ACM Transactions on Privacy and Security (TOPS), Association for Computer Machinery (ACM), In Press. DOI (I.F.: 1.909)
Proximity attacks allow an adversary to uncover the location of a victim by repeatedly issuing queries with fake location data. These attacks have been mostly studied in scenarios where victims remain static and there are no constraints that limit the actions of the attacker. In such a setting, it is not difficult for the attacker to locate a particular victim and quantifying the effort for doing so is straightforward. However, it is far more realistic to consider scenarios where potential victims present a particular mobility pattern. In this paper, we consider abstract (constrained and unconstrained) attacks on services that provide location information on other users in the proximity. We derive strategies for constrained and unconstrained attackers, and show that when unconstrained they can practically achieve success with theoretically optimal effort. We then propose a simple yet effective constraint that may be employed by a proximity service (for example, running in the cloud or using a suitable two-party protocol) as countermeasure to increase the effort for the attacker several orders of magnitude both in simulated and real-world cases.
IEEE Systems Journal., vol. 13, issue 4, IEEE, pp. 3980-3988, 12/2019. DOI (I.F.: 3.987)
Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.
Computers & Security Journal, vol. 87, Elsevier, 11/2019. DOI (I.F.: 3.579)
Advanced Persistent Threats (APTs) have become a serious hazard for any critical infrastructure, as a single solution to protect all industrial assets from these complex attacks does not exist. It is then essential to understand what are the defense mechanisms that can be used as a first line of defense. For this purpose, this article will firstly study the spectrum of attack vectors that APTs can use against existing and novel elements of an industrial ecosystem. Afterwards, this article will provide an analysis of the evolution and applicability of Intrusion Detection Systems (IDS) that have been proposed in both the industry and academia.
Human-centric Computing and Information Sciences, vol. 9, no. 1, Springer, pp. 1-23, 2019. DOI (I.F.: 3.7)
The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), IEEE, pp. 520-527, 08/2018. DOI
The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.
IEEE Wireless Communications, vol. 25, no. 1, IEEE, pp. 76-82, 02/2018. DOI (I.F.: 11)
15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2018), vol. LNCS 11033, Springer Nature Switzerland AG, pp. 229–243, 09/2018. DOI
Recent news have raised concern regarding the security on the IoT field. Vulnerabilities in devices are arising and honeypots are an excellent way to cope with this problem. In this work, current solutions for honeypots in the IoT context, and other solutions adaptable to it are analyzed in order to set the basis for a methodology that allows deployment of IoT honeypot.
Mobile Networks and Applications (MONET), Springer US, pp. 881-889, 10/2018. DOI (I.F.: 2.39)
Crowdsourcing can be a powerful weapon against cyberattacks in 5G networks. In this paper we analyse this idea in detail, starting from the use cases in crowdsourcing focused on security, and highlighting those areas of a 5G ecosystem where crowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and cybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of IoT objects coexist. The analysis is made considering the different participants in a 5G IoT ecosystem.
IEEE Systems Journal, vol. 12, issue 2, IEEE, pp. 1778-1792, 06/2018. DOI (I.F.: 4.463)
Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems.
IEEE Systems Journal, vol. 12, issue 4, IEEE, pp. 3543-3554, 12/2018. DOI (I.F.: 4.463)
The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.
III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), Servicio de Publicaciones de la URJC, pp. 91-98, 06/2017.
Este trabajo propone una arquitectura de despliegue de honeypots adaptativos, configurados dinámicamente a partir de los requisitos del malware que intenta infectar los servicios trampa. A diferencia de otros trabajos sobre honeypots adaptativos, los mecanismos de adaptabilidad aquí diseñados tomarán como base información de inteligencia sobre amenazas actuales, indicadores de compromiso (IOCs) conocidos, así como información de actividades sospechosas actualmente en estudio por los analistas. Este conocimiento será empleado para configurar honeypots de manera dinámica, permitiendo satisfacer los requisitos necesarios para que el malware pueda desplegar toda su operativa.
Cyber-Physical Systems: Foundations, Principles and Applications, no. Intelligent Data-Centric Systems, Academic Press, pp. 305 - 317, 2017. DOI
Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.
9th International Conference on Risks and Security of Internet and Systems , vol. 8924, Springer International Publishing, pp. 17-34, 04/2015. DOI
Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.
Computer Communications, vol. 68, Elsevier, pp. 33-46, 09/2015. DOI (I.F.: 2.099)
The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.
International Journal of Critical Infrastructure Protection (IJCIP), vol. 8, Elsevier Science, pp. 53–66, 01/2015. DOI (I.F.: 1.351)
Critical infrastructures play a vital role in supporting modern society. The reliability, performance, continuous operation, safety, maintenance and protection of critical infrastructures are national priorities for countries around the world. This paper explores the vulnerabilities and threats facing modern critical infrastructures with special emphasis on industrial control systems, and describes a number of protection measures. The paper also discusses some of the challenging areas related to critical infrastructure protection such as governance and security management, secure network architectures, self-healing, modeling and simulation, wide-area situational awareness, forensics and learning, and trust management and privacy.
IEEE International Conference on Communications (ICC'14), IEEE Communications Society, pp. 755-760, 06/2014. DOI
Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment.
Computers & Security, vol. 39, Part A, Elsevier, pp. 34 - 46, Nov 2013. DOI (I.F.: 1.172)
Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE\_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.
IEEE Computer, vol. 46, no. 10, IEEE Computer Society, pp. 74 - 83, 2013. DOI (I.F.: 1.438)
Information systems, networks, and technologies have become an integral part of modern critical control systems that manage many of today&#x2019;s critical infrastructures. The continuous operation, maintenance, and protection of critical infrastructures have become a high national priority for governments around the world because our society heavily depends on them for most of our daily activities (travel, power usage, banking transactions, telecommunications, etc) and safety. It is therefore critical that these infrastructures have to be protected from potential accidental incidents or cyberattacks. We present the fundamental architectural components of critical control systems which manage most critical infrastructures. We identify some of the vulnerabilities and threats to modern critical control systems followed by protection solutions that can be deployed to mitigate attacks exploiting these vulnerabilities.
XII Reunión Española sobre Criptología y Seguridad de la Información - RECSI 2012, Mondragon, pp. 297-302, Sep 2012.
9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), S. Fischer-Hübner, S. Katsikas, and G. Quirchmayr Eds., LNCS 7449, Springer Verlag, pp. 93-104, Sep 2012. DOI
During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.
Wireless Communications and Mobile Computing, vol. 11, Wiley, pp. 267-276, 2011. DOI (I.F.: 0.884)
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), C. Lee, J-M. Seigneur, J. J. Park, and R. R. Wagner Eds., Communications in Computer and Information Science 187, Springer, pp. 190-197, June, 2011. DOI
In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.
Computers & Security, vol. 29, no. 2, pp. 167 - 179, 2010. DOI (I.F.: 0.889)
Certified electronic mail is an added value to traditional electronic mail. In the definition of this service some differences arise: a message in exchange for a reception proof, a message and a non repudiation of origin token in exchange for a reception proof, etc. It greatly depends on whether we want to emulate the courier service or improve the service in the electronic world. If the definition of the service seems conflictive, the definition of the properties and requirements of a good certified electronic mail protocol is even more difficult. The more consensuated features are the need of a fair exchange and the existence of a trusted third party (TTP). Each author chooses the properties that considers the most important, and many times the list is conditioned by the proposal. Which kind of TTP must be used? Must it be verifiable, transparent and/or stateless? Which features must the communication channel fulfil? Which temporal requirements must be established? What kind of fairness is desired? What efficiency level is required? Are confidentiality or transferability of the proofs compulsory properties? In this paper we collect the definitions, properties and requirements related with certified electronic mail. The aim of the paper is to create a clearer situation and analyze how some properties cannot be achieved simultaneously. Each protocol designer will have to decide which properties are the most important in the environment in where the service is to be deployed.
IX Jornadas de Ingeniería Telemenatica (JITEL 2010), Octubre, 2010.
La confidencialidad ha pasado de ser un requisito de seguridad a ser considerado como requisito funcional y de obligado cumplimiento e inclusión en todos los sistemas de comunicaciones. Un inconveniente que presenta las técnicas criptográficas, utilizadas para obtener la confidencialidad de la información, surge cuando varias entidades se ven forzadas a compartir información secreta para realizar tareas puntuales de colaboración, ya que las primitivas tradicionales utilizadas para conseguir la confidencialidad resultan poco flexibles. La situación ideal permitiría hacer posible dicha colaboración sin que ninguna de las partes revele la información aportada. En este escenario entra en juego la tecnología de Computación Segura Multiparte (CSM) que posibilita realizar operaciones con la información compartida sin tener que hacerla pública. Este trabajo muestra una solución CSM aplicada a una subasta electrónica que permite la realización de la subasta sin que las apuestas sean reveladas a ningún participante, incluyendo el subastador, por lo que no necesita el estableciendo de ninguna autoridad confiable. Aunque la literatura ofrece una amplia variedad de propuestas teóricas de CSM desde su creación en la década de los ochenta, no es común su aplicacion práctica en situaciones reales.
Concurrency and Computation: Practice and Experience, vol. 21, John Wiley & Sons, pp. 1389-1403, July, 2009. DOI (I.F.: 1.004)
Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level
X Reunión Española de Criptología y Seguridad de la Información (RECSI’08), L. Hernández Encinas, and A. Martin del Rey Eds., pp. 325-336, Sept., 2008.
Los canales encubiertos son una forma de comunicación oculta que puede vulnerar la integridad de los sistemas. Desde sus inicios en sistemas de seguridad multinivel a principios de los años 70 han evolucionado considerablemente, apareciendo soluciones para redes de computadores debido a la especificación de algunos protocolos. Por este motivo, se hace un estudio sobre las técnicas que se han utilizado para crear los canales, así como sobre las distintos obstáculos que han tratado de mermar su actividad. Asimismo, se presenta una nueva clasificación que trata de albergar la mayor cantidad de canales encubiertos existentes en la actualidad. Por último, se analiza un protocolo ampliamente extendido en la actualidad, DHCP, en busca de posibilidades de albergar información encubierta. A partir de este análisis se implementan distintas versiones de un canal encubierto haciendo uso de este protocolo.
|"Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, Málaga, Spain, October 6-8, 2008. Proceedings",
ESORICS, vol. 5283, Springer, 2008.
|"Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings",
ESORICS, vol. 4734, Springer, 2007.
|"Critical Information Infrastructures Security, Second International Workshop, CRITIS 2007, Málaga, Spain, October 3-5, 2007. Revised Papers",
CRITIS, vol. 5141, Springer, 2007. DOI
|"Critical Information Infrastructures Security, First International Workshop, CRITIS 2006, Samos, Greece, August 31 - September 1, 2006, Revised Papers",
CRITIS, vol. 4347, Springer, 2006.
International Journal of Computer Systems Science & Engineering, vol. 3, CRL Publishing, pp. 185-192, 2005. (I.F.: 0.119)
Virtual Private Networks (VPNs) provide a cost-effective way for securing communications using public and insecure networks like the Internet. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network, using centralized security policies for better management and protection. However, in certain scenarios, users may not require such a transparent access to the resources within their networks, but only want temporary secure access to internal services based on their own demands. We call the network architecture with such a feature as Casual VPN. In this paper, we present the notion of Casual VPN, and explain why traditional VPN architectures and protocols are unable to offer Casual VPN services. We also propose and define the operation of a particular Casual VPN architecture, C-VPN, which additionally allows the management of TCP and UDP-based protocols.
2nd European PKI Workshop: Research and Applications (EuroPKI’05), LNCS 3545, Springer, pp. 135-143, June, 2005.
In spite of the fact that there are several companies that (try to) sell public key certificates, there is still no unified or standardized classification scheme that can be used to compare and put into perspective the various offerings. In this paper, we try to start filling this gap and propose a four-dimensional scheme that can be used to uniformly describe and classify public key certificates. The scheme distinguishes between (i) who owns a certificate, (ii) how the certificate owner is registered, (iii) on what medium the certificate (or the private key, respectively) is stored, and (iv) what type of functionality the certificate is intended to be used for. We think that using these or similar criteria to define and come up with unified or even standardized classes of public key certificate is useful and urgently needed in practice.
Symposium on Cryptography and Information Security (SCIS’03), pp. 25-30, January, 2003.
In order to more effectively deal with certificate management issues in PKIs, there is growing interest in supplementing offline X.509 PKI models with online services. An analysis of the security requirements of online models will be presented. Proposed online and delegated processing models will be evaluated in relation to these requirements.
Secure Networking (CQRE’99), LNCS 1740, Springer, pp. 109-118, December, 1999.
Public-Key Infrastructures are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert’eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert’eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. The system, developed and tested at the University of Malaga, was recently selected by RedIRIS, the National Research and Academic Network in Spain, to provide the public key service for its secure electronic mail.
International Conference on Imaging Science, Systems and Technology (CISST’99), pp. 547-550, June, 1999.
Novática, vol. 141, pp. 24-27, 1999.
Theoretical Computer Science, vol. 202, no. 1-2, Elsevier, pp. 231-244, 1998. (I.F.: 0.349)
this paper we first compare Parikh’s condition to various pumping conditions - Bar- Hillel’s pumping lemma, Ogden’s condition and Bader-Moura’s condition; secondly, to interchange condition; and finally, to Sokolowski’s and Grant“s conditions. In order to carry out these comparisons we present some properties of Parikh’s languages. The main result is the orthogonality of the previously mentioned conditions and Parikh’s condition. In
II Jornadas de Informática y Automática, pp. 305-314, Julio, 1996.
In this paper we first compare Parikh’s condition to various pumping conditions - Bar-Hillel’s pumping lemma, Ogden’s condition and Bader-Moura’s condition; secondly, to interchange condition; and finally, to Sokolowski’s and Grant’s conditions. In order to carry out these comparisons we present some properties of Parikh’s languages. The main result is the orthogonality of the previously mentioned conditions and Parikh’s condition.