Biblio

Export results:
Author Title Type [ Year(Asc)]
Filters: First Letter Of Title is I  [Clear All Filters]
A. Muñoz, "ICITPM: Integrity validation of software in iterative Continuous Integration through the use of Trusted Platform Module (TPM)",
European Symposium on Research in Computer Security, A. Farao Eds., Springer, pp. 147–165, 2020.
J. E. Rubio, R. Roman, and J. Lopez, "Integration of a Threat Traceability Solution in the Industrial Internet of Things",
IEEE Transactions on Industrial Informatics, vol. 16, issue 10, no. 6575-6583, IEEE, 10/2020. DOI (I.F.: 10.215)More..

Abstract

In Industrial Internet of Things (IIoT) scenarios, where a plethora of IoT technologies coexist with consolidated industrial infrastructures, the integration of security mechanisms that provide protection against cyber-security attacks becomes a critical challenge. Due to the stealthy and persistent nature of some of these attacks, such as Advanced Persistent Threats, it is crucial to go beyond traditional Intrusion Detection Systems for the traceability of these attacks. In this sense, Opinion Dynamics poses a novel approach for the correlation of anomalies, which has been successfully applied to other network security domains. In this paper, we aim to analyze its applicability in the IIoT from a technical point of view, by studying its deployment over different IIoT architectures and defining a common framework for the acquisition of data considering the computational constraints involved. The result is a beneficial insight that demonstrates the feasibility of this approach when applied to upcoming IIoT infrastructures.

Impact Factor: 10.215
Journal Citation Reports® Science Edition (Thomson Reuters, 2020)

PDF icon Rubio2020IIoT.pdf (2.13 MB)
R. Roman, R. Rios, J. A. Onieva, and J. Lopez, "Immune System for the Internet of Things using Edge Technologies",
IEEE Internet of Things Journal, vol. 6, issue 3, IEEE Computer Society, pp. 4774-4781, 06/2019. DOI (I.F.: 9.936)More..

Abstract

The Internet of Things (IoT) and Edge Computing are starting to go hand in hand. By providing cloud services close to end-users, edge paradigms enhance the functionality of IoT deployments, and facilitate the creation of novel services such as augmented systems. Furthermore, the very nature of these paradigms also enables the creation of a proactive defense architecture, an immune system, which allows authorized immune cells (e.g., virtual machines) to traverse edge nodes and analyze the security and consistency of the underlying IoT infrastructure. In this article, we analyze the requirements for the development of an immune system for the IoT, and propose a security architecture that satisfies these requirements. We also describe how such a system can be instantiated in Edge Computing infrastructures using existing technologies. Finally, we explore the potential application of immune systems to other scenarios and purposes.

Impact Factor: 9.936
Journal Citation Reports® Science Edition (Thomson Reuters, 2019)

PDF icon roman2018VIS.pdf (149.3 KB)
S. K. Katsikas, and C. Alcaraz, "International Workshop on Security and Trust Management 2018",
International Workshop on Security and Trust Management, LNCS, vol. 11091, Springer International Publishing, 09/2018. DOI More..
A. Nieto, R. Rios, and J. Lopez, "IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations",
Sensors, vol. 18, issue 2, no. 492, MDPI, 02/2018. DOI (I.F.: 3.031)More..

Abstract

IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.

Impact Factor: 3.031
Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

PDF icon nrlSensors2018.pdf (14.4 MB)
J. L. Hernández-Ardieta, et al., "An Intelligent and Adaptive Live Simulator: A new Concept for Cybersecurity Training",
9th Future Security Conference, 2014. More..

Abstract

The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a potential solution for cybersecurity training. However, in spite of the advances achieved, there is still an urgent need to address some open challenges. In this paper we present a novel simulator that solves some these challenges. First, we analyse the main properties that any cybersecurity training solution should comprise, and evaluate to what extent training simulators can meet them. Next, we introduce the functional architecture and innovative features of the simulator, of which a functional prototype has already been released. Finally, we demonstrate how these capabilities are put into practice in training courses already available in the simulator.

PDF icon 1637.pdf (1005.4 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Implementing Trust and Reputation Systems: A Framework for Developers’ Usage",
International Workshop on Quantitative Aspects in Security Assurance, 2012. More..

Abstract

During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.

PDF icon moyano12qasa.pdf (609.67 KB)
J. Cuellar, M. Ochoa, and R. Rios, "Indistinguishable Regions in Geographic Privacy",
Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), S. Ossowski, and P. Lecca Eds., ACM, pp. 1463-1469, 26-30 March 2012. DOI More..

Abstract

The ubiquity of positioning devices poses a natural security challenge: users want to take advantage of location-related services as well as social sharing of their position but at the same time have security concerns about how much information should be shared about their exact position. This paper discusses different location-privacy problems, their formalization and the novel notion of indistinguishability regions that allows one to proof that a given obfuscation function provides a good trade-off between location sharing and privacy.

PDF icon Cuellar2012.pdf (317.35 KB)
D. Nuñez, I. Agudo, and J. Lopez, "Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services",
IEEE CloudCom 2012, IEEE Computer Society, pp. 241 - 248, Dec 2012. DOI More..

Abstract

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

PDF icon nunez2012integrating.pdf (254.97 KB)
D. Nuñez, I. Agudo, P. Drogkaris, and S. Gritzalis, "Identity Management Challenges for Intercloud Applications",
1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), vol. 187, pp. 198-204, June, 2011. DOI More..

Abstract

Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.

PDF icon DNunez11.pdf (162.14 KB)
R. Rios, I. Agudo, and J. L. Gonzalez, "Implementación de un esquema de localización privada y segura para interiores",
IX Jornadas de Ingeniería Telemática (JITEL’10), Y. Dimitriadis, and M. Jesús Ver Pérez Eds., pp. 237 - 244, Sept., 2010. More..

Abstract

Las aplicaciones basadas en localización proporcionan a los usuarios servicios personalizados dependiendo de su ubicación. Las estimaciones prevén que estos servicios se extenderán enormemente en los próximos años reportando grandes beneficios tanto a la industria como a los usuarios finales. Sin embargo, para que estos avances sean posibles se hace necesario analizar en profundidad las distintas implicaciones de seguridad y privacidad que la utilización de tales servicios pueden traer consigo a los usuarios. En este trabajo proponemos un sistema de localización que da soporte a la provisión de servicios basados en localización para entornos indoor y que se fundamenta en la tecnología de redes de sensores inalámbricos. En este esquema hemos tenido en cuenta diversos aspectos de seguridad y privacidad, prestando especial atención a la limitación extrema de recursos característica de las redes de sensores. Finalmente hemos desarrollado una prueba de concepto para comprobar la viabilidad de nuestro esquema dentro del ámbito del proyecto OSAmI.

PDF icon Rios2010a.pdf (311.53 KB)
R. Roman, and J. Lopez, "Integrating Wireless Sensor Networks and the Internet: A Security Analysis",
Internet Research, vol. 19, no. 2, Emerald, pp. 246-259, Mar 2009. DOI (I.F.: 0.844)More..

Abstract

Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.

Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.

Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.

Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.

Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.

Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.

Impact Factor: 0.844
Journal Citation Reports® Science Edition (Thomson Reuters, 2009)

PDF icon roman2009a.pdf (394.32 KB)
J. A. Onieva, S. D., C. S., G. D., and M. K. Eds., "Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks",
Workshop in Information Security Theory and Practices, vol. 5019, Springer Verlag, 2008. More..
I. Agudo, J. Lopez, and J. A. Montenegro, "Implementation aspects of a delegation system",
3rd international conference on Mobile multimedia communications (MobiMedia ’07), ICST, pp. 50:1–50:6, 2007. More..

Abstract

In this paper we simulate an authorization and delegation system using knowledge based technology. This proposal is part of a visual tool that is intended to be an implementation of the theoretical model weighted trust graph (WTG). A brief description of WTG Model and its associated tool is included in the text. In essence, the model is based on the inclusion of real numbers between zero and one in certificates to represent the trust level between the entities involved in them. This trust level is used to control delegation. Moreover, attributes from di_erent domains may be interrelated, so attribute delegation is also taken into account. The proposed Simulation Engine supports one directional and bidirectional search algorithms.

PDF icon Agudo2007.pdf (193.04 KB)
M. Payeras, J. L. Ferrer Gomila, L. Huguet Rotger, and J. A. Onieva, "Incompatibilidades entre Propiedades de los Protocolos de Intercambio Equitativo de Valores",
VI Jornadas de Ingeniería Telemática (JITEL’07), Universidad de Malaga, pp. 605-608, 2007. More..

Abstract

Sets of ideal properties are defined for different kinds of protocols designed for e-commerce applications. These sets are used as a start point in the design and then as a tool to evaluate the quality of the protocols. This is the case of fair exchange protocols and their application to electronic contract signing and certified electronic mail. However, in this area does not exist an agreement about which properties are ideal. Instead we can find properties described by different authors to his convenience. We illustrate the contradictions that appear between some of these properties.

J. A. Onieva, J. Lopez, R. Roman, J. Zhou, and S. Gritzalis, "Integration of non-repudiation services in mobile DRM scenarios",
Telecommunications Systems, vol. 35, pp. 161-176, September, 2007. More..

Abstract

In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.

PDF icon JoseA.Onieva2007a.pdf (292.68 KB)
S. K. Katsikas, J. Lopez, M. Backes, S. Gritzalis, and B. Preneel Eds., "Information Security, 9th International Conference, ISC 2006, Samos Island, Greece, August 30 - September 2, 2006, Proceedings",
ISC, vol. 4176, Springer, 2006. More..
S. Qing, W. Mao, J. Lopez, and G. Wang Eds., "Information and Communications Security, 7th International Conference, ICICS 2005, Beijing, China, December 10-13, 2005, Proceedings",
ICICS, vol. 3783, Springer, 2005. More..
J. Zhou, J. Lopez, R. H. Deng, and F. Bao Eds., "Information Security, 8th International Conference, ISC 2005, Singapore, September 20-23, 2005, Proceedings",
ISC, vol. 3650, Springer, 2005. More..
J. Lopez, S. Qing, and E. Okamoto Eds., "Information and Communications Security, 6th International Conference, ICICS 2004, Malaga, Spain, October 27-29, 2004, Proceedings",
ICICS, vol. 3269, Springer, 2004. More..
J. Lopez, A. Mana, J. J. Ortega, J. M. Troya, and M. I. Yague, "Integrating PMI Services in CORBA Applications",
Computer Standards & Interfaces, vol. 25, no. 4, pp. 391-409, 2003. (I.F.: 0.523)More..

Abstract

Application-level access control is an important requirement in many distributed environments. For instance, in new scenarios such as e-commerce, access to resources by previously unknown users is an essential problem to be solved. The integration of Privilege Management Infrastructure (PMI) services in the access control system represents a scalable way to solve this problem. Within the CORBA standards, the Resource Access Decision (RAD) facility is a mechanism used by security-aware applications to obtain authorization decisions and to manage access decision policies. This paper presents PMI-RAD, an approach to integrate the services of an external PMI into CORBA applications using the RAD facility. In particular, the integration of the external PMI in the access control system is based on the semantic description of the PMI services. Our RAD implementation requests and verifies attribute certificates from the PMI in a transparent way for CORBA objects.

Impact Factor: 0.523
Journal Citation Reports® Science Edition (Thomson Reuters, 2003)

PDF icon JavierLopez2003c.pdf (93.71 KB)
J. A. Onieva, J. Zhou, M. Carbonell, and J. Lopez, "Intermediary Non-Repudiation Protocols",
5th Conference on Electronic Commerce, IEEE Computer Society, pp. 207-214, June, 2003. More..

Abstract

n commercial transactions, an intermediary might be involved to help transacting parties to conduct their business. Nevertheless, the intermediary may not be fully trusted. In this paper, we introduce the concept of intermediary (or agent) in a non-repudiation protocol, define the aims of intermediary non-repudiation protocols, and analyze their security requirements. We present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible.

PDF icon Onieva2003b.pdf (134.78 KB)
S. Russell, E. Okamoto, E. Dawson, and J. Lopez, "Improving Performance in Global PKI using Virtual Certificates and Synthetic Certificates",
Symposium on Cryptography and Information Security (SCIS’02), pp. 1149-1154, January, 2002. More..

Abstract

A digital certificate may be used to inform the world of the public key of its owner. To guard against impersonations and fraud, the receiver needs to perform a series of checks. When a hierarchy of certificates is involved, and when there are large volumes of messages between two parties, as is frequent in commerce, the repeated validation of the same chain of certificates consume significant resources. This paper presents new concepts of virtual certificate and synthetic certificate which can be used to speed up repetitive processing of a chain with improved efficiency.

PDF icon SelwynRussell2002.pdf (182.25 KB)
J. Davila, J. Lopez, and R. Roman, "Introducción de Aplicaciones UDP en Redes Privadas Virtuales",
III Jornadas de Ingeniería Telemática (JITEL’01), pp. 397-404, Septiembre, 2001. More..

Abstract

Virtual Private Network (VPN) solutions mainly focus on security aspects. However, when security is considered the unique problem, some collateral ones arise. VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange and audio/video conference with non-VPN users, and to access Web and Ftp servers external to the organization. In this paper we present a new solution, located at the TCP/IP transport layer and oriented to UDP applications that, while maintaining strong security features, allows the open use of traditional network services. The solution does not require the addition of new hardware because it is an exclusively software solution. As a consequence, the application is totally portable.

PDF icon JorgeDavila2001.pdf (44.79 KB)
J. Davila, L. Fuentes, J. Lopez, J. maria troya, and A. Vallecillo, "Internet Secure Communications Between Citizens and Public Administrations",
IFIP Conference on Advances in Electronic Government, pp. 109-120, 2000.
A. Mana, J. Lopez, L. Pino, J. J. Ortega, and C. Maraval, "Incremento de la Seguridad del Estandar de Cifrado de Datos basado en la Combinación de Datos y Clave",
III Jornadas de Informática y Automática, pp. 423-432, Julio, 1997. More..

Abstract

A pesar del gran esfuerzo investigador llevado a cabo, el ataque al DES ha sido infructuoso desde que a mediados de los setenta fue adoptado como estándar por el U. S. National Bureau of Standards. El criptoanálisis diferencial constituye la base de las primeras técnicas capaces de acabar con tal invulnerabilidad. Las técnicas de criptoanálisis basadas en modelos de fallos y su adaptación a DES, el criptoanálisis de fallos diferencial, son dos de esas técnicas que han conseguido recientemente romper sistemas DES (aunque el ataque está limitado a ciertos casos especiales, en particular implementaciones hardware). En este artículo se presenta un punto débil de DES sobre el cual puede aumentarse la seguridad y se propone una modificación de la estructura interna de DES con objeto de mejorar su resistencia ante el criptoanálisis diferencial y por ende de los ataques derivados de este. La modificación introducida no supone un coste adicional elevado

PDF icon AntonioMana1997.pdf (270.73 KB)
G. Ramos, and J. Lopez, "ID3f+A. Algoritmo de Aprendizaje Inductivo Borroso con División Intervalar Automática de los Atributos",
VI Congreso Español Sobre Tecnologías y Lógica Fuzzy (ESTYLF’96), pp. 225-230, Septiembre, 1996. More..

Abstract

Uno de los campos más prometedores dentro del estudio de la ambigüedad es el del aprendizaje, tanto por su importancia consusntacial como por su relación con la Inteligencia Artificial. Esta relación se hace evidente cuando intentamos resolver, desde una perspectiva borrosa, el problema de la adquisición automática del conocimiento en sistemas expertos. El algoritmo ID3, el más relevante de los utilizados para la inducción de árboles de decisión, no es utilizable tal cual con un concepto borroso del concepto de pertenencia. Además se muestra ineficiente cuando no existe un experto humano que defina correctamente los subrangos de actuación para los atributos que junto a las clases expresan las relaciones entre situaciones que este algoritmo de aprendizaje intenta descubrir. Proponemos como solución un nuevo algoritmo, el ID3f+A, que posee la capacidad de tratamiento borroso del concepto de pertenencia, gracias a una modificación del concepto de entropía, y además realiza la división intervalar automática de los atributos, merced al control del proceso inductivo por medio de la utilización de experiencias de control.

PDF icon GonzaloRamos1996.pdf (425.41 KB)
F. Lopez, J. Lopez, and C. Maraval, "Image Compression Based on Competitive Hebbian Learning Neural Networks",
Brain Processes, Theories and Models International Conference, pp. 478-482, October, 1995.
Modify or remove your filters and try again.