@article {onieva2019vec, title = {Edge-Assisted Vehicular Networks Security}, journal = {IEEE Internet of Things Journal}, volume = {6}, year = {2019}, month = {10/2019}, pages = {8038-8045}, publisher = {IEEE Computer Society}, abstract = {

Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.

}, keywords = {Critical Infrastructures, Internet of Things, privacy, security, Vehicular Networks}, issn = {2327-4662}, doi = {10.1109/JIOT.2019.2904323}, author = {Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez} } @inproceedings {RubioESORICS2019, title = {Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics}, booktitle = {European Symposium on Research in Computer Security (ESORICS2019)}, volume = {11736}, year = {2019}, month = {09/2019}, pages = {263-280}, doi = {https://doi.org/10.1007/978-3-030-29962-0_13}, author = {Juan E. Rubio and Mark Manulis and Cristina Alcaraz and Javier Lopez} } @article {nunez19, title = {Escrowed decryption protocols for lawful interception of encrypted data}, journal = {IET Information Security}, volume = {13}, year = {2019}, month = {09/2019}, pages = {498 -- 507}, publisher = {IET}, abstract = {

Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called {\textquoteleft}custodians{\textquoteright}; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.

}, issn = {1751-8709}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez} } @article {RomanIoT18, title = {Evolution and Trends in the Security of the Internet of Things}, journal = {IEEE Computer}, volume = {51}, year = {2018}, month = {07/2018}, pages = {16-25}, publisher = {IEEE Computer Society}, address = {New Jersey, USA}, keywords = {Evolution, Internet of Things, IoT, security, Trends}, issn = {0018-9162}, doi = {10.1109/MC.2018.3011051}, url = {https://ieeexplore.ieee.org/document/8423133/}, author = {Rodrigo Roman and Javier Lopez and Stefanos Gritzalis} } @inproceedings {1653, title = {Estado y Evoluci{\'o}n de la Detecci{\'o}n de Intrusiones en los Sistemas Industriales}, booktitle = {III Jornadas Nacionales de Investigaci{\'o}n en Ciberseguridad (JNIC 2017)}, year = {2017}, abstract = {

Debido a la necesidad de proteger los sistemas\ industriales ante amenazas, se hace necesario comprender cual\ es el verdadero alcance de los mecanismos capaces de detectar\ potenciales anomal{\'\i}as e intrusiones. Es por tanto el objetivo de\ este art{\'\i}culo analizar el estado y la evoluci{\'o}n, tanto acad{\'e}mica\ como industrial, de los mecanismos de detecci{\'o}n de intrusiones\ en este campo, as{\'\i}\ como estudiar su aplicabilidad actual y futura.

}, author = {Cristina Alcaraz and Jes{\'u}s Rodriguez and Roman, Rodrigo and Juan E. Rubio} } @article {Lopez2017iotpriv, title = {Evolving privacy: From sensors to the Internet of Things}, journal = {Future Generation Computer Systems}, volume = {75}, year = {2017}, month = {10/2017}, pages = {46{\textendash}57}, publisher = {Elsevier}, abstract = {

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.\ 

}, keywords = {Challenges, Internet of Things, privacy, WSN}, issn = {0167-739X}, doi = {10.1016/j.future.2017.04.045}, author = {Javier Lopez and Ruben Rios and Feng Bao and Guilin Wang} } @article {nunez2016eliciting, title = {Eliciting Metrics for Accountability of Cloud Systems}, journal = {Computers \& Security}, volume = {62}, year = {2016}, month = {08/2016}, pages = {149-164}, publisher = {Elsevier}, abstract = {

Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.\ 

}, issn = {0167-4048}, doi = {10.1016/j.cose.2016.07.003}, author = {David Nu{\~n}ez and Carmen Fernandez-Gago and Jes{\'u}s Luna} } @inproceedings {Rios2016a, title = {Evoluci{\'o}n y nuevos desafios de privacidad en la Internet de las Cosas}, booktitle = {XIV Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n}, year = {2016}, month = {10/2016}, pages = {209-213}, address = {Mah{\'o}n, Menorca, Islas Baleares}, abstract = {

La Internet de las Cosas (en ingl{\'e}s, Internet of Things\ (IoT)) es una evoluci{\'o}n de la Internet tal y como lo conocemos. Esta nueva versi{\'o}n de Internet incorpora objetos de la vida cotidiana, rompiendo as{\'\i} barrera de los digital y extendi{\'e}ndose al mundo f{\'\i}sico. Estos objetos interactuar{\'a}n entre s{\'\i} y con otras entidades tanto de manera local como remota, y estar{\'a}n dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traer{\'a} consigo un sinf{\'\i}n de posibilidades y nuevos servicios, pero tambi{\'e}n dar{\'a} lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este art{\'\i}culo, estudiamos los problemas de privacidad actuales de una de las tecnolog{\'\i}as claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.

}, keywords = {Challenges, Internet of Things, privacy, Sensors}, author = {Ruben Rios and Javier Lopez} } @inproceedings {moyano15SAC, title = {Engineering Trust- and Reputation-based Security Controls for Future Internet Systems}, booktitle = {The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015)}, year = {2015}, month = {08/2015}, pages = {1344-1349}, address = {Salamanca, Spain}, isbn = {978-1-4503-3196-8}, doi = {10.1145/2695664.2695713}, author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel} } @book {1483, title = {Engineering Secure Future Internet Services and Systems- Current Research}, series = {Lecture Notes in Computer Science}, volume = {8431}, number = {Lect.Notes ComputerState-of-the-Art Surveys}, year = {2014}, publisher = {Springer }, organization = {Springer }, abstract = {

This State-of-the-Art Survey contains a selection of papers representing state-of-the-art results in the engineering of secure software-based Future Internet services and systems, produced by the NESSoS project researchers. The engineering approach of the Network of Excellence NESSoS, funded by the European Commission, is based on the principle of addressing security concerns from the very beginning in all software development phases, thus contributing to reduce the amount of software vulnerabilities and enabling the systematic treatment of security needs through the engineering process. The 15 papers included in this volume deal with the main NESSoS research areas: security requirements for Future Internet services; creating secure service architectures and secure service design; supporting programming environments for secure and composable services; enabling security assurance and integrating former results in a risk-aware and cost-aware software life-cycle.

}, author = {Maritta Heisel and Wouter Joosen and Javier Lopez and Fabio Martinelli} } @incollection {moyano14esfi, title = {Engineering Trust-Awareness and Self-adaptability in Services and Systems}, booktitle = {Engineering Secure Future Internet Services and Systems}, volume = {LNCS 8431}, number = {8431}, year = {2014}, month = {03/2014}, pages = {180-209}, publisher = {Springer}, organization = {Springer}, chapter = {8}, abstract = {
The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Models@run.time is a promising model-driven approach that supports the runtime adaptation of distributed, heterogeneous systems. Yet frameworks that accommodate this paradigm have limited support to address security concerns, hindering their usage in real scenarios. We address this challenge by enhancing models@run.time with the concepts of trust and reputation. Trust improves decision-making processes under risk and uncertainty and constitutes a distributed and flexible mechanism that does not entail heavyweight administration. This chapter introduces a trust and reputation framework that is integrated into a distributed component model that implements the models@run.time paradigm, thus allowing software components to include trust in their reasoning process. The framework is illustrated in a smart grid scenario.
}, isbn = {978-3-319-07451-1}, issn = {0302-9743}, doi = {10.1007/978-3-319-07452-8_8}, author = {Francisco Moyano and Carmen Fernandez-Gago and Benoit Baudry and Javier Lopez} } @inproceedings {moyano14smartgridsec, title = {Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements}, booktitle = {Smart Grid Security - Second International Workshop}, series = {LNCS}, volume = {8448}, year = {2014}, month = {Aug}, pages = {166-180}, publisher = {Springer}, organization = {Springer}, address = {Munich}, keywords = {model-driven engineering, problem frames, Reputation, security requirements engineering, Trust, UML4PF}, isbn = {978-3-319-10328-0}, issn = {0302-9743}, doi = {10.1007/978-3-319-10329-7_11}, author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel}, editor = {Jorge Cuellar} } @inproceedings {933, title = {Evaluation of Dynamic Instantiation in CPRM-based Systems}, booktitle = {9th International Conference on Risk and Security of Internet and Systems (CRiSIS{\textquoteright}14)}, volume = {8924}, year = {2014}, pages = {52-66}, publisher = {Springer}, organization = {Springer}, address = {Trento (Italy)}, abstract = {
Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.
}, isbn = {978-3-319-17127-2}, doi = {10.1007/978-3-319-17127-2_4}, url = {http://dx.doi.org/10.1007/978-3-319-17127-2_4}, author = {Ana Nieto} } @article {Galindo2010, title = {On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks}, journal = {Wireless Communications and Mobile Computing}, volume = {12}, year = {2012}, month = {Jan 2012}, pages = {133-143}, publisher = {Wiley}, abstract = {

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).

}, keywords = {identity-based key agreement, key distribution, pairings, underwater wireless sensor networks, wireless sensor networks}, issn = {1530-8669}, doi = {10.1002/wcm.894}, url = {http://dx.doi.org/10.1002/wcm.894}, author = {David Galindo and Rodrigo Roman and Javier Lopez} } @article {Alcaraz2011, title = {An Early Warning System based on Reputation for Energy Control Systems}, journal = {IEEE Transactions on Smart Grid}, volume = {2}, number = {4}, year = {2011}, month = {Nov 2011}, pages = {827-834}, publisher = {IEEE}, abstract = {

Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario.} keywords = {Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.

}, keywords = {Early Warning Systems, Reputation, SCADA Systems, Smart Grid, wireless sensor networks}, issn = {1949-3053}, doi = {10.1109/TSG.2011.2161498}, author = {Cristina Alcaraz and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {1622, title = {Engineering Secure Future Internet Services}, booktitle = {Future Internet Assembly 2011: Achievements and Technological Promises (FIA 2011)}, series = {LNCS}, volume = {6656}, year = {2011}, pages = {177-191}, publisher = {Springer Berlin Heidelberg}, organization = {Springer Berlin Heidelberg}, address = {Budapest}, abstract = {

In this paper we analyze the need and the opportunity forestablishing a discipline for engineering secure Future Internet Services,typically based on research in the areas of software engineering, of serviceengineering and security engineering. Generic solutions that ignore thecharacteristics of Future Internet services will fail, yet it seems obviousto build on best practices and results that have emerged from variousresearch communities.The paper sketches various lines of research and strands within each lineto illustrate the needs and to sketch a community wide research plan. Itwill be essential to integrate various activities that need to be addressedin the scope of secure service engineering into comprehensive softwareand service life cycle support. Such a life cycle support must deliverassurance to the stakeholders and enable risk and cost management forthe business stakeholders in particular. The paper should be considereda call for contribution to any researcher in the related sub domains inorder to jointly enable the security and trustworthiness of Future Internetservices.

}, isbn = {978-3-642-20897-3}, issn = {0302-9743}, author = {W. Joosen and Javier Lopez and F. Martinelli and F. Massacci} } @article {Rios2011b, title = {Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks}, journal = {The Computer Journal}, volume = {54}, year = {2011}, month = {Sept 2011}, pages = {1603-1615}, publisher = {Oxford University Press}, abstract = {

The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.

}, keywords = {Context-Awareness, Location Privacy, wireless sensor networks}, issn = {0010-4620}, doi = {10.1093/comjnl/bxr055}, author = {Ruben Rios and Javier Lopez} } @inproceedings {Alcaraz2010b, title = {Early Warning System for Cascading Effect Control in Energy Control Systems}, booktitle = {5th International conference on Critical Information Infrastructures Security (CRITIS{\textquoteright}10)}, series = {LNCS}, volume = {6712}, year = {2010}, month = {September}, pages = {55-67}, publisher = {Springer}, organization = {Springer}, address = {Athens, Greece}, abstract = {

A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

}, keywords = {Cascading Effect, Early Warning System, Energy Control Systems, Forensic Techniques, SCADA Systems, Wireless Sensor Network}, isbn = {978-3-642-21693-0}, issn = {0302-9743}, url = {http://critis.net/2010/}, author = {Cristina Alcaraz and Angel Balastegui and Javier Lopez} } @proceedings {1604, title = {Emerging Challenges for Security, Privacy and Trust, 24th IFIP TC 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18-20, 2009. Proceedings}, journal = {SEC}, volume = {297}, year = {2009}, publisher = {Springer}, isbn = {978-3-642-01243-3}, doi = {10.1007/978-3-642-01244-0}, editor = {Dimitris Gritzalis and Javier Lopez} } @inproceedings {rosado2009e, title = {Extensi{\'o}n UML para Casos de Uso Reutilizables en entornos Grid M{\'o}viles Seguros}, booktitle = {XIV Jornadas de Ingenier{\'\i}a del Software y Bases de Datos (JISBD 2009)}, year = {2009}, month = {September}, pages = {331-342}, publisher = {Antonio Vallecillo and Goiuria Sagardui (Eds.)}, organization = {Antonio Vallecillo and Goiuria Sagardui (Eds.)}, address = {San Sebasti{\'a}n, Espa{\~n}a}, abstract = {

Los sistemas Grid nos permiten construir sistemas complejos concaracter{\'\i}sticas diferenciadoras (interoperabilidad entre m{\'u}ltiples dominios deseguridad, autenticaci{\'o}n y autorizaci{\'o}n a trav{\'e}s de dominios, sistema din{\'a}micoy heterog{\'e}neo, etc.). Con el desarrollo de la tecnolog{\'\i}a wireless y losdispositivos m{\'o}viles, el Grid llega a ser el candidato perfecto para que losusuarios m{\'o}viles puedan realizar trabajos complejos, a la vez que a{\~n}aden nuevacapacidad computacional al Grid. Estamos construyendo un proceso completode desarrollo para sistemas Grid m{\'o}viles seguros, y una de las actividades es elan{\'a}lisis de requisitos, que est{\'a} basado en casos de uso reutilizables. En esteart{\'\i}culo, presentaremos una extensi{\'o}n UML para casos de uso de seguridad yGrid, los cuales capturan el comportamiento de este tipo de sistemas. Estaextensi{\'o}n UML est{\'a} siendo aplicado a un caso real para construir diagramas decasos de uso de la aplicaci{\'o}n, incorporando los aspectos de seguridadnecesarios.

}, isbn = {978-84-692-4211-7}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez} } @article {Agudo2008d, title = {Enabling Attribute Delegation in Ubiquitous Environments}, journal = {Mobile Networks and Applications}, volume = {13}, number = {3-4}, year = {2008}, month = {August}, pages = {398-410}, publisher = {Springer}, abstract = {

When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

}, keywords = {attribute based authorization, delegation, federation}, issn = {1383-469X}, doi = {10.1007/s11036-008-0062-4}, author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro} } @inproceedings {rosado2008a, title = {Engineering Process Based On Grid Use Cases For Mobile Grid Systems}, booktitle = {Third International Conference on Software and Data Technologies (ICSOFT{\textquoteright}08)}, year = {2008}, pages = {146-151}, publisher = {Springer}, organization = {Springer}, address = {Porto, Portugal}, abstract = {

The interest to incorporate mobile devices into Grid systems has arisen with two main purposes. The firstone is to enrich users of these devices while the other is that of enriching the own Grid infrastructure.Security of these systems, due to their distributed and open nature, is considered a topic of great interest. Aformal approach to security in the software life cycle is essential to protect corporate resources. However,little attention has been paid to this aspect of software development. Due to its criticality, security should beintegrated as a formal approach into the software life cycle. We are developing a methodology ofdevelopment for secure mobile Grid computing based systems that helps to design and build secure Gridsystems with support for mobile devices directed by use cases and security use cases and focused onservice-oriented security architecture. In this paper, we will present one of the first steps of ourmethodology consisting of analyzing security requirements of mobile grid systems. This analysis will allowus to obtain a set of security requirements that our methodology must cover and implement.

}, isbn = {978-3-642-05200-2}, issn = {1865-0929}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez and Mario Piattini} } @inproceedings {Galindo2008a, title = {An Evaluation of the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks}, booktitle = {X Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (RECSI{\textquoteright}08)}, year = {2008}, month = {September}, pages = {231-236}, address = {Salamanca (Spain)}, abstract = {

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, the energy saving of computationally inexpensive security primitives (like those using symmetric key cryptography) can be nullified by the bigger amount of data they require to be sent. In this work we study the energy cost of key agreement protocols between peers in a network using public key cryptography techniques. Our concern is to reduce the amount of data to be exchanged. Our main news is that a computationally very demanding security primitive, such as identity-based authenticated key exchange, can present energy-wise a better performance than traditional public key based key exchange in realistic scenarios such as Underwater Wireless Sensor Networks. Such a result is not to be expected in wired networks.

}, author = {David Galindo and Rodrigo Roman and Javier Lopez} } @inproceedings {Agudo2008b, title = {An Evolutionary Trust and Distrust Model}, booktitle = {4th Workshop on Security and Trust Management (STM{\textquoteright}08)}, series = {ENTCS}, volume = {224}, year = {2008}, pages = {3-12}, publisher = {Elsevier}, organization = {Elsevier}, address = {Trondheim, Norway}, abstract = {

In this paper we propose a trust model, where besides considering trust and distrust, we also consider another parameter that measures the reliability on the stability of trust or distrust. The inclusion of this new parameter will allow us to use trust in a more accurate way. We consider trust is not static but dynamic and trust values can change along time. Thus, we will also take time into account, using it as a parameter of our model. There is very little work done about the inclusion of time as an influence on trust. We will show the applicability of our model in the scenario of the process of reviewing papers for a conference. Sometimes for these kind of processes the Chair of the conference should first find the suitable reviewers. He can make this selection by using our model. Once the reviewers are selected they send out their reviews to the Chair who can also use our model in order to make the final decision about acceptance of papers.

}, issn = {1571-0661}, doi = {10.1016/j.entcs.2009.07.034}, author = {Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez} } @article {Zhou2007, title = {An Effective Multi-layered Defense Framework Against Spam}, journal = {Information Security Technical Report}, volume = {12}, number = {3}, year = {2007}, pages = {179-185}, publisher = {Elsevier}, abstract = {

Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users{\textquoteright} overheads.

}, keywords = {Network Security, Security service, Spam}, issn = {1363-4127}, doi = {10.1016/j.istr.2007.05.007}, url = {http://www.sciencedirect.com/science/article/B6VJC-4NS2GR9-1/2/d542b6d1b936f796cad17284a6edbc69}, author = {Jianying Zhou and Wee-Yung Chin and Rodrigo Roman and Javier Lopez} } @inproceedings {MildreyCarbonell2007a, title = {Estimation of TTP Features in Non-repudiation Service}, booktitle = {7th International Conference on Computational Science and Its Applications (ICCSA{\textquoteright}07)}, series = {LNCS}, volume = {4706}, year = {2007}, pages = {549-558}, publisher = {Springer}, organization = {Springer}, abstract = {In order to achieve a high performance in a real implementation of the non-repudiation service it is necessary to estimate timeouts, TTP features, publication key time, number of originators and recipients, and other relevant parameters. An initial work of the authors focused on a basic event-oriented simulation model for the estimation of timeouts. In the actual work, we present a set of extensions to that basic model for the estimation of the TTP features (storage capacity and ftp connection capacity). We present and analyze the new and valuable results obtained.}, author = {Mildrey Carbonell and Jose Maria Sierra and Jose A. Onieva and Javier Lopez and Jianying Zhou} } @inproceedings {JoseA.Onieva2006a, title = {Extension de una plataforma DRM basada en OMA con servicios de No Repudio}, booktitle = {IX Reunion Espa{\~n}ola sobre Criptologia y Seguridad de la Informacion (RECSI{\textquoteright}06)}, year = {2006}, pages = {129-141}, publisher = {UOC S.L.}, organization = {UOC S.L.}, abstract = {

Digital Rights Management (DRM) es un t\érmino general para cualesquiera de las soluciones que permite a un vendedor de contenido en forma electr\ónica controlar el material y restringir su uso de distintas maneras. Estas soluciones son posibles, por un lado gracias a t\écnicas de la Seguridad de la Informaci\ón, principalmente cifrado de datos, y por otro a la distribuci\ón, de manera independiente, de contenido y derechos digitales. Esto permite que los consumidores puedan acceder libremente al contenido, pero s\ólo aquellos que adquieran el derecho digital apropiado (RO) podr\án procesarlo. Como servicio de seguridad considerado en diversas capas del marco de seguridad definido por la recomendaci\ón ITU X.805, casi todas las aplicaciones necesitan considerar la propiedad de no repudio en las etapas iniciales de su dise\ño. Desafortunadamente, esto no ha sido as\í en general, y m\ás concretamente en especificaciones DRM; debido a consideraciones en la pr\áctica y al tipo de contenido a distribuir. Analizamos este servicio para un marco de DRM y proporcionamos una soluci\ón que permita que la adquisici\ón de derechos digitales sea un operaci\ón que no pueda repudiarse.

}, keywords = {aplicaciones moviles, comercio electronico seguro, digital rights management, no repudio}, author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou} } @inproceedings {Roman2005c, title = {Especificaci{\'o}n de Sistemas Electr{\'o}nicos de Microdonaciones}, booktitle = {III Simposio Espa{\~n}ol de Comercio Electr{\'o}nico}, year = {2005}, month = {June}, pages = {95-104}, address = {Palma (Spain)}, abstract = {

Los sistemas electr{\'o}nicos de pago permiten que un comprador adquiera a un vendedor una serie de productos y servicios de forma virtual. Sin embargo, estos sistemas no tienen en cuenta el escenario en el que un comprador se convierte en donante, accediendo al servicio de forma gratuita. En este art{\'\i}culo se presenta el concepto y caracter{\'\i}sticas de las microdonaciones, o la donaci{\'o}n de cantidades tan peque{\~n}as como un c{\'e}ntimo de euro en el contexto del comercio electr{\'o}nico. Tambi{\'e}n se muestra como la microdonaci{\'o}n es algo necesario en el contexto actual de Internet, y como es posible su implementaci{\'o}n bas{\'a}ndose en sistemas de micropago.

}, author = {Rodrigo Roman and Javier Lopez} } @inproceedings {Onieva2005, title = {Extending an OMA-based DRM Framework with Non-Repudiation Services}, booktitle = {5th Symposium on Signal Processing and Information Technology (ISSPIT{\textquoteright}05)}, year = {2005}, pages = {472-477}, publisher = {IEEE}, organization = {IEEE}, abstract = {

Digital Rights Management (DRM) is an umbrella term for any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in various ways that can be specified by the vendor. These arrangements are provided through security techniques, mainly encryption, and the distribution, in a detached manner, of content and rights. This allows free access to the content by the consumers, but only those carrying the proper Right Object (RO) will be able to process such content. As a security service considered in different layers of the security framework defined by ITU X.805, almost all applications need to consider non-repudiation in the very beginning of their design. Unfortunately this has not been done so far in DRM specifications due to practical issues and the type of content distributed. We analyze this service for the a DRM framework and provide a solution which allows the right objects acquisition to be undeniable.

}, keywords = {digital rights management, Mobile applications, Non-repudiation, Secure electronic commerce}, author = {Jose A. Onieva and Jianying Zhou and Javier Lopez and Rodrigo Roman} } @inproceedings {Onieva2004b, title = {Enhancing Certified Email Service for Timeliness and Multicast}, booktitle = {Fourth International Network Conference}, year = {2004}, pages = {327-335}, publisher = {University of Plymouth}, organization = {University of Plymouth}, abstract = {

Certified email is a value-added service of ordinary email, in which a sender wants to obtain a receipt from a recipient. Fair exchange protocols are a key component for certified email service to ensure fairness, i.e., the items held by two parties are exchanged without one party obtaining an advantage. We can find in the literature simple and fast optimistic protocols for fair electronic exchange and, more specifically, for certified electronic mail (CEM) and electronic contract signing (ECS). We have observed that some aspects of those protocols could be substantially improved. This paper presents two major contributions. Firstly, we provide a solution that allows both parties to end the protocol timely in an asynchronous way. Then, we extend the certified email service to the multicast scenario.

}, keywords = {Asynchronous timeliness, Certified Email, fair exchange, Multiparty protocol}, author = {Jose A. Onieva and Jianying Zhou and Javier Lopez} } @inproceedings {1735, title = {Especificaci{\'o}n formal y verificaci{\'o}n de requisitos de Seguridad}, booktitle = {VIII Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la Informaci{\'o}n (VIII RECSI)}, year = {2004}, month = {Sep 2004}, pages = {225-235}, address = {Madrid (Spain)}, isbn = {84-7978-650-7}, author = {Isaac Agudo and Javier Lopez and Juan J. Ortega} } @inproceedings {SigridGuergens1999, title = {Efficient Detection of Failure Modes in Electronic Commerce Protocols}, booktitle = {IEEE International Workshop on Electronic Commerce and Security}, year = {1999}, month = {September}, pages = {850-857}, publisher = {IEEE Press}, organization = {IEEE Press}, address = {Florence, Italy}, abstract = {The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smartcards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.}, author = {Sigrid Gurgens and Javier Lopez and Rene Peralta} }