@article {morales2023psi, title = {Private set intersection: A systematic literature review}, journal = {Computer Science Review}, volume = {49}, number = {100567}, year = {2023}, month = {05/2023}, publisher = {Elsevier}, type = {Review}, address = {ScienceDirect}, abstract = {Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.}, keywords = {privacy, Private set intersection, Secure Multiparty computation, security}, issn = {1574-0137}, doi = {https://doi.org/10.1016/j.cosrev.2023.100567}, url = {https://www.sciencedirect.com/science/article/pii/S1574013723000345}, author = {Daniel Morales and Isaac Agudo and Javier Lopez} } @inproceedings {1835, title = {Personalized Computer Security Tasks with Automatic Evaluation and Feedback}, booktitle = {International Conference on Information Systems Education and Research (AIS SIGED 2019)}, year = {2019}, month = {12/2019}, keywords = {autonomy, evaluation, feedback, learn by doing, Moodle, self-learning}, isbn = {978-1-7343123-0-0}, author = {Isaac Agudo and Ruben Rios and Ana Nieto} } @inproceedings {morales2019, title = {Prueba de concepto de Autoridad de Certificaci{\'o}n usando Computaci{\'o}n Segura Multiparte}, booktitle = {XIV Jornadas de Ingenier{\'\i}a Telem{\'a}tica}, year = {2019}, month = {10/2019}, pages = {50-53}, address = {Zaragoza}, abstract = {Este trabajo pretende analizar el paradigma de la Computaci{\'o}n Segura Multiparte y sus posibles aplicaciones en el campo de la criptograf{\'\i}a. Se plantea como modelo alternativo, mas escalable y seguro al uso de m{\'o}dulos hardware de seguridad para aplicaciones que requieran de Terceras Partes Confiables. Concretamente, se ha integrado un protocolo de criptograf{\'\i}a RSA multiparte con la librer{\'\i}a certbuilder, para la creaci{\'o}n de certificados X.509. De esta forma se asegura que la creaci{\'o}n de los certificados ra{\'\i}z de la Infraestructura de Clave Publica se realiza de forma que la generaci{\'o}n de claves y firma de este se ejecute {\'\i}ntegramente sobre el sistema multiparte, con un modelo de tres partes que trabaja con circuitos aritm{\'e}ticos, sin que ninguna de ellas, de forma aislada, tenga posibilidad de comprometer la clave privada correspondiente. Para comprobar la viabilidad del sistema se han realizado pruebas de generaci{\'o}n de certificados con diferentes longitudes de clave, siendo el proceso determinante la creaci{\'o}n de las claves. Los elevados tiempos hacen que una aplicaci{\'o}n como esta no sea asumible en otros escenarios, pero creemos que para el caso de la creaci{\'o}n de los certificados ra{\'\i}z de una infraestructura de clave p{\'u}blica las garant{\'\i}as avanzadas de seguridad compensan el tiempo extra. }, keywords = {privacy, Secure Multiparty computation}, isbn = {978-84-09-21112-8}, doi = {10.26754/uz.978-84-09-21112-8}, author = {Daniel Morales and Isaac Agudo} } @article {nunez2017proxy, title = {Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation}, journal = {Journal of Network and Computer Applications}, volume = {87}, year = {2017}, month = {06/2017}, pages = {193-209}, publisher = {Elsevier}, abstract = {
This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.\
Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from {\textquoteleft}{\textquoteleft}plain{\textquoteright}{\textquoteright} IND-CPA to {\textquoteleft}{\textquoteleft}full{\textquoteright}{\textquoteright} IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent {\textquoteleft}{\textquoteleft}CCA1- secure{\textquoteright}{\textquoteright} scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.
}, isbn = { 978-1-4673-7538-2}, issn = {1063-6900}, doi = {10.1109/CSF.2015.27}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez} } @incollection {nunez15privacy, title = {Privacy-Preserving Identity Management as a Service}, booktitle = {Accountability and Security in the Cloud}, series = {Lecture Notes in Computer Science}, volume = {8937}, year = {2015}, pages = {114-125}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, abstract = {In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.
}, keywords = {Cloud Computing, Cryptography, Identity Management as a Service, privacy}, isbn = {978-3-319-17198-2}, doi = {10.1007/978-3-319-17199-9_5}, url = {http://dx.doi.org/10.1007/978-3-319-17199-9_5}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez}, editor = {Massimo Felici and Carmen Fernandez-Gago} } @proceedings {421, title = {Procedings of the 10th European Workshop on Public Key Infrastructures, Services and Applications}, journal = {10th European Workshop on Public Key Infrastructures, Services and Applications}, volume = {8341}, year = {2014}, publisher = {Springer}, edition = {LNCS}, isbn = {978-3-642-53996-1}, doi = {10.1007/978-3-642-53997-8}, author = {Sokratis Katsikas and Isaac Agudo} } @article {agudo2013, title = {A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control}, journal = {Computers \& Security}, volume = {39 (B)}, year = {2013}, month = {11/2013}, pages = {117-126}, publisher = {Elsevier}, abstract = {Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.
}, issn = {0167-4048}, doi = {10.1016/j.cose.2013.05.004}, author = {Isaac Agudo and Ruben Rios and Javier Lopez} } @inproceedings {IsaacAgudo2006a, title = {Pol{\'\i}ticas de delegaci{\'o}n para credenciales ponderadas y su representaci{\'o}n gr{\'a}fica}, booktitle = {IX Reuni{\'o}n Espa{\~n}ola sobre Criptolog{\'\i}a y Seguridad de la informaci{\'o}n (RECSI{\textquoteright}06)}, year = {2006}, month = {Septiembre}, pages = {311-322}, address = {Barcelona, Spain}, isbn = {84-9788-502-3}, author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro} }