@article {Rubio2020IIoT, title = {Integration of a Threat Traceability Solution in the Industrial Internet of Things}, journal = {IEEE Transactions on Industrial Informatics}, volume = {16}, number = {6575-6583}, year = {2020}, month = {10/2020}, publisher = {IEEE}, abstract = {In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures. }, keywords = {Detection, Dynamics, IIoT, Industry, Intrusion, Opinion, Traceability}, issn = {1551-3203}, doi = {10.1109/TII.2020.2976747}, author = {Juan E. Rubio and Rodrigo Roman and Javier Lopez} } @article {roman2018VIS, title = {Immune System for the Internet of Things using Edge Technologies}, journal = {IEEE Internet of Things Journal}, volume = {6}, year = {2019}, month = {06/2019}, pages = {4774-4781}, publisher = {IEEE Computer Society}, abstract = {

The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.

}, keywords = {Edge computing, Immune Systems, Internet of Things, security}, issn = {2327-4662}, doi = {10.1109/JIOT.2018.2867613}, url = {https://ieeexplore.ieee.org/document/8449989/}, author = {Rodrigo Roman and Ruben Rios and Jose A. Onieva and Javier Lopez} } @article {nrlSensors2018, title = {IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations}, journal = {Sensors}, volume = {18}, number = {492}, year = {2018}, month = {02/2018}, publisher = {MDPI}, abstract = {
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.
}, keywords = {digital witness, IoT-Forensics, privacy}, issn = {1424-8220}, doi = {10.3390/s18020492}, url = {http://www.mdpi.com/1424-8220/18/2/492}, author = {Ana Nieto and Ruben Rios and Javier Lopez} } @article {roman2009a, title = {Integrating Wireless Sensor Networks and the Internet: A Security Analysis}, journal = {Internet Research}, volume = {19}, number = {2}, year = {2009}, month = {Mar 2009}, pages = {246-259}, publisher = {Emerald}, abstract = {

Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.

Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.

Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.

Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.

Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.

Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.

}, keywords = {Computer networks, Data security, Integration, Internet, Wireless}, issn = {1066-2243}, doi = {10.1108/10662240910952373}, author = {Rodrigo Roman and Javier Lopez} } @article {JoseA.Onieva2007a, title = {Integration of non-repudiation services in mobile DRM scenarios}, journal = {Telecommunications Systems}, volume = {35}, year = {2007}, month = {September}, pages = {161-176}, abstract = {

In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.

}, keywords = {digital rights management, Mobile applications, Non-repudiation, Secure electronic commerce}, issn = {1572-9451}, author = {Jose A. Onieva and Javier Lopez and Rodrigo Roman and Jianying Zhou and Stefanos Gritzalis} } @article {JavierLopez2003c, title = {Integrating PMI Services in CORBA Applications}, journal = {Computer Standards \& Interfaces}, volume = {25}, number = {4}, year = {2003}, pages = {391-409}, abstract = {

Application-level access control is an important requirement in many distributed environments. For instance, in new scenarios such as e-commerce, access to resources by previously unknown users is an essential problem to be solved. The integration of Privilege Management Infrastructure (PMI) services in the access control system represents a scalable way to solve this problem. Within the CORBA standards, the Resource Access Decision (RAD) facility is a mechanism used by security-aware applications to obtain authorization decisions and to manage access decision policies. This paper presents PMI-RAD, an approach to integrate the services of an external PMI into CORBA applications using the RAD facility. In particular, the integration of the external PMI in the access control system is based on the semantic description of the PMI services. Our RAD implementation requests and verifies attribute certificates from the PMI in a transparent way for CORBA objects.

}, issn = {0920-5489}, author = {Javier Lopez and Antonio Mana and Juan J. Ortega and Jose M. Troya and Mariemma I. Yague} }