represent specific mobile Gridfeatures and security aspects, showing in detail how to build use case diagrams for a real mobile Grid application by using our UML profile, denominated as GridUCSec-Profile.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The idea of developing software through systematic development processes toimprove software quality is not new. Nevertheless, there are still many information systemssuch as those of Grid Computing which are not developed through methodologies that areadapted to their most differentiating features. A systematic development process for Gridsystems that supports the participation of mobile nodes and incorporates security aspects intothe entire software lifecycle will thus play a significant role in the development of systemsbased on Grid computing. We are creating a development process for the construction ofinformation systems based on Grid Computing, which is highly dependent on mobile devices,in which security plays a highly important role. One of the activities in this process is that ofanalysis which is focused on ensuring that the system’s security and functional requirements areelicited, specified and modelled. In our approach, this activity is driven by use cases andsupported by the reusable repository. This obtains, builds, defines and refines the use cases ofthe secure Mobile Grid systems which represent the functional and non-functional requirementsof this kind of systems. In this paper, we present the proposed development process throughwhich we introduce the main aspects of the UML profile defined for building use case diagramsin the mobile Grid context through which it is possible to represent specific mobile Gridfeatures and security aspects, showing in detail how to build use case diagrams for a real mobile Grid application by using our UML profile, denominated as GridUCSec-Profile.
Rosado, David G.; Fernandez-Medina, Eduardo; Lopez, Javier
Reutilización de Casos de Uso en el Desarrollo de Sistemas Grid seguros Proceedings Article
In: XII Conferencia Iberoamericana de Ingeniería de Requisitos y Ambientes de Software (IDEAS’09), pp. 388-393, University of Colombia University of Colombia, Medellín, Colombia, 2009, ISBN: 978-958-44-5028-9.
@inproceedings{rosado2009a,
title = {Reutilizaci\'{o}n de Casos de Uso en el Desarrollo de Sistemas Grid seguros},
author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez},
isbn = {978-958-44-5028-9},
year = {2009},
date = {2009-01-01},
urldate = {2009-01-01},
booktitle = {XII Conferencia Iberoamericana de Ingenier\'{i}a de Requisitos y Ambientes de Software (IDEAS’09)},
pages = {388-393},
publisher = {University of Colombia},
address = {Medell\'{i}n, Colombia},
organization = {University of Colombia},
abstract = {El desarrollo software debe estar basado en un proceso sistem\'{a}tico y estructurado donde se definan los m\'{e}todos y t\'{e}cnicas a utilizar en todo su ciclo de vida, ayudando as\'{i} a obtener un producto de calidad. Es igualmente importante que el proceso sistem\'{a}tico considere aspectos de seguridad desde las primeras etapas, integr\'{a}ndola como un elemento m\'{a}s en el ciclo de desarrollo. En este art\'{i}culo mostramos la metodolog\'{i}a de desarrollo sistem\'{a}tico que sirve de gu\'{i}a para el desarrollo de cualquier sistema Grid con dispositivos m\'{o}viles, considerando la seguridad durante todas las fases de desarrollo, lo que nos permitir\'{a} obtener como resultado sistemas Grid seguros, robustos y escalables. Este art\'{i}culo presenta la fase de an\'{a}lisis, dirigida por casos de uso reutilizables, mediante los cuales se definen los requisitos y necesidades de estos sistemas, y es aplicada a un caso de estudio real de un Grid para el acceso de contenidos multimedia en un contexto period\'{i}stico.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
El desarrollo software debe estar basado en un proceso sistemático y estructurado donde se definan los métodos y técnicas a utilizar en todo su ciclo de vida, ayudando así a obtener un producto de calidad. Es igualmente importante que el proceso sistemático considere aspectos de seguridad desde las primeras etapas, integrándola como un elemento más en el ciclo de desarrollo. En este artículo mostramos la metodología de desarrollo sistemático que sirve de guía para el desarrollo de cualquier sistema Grid con dispositivos móviles, considerando la seguridad durante todas las fases de desarrollo, lo que nos permitirá obtener como resultado sistemas Grid seguros, robustos y escalables. Este artículo presenta la fase de análisis, dirigida por casos de uso reutilizables, mediante los cuales se definen los requisitos y necesidades de estos sistemas, y es aplicada a un caso de estudio real de un Grid para el acceso de contenidos multimedia en un contexto periodístico.
Rosado, David G.; Fernandez-Medina, Eduardo; Lopez, Javier
Obtaining Security Requirements for a Mobile Grid System Journal Article
In: International Journal of Grid and High Performance Computing, vol. 1, pp. 1-17, 2009, ISSN: 1938-0259.
@article{rosado2009c,
title = {Obtaining Security Requirements for a Mobile Grid System},
author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez},
url = {/wp-content/papers/rosado2009c.pdf},
doi = {10.4018/IJGHPC},
issn = {1938-0259},
year = {2009},
date = {2009-01-01},
urldate = {2009-01-01},
journal = {International Journal of Grid and High Performance Computing},
volume = {1},
pages = {1-17},
publisher = {IGI-Global},
abstract = {Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, withthe additional feature of supporting mobile users and resources ina seamless, transparent, secure and efficient way. Security ofthese systems, due to their distributed and open nature, isconsidered a topic of great interest. We are elaborating amethodology of development to build secure mobile grid systemsconsidering security on all life cycle. In this paper we present thepractical results applying our methodology to a real case,specifically we apply the part of security requirements analysis toobtain and identify security requirements of a specific applicationfollowing a set of tasks defined for helping us in the definition,identification and specification of the security requirements onour case study. The methodology will help us to build a securegrid application in a systematic and iterative way.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, withthe additional feature of supporting mobile users and resources ina seamless, transparent, secure and efficient way. Security ofthese systems, due to their distributed and open nature, isconsidered a topic of great interest. We are elaborating amethodology of development to build secure mobile grid systemsconsidering security on all life cycle. In this paper we present thepractical results applying our methodology to a real case,specifically we apply the part of security requirements analysis toobtain and identify security requirements of a specific applicationfollowing a set of tasks defined for helping us in the definition,identification and specification of the security requirements onour case study. The methodology will help us to build a securegrid application in a systematic and iterative way.
Sorry, no publications matched your criteria.
Najera, Pablo; Moyano, Francisco; Lopez, Javier
Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents Journal Article
In: Journal of Universal Computer Science, vol. 15, pp. 970-991, 2009, ISSN: 0948-695X.
@article{Najera2009,
title = {Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents},
author = {Pablo Najera and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/Najera2009.pdf
http://www.jucs.org/jucs_15_5/security_mechanisms_and_access},
doi = {10.3217/jucs-015-05-0970},
issn = {0948-695X},
year = {2009},
date = {2009-01-01},
urldate = {2009-01-01},
journal = {Journal of Universal Computer Science},
volume = {15},
pages = {970-991},
abstract = {Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.
Najera, Pablo; Moyano, Francisco; Lopez, Javier
Secure Integration of RFID Technology in Personal Documentation for Seamless Identity Validation Proceedings Article
In: 3rd Symposium of Ubiquitous Computing and Ambient Intelligence 2008, pp. 134-138, Springer Springer, Salamanca (Spain), 2008, ISBN: 978-3-540-85866-9.
@inproceedings{PNajera2009,
title = {Secure Integration of RFID Technology in Personal Documentation for Seamless Identity Validation},
author = {Pablo Najera and Francisco Moyano and Javier Lopez},
url = {/wp-content/papers/PNajera2009.pdf
http://www.springerlink.com/content/bx8t243130k07585/},
doi = {10.1007/978-3-540-85867-6_16},
isbn = {978-3-540-85866-9},
year = {2008},
date = {2008-10-01},
urldate = {2008-10-01},
booktitle = {3rd Symposium of Ubiquitous Computing and Ambient Intelligence 2008},
volume = {51/2009},
pages = {134-138},
publisher = {Springer},
address = {Salamanca (Spain)},
organization = {Springer},
series = {Advances in Soft Computing},
abstract = {Seamless human identification and authentication in the information system is a fundamental step towards the transparent interaction between the user and its context proposed in ambient intelligence. In this context, the IDENTICA project is aimed to the design and implementation of a distributed authentication platform based on biometrics (i.e. voice and facial image) and personal documentation. In this paper, we present our work in this project focused on the secure integration of RFID technology in personal documentation in order to provide seamless identity validation. Our actual work status, first results and future directions are described in detail.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Seamless human identification and authentication in the information system is a fundamental step towards the transparent interaction between the user and its context proposed in ambient intelligence. In this context, the IDENTICA project is aimed to the design and implementation of a distributed authentication platform based on biometrics (i.e. voice and facial image) and personal documentation. In this paper, we present our work in this project focused on the secure integration of RFID technology in personal documentation in order to provide seamless identity validation. Our actual work status, first results and future directions are described in detail.
Sorry, no publications matched your criteria.
Najera, Pablo; Lopez, Javier
Aplicación de la Tecnología RFID a Entornos Sanitarios Proceedings Article
In: 2nd International Workshop of Ubiquitous Computing & Ambient Intelligence (wUCAmI’06), pp. 83-95, University of Castilla La Mancha University of Castilla La Mancha, Puertollano, Ciudad Real (Spain), 2006, ISBN: 84-6901744-6.
@inproceedings{Najera2006,
title = {Aplicaci\'{o}n de la Tecnolog\'{i}a RFID a Entornos Sanitarios},
author = {Pablo Najera and Javier Lopez},
isbn = {84-6901744-6},
year = {2006},
date = {2006-11-01},
urldate = {2006-11-01},
booktitle = {2nd International Workshop of Ubiquitous Computing \& Ambient Intelligence (wUCAmI’06)},
pages = {83-95},
publisher = {University of Castilla La Mancha},
address = {Puertollano, Ciudad Real (Spain)},
organization = {University of Castilla La Mancha},
abstract = {La tecnolog\'{i}a RFID, que permite la identificaci\'{o}n \'{u}nica de cualquier ser u objeto sin necesidad de contacto ni l\'{i}nea de visi\'{o}n directa, se est\'{a} adoptando ampliamente en todo tipo de campos al producir un salto cualitativo en la integraci\'{o}n de la inform\'{a}tica con el entorno. En este art\'{i}culo se muestra su estado del arte y se afrontan dos soluciones orientadas a paliar las necesidades en entornos sanitarios. Por un lado, un sistema de seguimiento de dispositivos en el interior de un centro m\'{e}dico que permite su localizaci\'{o}n inmediata y la prevenci\'{o}n de hurtos usando RFID pasivo UHF con un testeo de fiabilidad, y por otro, una soluci\'{o}n de control y atenci\'{o}n de pacientes ingresados en planta usando RFID pasivo HF obteni\'{e}ndose un demostrador plenamente funcional},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
La tecnología RFID, que permite la identificación única de cualquier ser u objeto sin necesidad de contacto ni línea de visión directa, se está adoptando ampliamente en todo tipo de campos al producir un salto cualitativo en la integración de la informática con el entorno. En este artículo se muestra su estado del arte y se afrontan dos soluciones orientadas a paliar las necesidades en entornos sanitarios. Por un lado, un sistema de seguimiento de dispositivos en el interior de un centro médico que permite su localización inmediata y la prevención de hurtos usando RFID pasivo UHF con un testeo de fiabilidad, y por otro, una solución de control y atención de pacientes ingresados en planta usando RFID pasivo HF obteniéndose un demostrador plenamente funcional
Forne, Jordi; Hinarejos, M. Francisca; Marin, Andres; Almenarez, Florina; Lopez, Javier; Montenegro, Jose A.; Lacoste, Marc; Diaz, Daniel
Pervasive Authentication and Authorization Infrastructures for Mobile Users Journal Article
In: Computer and Security, vol. 29, pp. 501-514, 2010, ISSN: 0167-4048.
@article{JordiForne2009,
title = {Pervasive Authentication and Authorization Infrastructures for Mobile Users},
author = {Jordi Forne and M. Francisca Hinarejos and Andres Marin and Florina Almenarez and Javier Lopez and Jose A. Montenegro and Marc Lacoste and Daniel Diaz},
url = {/wp-content/papers/JordiForne2009.pdf},
doi = {10.1016/j.cose.2009.09.001},
issn = {0167-4048},
year = {2010},
date = {2010-01-01},
urldate = {2010-01-01},
journal = {Computer and Security},
volume = {29},
pages = {501-514},
publisher = {elsevier},
abstract = {Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.
Onieva, Jose A.; Lopez, Javier; Roman, Rodrigo; Zhou, Jianying; Gritzalis, Stefanos
Integration of non-repudiation services in mobile DRM scenarios Journal Article
In: Telecommunications Systems, vol. 35, pp. 161-176, 2007, ISSN: 1572-9451.
@article{Onieva2007a,
title = {Integration of non-repudiation services in mobile DRM scenarios},
author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou and Stefanos Gritzalis},
url = {/wp-content/papers/JoseA.Onieva2007a.pdf},
doi = {10.1007/s11235-007-9050-4},
issn = {1572-9451},
year = {2007},
date = {2007-09-01},
urldate = {2007-09-01},
journal = {Telecommunications Systems},
volume = {35},
pages = {161-176},
abstract = {In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.
Lopez, Javier; Agudo, Isaac; Montenegro, Jose A.
On the deployment of a real scalable delegation service Journal Article
In: Information Security Technical Report, vol. 12, no. 3, pp. 139-147, 2007, ISSN: 1363-4127.
@article{JavierLopez2007,
title = {On the deployment of a real scalable delegation service},
author = {Javier Lopez and Isaac Agudo and Jose A. Montenegro},
url = {/wp-content/papers/JavierLopez2007.pdf},
doi = {10.1016/j.istr.2007.05.008},
issn = {1363-4127},
year = {2007},
date = {2007-06-01},
urldate = {2007-06-01},
journal = {Information Security Technical Report},
volume = {12},
number = {3},
pages = {139-147},
publisher = {Elsevier},
abstract = {This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker and Keynote, and also on SDSI/SPKI. Then, we elaborate on Federation as a particular case of delegation, and remark the importance given to federation by the industry. Finally, the paper discusses about privilege management infrastructures, introducing a new mechanism to extend their functionality using advanced delegation services.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker and Keynote, and also on SDSI/SPKI. Then, we elaborate on Federation as a particular case of delegation, and remark the importance given to federation by the industry. Finally, the paper discusses about privilege management infrastructures, introducing a new mechanism to extend their functionality using advanced delegation services.
Agudo, Isaac; Lopez, Javier; Montenegro, Jose A.
A Graphical Delegation Solution for X.509 Attribute Certificates Journal Article
In: ERCIM News, no. 63, pp. 33-34, 2005, ISSN: 0926-4981.
@article{IsaacAgudo2005,
title = {A Graphical Delegation Solution for X.509 Attribute Certificates},
author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro},
url = {/wp-content/papers/IsaacAgudo2005.pdf},
issn = {0926-4981},
year = {2005},
date = {2005-10-01},
urldate = {2005-10-01},
journal = {ERCIM News},
number = {63},
pages = {33-34},
publisher = {ERCIM},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Lopez, Javier; Montenegro, Jose A.; Vivas, Jose L.; Okamoto, Eiji; Dawson, Ed
Specification and Design of Advanced Authentication and Authorization Services Journal Article
In: Computer Standards & Interfaces, vol. 27, no. 5, pp. 467-478, 2005, ISSN: 0920-5489.
@article{javierlopez2005c,
title = {Specification and Design of Advanced Authentication and Authorization Services},
author = {Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson},
url = {/wp-content/papers/javierlopez2005c.pdf},
doi = {10.1016/j.csi.2005.01.005},
issn = {0920-5489},
year = {2005},
date = {2005-06-01},
urldate = {2005-06-01},
journal = {Computer Standards \& Interfaces},
volume = {27},
number = {5},
pages = {467-478},
publisher = {Elsevier},
abstract = {A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.
Zhou, Jianying; Onieva, Jose A.; Lopez, Javier
Optimised Multi-Party Certified Email Protocols Journal Article
In: Information Management & Computer Security Journal, vol. 13, no. 5, pp. 350-366, 2005, ISSN: 0968- 5227.
@article{Zhou2005,
title = {Optimised Multi-Party Certified Email Protocols},
author = {Jianying Zhou and Jose A. Onieva and Javier Lopez},
url = {/wp-content/papers/Zhou2005.pdf},
doi = {10.1108/09685220510627250},
issn = {0968- 5227},
year = {2005},
date = {2005-01-01},
urldate = {2005-01-01},
journal = {Information Management \& Computer Security Journal},
volume = {13},
number = {5},
pages = {350-366},
abstract = {As a value-added service to deliver important data over the Internet with guaranteed receipt for each successful delivery, certified email has been discussed for years and a number of research papers appeared in the literature. But most of them deal with the two-party scenarios, i.e., there are only one sender and one recipient. In some applications, however, the same certified message may need to be sent to a set of recipients. In this paper, we presents two optimized multi-party certified email protocols. They have three major features. (1) A sender could notify multiple recipients of the same information while only those recipients who acknowledged are able to get the information. (2) Both the sender and the recipients can end a protocol run at any time without breach of fairness. (3) The exchange protocols are optimized, each of which have only three steps.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
As a value-added service to deliver important data over the Internet with guaranteed receipt for each successful delivery, certified email has been discussed for years and a number of research papers appeared in the literature. But most of them deal with the two-party scenarios, i.e., there are only one sender and one recipient. In some applications, however, the same certified message may need to be sent to a set of recipients. In this paper, we presents two optimized multi-party certified email protocols. They have three major features. (1) A sender could notify multiple recipients of the same information while only those recipients who acknowledged are able to get the information. (2) Both the sender and the recipients can end a protocol run at any time without breach of fairness. (3) The exchange protocols are optimized, each of which have only three steps.
Lopez, Javier; Ortega, Juan J.; Troya, Jose M.
Security Protocols Analysis: A SDL-based Approach Journal Article
In: Computer Standards & Interfaces, vol. 27, no. 3, pp. 489-499, 2005, ISSN: 0920-5489.
@article{JavierLopez2005b,
title = {Security Protocols Analysis: A SDL-based Approach},
author = {Javier Lopez and Juan J. Ortega and Jose M. Troya},
url = {/wp-content/papers/JavierLopez2005b.pdf},
issn = {0920-5489},
year = {2005},
date = {2005-01-01},
urldate = {2005-01-01},
journal = {Computer Standards \& Interfaces},
volume = {27},
number = {3},
pages = {489-499},
publisher = {Elsevier},
abstract = {Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.
Lopez, Javier; Montenegro, Jose A.; Vivas, Jose L.; Okamoto, Eiji; Dawson, Ed
Specification and Design of Advanced Authentication and Authorization Services Journal Article
In: Computer Standards & Interfaces, vol. 27, no. 5, pp. 467-478, 2005, ISSN: 0920-5489.
@article{javierlopez2005c,
title = {Specification and Design of Advanced Authentication and Authorization Services},
author = {Javier Lopez and Jose A. Montenegro and Jose L. Vivas and Eiji Okamoto and Ed Dawson},
url = {/wp-content/papers/javierlopez2005c.pdf},
doi = {10.1016/j.csi.2005.01.005},
issn = {0920-5489},
year = {2005},
date = {2005-06-01},
urldate = {2005-06-01},
journal = {Computer Standards \& Interfaces},
volume = {27},
number = {5},
pages = {467-478},
publisher = {Elsevier},
abstract = {A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.
Lopez, Javier; Ortega, Juan J.; Troya, Jose M.
Security Protocols Analysis: A SDL-based Approach Journal Article
In: Computer Standards & Interfaces, vol. 27, no. 3, pp. 489-499, 2005, ISSN: 0920-5489.
@article{JavierLopez2005b,
title = {Security Protocols Analysis: A SDL-based Approach},
author = {Javier Lopez and Juan J. Ortega and Jose M. Troya},
url = {/wp-content/papers/JavierLopez2005b.pdf},
issn = {0920-5489},
year = {2005},
date = {2005-01-01},
urldate = {2005-01-01},
journal = {Computer Standards \& Interfaces},
volume = {27},
number = {3},
pages = {489-499},
publisher = {Elsevier},
abstract = {Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.