@inproceedings {morales2022cc, title = {Real-time Crowd Counting based on Wearable Ephemeral IDs}, booktitle = {19th International Conference on Security and Cryptography (SECRYPT 2022)}, year = {2022}, month = {07/2022}, pages = {249-260}, publisher = {Scitepress}, organization = {Scitepress}, address = {Lisbon}, abstract = {Crowd Counting is a very interesting problem aiming at counting people typically based on density averages and/or aerial images. This is very useful to prevent crowd crushes, especially on urban environments with high crowd density, or to count people in public demonstrations. In addition, in the last years, it has become of paramount importance for pandemic management. For those reasons, giving users automatic mechanisms to anticipate high risk situations is essential. In this work, we analyze ID-based Crowd Counting, and propose a real-time Crowd Counting system based on the Ephemeral ID broadcast by contact tracing applications on wearable devices. We also performed some simulations that show the accuracy of our system in different situations. }, keywords = {Crowd Counting, IDS, Pandemics, privacy, Secure Multiparty computation}, isbn = {978-989-758-590-6}, issn = {2184-7711}, doi = {10.5220/0011327200003283}, author = {Daniel Morales and Isaac Agudo and Javier Lopez} } @incollection {1844, title = {Risk Assessment for IoT-Enabled Cyber-Physical Systems}, booktitle = {Advances in Core Computer Science-Based Technologies}, year = {2021}, pages = {157-173}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, address = {Cham}, abstract = {

Internet of Things (IoT) technologies have enabled Cyber-Physical Systems (CPS) to become fully interconnected. This connectivity however has radically changed their threat landscape. Existing risk assessment methodologies often fail to identify various attack paths that stem from the new connectivity/functionality features of IoT-enabled CPS. Even worse, due to their inherent characteristics, IoT systems are usually the weakest link in the security chain and thus many attacks utilize IoT technologies as their key enabler. In this paper we review risk assessment methodologies for IoT-enabled CPS. In addition, based on our previous work (Stellios et al. in IEEE Commun Surv Tutor 20:3453{\textendash}3495, 2018, [47]) on modeling IoT-enabled cyberattacks, we present a high-level risk assessment approach, specifically suited for IoT-enabled CPS. The mail goal is to enable an assessor to identify and assess\ non-obvious(indirect or subliminal) attack paths introduced by IoT technologies, that usually target mission critical components of an CPS.

}, keywords = {Critical Infrastructures, Cyber Physical Systems (CPS), Internet of Things (IoT), Risk assessment Attack paths}, isbn = {978-3-030-41196-1}, doi = {10.1007/978-3-030-41196-1_8}, url = {https://doi.org/10.1007/978-3-030-41196-1_8}, author = {Ioannis Stellios and Panayiotis Kotzanikolaou and Mihalis Psarakis and Cristina Alcaraz} } @article {transactionInformaticsSG2018, title = {A Resilient Architecture for the Smart Grid}, journal = {IEEE Transactions on Industrial Informatics}, volume = {14}, year = {2018}, month = {08/2019}, pages = {3745-3753}, publisher = {IEEE}, type = {Journal}, abstract = {

The Smart Grid offers many benefits due to the bidirectional communication between the users and the utility company, which makes it possible to perform a fine-grain consumption metering. This can be used for Demand Response purposes with the generation and delivery of electricity in real time. It is essential to rapidly anticipate high peaks of demand or potential attacks, so as to avoid power outages and denial of service, while effectively supplying consumption areas. In this paper, we propose a novel architecture where cloud computing resources are leveraged (and tested in practice) to enable, on the one hand, the consumption prediction through time series forecasting, as well as load balancing to uniformly distribute the demand over a set of available generators. On the other and,\ it also allows the detection of connectivity losses and intrusions within the control network by using controllability concepts.

}, issn = {1551-3203}, doi = {10.1109/TII.2018.2826226}, author = {Javier Lopez and Juan E. Rubio and Cristina Alcaraz} } @article {rubiorecommender17, title = {Recommender System for Privacy-Preserving Solutions in Smart Metering}, journal = {Pervasive and Mobile Computing}, volume = {41}, year = {2017}, month = {10/2017}, pages = {205-218}, publisher = {Pervasive and Mobile Computing}, abstract = {

Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.

}, issn = {1574-1192}, author = {Juan E. Rubio and Cristina Alcaraz and Javier Lopez} } @inproceedings {1648, title = {Requisitos y soluciones de privacidad para la testificaci{\'o}n digital}, booktitle = {III Jornadas Nacionales de Investigaci{\'o}n en Ciberseguridad (JNIC 2017)}, volume = {Actas del JNIC 2017}, year = {2017}, pages = {51-58}, publisher = { Servicio de Publicaciones de la URJC}, organization = { Servicio de Publicaciones de la URJC}, address = {Madrid (Spain)}, isbn = {978-84-608-4659-8}, url = {https://eciencia.urjc.es/handle/10115/14540}, author = {Ana Nieto and Ruben Rios} } @article {Alcaraz:2017:IJCIS, title = {Resilient Industrial Control Systems based on Multiple Redundancy}, journal = {International Journal of Critical Infrastructures (IJCIS)}, volume = {13}, number = {2/3}, year = {2017}, month = {11/2017}, pages = {278 - 295}, publisher = {Inderscience Publisher}, address = {London, UK}, abstract = {

The incessant search for cost-effective recovery solutions for structural\ controllability has led to one of the most challenging research areas within the\ field of critical infrastructure protection. The resilience of large heterogeneous\ distributions, like industrial control scenarios, is proving to be a complicated\ mission due to the inherent non-locality problems of structural controllability and\ its susceptibility to advanced threats. To address these issues, this paper proposes a\ new repair approach based on multiple redundant pathways and the lessons learnt\ from the work presented in [1]. From [1], we have adapted the local measures, to\ combine them with each of the five strategies of remote reconnection described in\ this paper. To validate the sustainability of the combined approaches, two practical\ case studies are presented here, showing that a local dependence on a brother\ driver node together with remote dependence is enough to reach optimal states\ in linear times.

}, issn = {1741-8038}, doi = {http://dx.doi.org/10.1504/IJCIS.2017.10009287}, author = {Cristina Alcaraz} } @article {Alcaraz2017COSE, title = {Resilient Interconnection in Cyber-Physical Control Systems}, journal = {Computers \& Security}, volume = {71}, year = {2017}, month = {11/2017}, pages = {2-14}, publisher = {Elsevier}, abstract = {

Secure interconnection between multiple cyber-physical systems has become a\ fundamental requirement in many critical infrastructures, where security may be\ centralized in a few nodes of the system. These nodes could, for\ example, have\ the mission of addressing the authorization services required for access in highlyrestricted\ remote substations. For this reason, the main aim of this paper is to unify\ all these features, together with the resilience measures so as to provide control\ at all times under a limited access in the field and avoid congestion. Concretely,\ we present here an optimal reachability-based restoration approach, capable of\ restoring the structural control in linear times taking into account: structural controllability,\ the supernode theory, the good practices of the IEC-62351 standard\ and the contextual conditions. For context management, a new attribute is specified\ to provide a more complete authorization service based on a practical policy,\ role and attribute-based access control (PBAC + RBAC + ABAC). To validate\ the approach, two case studies are also discussed under two strategic adversarial\ models.

}, issn = {0167-4048}, doi = {https://doi.org/10.1016/j.cose.2017.03.004}, url = {http://www.sciencedirect.com/science/article/pii/S0167404817300573}, author = {Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo} } @article {NNMSVRLS, title = {Relay Selection for Secure 5G Green Communications}, journal = {Telecommunication Systems }, volume = {59}, year = {2015}, month = {05/2015}, pages = {169-187}, publisher = {Springer US}, abstract = {

In this article, we present relay selection policies in applications with secrecy requirements which are of interest in the fifth generation (5G) of wireless networks. More specifically, we provide a classification of relays based on their distinct communication attributes, such as processing, multiple antennas, storage, channel estimation, density and security level. In addition, we discuss the level of efficiency exhibited by each relay class, regarding their impact in delay-critical applications and green communications applications, while aiming at a specific security level at the physical layer. Then, relay selection policies are proposed taking into consideration the goals set by each application. Numerical evaluation of the proposed policies in terms of the average secrecy rate, average delay and power reduction show improved performance compared to other state-of-the-art solutions.\ 

}, keywords = {5G relays, Delay-critical, Power-efficient communications, Relay selection, security}, issn = {1018-4864}, doi = {10.1007/s11235-014-9890-7}, url = {http://dx.doi.org/10.1007/s11235-014-9890-7}, author = {Nikolaos Nomikos and Ana Nieto and Prodromos Makris and Dimitrios N. Skoutas and Demosthenes Vouyioukas and Panagiotis Rizomiliotis and Javier Lopez and Charalambos Skianis} } @inproceedings {430, title = {Recovery of Structural Controllability for Control Systems}, booktitle = {Eighth IFIP WG 11.10 International Conference on Critical Infrastructure Protection, SRI International, Arlington, Virginia, USA }, volume = {441}, year = {2014}, pages = {47-63}, publisher = {Springer}, organization = {Springer}, address = {Arlington, Virginia, USA}, abstract = {

Fundamental problems in control systems theory are controllability and observability, and designing control systems so that these properties are satisfied or approximated sufficiently. However, it is prudent to as- sume that an attacker will not only be able to subvert measurements but also control the system. Moreover, an advanced adversary with an understanding of the control system may seek to take over control of the entire system or parts thereof, or deny the legitimate operator this capability. The effectiveness of such attacks has been demonstrated in previous work. Indeed, these attacks cannot be ruled out given the likely existence of unknown vulnerabilities, increasing connectivity of nominally air-gapped systems and supply chain issues. The ability to rapidly recover control after an attack has been initiated and to detect an adversary{\textquoteright}s presence is, therefore, critical. This paper focuses on the problem of structural controllability, which has recently attracted substantial attention through the equivalent problem of the power dom- inating set introduced in the context of electrical power network control. However, these problems are known to be NP-hard with poor approx- imability. Given their relevance to many networks, especially power networks, this paper studies strategies for the efficient restoration of controllability following attacks and attacker-defender interactions in power-law networks.\ 

}, keywords = {Control systems, power domination, resilience, structural controllability}, isbn = {978-3-662-45354-4}, issn = {1868-4238}, doi = {http://dx.doi.org/10.1007/978-3-662-45355-1_4}, author = {Cristina Alcaraz and Stephen Wolthusen} } @inproceedings {Rios2012d, title = {Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN}, booktitle = {17th European Symposium on Research in Computer Security (ESORICS 2012)}, series = {LNCS}, volume = {7459}, year = {2012}, month = {Sep 2012}, pages = {163-180}, publisher = {Springer}, organization = {Springer}, address = {Pisa, Italy}, abstract = {

The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.

}, isbn = {978-3-642-33167-1}, issn = {0302-9743}, doi = {10.1007/978-3-642-33167-1_10}, author = {Ruben Rios and Jorge Cuellar and Javier Lopez}, editor = {Sara Foresti and Moti Yung and Fabio Martinelli} } @article {Najera2010, title = {Real-time Location and Inpatient Care Systems Based on Passive RFID}, journal = {Journal of Network and Computer Applications}, volume = {34}, year = {2011}, pages = {pp. 980-989}, publisher = {Elsevier}, abstract = {

RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient{\textquoteright}s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient{\textquoteright}s safety. Considerations regarding lessons learned and challenges faced are exposed.

}, keywords = {EPC Gen1\&2 performance, Hospital information system, Inpatient management, Medical asset management, Real-time location system}, issn = {1084-8045}, doi = {http://dx.doi.org/10.1016/j.jnca.2010.04.011}, url = {http://www.sciencedirect.com/science/article/B6WKB-5023KSB-1/2/3b970ad38b2ce768888c4eec24ea472a}, author = {Pablo Najera and Javier Lopez} } @inproceedings {rosado2009b, title = {Reusable Security Use Cases for Mobile Grid environments}, booktitle = {Workshop on Software Engineering for Secure Systems}, year = {2009}, pages = {1-8}, publisher = {IEEE}, organization = {IEEE}, address = {Vancouver, Canada}, abstract = {

Due to the growing complexity of softwaredevelopment, developing software through systematicprocesses is becoming more and more important.Likewise, it is important that the development processused integrates security aspects from the first stages atthe same level as other functional and non-functionalrequirements. In the last years, GRID technology hasshown to be the most important one and it allows us tobuild very complex information systems with differentand remarkable features (interoperability betweenmultiple security domains, cross-domainauthentication and authorization, dynamic,heterogeneous and limited mobile devices, etc).Traditionally, systems based on GRID Computing havenot been developed through adequate methodologiesand have not taken into account security requirementsthroughout their development, only offering securitytechnical solutions at the implementation stages. Thispaper shows part of a development methodology thatwe are elaborating for the construction of informationsystems based on Grid Computing highly dependent onmobile devices where security plays a very importantrole. Specifically, in this paper, we will present theanalysis phase, managed by reusable use casesthrough which we can define the requirements andneeds of these systems obtaining an analysis modelthat can be used as input to the following phase of themethodology, the design phase of mobile Grid systems.

}, isbn = {978-1-4244-3725-2}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez} } @inproceedings {rosado2009a, title = {Reutilizaci{\'o}n de Casos de Uso en el Desarrollo de Sistemas Grid seguros}, booktitle = {XII Conferencia Iberoamericana de Ingenier{\'\i}a de Requisitos y Ambientes de Software (IDEAS{\textquoteright}09)}, year = {2009}, pages = {388-393}, publisher = {University of Colombia}, organization = {University of Colombia}, address = {Medell{\'\i}n, Colombia}, abstract = {

El desarrollo software debe estar basado en un proceso sistem{\'a}tico y estructurado donde se definan los m{\'e}todos y t{\'e}cnicas a utilizar en todo su ciclo de vida, ayudando as{\'\i} a obtener un producto de calidad. Es igualmente importante que el proceso sistem{\'a}tico considere aspectos de seguridad desde las primeras etapas, integr{\'a}ndola como un elemento m{\'a}s en el ciclo de desarrollo. En este art{\'\i}culo mostramos la metodolog{\'\i}a de desarrollo sistem{\'a}tico que sirve de gu{\'\i}a para el desarrollo de cualquier sistema Grid con dispositivos m{\'o}viles, considerando la seguridad durante todas las fases de desarrollo, lo que nos permitir{\'a} obtener como resultado sistemas Grid seguros, robustos y escalables. Este art{\'\i}culo presenta la fase de an{\'a}lisis, dirigida por casos de uso reutilizables, mediante los cuales se definen los requisitos y necesidades de estos sistemas, y es aplicada a un caso de estudio real de un Grid para el acceso de contenidos multimedia en un contexto period{\'\i}stico.

}, isbn = {978-958-44-5028-9}, author = {David G. Rosado and Eduardo Fernandez-Medina and Javier Lopez} } @incollection {Najera2007, title = {RFID: Technological Issues and Privacy Concerns}, booktitle = {Digital Privacy: Theory, Technologies, and Practices}, year = {2007}, month = {December}, pages = {285-306}, publisher = {Auerbach Publications}, organization = {Auerbach Publications}, isbn = {1420052179}, author = {Pablo Najera and Javier Lopez}, editor = {A. Acquisti and Stefanos Gritzalis and C. Lambrinoudakis and Sabrina De Capitani di Vimercati} } @article {Roman2007a, title = {The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure}, journal = {Information Security Technical Report}, volume = {12}, number = {1}, year = {2007}, pages = {24-31}, publisher = {Elsevier}, abstract = {

Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.

}, keywords = {Critical Information Infrastructure Protection, Network Security, wireless sensor networks}, issn = {1363-4127}, doi = {10.1016/j.istr.2007.02.003}, url = {http://www.sciencedirect.com/science/article/B6VJC-4N6NK24-1/2/b1462973afe70af30a10b955d96ccbb6}, author = {Rodrigo Roman and Cristina Alcaraz and Javier Lopez} } @inproceedings {IsaacAgudo2005b, title = {A Representation Model of Trust Relationships with Delegation Extensions}, booktitle = {3th International Conference on Trust Management (iTRUST{\textquoteright}05)}, series = {LNCS}, volume = {3477}, year = {2005}, month = {May}, pages = {9-22}, publisher = {Springer}, organization = {Springer}, address = {Versailles, France}, abstract = {

Logic languages establish a formal framework to solve authorization and delegation conflicts. However, we consider that a visual representation is necessary since graphs are more expressive and understandable than logic languages. In this paper, and after overviewing previous works using logic languages, we present a proposal for graph representation of authorization and delegation statements. Our proposal is based on Varadharajan et al. solution, though improve several elements of that work. We also discuss about the possible implementation of our proposal using attribute certificates.

}, isbn = {978-3-540-26042-4}, issn = {0302-9743 (Print) 1611-3349 (Online)}, doi = {10.1007/11429760_9}, author = {Isaac Agudo and Javier Lopez and Jose A. Montenegro} } @article {JavierLopez2002d, title = {The Role of Smartcards in Practial Information Security}, journal = {ERCIM News}, volume = {49}, year = {2002}, pages = {38-40}, abstract = {

The transition from traditional commerce to electronic and mobile commerce is fostered by aspects like convenience, speed and ease of use. However, security issues remain unsolved. Smart cards open new possibilities for the development of security schemes and protocols that can provide security in applications such as electronic payments or software protection where traditional cryptographic tools are not useful. The GISUM group is involved in several research projects that make use of smart cards. Current applications include a secure electronic forms framework for government-citizen relations, electronic ticketing systems for GMS phones and Internet, a PDA-based digital signature environment, public transport, access control systems, software protection and banking applications. This report focuses on two recent projects: the eTicket electronic ticketing project (1FD97 1269 C02 02 (TAP)), a coordinated project with the Carlos III University of Madrid; and the Alcance project, consisting of the development of a secure electronic forms framework for secure Internet-based communication between citizens and the public administration (1FD97 0850 (TIC)).

}, issn = {0926-4981}, author = {Javier Lopez and Antonio Mana and Pedro Merino and Jose M. Troya} }