Cristina Alcaraz

Associate Professor


Computer Science Department, University of Malaga
Campus de Teatinos s/n,29071 - Malaga (Spain)
Phone: +34 952139313 / +34 951952915    Fax: +34 951952749
E-mail: alcaraz@lcc.uma.es

Previous Positions
 

  • Ramón y Cajal postdoctoral fellowship, Economy and Competitiveness Ministry Spain, 2015.
  • Marie-Curie postdoctoral researcher at Royal Holloway, University of London (RHUL), Department of Information Security, U.K., August 2012 - August 2014.
  • Guest Researcher at National Institute of Standards and Technology (NIST), Computer Security Division, Washington D.C., United States, November 2011 - August 2012.

Education
 

  • Ph.D. in Computer Science with European Doctorate mention, University of Malaga (Spain), September, 2011.
    • Title of PhD thesis: "Interconnected Sensor Networks for Critical Information Infrastructure Protection".
    • Advisor: Prof. Javier Lopez
  • M.Sc. in Computer Science, University of Malaga, Malaga, 2006.
  • B.Sc. in Computer Science, University of Malaga, 2003.
     

Teaching
 

Scope of Research
 

  • Technologies and use cases:
     
    • Security in Cyber-Physical Systems
    • Security in Industrial Internet of Things
    • Security in Digital Twins
    • Security in Industry 5.0 and Supply Chain
    • Security in Smart Grids
    • Blockchain
       
  • Interest areas:
     
    • Advanced detection and prediction
    • Resilience (response and recovery)
    • Situational awareness
       

Scientific Activities
 

  • Editorial Board Member: 
     
    • Transactions on Dependable and Secure Computing (TDSC), IEEE.
    • Distributed Ledger Technologies (DLT), ACM.
    • International Journal of Critical Infrastructure Protection (IJCIP), Elsevier.
    • International Journal of Information Security (IJIS), Springer.
    • IEEE Networking Letters, IEEE.
    • Security and Communication Networks (SCN), John Wiley & Sons.
    • Telecommunication Systems (TELS), Springer.
    • Annals of Telecommunications (AT), Springer.
    • International Journal of Critical Infrastructures (IJCIS), Inderscience Publishers.
    • Transactions on Emerging Telecomunications Technologies (ETT), John Wiley & Sons.
    • Journal of Surveillance, Security and Safety (JSSS), OAE Publishing Inc.
    • European CIIP Member Newsletter (ECN).
    • Ad Hoc Networks, Elsevier (2015-2017).
    • Computers & Electrical Engineering (CAEE), Elsevier Science (2013-2016).
       
  • IEEE Technical Committees:
     
  • Vice-Chair of IEEE ComSoc SIG on Green Digital Twin Network
  • IEEE Senior Member  
  • ACM Member
     

Recognition
 

  • Women in Homeland Security Award, IEEE SMC TC on Homeland Security, July 27th 2021.

 

PhD Thesis (co)Advisor
 

  • Ioannis Stellios (2022)
  • Juan E. Rubio (2022)
  • Lorena Cazorla (2017)
     

Relevant Publications and/or Recent Publications

-------------------------------------------------------------------------
Note: These publications and others are available here
-------------------------------------------------------------------------

  • BOOKS:
     
  • JOURNALS (ISI JCR Ranked):
     
    • C. Alcaraz, and J. Lopez, "Digital Twin: A Comprehensive Survey of Security Threats",
      IEEE Communications Surveys & Tutorials, IEEE, In Press. DOI (I.F.: 25.249)More..
      Impact Factor: 25.249
      Journal Citation Reports® Science Edition (Thomson Reuters, 2020)
    • A. D. Syrmakesis, C. Alcaraz, and N. D. Hatziargyriou, "Classifying resilience approaches for protecting smart grids against cyber threats",
      International Journal of Information Security, Springer, 2022. DOI More..

      Abstract

      Smart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-studied field of research, making SG more resilient against such threats is a challenging task. This paper provides a classification of the proposed cyber resilience methods against cyber attacks for SG. This classification includes a set of studies that propose cyber-resilient approaches to protect SG and related cyber-physical systems against unforeseen anomalies or deliberate attacks. Each study is briefly analyzed and is associated with the proper cyber resilience technique which is given by the National Institute of Standards and Technology in the Special Publication 800-160. These techniques are also linked to the different states of the typical resilience curve. Consequently, this paper highlights the most critical challenges for achieving cyber resilience, reveals significant cyber resilience aspects that have not been sufficiently considered yet and, finally, proposes scientific areas that should be further researched in order to enhance the cyber resilience of SG.

    • J. Lopez, J. E. Rubio, and C. Alcaraz, "Digital Twins for Intelligent Authorization in the B5G-enabled Smart Grid",
      IEEE Wireless Communications, vol. 28, issue 2, IEEE, pp. 48-55, 04/2021. DOI (I.F.: 11.979)More..

      Abstract

      Beyond fifth generation (B5G) communication networks and computation paradigms in the edge are expected to be integrated into power grid infrastructures over the coming years. In this sense, AI technologies will play a fundamental role to efficiently manage dynamic information flows of future applications, which impacts the authorization policies applied in such a complex scenario. This article studies how digital twins can evolve their context awareness capabilities and simulation technologies to anticipate faults or to detect cyber-security issues in real time, and update access control policies accordingly. Our study analyzes the evolution of monitoring platforms and architecture decentralization, including the application of machine learning and blockchain technologies in the smart grid, toward the goal of implementing autonomous and self-learning agents in the medium and long term. We conclude this study with future challenges on applying digital twins to B5G-based smart grid deployments.

      Impact Factor: 11.979
      Journal Citation Reports® Science Edition (Thomson Reuters, 2020)
    • S. Fischer-Hübner, et al., "Stakeholder Perspectives and Requirements on Cybersecurity in Europe",
      Journal of Information Security and Applications, vol. 61, no. 102916, Elsevier, 09/2021. DOI (I.F.: 3.872)More..
      Impact Factor: 3.872
      Journal Citation Reports® Science Edition (Thomson Reuters, 2020)
    • C. Alcaraz, J. E. Rubio, and J. Lopez, "Blockchain-Assisted Access for Federated Smart Grid Domains: Coupling and Features",
      Journal of Parallel and Distributed Computing, vol. 144, Elsevier, pp. 124-135, 06/2020. (I.F.: 3.734)More..
      Impact Factor: 3.734
      Journal Citation Reports® Science Edition (Thomson Reuters, 2020)
    • C. Alcaraz, G. Bernieri, F. Pascucci, J. Lopez, and R. Setola, "Covert Channels-based Stealth Attacks in Industry 4.0",
      IEEE Systems Journal., vol. 13, issue 4, IEEE, pp. 3980-3988, 12/2019. DOI (I.F.: 3.987)More..

      Abstract

      Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.
       

      Impact Factor: 3.987
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)
    • J. E. Rubio, C. Alcaraz, R. Roman, and J. Lopez, "Current Cyber-Defense Trends in Industrial Control Systems",
      Computers & Security Journal, vol. 87, Elsevier, 11/2019. DOI (I.F.: 3.579)More..

      Abstract

      Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.

      Impact Factor: 3.579
      Journal Citation Reports® Science Edition (Thomson Reuters, 2019)
    • I. Stellios, P. Kotzanikolaou, M. Psarakis, C. Alcaraz, and J. Lopez, "Survey of IoT-enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services",
      IEEE Communications Surveys and Tutorials, vol. 20, issue 4, IEEE, pp. 3453-3495, 07/2018. DOI (I.F.: 22.973)More..

      Abstract

      As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, smart grids, transportation and medical services, the significance of such attacks is obvious, since IoT technologies are part of critical backend systems. However, in sectors where IoT is usually at the enduser side, like smart homes, such attacks can be underestimated, since not all possible attack paths are examined. In this paper we survey IoT-enabled cyber attacks, found in all application domains since 2010. For each sector, we emphasize on the latest, verified IoT-enabled attacks, based on known real-world incidents and published proof-of-concept attacks. We methodologically analyze representative attacks that demonstrate direct, indirect and subliminal attack paths against critical targets. Our goal is threefold: (i) To assess IoT-enabled cyber attacks in a risk-like approach, in order to demonstrate their current threat landscape; (ii) To identify hidden and subliminal IoT-enabled attack paths against critical infrastructures and services, and (iii) To examine mitigation strategies for all application domains.

      Impact Factor: 22.973
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • J. Lopez, J. E. Rubio, and C. Alcaraz, "A Resilient Architecture for the Smart Grid",
      IEEE Transactions on Industrial Informatics, vol. 14, issue 8, IEEE, pp. 3745-3753, 08/2019, 2018. DOI (I.F.: 7.377)More..

      Abstract

      The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and, it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.

      Impact Factor: 7.377
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • C. Alcaraz, "Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems",
      IEEE Wireless Communications, vol. 25, no. 1, IEEE, pp. 76-82, 02/2018. DOI (I.F.: 11)More..
      Impact Factor: 11
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • C. Alcaraz, and J. Lopez, "A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability",
      IEEE Systems Journal, vol. 12, issue 4, IEEE, pp. 3543-3554, 12/2018. DOI (I.F.: 4.463)More..

      Abstract

      The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.

      Impact Factor: 4.463
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • C. Alcaraz, J. Lopez, and S. Wolthunsen, "OCPP Protocol: Security Threats and Challenges",
      IEEE Transactions on Smart Grid, vol. 8, issue 5, IEEE, pp. 2452 - 2459, 02/2017. DOI (I.F.: 7.364)More..

      Abstract

      One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.

      Impact Factor: 7.364
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Recommender System for Privacy-Preserving Solutions in Smart Metering",
      Pervasive and Mobile Computing, vol. 41, Pervasive and Mobile Computing, pp. 205-218, 10/2017. (I.F.: 2.974)More..

      Abstract

      Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.

      Impact Factor: 2.974
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • C. Alcaraz, J. Lopez, and S. Wolthusen, "Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems",
      Journal of Network and Computer Applications, vol. 59, Elsevier, pp. 301–314, 01/2016. (I.F.: 3.500)More..

      Abstract

      Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the role-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on structural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the supernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the interoperability

      Impact Factor: 3.500
      Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
    • L. Cazorla, C. Alcaraz, and J. Lopez, "Cyber Stealth Attacks in Critical Information Infrastructures",
      IEEE Systems Journal, vol. 12, issue 2, IEEE, pp. 1778-1792, 06/2018. DOI (I.F.: 4.463)More..

      Abstract

      Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems. 

      Impact Factor: 4.463
      Journal Citation Reports® Science Edition (Thomson Reuters, 2018)
    • L. Cazorla, C. Alcaraz, and J. Lopez, "A Three-Stage Analysis of IDS for Critical Infrastructures",
      Computers & Security, vol. 55, no. November, Elsevier, pp. 235-250, 2015. (I.F.: 1.64)More..

      Abstract

      The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.

      Impact Factor: 1.64
      Journal Citation Reports® Science Edition (Thomson Reuters, 2015)
      Citekey not found
    • C. Alcaraz, J. Lopez, and K-K. Raymond Choo, "Resilient Interconnection in Cyber-Physical Control Systems",
      Computers & Security, vol. 71, Elsevier, pp. 2-14, 11/2017. DOI (I.F.: 2.650)More..

      Abstract

      Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.

      Impact Factor: 2.650
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
    • C. Alcaraz, and S. Zeadally, "Critical Infrastructure Protection: Requirements and Challenges for the 21st Century",
      International Journal of Critical Infrastructure Protection (IJCIP), vol. 8, Elsevier Science, pp. 53–66, 01/2015. DOI (I.F.: 1.351)More..

      Abstract

      Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.

      Impact Factor: 1.351
      Journal Citation Reports® Science Edition (Thomson Reuters, 2015)
    • L. Cazorla, C. Alcaraz, and J. Lopez, "Awareness and Reaction Strategies for Critical Infrastructure Protection",
      Computers and Electrical Engineering, vol. 47, issue October, Elsevier, pp. 299-317, 2015. DOI (I.F.: 1.084)More..

      Abstract

      Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP. 

      Impact Factor: 1.084
      Journal Citation Reports® Science Edition (Thomson Reuters, 2015)
    • L. Cazorla, C. Alcaraz, and J. Lopez, "A Three-Stage Analysis of IDS for Critical Infrastructures",
      Computers & Security, vol. 55, no. November, Elsevier, pp. 235-250, 2015. (I.F.: 1.64)More..

      Abstract

      The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.

      Impact Factor: 1.64
      Journal Citation Reports® Science Edition (Thomson Reuters, 2015)
    • C. Alcaraz, and J. Lopez, "WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids",
      Future Generation Computer Systems, vol. 30, Elsevier, pp. 146-154, 2014. DOI (I.F.: 2.786)More..

      Abstract

      Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.

      Impact Factor: 2.786
      Journal Citation Reports® Science Edition (Thomson Reuters, 2014)
    • C. Alcaraz, and J. Lopez, "Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection",
      Computer Standards & Interfaces, vol. 36, issue 3, Elsevier, pp. 501-512, 2014. DOI (I.F.: 0.879)More..

      Abstract

       Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of  ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.

      Impact Factor: 0.879
      Journal Citation Reports® Science Edition (Thomson Reuters, 2014)
    • C. Alcaraz, and S.. Zeadally, "Critical Control System Protection in the 21st Century: Threats and Solutions",
      IEEE Computer, vol. 46, no. 10, IEEE Computer Society, pp. 74 - 83, 2013. DOI (I.F.: 1.438)More..

      Abstract

      Information systems, networks, and technologies have become an integral part of modern critical control systems that manage many of today’s critical infrastructures. The continuous operation, maintenance, and protection of critical infrastructures have become a high national priority for governments around the world because our society heavily depends on them for most of our daily activities (travel, power usage, banking transactions, telecommunications, etc) and safety. It is therefore critical that these infrastructures have to be protected from potential accidental incidents or cyberattacks. We present the fundamental architectural components of critical control systems which manage most critical infrastructures. We identify some of the vulnerabilities and threats to modern critical control systems followed by protection solutions that can be deployed to mitigate attacks exploiting these vulnerabilities.

      Impact Factor: 1.438
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • C. Alcaraz, and J. Lopez, "Wide-Area Situational Awareness for Critical Infrastructure Protection",
      IEEE Computer, vol. 46, no. 4, IEEE Computer Society, pp. 30-37, 2013. DOI (I.F.: 1.438)More..

      Abstract

      Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions

       

      Impact Factor: 1.438
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things",
      Ad Hoc Networks, vol. 11, Elsevier, pp. 1091–1104, 2013. DOI (I.F.: 1.943)More..

      Abstract

      The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.

      Impact Factor: 1.943
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • J. Lopez, C. Alcaraz, and R. Roman, "Smart Control of Operational Threats in Control Substations",
      Computers & Security, vol. 38, Elsevier, pp. 14-27, OCT 2013. DOI (I.F.: 1.172)More..

      Abstract

      Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.

      Impact Factor: 1.172
      Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
    • C. Alcaraz, and J. Lopez, "Analysis of Requirements for Critical Control Systems",
      International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, Elsevier, pp. 137–145, 2012. DOI (I.F.: 0.63)More..

      Abstract

      The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.

      Impact Factor: 0.63
      Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
    • S.. Zeadally, A.. Pathan, C. Alcaraz, and M.. Badra, "Towards Privacy Protection in Smart Grid",
      Wireless Personal Communications, vol. 73, Springer, pp. 23-50, Nov 2013, 2012. DOI (I.F.: 0.428)More..

      Abstract

      The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information communication technologies. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. This two-way interaction allows electricity to be generated in real-time based on consumers’ demands and power requests. As a result, consumer privacy becomes an important concern when collecting energy usage data with the deployment and adoption of smart grid technologies. To protect such sensitive information it is imperative that privacy protection mechanisms be used to protect the privacy of smart grid users. We present an analysis of recently proposed smart grid privacy solutions and identify their strengths and weaknesses in terms of their implementation complexity, efficiency, robustness, and simplicity.

       

      Impact Factor: 0.428
      Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
    • C. Alcaraz, J. Lopez, R. Roman, and H-H. Chen, "Selecting key management schemes for WSN applications",
      Computers & Security, vol. 31, no. 38, Elsevier, pp. 956–966, Nov 2012. DOI (I.F.: 1.158)More..

      Abstract

      Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.

      Impact Factor: 1.158
      Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
    • S.. Zeadally, A.. Pathan, C. Alcaraz, and M.. Badra, "Towards Privacy Protection in Smart Grid",
      Wireless Personal Communications, vol. 73, Springer, pp. 23-50, Nov 2013, 2012. DOI (I.F.: 0.428)More..

      Abstract

      The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information communication technologies. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. This two-way interaction allows electricity to be generated in real-time based on consumers’ demands and power requests. As a result, consumer privacy becomes an important concern when collecting energy usage data with the deployment and adoption of smart grid technologies. To protect such sensitive information it is imperative that privacy protection mechanisms be used to protect the privacy of smart grid users. We present an analysis of recently proposed smart grid privacy solutions and identify their strengths and weaknesses in terms of their implementation complexity, efficiency, robustness, and simplicity.

       

      Impact Factor: 0.428
      Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
    • R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, "Key management systems for sensor networks in the context of the Internet of Things",
      Computers & Electrical Engineering, vol. 37, Elsevier, pp. 147-159, Mar 2011. DOI (I.F.: 0.837)More..

      Abstract

      If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.

      Impact Factor: 0.837
      Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
    • C. Alcaraz, J. Lopez, J. Zhou, and R. Roman, "Secure SCADA Framework for the Protection of Energy Control Systems",
      Concurrency and Computation Practice & Experience, vol. 23, no. 12, John Wiley & Sons, Inc., pp. 1414-1430, Aug 2011. DOI (I.F.: 0.636)More..

      Abstract

      Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular bene¯ts of the integration of those new technologies, and also the e®ects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of di®erent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.

      Impact Factor: 0.636
      Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
    • C. Alcaraz, and J. Lopez, "A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems",
      IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 40, no. 4, IEEE, pp. 419-428, July, 2010. DOI (I.F.: 2.105)More..

      Abstract

      Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.

      Impact Factor: 2.105
      Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
    • R. Roman, C. Alcaraz, and J. Lopez, "A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes",
      Mobile Networks and Applications, vol. 12, no. 4, Springer, pp. 231-244, August, 2007. DOI (I.F.: 0.586)More..

      Abstract

      In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.

      Impact Factor: 0.586
      Journal Citation Reports® Science Edition (Thomson Reuters, 2007)

       
  • CONFERENCES:
     
    • J. E. Rubio, C. Alcaraz, R. Rios, R. Roman, and J. Lopez, "Distributed Detection of APTs: Consensus vs. Clustering",
      25th European Symposium on Research in Computer Security (ESORICS 2020), vol. 12308, pp. 174-192, 09/2020. DOI More..
    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Game Theory-Based Approach for Defense against APTs",
      18th International Conference on Applied Cryptography and Network Security (ACNS’20), vol. 12147, Springer, pp. 297-320, 10/2020. DOI More..
    • J. E. Rubio, M. Manulis, C. Alcaraz, and J. Lopez, "Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics",
      European Symposium on Research in Computer Security (ESORICS2019), vol. 11736, pp. 263-280, 09/2019. DOI More..
    • A. Farao, et al., "SealedGRID: A Secure Interconnection of Technologies for Smart Grid Applications",
      14th International Conference on Critical Information Infrastructures Security (CRITIS 2019), vol. 11777, Springer, Cham, pp. 169-175, 12/2019. DOI More..

      Abstract

      In recent years, the Smart Grid has increasingly integrated cutting-edge technologies that generate several benefits for all the stakeholders involved, such as a more accurate billing system and enhanced Demand Response procedures. However, this modernization also brings with it diverse cyber security and privacy issues, which sets the necessity for developing a security platform specifically tailored to this scenario. In this paper, we present SealedGRID, which proposes a flexible architecture that provides security services at all levels by implementing Trusted Execution Environments on their devices, together with advanced authentication and authorization mechanisms, as well as privacy preserving techniques. These technologies are presented in depth and a final security analysis is conducted, which highlights the contributions of this project.

    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Addressing Security in OCPP: Protection Against Man-in-the-Middle Attacks",
      9th IFIP International Conference on New Technologies, Mobility & Security, 2018. More..
    • J. E. Rubio, R. Roman, C. Alcaraz, and Y. Zhang, "Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics",
      European Symposium on Research in Computer Security (ESORICS 2018), vol. 11098, Springer, pp. 555-574, 08/2018. DOI More..

      Abstract

      Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.

    • J. E. Rubio, C. Alcaraz, R. Roman, and J. Lopez, "Analysis of Intrusion Detection Systems in Industrial Ecosystems",
      14th International Conference on Security and Cryptography (SECRYPT 2017), vol. 6, SciTePress, pp. 116-128, 2017. DOI More..
    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems",
      The 11th International Conference on Critical Information Infrastructures Security, vol. 10242, pp. 176-188, 2017. More..

      Abstract

      The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.

    • J. E. Rubio, C. Alcaraz, and J. Lopez, "Preventing Advanced Persistent Threats in Complex Control Networks",
      European Symposium on Research in Computer Security, vol. 10493, 22nd European Symposium on Research in Computer Security (ESORICS 2017), pp. 402-418, 09/2017. More..
    • C. Alcaraz, J. Lopez, and K-K. Raymond Choo, "Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems",
      Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, 2016. DOI More..

      Abstract

      Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).

    • C. Alcaraz, and J. Lopez, "Safeguarding Structural Controllability in Cyber-Physical Control Systems",
      The 21st European Symposium on Research in Computer Security (ESORICS 2016), vol. 9879, Springer, pp. 471-489, 2016. More..

      Abstract

      Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.

    • C. Alcaraz, L. Cazorla, and G. Fernandez, "Context-Awareness using Anomaly-based Detectors for Smart Grid Domains",
      9th International Conference on Risks and Security of Internet and Systems , vol. 8924, Springer International Publishing, pp. 17-34, 04/2015. DOI More..

      Abstract

      Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.

    • C. Alcaraz, and S. Wolthusen, "Recovery of Structural Controllability for Control Systems",
      Eighth IFIP WG 11.10 International Conference on Critical Infrastructure Protection, SRI International, Arlington, Virginia, USA , vol. 441, Springer, pp. 47-63, 2014. DOI More..

      Abstract

      Fundamental problems in control systems theory are controllability and observability, and designing control systems so that these properties are satisfied or approximated sufficiently. However, it is prudent to as- sume that an attacker will not only be able to subvert measurements but also control the system. Moreover, an advanced adversary with an understanding of the control system may seek to take over control of the entire system or parts thereof, or deny the legitimate operator this capability. The effectiveness of such attacks has been demonstrated in previous work. Indeed, these attacks cannot be ruled out given the likely existence of unknown vulnerabilities, increasing connectivity of nominally air-gapped systems and supply chain issues. The ability to rapidly recover control after an attack has been initiated and to detect an adversary’s presence is, therefore, critical. This paper focuses on the problem of structural controllability, which has recently attracted substantial attention through the equivalent problem of the power dom- inating set introduced in the context of electrical power network control. However, these problems are known to be NP-hard with poor approx- imability. Given their relevance to many networks, especially power networks, this paper studies strategies for the efficient restoration of controllability following attacks and attacker-defender interactions in power-law networks. 

    • C. Alcaraz, and M. Sonmez, "PDR: A Prevention, Detection and Response Mechanism for Anomalies in Energy Control Systems",
      7th International Conference on Critical Information Infrastructures Security (CRITIS 2012), vol. 7722, pp. 22–33, 2013. More..

      Abstract

       Prevention, detection and response are nowadays considered to be three priority topics for protecting critical infrastructures, such as energy control systems. Despite attempts to address these current issues, there is still a particular lack of investigation in these areas, and in particular in dynamic and automatic proactive solutions. In this paper we propose a mechanism, which is called PDR, with the capability of anticipating anomalies, detecting anomalous behaviours and responding to them in a timely manner. PDR is based on a conglomeration of technologies and on a set of essential components with the purpose of offering situational awareness irrespective of where the system is located. In addition, the mechanism can also compute its functional capacities by evaluating its efficacy and precision in the prediction and detection of disturbances. With this, the entire system is able to know the real reliability of its services and its activity in remote substations at all times.

    • L. Cazorla, C. Alcaraz, and J. Lopez, "Towards Automatic Critical Infrastructure Protection through Machine Learning",
      8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 197-203, 2013. DOI More..

      Abstract

      Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology

    • C. Alcaraz, E. Etcheves Miciolino, and S. Wolthusen, "Structural Controllability of Networks for Non-Interactive Adversarial Vertex Removal",
      8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 120-132, 2013. DOI More..

      Abstract

      The problem of controllability of networks arises in a number of different domains, including in critical infrastructure systems where control must be maintained continuously. Recent work by Liu et al. has renewed interest in the seminal work by Lin on structural controllability, providing a graph-theoretical interpretation. This allows the identification of driver nodes capable of forcing the system into a desired state, which implies an obvious target for attackers wishing to disrupt the network control. Several methods for identifying driver nodes exist, but require undesirable computational complexity. In this paper, we therefore investigate the ability to regain or maintain controllability in the presence of adversaries able to remove vertices and implicit edges of the controllability graph. For this we rely on the POWER DOMINATING SET (PDS) formulation for identifying the control structure and study different attack strategies for multiple network models. As the construction of a PDS for a given graph is not unique, we further investigate different strategies for PDS construction, and provide a simulative evaluation.

    • C. Alcaraz, E. Etcheves Miciolino, and S. Wolthusen, "Multi-Round Attacks on Structural Controllability Properties for Non-Complete Random Graphs",
      The 16th Information Security Conference (ISC), vol. 7807, Springer, pp. 140–151, 09/2015. DOI More..

      Abstract

       The notion of controllability, informally the ability to force a system into a desired state in a finite time or number of steps, is most closely associated with control systems such as those used to maintain power networks and other critical infrastructures, but has wider relevance in distributed systems. It is clearly highly desirable to understand under which conditions attackers may be able to disrupt legitimate control, or to force overriding controllability themselves. Following recent results by Liu et al., there has been considerable interest also in graph-theoretical interpretation of Kalman controllability originally introduced by Lin, structural controllability. This permits the identification of sets of driver nodes with the desired state-forcing property, but determining such nodes is aW[2]-hard problem. To extract these nodes and represent the control relation, here we apply the POWER DOMINATING SET problem and investigate the effects of targeted iterative multiple-vertex removal. We report the impact that different attack strategies with multiple edge and vertex removal will have, based on underlying non-complete graphs, with an emphasis on power-law random graphs with different degree sequences.

    • F.. Siddiqui, S.. Zeadally, C. Alcaraz, and S.. Galvao, "Smart Grid Privacy: Issues and Solutions",
      21st International Conference on Computer Communications and Networks (ICCCN), IEEE Computer Society, pp. 1-5, Jul 2012. DOI More..

      Abstract

      Migration to an electronically controlled electrical grid to transmit, distribute, and deliver power to consumers has helped enhance the reliability and efficiency of conventional electricity systems. At the same time, this digitally enabled technology called the Smart Grid has brought new challenges to businesses and consumers alike. A key component of such a grid is the smart-metering technology, which is used to collect energy consumption data from homes and transmitting it back to power distributors. A crucial concern is the privacy related to the collection and use of energy consumption data. We present an analysis of Smart Grid privacy issues and discuss recently proposed solutions that can protect the privacy of Smart Grid users.

    • C. Alcaraz, and J. Lopez, "Addressing Situational Awareness in Critical Domains of a Smart Grid",
      6th International Conference on Network and System Security (NSS 2012), LNCS 7645 7645, Springer-Verlag, pp. 58-71, November 2012. DOI More..

      Abstract

      Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.

       

    • R. Roman, J. Lopez, C. Alcaraz, and H. Hwa Chen, "SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks",
      5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE, March, 2011. DOI More..

      Abstract

      Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.

    • C. Alcaraz, I. Agudo, D. Nuñez, and J. Lopez, "Managing Incidents in Smart Grids à la Cloud",
      IEEE CloudCom 2011, IEEE Computer Society, pp. 527-531, Nov-Dec 2011. DOI More..

      Abstract

      During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.

       

    • C. Alcaraz, P. Najera, J. Lopez, and R. Roman, "Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?",
      1st International Workshop on the Security of the Internet of Things (SecIoT’10), IEEE, pp. xxxx, December, 2010. More..

      Abstract

      Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.

    • C. Alcaraz, A. Balastegui, and J. Lopez, "Early Warning System for Cascading Effect Control in Energy Control Systems",
      5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010. More..

      Abstract

      A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

    • C. Alcaraz, et al., "Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems",
      6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), Springer-Verlag, pp. 86-94, September, 2009. DOI More..

      Abstract

      SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.

    • R. Roman, and C. Alcaraz, "Applicability of Public Key Infrastructures in Wireless Sensor Networks",
      European PKI Workshop: Theory and Practice (EuroPKI’07), LNCS 4582, Springer, pp. 313-320, June, 2007. DOI More..

      Abstract

      Wireless Sensor Networks (WSN) are becoming a key technology in the support of pervasive and ubiquitous services. The previous notion of PKC is too expensive for WSN has changed partially due to the existence of new hardware and software prototypes based on Elliptic Curve Cryptography and other PKC primitives. Then, it is necessary to analyze whether it is both feasible and convenient to have a Public Key Infrastructure for sensor networks that would allow the creation of PKC-based services like Digital Signatures.

    • C. Alcaraz, and R. Roman, "Applying Key Infrastructures for Sensor Networks in {CIP/CIIP} Scenarios",
      1st International Workshop on Critical Information Infrastructures Security (CRITIS’06), LNCS 4347, Springer Berlin / Heidelberg, pp. 166-178, 2006. DOI More..

      Abstract

      It is commonly agreed that Wireless Sensor Networks (WSN) is one of the technologies that better fulfills features like the ones required by Critical (Information) Infrastructures. However, a sensor network is highly vulnerable against any external or internal attacks, thus network designers must know which are the tools that they can use in order to avoid such problems. In this paper we describe in detail a procedure (the KMS Guidelines), developed under our CRISIS project, that allows network designers to choose a certain Key Management System, or at least to know which protocol need to improve in order to satisfy the network requirements.