Javier Lopez

Full Professor (Catedrático)


Computer Science Department, University of Malaga
Campus de Teatinos s/n,29071 - Malaga (Spain)
Phone: +34-952-131327    Fax: +34-952-131397
E-mail: jlm@lcc.uma.es

Scientific Activities

 

PhD Thesis (co)Advisor

  • Davide Ferraris (2022)
  • Martin Kolar (2022)
  • Juan E. Rubio (2022)
  • Giuseppe Bernieri (2018)
  • Lorena Cazorla (2017)
  • David Nuñez (2016)
  • Francisco Moyano (2015)
  • Ana Nieto (2015)
  • Ruben Rios (2014)
  • Pablo Najera (2013)
  • Cristina Alcaraz (2011)
  • David Garcia (2009)
  • Isaac Agudo (2008)
  • Rodrigo Roman (2008)
  • Vicente Benjumea (2007)
  • Jose A. Onieva (2006)
  • Jose A. Montenegro (2006)
  • Juan J. Ortega (2005)
  • Antonio Maña (2003) 

 

Most recent or referenced publications

  • JOURNALS:
    • R. Roman, C. Alcaraz, J. Lopez, and K. Sakurai, "Current Perspectives on Securing Critical Infrastructures’ Supply Chains",
      IEEE Security & Privacy, IEEE, In Press. (I.F.: 3.105)More..
      Impact Factor: 3.105
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
    • C. Alcaraz, and J. Lopez, "Protecting Digital Twin Networks for 6G-enabled Industry 5.0 Ecosystems",
      IEEE Network Magazine, IEEE, In Press. (I.F.: 10.294)More..
      Impact Factor: 10.294
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
    • F. Flammini, et al., "Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives",
      IEEE Transactions on Emerging Topics in Computing, IEEE, 2022. DOI (I.F.: 6.595)More..

      Abstract

      The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.

      Impact Factor: 6.595
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
    • C. Alcaraz, and J. Lopez, "Digital Twin: A Comprehensive Survey of Security Threats",
      IEEE Communications Surveys & Tutorials, vol. 24, issue 3, no. thirdquarter 2022, IEEE, pp. 1475 - 1503, 04/2022. DOI (I.F.: 33.84)More..

      Abstract

      Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.

      Impact Factor: 33.84
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
      Citekey not found
    • R. Rios, J. A. Onieva, R. Roman, and J. Lopez, "Personal IoT Privacy Control at the Edge",
      IEEE Security & Privacy , vol. 20, issue 1, IEEE, pp. 23 - 32, 01/2022. DOI (I.F.: 3.105)More..

      Abstract

      This article introduces a privacy manager for IoT data based on Edge Computing. This poses the advantage that privacy is enforced before data leaves the control of the user, who is provided with a tool to express data sharing preferences based on a novel context-aware privacy language.

      Impact Factor: 3.105
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
      Citekey not found
    • J. Lopez, J. E. Rubio, and C. Alcaraz, "Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid",
      IEEE Wireless Communications, vol. 28, issue 2, IEEE, pp. 48-55, 04/2021. DOI (I.F.: 12.777)More..

      Abstract

      Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.

      Impact Factor: 12.777
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
    • I. Agudo, M. Montenegro-Gómez, and J. Lopez, "A Blockchain Approach for Decentralized V2X (D-V2X)",
      IEEE Transactions on Vehicular Technology, vol. 70, no. 5, IEEE, pp. 4001 - 4010, 05/2021. DOI (I.F.: 6.239)More..

      Abstract

      New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet.

      One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications.

      Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X. 

      Impact Factor: 6.239
      Journal Citation Reports® Science Edition (Thomson Reuters, 2021)
    • C. Alcaraz, J. E. Rubio, and J. Lopez, "Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features",
      Journal of Parallel and Distributed Computing, vol. 144, Elsevier, pp. 124-135, 06/2020. (I.F.: 3.734)More..
      Impact Factor: 3.734
      Journal Citation Reports® Science Edition (Thomson Reuters, 2020)
    • J. E. Rubio, R. Roman, and J. Lopez, "Integration of a Threat Traceability Solution in the Industrial Internet of Things",
      IEEE Transactions on Industrial Informatics, vol. 16, issue 10, no. 6575-6583, IEEE, 10/2020. DOI (I.F.: 10.215)More..

      Abstract

      In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.

      Impact Factor: 10.215
      Journal Citation Reports® Science Edition (Thomson Reuters, 2020)
    • R. Roman, R. Rios, J. A. Onieva, and J. Lopez, "Immune System for the Internet of Things using Edge Technologies",
      IEEE Internet of Things Journal, vol. 6, issue 3, IEEE Computer Society, pp. 4774-4781, 06/2019. DOI (I.F.: 9.936)More..

      Abstract

      The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.

      Impact Factor: 9.936
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)
    • C. Alcaraz, G. Bernieri, F. Pascucci, J. Lopez, and R. Setola, "Covert Channels-based Stealth Attacks in Industry 4.0",
      IEEE Systems Journal., vol. 13, issue 4, IEEE, pp. 3980-3988, 12/2019. DOI (I.F.: 3.987)More..

      Abstract

      Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.
       

      Impact Factor: 3.987
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)
    • J. A. Onieva, R. Rios, R. Roman, and J. Lopez, "Edge-Assisted Vehicular Networks Security",
      IEEE Internet of Things Journal, vol. 6, issue 5, IEEE Computer Society, pp. 8038-8045, 10/2019. DOI (I.F.: 9.936)More..

      Abstract

      Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.

      Impact Factor: 9.936
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)
    • S. Agrawal, M. Lal Das, and J. Lopez, "Detection of Node Capture Attack in Wireless Sensor Networks",
      IEEE Systems Journal, vol. 13, issue 1, IEEE, pp. 238 - 247, 03/2019. (I.F.: 3.987)More..
      Impact Factor: 3.987
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)
    • I. Stellios, P. Kotzanikolaou, M. Psarakis, C. Alcaraz, and J. Lopez, "Survey of IoT-enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services",
      IEEE Communications Surveys and Tutorials, vol. 20, issue 4, IEEE, pp. 3453-3495, 07/2018. DOI (I.F.: 22.973)More..

      Abstract

      As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, smart grids, transportation and medical services, the significance of such attacks is obvious, since IoT technologies are part of critical backend systems. However, in sectors where IoT is usually at the enduser side, like smart homes, such attacks can be underestimated, since not all possible attack paths are examined. In this paper we survey IoT-enabled cyber attacks, found in all application domains since 2010. For each sector, we emphasize on the latest, verified IoT-enabled attacks, based on known real-world incidents and published proof-of-concept attacks. We methodologically analyze representative attacks that demonstrate direct, indirect and subliminal attack paths against critical targets. Our goal is threefold: (i) To assess IoT-enabled cyber attacks in a risk-like approach, in order to demonstrate their current threat landscape; (ii) To identify hidden and subliminal IoT-enabled attack paths against critical infrastructures and services, and (iii) To examine mitigation strategies for all application domains.

      Impact Factor: 22.973
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • J. Lopez, J. E. Rubio, and C. Alcaraz, "A Resilient Architecture for the Smart Grid",
      IEEE Transactions on Industrial Informatics, vol. 14, issue 8, IEEE, pp. 3745-3753, 08/2019, 2018. DOI (I.F.: 7.377)More..

      Abstract

      The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.

      Impact Factor: 7.377
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • R. Roman, J. Lopez, and S. Gritzalis, "Evolution and Trends in the Security of the Internet of Things",
      IEEE Computer, vol. 51, issue 7, IEEE Computer Society, pp. 16-25, 07/2018. DOI (I.F.: 3.564)More..
      Impact Factor: 3.564
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • J. Lopez, and J. E. Rubio, "Access control for cyber-physical systems interconnected to the cloud",
      Computer Networks, vol. 134, Elsevier, pp. 46 - 54, 2018. DOI (I.F.: 3.03)More..
      Impact Factor: 3.03
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • R. Roman, J. Lopez, and M. Mambo, "Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges",
      Future Generation Computer Systems, vol. 78, issue 1, Elsevier, pp. 680-698, 01/2018. DOI (I.F.: 5.768)More..

      Abstract

      For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

      Impact Factor: 5.768
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • L. Cazorla, C. Alcaraz, and J. Lopez, "Cyber Stealth Attacks in Critical Information Infrastructures",
      IEEE Systems Journal, vol. 12, issue 2, IEEE, pp. 1778-1792, 06/2018. DOI (I.F.: 4.463)More..

      Abstract

      Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems. 

      Impact Factor: 4.463
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • C. Alcaraz, and J. Lopez, "A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability",
      IEEE Systems Journal, vol. 12, issue 4, IEEE, pp. 3543-3554, 12/2018. DOI (I.F.: 4.463)More..

      Abstract

      The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.

      Impact Factor: 4.463
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • J. Lopez, R. Rios, F. Bao, and G. Wang, "Evolving privacy: From sensors to the Internet of Things",
      Future Generation Computer Systems, vol. 75, Elsevier, pp. 46–57, 10/2017. DOI (I.F.: 4.639)More..

      Abstract

      The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration. 

      Impact Factor: 4.639
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • C. Alcaraz, J. Lopez, and S. Wolthunsen, "OCPP Protocol: Security Threats and Challenges",
      IEEE Transactions on Smart Grid, vol. 8, issue 5, IEEE, pp. 2452 - 2459, 02/2017. DOI (I.F.: 7.364)More..

      Abstract

      One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.

      Impact Factor: 7.364
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • D. Nuñez, I. Agudo, and J. Lopez, "Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation",
      Journal of Network and Computer Applications, vol. 87, Elsevier, pp. 193-209, 06/2017. DOI (I.F.: 3.991)More..

      Abstract

      This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud. 

      Impact Factor: 3.991
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices",
      IEEE Network, IEEE Communications Society, pp. 12-19, 2016. DOI (I.F.: 7.230)More..

      Abstract

      Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

      Impact Factor: 7.230
      Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
    • L. Cazorla, C. Alcaraz, and J. Lopez, "Cyber Stealth Attacks in Critical Information Infrastructures",
      IEEE Systems Journal, vol. 12, issue 2, IEEE, pp. 1778-1792, 06/2018. DOI (I.F.: 4.463)More..

      Abstract

      Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems. 

      Impact Factor: 4.463
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • C. Alcaraz, J. Lopez, and S. Wolthusen, "Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems",
      Journal of Network and Computer Applications, vol. 59, Elsevier, pp. 301–314, 01/2016. (I.F.: 3.500)More..

      Abstract

      Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the role-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on structural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the supernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the interoperability

      Impact Factor: 3.500
      Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
    • A. Nieto, N. Nomikos, J. Lopez, and C. Skianis, "Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data",
      IEEE Systems Journal, vol. 11, issue 4, no. 99, IEEE, pp. 2479-2489, 12/2017. DOI (I.F.: 4.337)More..

      Abstract

      The growing number of parameters in heteroge- neous networks, as is the case of the fifth generation (5G) Green networks, greatly complicates the analysis of the Security and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities. 

      Impact Factor: 4.337
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • C. Alcaraz, and J. Lopez, "WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids",
      Future Generation Computer Systems, vol. 30, Elsevier, pp. 146-154, 2014. DOI (I.F.: 2.786)More..

      Abstract

      Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.

      Impact Factor: 2.786
      Journal Citation Reports® Science Edition (Thomson Reuters, 2014)
    • C. Alcaraz, and J. Lopez, "Wide-Area Situational Awareness for Critical Infrastructure Protection",
      IEEE Computer, vol. 46, no. 4, IEEE Computer Society, pp. 30-37, 2013. DOI (I.F.: 1.438)More..

      Abstract

      Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions

       

      Impact Factor: 1.438
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things",
      Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. DOI (I.F.: 1.282)More..

      Abstract

      In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.

      Impact Factor: 1.282
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • C. Alcaraz, and J. Lopez, "Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection",
      Computer Standards & Interfaces, vol. 36, issue 3, Elsevier, pp. 501-512, 2014. DOI (I.F.: 0.879)More..

      Abstract

       Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of  ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.

      Impact Factor: 0.879
      Journal Citation Reports® Science Edition (Thomson Reuters, 2014)
    • C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things",
      Ad Hoc Networks, vol. 11, Elsevier, pp. 1091–1104, 2013. DOI (I.F.: 1.943)More..

      Abstract

      The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.

      Impact Factor: 1.943
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • J. Lopez, C. Alcaraz, and R. Roman, "Smart Control of Operational Threats in Control Substations",
      Computers & Security, vol. 38, Elsevier, pp. 14-27, OCT 2013. DOI (I.F.: 1.172)More..

      Abstract

      Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.

      Impact Factor: 1.172
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • C. Alcaraz, and J. Lopez, "Wide-Area Situational Awareness for Critical Infrastructure Protection",
      IEEE Computer, vol. 46, no. 4, IEEE Computer Society, pp. 30-37, 2013. DOI (I.F.: 1.438)More..

      Abstract

      Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions

       

      Impact Factor: 1.438
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • C. Alcaraz, J. Lopez, R. Roman, and H-H. Chen, "Selecting key management schemes for WSN applications",
      Computers & Security, vol. 31, no. 38, Elsevier, pp. 956–966, Nov 2012. DOI (I.F.: 1.158)More..

      Abstract

      Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.

      Impact Factor: 1.158
      Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
    • R. Roman, P. Najera, and J. Lopez, "Securing the Internet of Things",
      IEEE Computer, vol. 44, no. 9, IEEE, pp. 51 -58, Sept 2011. DOI (I.F.: 1.47)More..

      Abstract

      This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.

      Impact Factor: 1.47
      Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
    • C. Alcaraz, and J. Lopez, "A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems",
      IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 40, no. 4, IEEE, pp. 419-428, July, 2010. DOI (I.F.: 2.105)More..

      Abstract

      Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.

      Impact Factor: 2.105
      Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
    • I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Scale Based Trust Model for Multi-Context Environments",
      Computers and Mathematics with Applications, vol. 60, Elsevier, pp. 209-216, July, 2010. DOI (I.F.: 1.472)More..

      Abstract

      When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.

      Impact Factor: 1.472
      Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
    • R. Roman, J. Lopez, and P. Najera, "A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures",
      Wireless Communications and Mobile Computing, vol. 11, Wiley, pp. 267-276, 2011. DOI (I.F.: 0.884)More..

      Abstract

      The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.

      Impact Factor: 0.884
      Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
    • D. Galindo, R. Roman, and J. Lopez, "On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks",
      Wireless Communications and Mobile Computing, vol. 12, Wiley, pp. 133-143, Jan 2012. DOI (I.F.: 0.863)More..

      Abstract

      Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).

      Impact Factor: 0.863
      Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
    • J. L. Vivas, I. Agudo, and J. Lopez, "A methodology for security assurance-driven system development",
      Requirements Engineering, vol. 16, no. 1, Springer, pp. 55-73, Mar 2011. DOI (I.F.: 0.971)More..

      Abstract

      In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.

      Impact Factor: 0.971
      Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
    • J. Lopez, R. Roman, I. Agudo, and C. Fernandez-Gago, "Trust Management Systems for Wireless Sensor Networks: Best practices",
      Computer Communications, vol. 33, no. 9, Elsevier, pp. 0140-3664, 2010. DOI (I.F.: 0.816)More..

      Abstract

      Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.

      Impact Factor: 0.816
      Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
    • R. Roman, and J. Lopez, "Integrating Wireless Sensor Networks and the Internet: A Security Analysis",
      Internet Research, vol. 19, no. 2, Emerald, pp. 246-259, Mar 2009. DOI (I.F.: 0.844)More..

      Abstract

      Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.

      Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.

      Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.

      Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.

      Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.

      Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.

      Impact Factor: 0.844
      Journal Citation Reports® Science Edition (Thomson Reuters, 2009)
    • J. L. Vivas, C. Fernandez-Gago, A. Benjumea, and J. Lopez, "A security framework for a workflow-based grid development platform.",
      Computer Standards and Interfaces, vol. 32, no. 5-6, Elsevier, pp. 230-245, Oct 2010. DOI (I.F.: 0.868)More..

      Abstract

      This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.

      Impact Factor: 0.868
      Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
    • J. A. Onieva, J. Zhou, and J. Lopez, "Multi-Party Nonrepudiation: A survey",
      ACM Comput. Surveys, vol. 41, no. 1, pp. 5, December, 2008. (I.F.: 9.92)More..

      Abstract

      Nonrepudiation is a security service that plays an important role in many Internet applications. Traditional two-party nonrepudiation has been studied intensively in the literature. This survey focuses on multiparty scenarios and provides a comprehensive overview. It starts with a brief introduction of fundamental issues on nonrepudiation, including the types of nonrepudiation service and cryptographic evidence, the roles of trusted third-party, nonrepudiation phases and requirements, and the status of standardization. Then it describes the general multiparty nonrepudiation problem, and analyzes state-of-the-art mechanisms. After this, it presents in more detail the 1-N multiparty nonrepudiation solutions for distribution of different messages to multiple recipients. Finally, it discusses advanced solutions for two typical multiparty nonrepudiation applications, namely, multiparty certified email and multiparty contract signing.

      Impact Factor: 9.92
      Journal Citation Reports® Science Edition (Thomson Reuters, 2008)
    • R. Roman, J. Lopez, and S. Gritzalis, "Situation Awareness Mechanisms for Wireless Sensor Networks",
      IEEE Communications Magazine, vol. 46, no. 4, IEEE, pp. 102-107, April, 2008. DOI (I.F.: 2.799)More..

      Abstract

      A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.

      Impact Factor: 2.799
      Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

 

  • CONFERENCES:
    Citekey not found
    • J. Cumplido, C. Alcaraz, and J. Lopez, "Collaborative anomaly detection system for charging stations",
      The 27th European Symposium on Research in Computer Security (ESORICS 2022), vol. 13555, Springer, Cham, pp. 716–736, 09/2022. DOI More..

      Abstract

      In recent years, the deployment of charging infrastructures has been increasing exponentially due to the high energy demand of electric vehicles, forming complex charging networks. These networks pave the way for the emergence of new unknown threats in both the energy and transportation sectors. Economic damages and energy theft are the most frequent risks in these environments. Thus, this paper aims to present a solution capable of accurately detecting unforeseen events and possible fraud threats that arise during charging sessions at charging stations through the current capabilities of the Machine Learning (ML) algorithms. However, these algorithms have the drawback of not fitting well in large networks and generating a high number of false positives and negatives, mainly due to the mismatch with the distribution of data over time. For that reason, a Collaborative Anomaly Detection System for Charging Stations (here referred to as CADS4CS) is proposed as an optimization measure. CADS4CS has a central analysis unit that coordinates a group of independent anomaly detection systems to provide greater accuracy using a voting algorithm. In addition, CADS4CS has the feature of continuously retraining ML models in a collaborative manner to ensure that they are adjusted to the distribution of the data. To validate the approach, different use cases and practical studies are addressed to demonstrate the effectiveness and efficiency of the solution.

    • D. Ferraris, C. Fernandez-Gago, and J. Lopez, "Verification and Validation Methods for a Trust-by-Design Framework for the IoT",
      36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'22), vol. 13383, Springer, pp. 183-194, 07/2022. DOI More..
    • D. Ferraris, C. Fernandez-Gago, and J. Lopez, "Novel Approaches for the Development of Trusted IoT Entities",
      37th International Conference on ICT Systems Security and Privacy Protection – IFIP SEC 2022, Springer, pp. 215-230, 06/2022. DOI More..
    • J. E. Rubio, C. Alcaraz, R. Rios, R. Roman, and J. Lopez, "Distributed Detection of APTs: Consensus vs. Clustering",
      25th European Symposium on Research in Computer Security (ESORICS 2020), vol. 12308, pp. 174-192, 09/2020. DOI More..
    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Game Theory-Based Approach for Defense against APTs",
      18th International Conference on Applied Cryptography and Network Security (ACNS’20), vol. 12147, Springer, pp. 297-320, 10/2020. DOI More..
    • J. E. Rubio, M. Manulis, C. Alcaraz, and J. Lopez, "Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics",
      European Symposium on Research in Computer Security (ESORICS2019), vol. 11736, pp. 263-280, 09/2019. DOI More..
    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Preventing Advanced Persistent Threats in Complex Control Networks",
      European Symposium on Research in Computer Security, vol. 10493, 22nd European Symposium on Research in Computer Security (ESORICS 2017), pp. 402-418, 09/2017. More..
    • A. Nieto, R. Rios, and J. Lopez, "Digital Witness and Privacy in IoT: Anonymous Witnessing Approach",
      16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 642-649, 08/2017. DOI More..

      Abstract

      The digital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a Digital Chain of Custody to an authorised entity. As one of the cores of the digital witness, binding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, digital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known. 

    • A. Nieto, R. Rios, and J. Lopez, "A Methodology for Privacy-Aware IoT-Forensics",
      16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 626-633, 08/2017. DOI More..

      Abstract

      The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.

    • D. Nuñez, I. Agudo, and J. Lopez, "The fallout of key compromise in a proxy-mediated key agreement protocol",
      31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'17), vol. LNCS 10359, Springer, pp. 453-472, 07/2017. DOI More..

      Abstract

      In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk. 

    • R. Rios, D. Nuñez, and J. Lopez, "Query Privacy in Sensing-as-a-Service Platforms",
      32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), S. De Capitan di Vimercati, and F. Martinelli Eds., IFIP Advances in Information and Communication Technology (AICT) 502, Springer, pp. 141–154, 05/2017. DOI More..

      Abstract

      The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically. 

    • C. Alcaraz, and J. Lopez, "Safeguarding Structural Controllability in Cyber-Physical Control Systems",
      The 21st European Symposium on Research in Computer Security (ESORICS 2016), vol. 9879, Springer, pp. 471-489, 2016. More..

      Abstract

      Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.

    • D. Nuñez, I. Agudo, and J. Lopez, "NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU",
      10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), pp. 179-189, 04/2015. DOI More..

      Abstract

      The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.

    • D. Nuñez, I. Agudo, and J. Lopez, "A Parametric Family of Attack Models for Proxy Re-Encryption",
      28th IEEE Computer Security Foundations Symposium, IEEE Computer Society, pp. 290-301, 07/2015. DOI More..

      Abstract

      Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ``plain'' IND-CPA to ``full'' IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ``CCA1- secure'' scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.

    • A. Nieto, and J. Lopez, "A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments",
      IEEE International Conference on Communications (ICC'14), IEEE Communications Society, pp. 755-760, 06/2014. DOI More..

      Abstract

      Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment. 

    • R. Rios, J. Cuellar, and J. Lopez, "Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN",
      17th European Symposium on Research in Computer Security (ESORICS 2012), S. Foresti, M. Yung, and F. Martinelli Eds., LNCS 7459, Springer, pp. 163-180, Sep 2012. DOI More..

      Abstract

      The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.

    • C. Alcaraz, P. Najera, J. Lopez, and R. Roman, "Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?",
      1st International Workshop on the Security of the Internet of Things (SecIoT’10), IEEE, pp. xxxx, December, 2010. More..

      Abstract

      Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.

    • C. Alcaraz, A. Balastegui, and J. Lopez, "Early Warning System for Cascading Effect Control in Energy Control Systems",
      5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010. More..

      Abstract

      A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

    • J. Lopez, R. Roman, and C. Alcaraz, "Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks",
      Foundations of Security Analysis and Design 2009, LNCS 5705, Springer Berlin/Heidelberg, pp. 289-338, August, 2009. DOI More..

      Abstract

      As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.

    • R. Roman, and J. Lopez, "KeyLED - Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks",
      5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08), IEEE, pp. 796-801, September, 2008. DOI More..

      Abstract

      An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.

    • D. Galindo, R. Roman, and J. Lopez, "A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks",
      Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08), LNCS 5339, Springer, pp. 120-132, December, 2008. DOI More..

      Abstract

      Wireless sensors are low power devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. The latter is specially dramatic in underwater wireless sensor networks (UWSN), where the acoustic transmission mechanisms are less reliable and more energy-demanding. Saving in communication is thus the primary concern in underwater wireless sensors. With this constraint in mind, we argue that non-interactive identity-based key agreement built on pairings provides the best solution for key distribution in large UWSN when compared to the state of the art. At first glance this claim is surprising, since pairing computation is very demanding. Still, pairing-based non-interactive key establishment requires minimal communication and at the same time enjoys excellent properties when used for key distribution.

    • V. Benjumea, S. G. Choi, J. Lopez, and M. Yung, "Fair Traceable Multi-Group Signatures",
      Financial Cryptography and Data Security (FC’08), LNCS 5143, Springer, pp. 265-281, January, 2008. More..

      Abstract

      This paper presents fair traceable multi-group signatures (FTMGS) which have enhanced capabilities compared to group and traceable signatures that are important in real world scenarios combining accountability and anonymity. The main goal of the primitive is to allow multi groups that are managed separately (managers are not even aware of the other ones), yet allowing users (in the spirit of the Identity 2.0 initiative) to manage what they reveal about their identity with respect to these groups by themselves. This new primitive incorporates the following additional features: (a) While considering multiple groups it discourages users from sharing their private membership keys through two orthogonal and complementary approaches. In fact, it merges functionality similar to credential systems with anonymous type of signing with revocation. (b) The group manager now mainly manages joining procedures, and new entities (called fairness authorities and consisting of various representatives, possibly) are involved in opening and revealing procedures. In many systems scenario assuring fairness in anonymity revocation is required.We specify the notion and implement it with a security proof of its properties (in the ROM).

    • V. Benjumea, S. G. Choi, J. Lopez, and M. Yung, "Anonymity 2.0: X.509 Extensions Supporting Privacy-friendly Authentication",
      Sixth International Workshop on Cryptology and Network Security (CANS’07), LNCS 4856, Springer, pp. 265-281, December, 2007. More..

      Abstract

      We present a semantic extension to X.509 certificates that allows incorporating new anonymity signature schemes into the X.509 framework. This fact entails advantages to both components. On the one hand, anonymous signature schemes benefit from all the protocols and infrastructure that the X.509 framework provides. On the other hand, the X.509 framework incorporates anonymity as a very interesting new feature. This semantic extension is part of a system that provides user’s controlled anonymous authorization under the X.509 framework. Additionally, the proposal directly fits themuch active Identity 2.0 effort,where anonymity is a major supplementary feature that increases the self-control of one’s identity and privacy which is at the center of the activity.