@article {ishak22, title = {Learning multi-party adversarial encryption and its application to secret sharing}, journal = {IEEE Access }, year = {2022}, publisher = {IEEE}, abstract = {

Neural networks based cryptography has seen a significant growth since the introduction of adversarial cryptography which makes use of Generative Adversarial Networks (GANs) to build neural networks that can learn encryption. The encryption has been proven weak at first but many follow up works have shown that the neural networks can be made to learn the One Time Pad (OTP) and produce perfectly secure ciphertexts. To the best of our knowledge, existing works only considered communications between two or three parties. In this paper, we show how multiple neural networks in an adversarial setup can remotely synchronize and establish a perfectly secure communication in the presence of different attackers eavesdropping their communication. As an application, we show how to build Secret Sharing Scheme based on this perfectly secure multi-party communication. The results show that it takes around 45,000 training steps for 4 neural networks to synchronize and reach equilibria. When reaching equilibria, all the neural networks are able to communicate between each other and the attackers are not able to break the ciphertexts exchanged between them.

}, keywords = {Cryptography, Encryption, Generative Adversarial Networks, Kernel, Mathematical models, Neural networks, Secret Sharing, Synchronization, Training}, issn = {2169-3536}, doi = {10.1109/ACCESS.2022.3223430}, url = {https://doi.org/10.1109/ACCESS.2022.3223430}, author = {Ishak Meraouche and Sabyasachi Dutta and Sraban Kumar Mohanty and Isaac Agudo and Kouichi Sakurai} } @inproceedings {nunez2017sistema, title = {Sistema de Acceso Delegado a Informaci{\'o}n Cifrada para Apache Hadoop}, booktitle = {III Jornadas Nacionales de Investigaci{\'o}n en Ciberseguridad}, year = {2017}, month = {06/2017}, pages = {174-175}, publisher = {URJC}, organization = {URJC}, address = {Madrid}, abstract = {

En este art{\'\i}culo presentamos un sistema que permite delegaci{\'o}n de acceso a informaci{\'o}n cifrada para Apache Hadoop, de forma segura y transparente al usuario. Para ello usamos t{\'e}cnicas criptogr{\'a}ficas avanzadas basadas en el recifrado delegado.\ Con este sistema, es posible almacenar en Hadoop los datos de forma cifrada y delegar de forma segura el acceso a los nodos de computaci{\'o}n.\ El funcionamiento es transparente ya que se integra con la capa del sistema de ficheros nativa HDFS.\ Adem{\'a}s, el recifrado delegado permite hacer rotaci{\'o}n de claves de cifrado de forma segura y r{\'a}pida.

}, keywords = {Big Data, Cryptography, Hadoop, proxy re-encryption}, isbn = {978-84-608-4659-8}, url = {http://hdl.handle.net/10115/14540}, author = {David Nu{\~n}ez and Isaac Agudo and Michael Egorov and MacLane Wilkison} } @incollection {nunez15privacy, title = {Privacy-Preserving Identity Management as a Service}, booktitle = {Accountability and Security in the Cloud}, series = {Lecture Notes in Computer Science}, volume = {8937}, year = {2015}, pages = {114-125}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, abstract = {

In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.

}, keywords = {Cloud Computing, Cryptography, Identity Management as a Service, privacy}, isbn = {978-3-319-17198-2}, doi = {10.1007/978-3-319-17199-9_5}, url = {http://dx.doi.org/10.1007/978-3-319-17199-9_5}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez}, editor = {Massimo Felici and Carmen Fernandez-Gago} } @inproceedings {nunez2012integrating, title = {Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services}, booktitle = {IEEE CloudCom 2012}, year = {2012}, month = {Dec 2012}, pages = {241 - 248}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Taipei, Taiwan}, abstract = {

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users{\textquoteright} identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

}, keywords = {Cloud Computing, Cryptography, identity management, OpenID, privacy, proxy re-encryption}, isbn = {978-1-4673-4511-8}, issn = {978-1-4673-4509-5}, doi = {10.1109/CloudCom.2012.6427551}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez} } @inproceedings {1643, title = {Managing Incidents in Smart Grids {\`a} la Cloud}, booktitle = {IEEE CloudCom 2011}, year = {2011}, month = {Nov-Dec 2011}, pages = {527-531}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Athens, Greece}, abstract = {

During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.

}, keywords = {Cloud Computing, Cryptography, Incident Management, SCADA Systems, Searchable Encryption, Smart Grid}, isbn = {978-0-7695-4622-3}, doi = {10.1109/CloudCom.2011.79}, author = {Cristina Alcaraz and Isaac Agudo and David Nu{\~n}ez and Javier Lopez} }