@inproceedings {morales2023metacom, title = {Integration of MPC into Besu through an extended private transaction model}, booktitle = {IEEE International Conference on Metaverse Computing, Networking and Applications}, year = {2023}, month = {06/2023}, address = {Kyoto, Japan}, abstract = {In the last few years we have seen many different approaches to incorporate privacy features to blockchains. In the area of cryptocurrencies that would normally mean protecting the identity of the owner of some funds, but there are other applications where privacy is even more important, especially in permissioned blockchains. Permissioned blockchain platforms, such as Hyperledger Besu or Hyperledger Fabric, already include the concept of private transactions, which essentially defines a sub-group of the blockchain where their participants share some private data. We want to go one step ahead and propose an extended model for private transactions where the different participants can have a separated view of the same transaction, allowing the integration of Multi-party Computation protocols in the blockchain. Our work extends Hyperledger Besu{\textquoteright}s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC examples, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation, and propose a mechanism to run them using smart contract interfaces. }, keywords = {blockchain, hyperledger besu, privacy, secure multi-party computation}, author = {Daniel Morales and Isaac Agudo and Javier Lopez} } @article {morales2023psi, title = {Private set intersection: A systematic literature review}, journal = {Computer Science Review}, volume = {49}, number = {100567}, year = {2023}, month = {05/2023}, publisher = {Elsevier}, type = {Review}, address = {ScienceDirect}, abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.}, keywords = {privacy, Private set intersection, Secure Multiparty computation, security}, issn = {1574-0137}, doi = {https://doi.org/10.1016/j.cosrev.2023.100567}, url = {https://www.sciencedirect.com/science/article/pii/S1574013723000345}, author = {Daniel Morales and Isaac Agudo and Javier Lopez} } @inproceedings {morales2022cc, title = {Real-time Crowd Counting based on Wearable Ephemeral IDs}, booktitle = {19th International Conference on Security and Cryptography (SECRYPT 2022)}, year = {2022}, month = {07/2022}, pages = {249-260}, publisher = {Scitepress}, organization = {Scitepress}, address = {Lisbon}, abstract = {Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations. }, keywords = {Crowd Counting, IDS, Pandemics, privacy, Secure Multiparty computation}, isbn = {978-989-758-590-6}, issn = {2184-7711}, doi = {10.5220/0011327200003283}, author = {Daniel Morales and Isaac Agudo and Javier Lopez} } @article {onieva2019vec, title = {Edge-Assisted Vehicular Networks Security}, journal = {IEEE Internet of Things Journal}, volume = {6}, year = {2019}, month = {10/2019}, pages = {8038-8045}, publisher = {IEEE Computer Society}, abstract = {

Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.

}, keywords = {Critical Infrastructures, Internet of Things, privacy, security, Vehicular Networks}, issn = {2327-4662}, doi = {10.1109/JIOT.2019.2904323}, author = {Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez} } @article {nrlSensors2018, title = {IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations}, journal = {Sensors}, volume = {18}, number = {492}, year = {2018}, month = {02/2018}, publisher = {MDPI}, abstract = {
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.
}, keywords = {digital witness, IoT-Forensics, privacy}, issn = {1424-8220}, doi = {10.3390/s18020492}, url = {http://www.mdpi.com/1424-8220/18/2/492}, author = {Ana Nieto and Ruben Rios and Javier Lopez} } @article {RomanFog16, title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges}, journal = {Future Generation Computer Systems}, volume = {78}, year = {2018}, month = {01/2018}, pages = {680-698}, publisher = {Elsevier}, abstract = {

For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

}, keywords = {Cloud Computing, Fog computing, Mobile cloud computing, Mobile edge computing, privacy, security}, issn = {0167-739X}, doi = {10.1016/j.future.2016.11.009}, url = {https://authors.elsevier.com/c/1VmhQ,3q5xKgZZ}, author = {Rodrigo Roman and Javier Lopez and Masahiro Mambo} } @article {Ruben2017trust, title = {Modelling Privacy-Aware Trust Negotiations}, journal = {Computers \& Security}, volume = {77 }, year = {2018}, pages = {773-789}, publisher = {Elsevier}, abstract = {

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

}, keywords = {Goal-Oriented Modelling, Policy, privacy, Requirements Engineering, Secure Software Engineering, Trust}, issn = {0167-4048}, doi = {10.1016/j.cose.2017.09.015}, author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {1654, title = {Digital Witness and Privacy in IoT: Anonymous Witnessing Approach}, booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)}, year = {2017}, month = {08/2017}, pages = {642-649}, publisher = {IEEE}, organization = {IEEE}, address = {Sydney (Australia)}, abstract = {

The digital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a Digital Chain of Custody to an authorised entity. As one of the cores of the digital witness, binding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, digital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.\ 

}, keywords = {Forensics, IEC Standards, ISO Standards, privacy}, isbn = {978-1-5090-4906-6}, issn = {2324-9013}, doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.295}, author = {Ana Nieto and Ruben Rios and Javier Lopez} } @article {Lopez2017iotpriv, title = {Evolving privacy: From sensors to the Internet of Things}, journal = {Future Generation Computer Systems}, volume = {75}, year = {2017}, month = {10/2017}, pages = {46{\textendash}57}, publisher = {Elsevier}, abstract = {

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.\ 

}, keywords = {Challenges, Internet of Things, privacy, WSN}, issn = {0167-739X}, doi = {10.1016/j.future.2017.04.045}, author = {Javier Lopez and Ruben Rios and Feng Bao and Guilin Wang} } @inproceedings {1652, title = {A Methodology for Privacy-Aware IoT-Forensics}, booktitle = {16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017)}, year = {2017}, month = {08/2017}, pages = {626-633}, publisher = {IEEE}, organization = {IEEE}, address = {Sydney (Australia)}, abstract = {

The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.

}, keywords = {Adaptation models, Forensics, IEC Standards, Information management, ISO Standards, privacy, Software}, isbn = {978-1-5090-4906-6}, issn = {2324-9013}, doi = {10.1109/Trustcom/BigDataSE/ICESS.2017.293}, author = {Ana Nieto and Ruben Rios and Javier Lopez} } @inproceedings {Rios2016a, title = {Evoluci{\'o}n y nuevos desafios de privacidad en la Internet de las Cosas}, booktitle = {XIV Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n}, year = {2016}, month = {10/2016}, pages = {209-213}, address = {Mah{\'o}n, Menorca, Islas Baleares}, abstract = {

La Internet de las Cosas (en ingl{\'e}s, Internet of Things\ (IoT)) es una evoluci{\'o}n de la Internet tal y como lo conocemos. Esta nueva versi{\'o}n de Internet incorpora objetos de la vida cotidiana, rompiendo as{\'\i} barrera de los digital y extendi{\'e}ndose al mundo f{\'\i}sico. Estos objetos interactuar{\'a}n entre s{\'\i} y con otras entidades tanto de manera local como remota, y estar{\'a}n dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traer{\'a} consigo un sinf{\'\i}n de posibilidades y nuevos servicios, pero tambi{\'e}n dar{\'a} lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este art{\'\i}culo, estudiamos los problemas de privacidad actuales de una de las tecnolog{\'\i}as claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.

}, keywords = {Challenges, Internet of Things, privacy, Sensors}, author = {Ruben Rios and Javier Lopez} } @inproceedings {rios2016b, title = {Privacy-Aware Trust Negotiation}, booktitle = {12th International Workshop on Security and Trust Management (STM)}, volume = {LNCS 9871}, year = {2016}, month = {09/2016}, pages = {98-105}, publisher = {Springer}, organization = {Springer}, address = {Heraklion, Crete, Greece}, abstract = {

Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.

}, keywords = {Goal-Oriented Modelling, privacy, Requirements Engineering, Secure Software Engineering, Trust}, isbn = {978-3-319-46597-5}, issn = {0302-9743}, doi = {10.1007/978-3-319-46598-2 7}, url = {http://link.springer.com/chapter/10.1007/978-3-319-46598-2_7}, author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez} } @incollection {nunez15privacy, title = {Privacy-Preserving Identity Management as a Service}, booktitle = {Accountability and Security in the Cloud}, series = {Lecture Notes in Computer Science}, volume = {8937}, year = {2015}, pages = {114-125}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, abstract = {

In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.

}, keywords = {Cloud Computing, Cryptography, Identity Management as a Service, privacy}, isbn = {978-3-319-17198-2}, doi = {10.1007/978-3-319-17199-9_5}, url = {http://dx.doi.org/10.1007/978-3-319-17199-9_5}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez}, editor = {Massimo Felici and Carmen Fernandez-Gago} } @article {rios2015, title = {Probabilistic receiver-location privacy protection in wireless sensor networks}, journal = {Information Sciences}, volume = {321}, year = {2015}, month = {07/2015}, pages = {205 - 223}, publisher = {Elsevier}, abstract = {

Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.

}, keywords = {node capture, privacy, security, traffic analysis, wireless sensor networks}, issn = {0020-0255}, doi = {10.1016/j.ins.2015.01.016}, author = {Ruben Rios and Jorge Cuellar and Javier Lopez} } @article {Roman2010a, title = {Advanced Secure Multimedia Services for Digital Homes}, journal = {Information Systems Frontiers}, volume = {14}, year = {2012}, month = {July 2012}, pages = {527-540}, publisher = {Springer}, abstract = {

Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.

}, keywords = {Content sharing, Digital home, Multimedia, privacy, security}, issn = {1387-3326}, doi = {10.1007/s10796-010-9258-9}, url = {http://www.springerlink.com/content/1785645v5246006u/}, author = {Rodrigo Roman and Javier Lopez and Olivier Dugeon and Marc Lacoste and Pierre Plaza Tron and Marta Bel} } @inproceedings {nunez2012integrating, title = {Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services}, booktitle = {IEEE CloudCom 2012}, year = {2012}, month = {Dec 2012}, pages = {241 - 248}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Taipei, Taiwan}, abstract = {

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users{\textquoteright} identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

}, keywords = {Cloud Computing, Cryptography, identity management, OpenID, privacy, proxy re-encryption}, isbn = {978-1-4673-4511-8}, issn = {978-1-4673-4509-5}, doi = {10.1109/CloudCom.2012.6427551}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez} } @inproceedings {PNajera2009, title = {Secure Integration of RFID Technology in Personal Documentation for Seamless Identity Validation}, booktitle = {3rd Symposium of Ubiquitous Computing and Ambient Intelligence 2008}, series = {Advances in Soft Computing}, volume = {51/2009}, year = {2008}, month = {October}, pages = {134-138}, publisher = {Springer}, organization = {Springer}, address = {Salamanca (Spain)}, abstract = {

Seamless human identification and authentication in the information system is a fundamental step towards the transparent interaction between the user and its context proposed in ambient intelligence. In this context, the IDENTICA project is aimed to the design and implementation of a distributed authentication platform based on biometrics (i.e. voice and facial image) and personal documentation. In this paper, we present our work in this project focused on the secure integration of RFID technology in personal documentation in order to provide seamless identity validation. Our actual work status, first results and future directions are described in detail.

}, keywords = {Biometry, identity verification, privacy, RFID, security}, isbn = {978-3-540-85866-9}, doi = {http://dx.doi.org/10.1007/978-3-540-85867-6_16}, url = {http://www.springerlink.com/content/bx8t243130k07585/}, author = {Pablo Najera and Francisco Moyano and Javier Lopez} }