Biblio

Export results:
Author Title Type [ Year(Desc)]
Filters: Author is Javier Lopez  [Clear All Filters]
1994
J. Lopez, and C. Maraval, "Sistema de Cifrado de Correo Electrónico en Red de Area Local", In III Reunión Española de Criptología (III REC), pp. 133-138, Noviembre, 1994.
1995
F. Lopez, J. Lopez, and C. Maraval, "Image Compression Based on Competitive Hebbian Learning Neural Networks", In Brain Processes, Theories and Models International Conference, pp. 478-482, October, 1995.
J. Lopez, F. Ona, L. Pino, and C. Maraval, "Seguridad de Directorios en Criptosistemas de Clave Pública mediante Redes Neuronales en Sistemas de Comunicaciones", In X Symposium Nacional de la Unión Científica Internacional de Radio (URSI’95), pp. 147-150, Septiembre, 1995.
1996
J. Lopez, G. Ramos, and R. Morales, "Comparación de la Condición de Parikh con algunas Condiciones de los Lenguajes de Contexto Libre", In II Jornadas de Informática y Automática, pp. 305-314, Julio, 1996. More..

Abstract

In this paper we first compare Parikh’s condition to various pumping conditions - Bar-Hillel’s pumping lemma, Ogden’s condition and Bader-Moura’s condition; secondly, to interchange condition; and finally, to Sokolowski’s and Grant’s conditions. In order to carry out these comparisons we present some properties of Parikh’s languages. The main result is the orthogonality of the previously mentioned conditions and Parikh’s condition.

PDF icon JavierLopez1996a.pdf (391.88 KB)
J. Lopez, F. Ona, L. Pino, and C. Maraval, "Generación de Números Primos mediante Tests de Primalidad Probabilístas", In IV Reunión Española de Criptología (IV REC), pp. 27-33, Septiembre, 1996. More..

Abstract

Nowadays cryptography is present in nearly every aspect of our everyday life, in particular public-key cryptosystems. Some of them have a mathematical foundation of number theory working with big integer numbers. Factoring these numbers is more complex and time-consuming than generating and testing prime numbers; this is the main reason for the strenght of some public key cryptosystems. This paper presents three different probabilistic methods for testing big prime numbers in a reasonable amount of time. A comparison of their efficiency to test prime numbers is also introduced.

G. Ramos, and J. Lopez, "ID3f+A. Algoritmo de Aprendizaje Inductivo Borroso con División Intervalar Automática de los Atributos", In VI Congreso Español Sobre Tecnologías y Lógica Fuzzy (ESTYLF’96), pp. 225-230, Septiembre, 1996. More..

Abstract

Uno de los campos más prometedores dentro del estudio de la ambigüedad es el del aprendizaje, tanto por su importancia consusntacial como por su relación con la Inteligencia Artificial. Esta relación se hace evidente cuando intentamos resolver, desde una perspectiva borrosa, el problema de la adquisición automática del conocimiento en sistemas expertos. El algoritmo ID3, el más relevante de los utilizados para la inducción de árboles de decisión, no es utilizable tal cual con un concepto borroso del concepto de pertenencia. Además se muestra ineficiente cuando no existe un experto humano que defina correctamente los subrangos de actuación para los atributos que junto a las clases expresan las relaciones entre situaciones que este algoritmo de aprendizaje intenta descubrir. Proponemos como solución un nuevo algoritmo, el ID3f+A, que posee la capacidad de tratamiento borroso del concepto de pertenencia, gracias a una modificación del concepto de entropía, y además realiza la división intervalar automática de los atributos, merced al control del proceso inductivo por medio de la utilización de experiencias de control.

PDF icon GonzaloRamos1996.pdf (425.41 KB)
1997
L. Pino, J. Lopez, F. Lopez, and C. Maraval, Aproximacion de Funciones mediante Redes Neuronales , pp. 209-215, Sep 1997.
F. Lopez, J. Lopez, A. Vergara, and L. Pino, "Determination of Objects Orientation in Assembly Lines using Neural Networks", In 5th Intern. Conf. on Computer Aided Systems Theory and Technology (EUROCAST’97), pp. 183-189, February, 1997. More..

Abstract

This paper is a first approach to the use of artificial neural networks as a tool to estimate the orientation of an object, and is mainly directed towards industrial applications. The capability of neural networks to generalise is a key element in the calculation of an object’s orientation. In this sense, a neural network can identify the angle of a part never seen before. To evaluate the efficiency of this method we have performed a series of tests with the different parts used in a car assembly line.

A. Mana, et al., "Incremento de la Seguridad del Estandar de Cifrado de Datos basado en la Combinación de Datos y Clave", In III Jornadas de Informática y Automática, pp. 423-432, Julio, 1997. More..

Abstract

A pesar del gran esfuerzo investigador llevado a cabo, el ataque al DES ha sido infructuoso desde que a mediados de los setenta fue adoptado como estándar por el U. S. National Bureau of Standards. El criptoanálisis diferencial constituye la base de las primeras técnicas capaces de acabar con tal invulnerabilidad. Las técnicas de criptoanálisis basadas en modelos de fallos y su adaptación a DES, el criptoanálisis de fallos diferencial, son dos de esas técnicas que han conseguido recientemente romper sistemas DES (aunque el ataque está limitado a ciertos casos especiales, en particular implementaciones hardware). En este artículo se presenta un punto débil de DES sobre el cual puede aumentarse la seguridad y se propone una modificación de la estructura interna de DES con objeto de mejorar su resistencia ante el criptoanálisis diferencial y por ende de los ataques derivados de este. La modificación introducida no supone un coste adicional elevado

PDF icon AntonioMana1997.pdf (270.73 KB)
F. Lopez, J. Lopez, L. Pino, and C. Maraval, "Neural Networks for Systems Security", In 5th European Congress of Intelligent Techniques and Soft Computing (EUFIT’97), pp. 410-413, August, 1997. More..

Abstract

This paper is a first approach in the use of Neural Networks for security. We apply it for electronic mail private systems in Local Area Networks. Some of these systems use public keys directories which must be protected suitably. This task is very complicated because all users in the systems must be able to change their public keys in those directories. We see the advantage of using Neural Networks versus other classical methods to resolve this problem.

L. Pino, A. Mana, J. J. Ortega, and J. Lopez, "Sistema Jerárquico de Administración de Claves Públicas para el Correo Electrónico", In I Jornadas de Ingeniería Telemática (JITEL’97), pp. 295-302, Sep 1997.
L. Pino, J. Lopez, F. Lopez, and C. Maraval, "A Tool for Functions Approximation by Neural Networks", In 5th European Congress of Intelligent Techniques and Soft Computing (EUFIT ’97), pp. 557-564, 1997.
1998
J. Lopez, J. Pastor, and J. M. Troya Eds., "5th Spanish Conference on Cryptology and Information Security", In RECSI, 1998.
J. Lopez, J. Lopez, J. A. Manceras, and A. Mana, "Automatic Conversion of Scanned Maps to a Vector Based 3D Representation", In International Conference on Imaging Science, Systems, and Technology (CISST’98), July, 1998.
J. Lopez, J. Lopez, J. A. Manceras, and A. Mana, "Automatic Conversion of Scanned Maps to a Vector Based 3D Representation", In International Conference on Imaging Science, Systems, and Technology (CISST’98), July, 1998.
G. Ramos, J. Lopez, and R. Morales, "Comparisons of Parikh’s conditions to other conditions for context-free languages", In Theoretical Computer Science, vol. 202, no. 1-2, Elsevier, pp. 231-244, 1998. ISI JCR Impact Factor 1998: 0.349 More..

Abstract

  this paper we first compare Parikh’s condition to various pumping conditions - Bar- Hillel’s pumping lemma, Ogden’s condition and Bader-Moura’s condition; secondly, to interchange condition; and finally, to Sokolowski’s and Grant“s conditions. In order to carry out these comparisons we present some properties of Parikh’s languages. The main result is the orthogonality of the previously mentioned conditions and Parikh’s condition. In

Impact Factor: 0.349
Journal Citation Reports® Science Edition (Thomson Reuters, 1998)

PDF icon GonzaloRamos1998.pdf (792.29 KB)
J. Lopez, J. Lopez, J. A. Manceras, and A. Mana, "Neural Networks Applied to the Estimation of Object Orientation", In International Conference on Imaging Science, Systems, and Technology (CISST’98), pp. 418-424, July, 1998. More..

Abstract

We present in this paper a first approach to the use of artificial neural as a tool to determine the orientation of objects moving on a conveyor belt in a car assembly line. The capability of neural networks to generalise is a key element in the calculation of an object’s orientation. In this sense, a neural network with Competitive Hebbian Learning can identify the angle of a part never used in its training process. The equilibrium between exactitude and processing time is also studied.

PDF icon JavierLopez1999.pdf (97.97 KB)
J. Lopez, J. Lopez, J. A. Manceras, and A. Mana, "Neural Networks Applied to the Estimation of Object Orientation", In International Conference on Imaging Science, Systems, and Technology (CISST’98), pp. 418-424, July, 1998. More..

Abstract

We present in this paper a first approach to the use of artificial neural as a tool to determine the orientation of objects moving on a conveyor belt in a car assembly line. The capability of neural networks to generalise is a key element in the calculation of an object’s orientation. In this sense, a neural network with Competitive Hebbian Learning can identify the angle of a part never used in its training process. The equilibrium between exactitude and processing time is also studied.

PDF icon JavierLopez1999.pdf (97.97 KB)
A. Mana, F. Villalba, and J. Lopez, "Secure Examinations Through The Internet", In IFIP World Computer Congress, pp. 695-708, August, 1998. More..

Abstract

The objective of the present work is to present a solution to the problem of simultaneously examining groups of students in different computer laboratories while each student uses a computer with Internet access. The system presented focus on security and ease of use, being, at the same time, transparent to the users (students) and providing added services to the main objective of simultaneous examinations in several rooms with just one teacher.

J. Lopez, A. Mana, J. J. Ortega, and L. Pino, "Una Solución Integral para la Autenticación de Usuarios y la Administración de Claves en Internet", In Novática, vol. 134, pp. 20-26, 1998. More..

Abstract

La seguridad es uno de los aspectos más conflictivos del uso de Internet. La falta de una política de seguridad global está frenando el desarrollo de Internet en áreas tan interesantes y prometedoras como el comercio electrónico o la interacción con las administraciones públicas. Las técnicas criptográficas actuales proporcionan un alto grado de confidencialidad; no obstante, es difícil garantizar la identificación segura de los usuarios y, además, la gestión de las claves de los mismos es poco eficiente y presenta graves problemas de escalabilidad y seguridad. En este trabajo se describe una solución a ambos problemas basada en una Infraestructura de Clave Pública que proporciona una administración simple y eficiente de las claves de los usuarios y posibilita la autenticación segura de los mismos. El sistema se ha probado con éxito de forma local y, en breve, será instalado para su prueba por parte de la comunidad de usuarios de RedIris.

PDF icon JavierLopez1998.pdf (174.34 KB)
1999
L. Fuentes, and J. Lopez, "Arquitectura Composicional de Seguridad para Servicios Telemáticos", In II Jornadas de Ingeniería Telemática (JITEL´99), pp. 141-148, Sep 1999.
J. Lopez, A. Mana, and J. J. Ortega, "Cert’eM: Certification System Based on Electronic Mail Service Structure", In Secure Networking (CQRE’99), LNCS 1740, Springer, pp. 109-118, December, 1999. More..

Abstract

Public-Key Infrastructures are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert’eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert’eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. The system, developed and tested at the University of Malaga, was recently selected by RedIRIS, the National Research and Academic Network in Spain, to provide the public key service for its secure electronic mail.

PDF icon JavierLopez1999c.pdf (111.13 KB)
A. Larrosa, F. Lopez, and J. Lopez, "Competitive Neural Networks Applied to Image Compression Techniques", In International Conference on Imaging Science, Systems and Technology (CISST’99), pp. 547-550, June, 1999.
J. Areitio, and J. Lopez, "Contribuciones de la Tecnología de Detección y Respuesta a Intrusiones y Ataques a la Construcción de la Confianza", In Novática, vol. 141, pp. 24-27, 1999.
S. Gurgens, J. Lopez, and R. Peralta, "Efficient Detection of Failure Modes in Electronic Commerce Protocols", In IEEE International Workshop on Electronic Commerce and Security, IEEE Press, pp. 850-857, September, 1999. More..

Abstract

The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smartcards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.

J. Lopez, J. Areitio, and F. Rosello, "Problemática de Seguridad para el Comercio Electrónico en el Sector Turístico", In I Congreso Nacional Turismo y Tecnología de la Información y las Comunicaciones (TURITEC’99), pp. 99-110, Septiembre, 1999. More..

Abstract

Uno de los servicios que cada día cobra más importancia y que promete un cambio radical para las empresas es el comercio electrónico en Internet, pero tradicionalmente las empresas relacionadas con el turismo sólo han empleado la red para darse a conocer y ofertar sus productos. La razón esencial es la desconfianza que existe sobre la seguridad de las transacciones llevadas a cabo en la red. La criptografía de clave pública proporciona servicios adecuados para garantizar la seguridad de esas transacciones. Pero en la actualidad, algunos de esos servicios están menos desarrollados que otros; un ejemplo de ellos es el servicio de No-Repudio. En este artículo se estudian distintas formas de ofrecer servicios de no-repudio y se analizan sus ventajas y desventajas en función de las necesidades del entorno en que se utilicen.

J. Lopez, A. Mana, and J. J. Ortega, "A Public Key Infrastructure for User Identification", In IFIP Working Conference on User Identification and Privacy Protection, pp. 209-227, June, 1999. More..

Abstract

While there is wide agreement on the immense potential of Internet, its growth and performance are adversely affected by security issues. Despite its impressive size, scope and reach, the Internet has not yet become a common vehicle for many of these new possibilities. Progress in fields as electronic commerce and government-citizen relationships have been limited by the open design of the network itself. Today, Public-Key Infrastructures are the basis of the protocols and tools needed to guarantee the security demanded in those fields. Trust management and user identification are also important issues that remain unresolved. This paper introduces a key management and user identification system, named Cert’eM, that is based on the electronic mail service. Cert’eM provides important advantages over existing Public-Key Infrastructures and user identification proposals.

PDF icon JavierLopez1999a.pdf (191.03 KB)
J. Lopez, A. Mana, and J. J. Ortega, "An User Authentication Infrastructure for Extranet Applications", In IEEE International Carnahan Conference on Security Technology, IEEE Press, pp. 354-362, October, 1999. More..

Abstract

An Extranet is used to connect businesses with their suppliers, customers or other businesses that share common goals in a way that automates their administrative interactions using Internet technology. The security of the communications over Internet is considered an essential feature. To guarantee secure operation the aid of some user authentication infrastructure is needed. This paper introduces a Public Key Infrastructure (PKI) and user identification scheme to be used in extranet applications. The flexibility of the system allows it to fit the usual hierarchical organization structure.

PDF icon JavierLopez1999b.pdf (156.72 KB)
2000
J. Lopez, et al., "Aspectos de Implementación de una Infraestructura de Clave Pública Distribuida", In Simposio Español de Informática Distribuida (SEID’00), pp. 313-320, Septiembre, 2000. More..

Abstract

La seguridad es uno de los aspectos más conflictivos del uso de Internet. La falta de una política de seguridad global está frenando el desarrollo de Internet en áreas tan interesantes y prometedoras como el comercio electrónico o la interacción con las administraciones públicas. Las técnicas criptográficas actuales proporcionan un alto grado de confidencialidad; no obstante, es difícil garantizar la identificación segura de los usuarios y, además, la gestión de las claves de los mismos es poco eficiente y presenta graves problemas de escalabilidad. Este trabajo describe las características de implementación de una solución a ambos problemas basada en una Infraestructura de Clave Pública (PKI) que proporciona una administración simple y eficiente de las claves de los usuarios y posibilita la autenticación segura de los mismos.

PDF icon JavierLopez2000.pdf (222.46 KB)
J. Davila, et al., "Development of Secure Internet Applications for Governmental Environments", In IEEE International Workshop on Electronic Government (in DEXA’00), IEEE Press, pp. 362-365, 2000.
J. Davila, J. Lopez, and F. Rosello, "Diseño de Protocolos de No-Repudio", In Revista SIC: Seguridad en Informática y Comunicaciones, vol. 38, pp. 1-5, 2000.
J. Lopez, A. Mana, J. J. Ortega, and J. M. Troya, "Distributed Storage and Revocation in Digital Certificate Databases", In 11th International Conference on Database and Expert Systems Applications (DEXA’00), LNCS 1873, Springer, pp. 929-938, September, 2000. More..

Abstract

Public-key cryptography is fast becoming the foundation for those applications that require security and authentication in open networks. But the widespread use of a global public-key cryptosystem requires that public-key certificates are always available and up-to-date. Problems associated to digital certificates management, like storage, retrieval, maintenance, and, specially, revocation, require special procedures that ensure reliable features because of the critical significance of inaccuracies. Most of the existing systems use a Certificate Revocation List, a repository of certificates that have been revoked before their expiration date. The need to access CRLs in order to check certificate revocations becomes a performance handicap. Furthermore, they introduce a source of vulnerability in the whole security infrastructure, as it is impossible to produce a new CRL each time a revocation takes place. This paper introduces an alternative for the storage of digital certificates that avoids the use of CRLs. The system is designed to provide a distributed management of digital certificates by using Certification Authorities that, while being part of a whole Public-Key Infrastructure, operate over local certificates databases. Communication protocols between local databases have been designed to minimize network traffic without a lack of security and efficiency.

PDF icon JavierLopez2000a.pdf (205.62 KB)
J. Areitio, J. Lopez, and J. M. Troya, "Horizontes y Tendencias de Seguridad en Internet", In Novática, vol. 145, pp. 65-71, 2000. More..

Abstract

  El comercio electrónico está llamado a ser el fenómeno de mayor importancia en el futuro de Internet. Entre sus aplicaciones se encuentran las compras en línea, la banca electrónica, la tele-educación, los casinos virtuales, los servicios de pago por visión y vídeo bajo demanda, etc. Desde el punto de vista de la Seguridad, estas aplicaciones presentan una serie de nuevos requisitos que van a imponer un gran esfuerzo investigador a corto y medio plazo. En este artículo se presentan algunos de los más importantes, como la administración de la confianza, la utilización de pagos electrónicos, la necesidad de la protección de la propiedad intelectual, los servicios de protección de privacidad y anonimato, y la autonomía de código y la detección de fraudes, identificándose las áreas de investigación relacionadas.

PDF icon JavierAreitio2000.pdf (95.24 KB)
J. Davila, et al., "Internet Secure Communications Between Citizens and Public Administrations", In IFIP Conference on Advances in Electronic Government, pp. 109-120, 2000.
J. Areitio, and J. Lopez, "Mecanismo de Seguridad de Bajo Costo para Micropagos", In VI Reunion Española de Criptología y Seguridad de la Información (VI RECSI), pp. 193-200, Septiembre, 2000. More..

Abstract

La presente comunicación presenta un mecanismo de micropagos flexible, de bajo costo que puede utilizarse para realizar pagos en línea entre el cliente y el vendedor y fuera de línea con el agente de negocios. Este mecanismo evita grandes almacenamientos de datos y cálculos largos. Se puede implantar en software para el cliente y en hardware/software para el vendedor.  

PDF icon JavierAreitio2000a.pdf (63.72 KB)
J.. Davila, J. Lopez, and R.. Peralta, "Una Solución Flexible para Redes Privadas Virtuales", In VI Reunión Española de Criptología y Seguridad de la Información (VI RECSI), pp. 329-340, Sep 2000.
2001
J. Areitio, L. Martínez, J. Lopez, and J. A. Montenegro, "Análisis, Diseño e Implementación de un Entorno Escalable de Comercio-e con Seguridad Telemática Adaptable Basada en PKI", In I Simposio Español de Comercio Electrónico (SEC’01), pp. 145-160, Octubre, 2001. More..

Abstract

La presente ponencia aborda el desarrollo de un entorno seguro escalable para el Comercio Electrónico. Se ha tratado la cuestión en dos fases: primero, idear un prototipo generalizado distribuido seguro formado por diferentes entidades genéricas con el objetivo de permitir que los clientes realicen sus compras y transacciones bancarias con un nivel de seguridad escalable; y en segundo lugar, implantar en la práctica un prototipo de grado de escalabilidad reducido como modelo empírico.

J. Davila, J. Lopez, R. Peralta, and J. maria troya, "A First Approach to Latin Electronic Notary Public Services", In IFIP Conference on Security & Control of IT in Security, pp. 49-60, 2001.
J. Davila, J. Lopez, and R. Roman, "Introducción de Aplicaciones UDP en Redes Privadas Virtuales", In III Jornadas de Ingeniería Telemática (JITEL’01), pp. 397-404, Septiembre, 2001. More..

Abstract

Virtual Private Network (VPN) solutions mainly focus on security aspects. However, when security is considered the unique problem, some collateral ones arise. VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange and audio/video conference with non-VPN users, and to access Web and Ftp servers external to the organization. In this paper we present a new solution, located at the TCP/IP transport layer and oriented to UDP applications that, while maintaining strong security features, allows the open use of traditional network services. The solution does not require the addition of new hardware because it is an exclusively software solution. As a consequence, the application is totally portable.

PDF icon JorgeDavila2001.pdf (44.79 KB)
J. Lopez, "Servicios de Notarización Electrónica", In Revista SIC: Seguridad en Informática y Comunicaciones, vol. 38, pp. 1-5, 2001.
J. Davila, and J. Lopez, "Sistemas Electrónicos de Micropago", In Revista de Contratación Electrónica, vol. 22, pp. 3-22, 2001.
S. Gurgens, and J. Lopez, "Suitability of a Classical Analysis Method for E-Commerce Protocols", In IV International Information Security Conference (ISC’01), LNCS 2200, Springer-Verlag, pp. 46-62, October, 2001. More..

Abstract

We present the adaptation of our model for the validation ofkey distribution and authentication protocols to address speci c needsof protocols for electronic commerce. The two models defer in both thethreat scenario and in the formalization. We demonstrate the suitabilityof our adaptation by analyzing a speci c version of the Internet BillingServer protocol introduced by Carnegie Mellon University. Our analysisshows that, while the security properties a key distribution or authenticationprotocol shall provide are well understood, it is often not clearwhat properties an electronic commerce protocol can or shall provide.Our methods rely on automatic theorem proving tools. Speci cally, weused Øtter", an automatic theorem proving software developed at ArgonneNational Laboratories.

PDF icon SigridGuergens2001.pdf (256.9 KB)
A. Mana, J. Lopez, J. Martinez, and S. Matamoros, "Ticketing Genérico y Seguro Sobre GSM", In Simposio en Informática y Telecomunicaciones 2001 (SIT’01), pp. 297-305, Septiembre, 2001. More..

Abstract

La confianza en el comercio electrónico se ha reforzado, sin duda, gracias a la difusión de las tarjetas inteligentes. Estos elementos clave, que mejoran en gran medida la seguridad de los sistemas informáticos, tienen usos que van desde la simple identificación del usuario hasta complejos mecanismos de pago. Dentro del comercio electrónico, uno de los servicios de valor añadido más interesantes para cualquier usuario es el de ticketing. La seguridad de este sistema puede beneficiarse del uso de las tarjetas inteligentes en los procesos de venta, almacenamiento y uso de los tickets electrónicos. Uno de los puntos críticos para conseguir una amplia aceptación de este servicio será su capacidad de llegar a la gran mayoría de usuarios. En esta línea, parece apropiado pensar en los teléfonos móviles como la mejor plataforma sobre la que implantar el sistema. Este trabajo presenta los resultados del proyecto GSM-ticket, en el que se introducen, por una parte, un esquema de tickets electrónicos seguros, eficientes y fáciles de usar, y por otra el conjunto de servicios adicionales de venta, pago y distribución junto con sus protocolos correspondientes.

2002
J. Lopez, et al., "Access Control Infrastructure for Digital Objects", In International Conference on Information and Communications Security (ICICS’02), LNCS 2513, Springer-Verlag, pp. 399-410, December, 2002. More..

Abstract

Distributed systems usually contain objects with heterogeneous security requirements that pose important challenges on the underlying security mechanisms and especially in access control systems. Access control in distributed systems often relies on centralized security administration. Existing solutions for distributed access control do not provide the flexibility and manageability required. This paper presents the XML-based Secure Content Distribution (XSCD) infrastructure is based on the production of self-protected software objects that convey contents (software or data) and can be distributed without further security measures because they embed the access control enforcement mechanism. It also provides means for integrating Privilege Management Infrastructures (PMIs). Semantic information is used in the dynamic instantiation and semantic validation of policies. XSCD is scalable, facilitates the administration of the access control system, guarantees the secure distribution of the contents, enables semantic integration and interoperability of heterogeneous sources, solves the “originator retained control” issue and allows activities (such as payment) to be bound to the access to objects.  

PDF icon JavierLopez2002j.pdf (81.17 KB)
J. Lopez, J. A. Montenegro, R. Roman, and J. Davila, "Design of a VPN Software Solution Integrating TCP and UDP Services", In International Conference on Infrastructure Security (InfraSec’02), LNCS 2437, Springer-Verlag, pp. 325-337, October, 2002. More..

Abstract

The main aims of Virtual Private Network (VPN) are to isolate a distributed network from outsiders, as well as to protect the confidentiality and integrity of sensitive information traversing a non-trusted network such as the Internet. However, some problems arise when security is considered as the unique problem because VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange with non-VPN users, and to access Web and FTP servers external to the organization. This paper presents a new solution that allows the open use of traditional network services running over TCP and UDP layers, while maintaining strong security features. The new scheme works at the TCP/IP transport layer and does not require the addition of new hardware because it is a totally software solution. As a consequence, the application is totally portable. Moreover, and because of its implementation at the transport layer, there is no need to modify any traditional communication applications previously installed in the network system.

PDF icon JavierLopez2002c.pdf (126.07 KB)
J. Lopez, et al., "Designing Software Tools for the Use of Secure Electronic Forms", In 3rd ACIS Int. Conf. on Software Engineering, Artificial Intelligence Networking and Parallel/Distributed Computing (SNPD’02), pp. 157-163, Junio, 2002. More..

Abstract

Interaction of organizations and their clients by using the Internet can produce meaningful benefits in the accessibility, efficiency and availability of documents, regardless of time and location. However, some types of problems hinder a higher degree of communication. This paper presents some of the results of a Research Project that focuses on the influence of typical open networks risks in electronic interactions and on the need of creating software tools to manage electronic versions of the paper-based forms, as this is the traditional way of interaction through the Web.

PDF icon JavierLopez2002f.pdf (257.49 KB)
S. Russell, E. Okamoto, E. Dawson, and J. Lopez, "Improving Performance in Global PKI using Virtual Certificates and Synthetic Certificates", In Symposium on Cryptography and Information Security (SCIS’02), pp. 1149-1154, January, 2002. More..

Abstract

A digital certificate may be used to inform the world of the public key of its owner. To guard against impersonations and fraud, the receiver needs to perform a series of checks. When a hierarchy of certificates is involved, and when there are large volumes of messages between two parties, as is frequent in commerce, the repeated validation of the same chain of certificates consume significant resources. This paper presents new concepts of virtual certificate and synthetic certificate which can be used to speed up repetitive processing of a chain with improved efficiency.

PDF icon SelwynRussell2002.pdf (182.25 KB)
E. Dawson, J. Lopez, J. A. Montenegro, and E. Okamoto, "A New Design of Privilege Management Infrastructure (PMIs) for Organizations Using Outsourced PKI", In 5th International Conference on Information Security (ISC’02), LNCS 2433, Springer-Verlag, pp. 136-149, September, 2002. DOI More..

Abstract

Authentication services provided by Public Key Infrastructures (PKI) do not satisfy the needs of many e-commerce applications. These applications require additional use of authorization services in order for users to prove what they are allowed to do. Attribute certificates have changed the way in which the authorization problem has been considered until now, and Privilege Management Infrastructures (PMI) provide the necessary support for a wide use of those certificates. Although both types of infrastructures, PKIs and PMIs, keep some kind of relation, they can operate autonomously. This fact is specially interesting for companies who have taken or will take the decision to outsource PKI services. However, outsourcing PMI services is not a good option for many companies because sometimes information contained in attribute certificates is confidential. Therefore attribute certificates must be managed very carefully and, preferably, only inside the company. In this paper we present a new design of PMI that is specially suited for those companies that outsource PKI services but still need to manage the PMI internally. The scheme provides additional advantages that satisfy the needs of intra-company attribute certification, and eliminates some of the problems associated with the revocation procedures.

J. Lopez, S. Matamoros, J. J. Ortega, and J. M. Troya, "Observaciones sobre las técnicas de análisis formal de protocolos de seguridad", In VII Reunión Española sobre Criptología y Seguridad de la Información (VII RECSI), pp. 471-483, Septiembre, 2002. More..

Abstract

La aplicación de los métodos formales para el diseño y análisis de sistemas críticos está ampliamente aceptada en el desarrollo de estos sistemas. Los protocolos de seguridad abordan el objetivo de garantizar servicios y derechos como el de la confidencialidad de los datos personales o el de garantizar la identidad de acceso a un sistema. Por lo tanto, ya que un protocolo de seguridad es un sistema crítico, es necesario utilizar métodosformales para su diseño y análisis. Debido a las características especiales que presentan este tipo de protocolos, se deben utilizar métodos que no son los tradicionales utilizados para los protocolos de comunicaciones, sino que deben utilizarse otros específicos. En este artículo vamos a hacer un estudio de las principales propiedades de seguridad que poseen los protocolos criptográficos y de la manera de aplicar los métodos formales en su diseño y análisis.

PDF icon JavierLopez2002h.pdf (44.34 KB)
W.. Caelli, et al., "Online Public Key Infrastructure", In VII Reunión Española sobre Criptología y Seguridad de la Información (VII RECSI), pp. 123-135, Sep 2002.
J. Lopez, J. A. Montenegro, and J. M. Troya, "Perspectiva Composicional para el Diseño y la Implementación de una PKI", In I Congreso Internacional Sociedad de la Información, pp. 423-428, 2002. More..

Abstract

The important role of Public Key Infrastructures (PKIs) inside the general scope of Internet communication, and more precisely, inside electronic commerce, has driven us to the revision of actual procedures followed in the development of software of these elements that provide security and trust to the digital certification environment. In this work we introduce the actual results of a joint research project of the Security Group of the University of Malaga and the Department of Technology Innovation of Banesto regarding a PKI implementation. The originality of this work is that we have paid attention not only to functional aspects of the infrastructure, but also to the programming techniques used. Basically, we have developed a solution in which implementation has been guided by the increase in the study of software architectures and those paradigms that have emerged in parallel, as component orientation, software frameworks, and design patterns. The correct use of these techniques provide a different point of view that allows the development of every PKI building block in a modular and independent way.

PDF icon JavierLopez2002i.pdf (582.83 KB)
J. Lopez, A. Mana, J. J. Ortega, and E. Pimentel, "Protección de Software basada en Tarjetas Inteligentes", In VII Reunión Española sobre Criptología y Seguridad de la Información (VII RECSI), pp. 485-497, Septiembre, 2002.
J. Lopez, J. J. Ortega, and J. M. Troya, "Protocol Engineering Applied to Formal Analysis of Security Systems", In International Conference on Infrastructure Security (InfraSec’02), LNCS 2437, Springer-Verlag, pp. 246-259, October, 2002. More..

Abstract

Every communication system requiring security properties is certainly critical. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques of communication protocols to the analysis of cryptographic ones. We have extended the design and analysis phases with security properties. Our methodology uses a specification technique based on the HMSC/MSC requirement languages, and translates it into a generic schema for the SDL specification language, which is used for the analysis. Thus, the technique allows the specification of security protocols using a standard formal language and uses Object-Orientation for reusability purposes. The final goal is not only the formal specification of a security system, but to examine the possible attacks, and later use the specification in more complex systems.

PDF icon JavierLopez2002b.pdf (134.19 KB)
J. Lopez, "Proyecto CASENET: Integración del Diseño y Análisis de Protocolos Segurospara el Comerio-e", In Revista SIC: Seguridad en Informática y Comunicaciones, vol. 49, pp. 1-2, 2002.
J. Lopez, A. Mana, P. Merino, and J. M. Troya, "The Role of Smartcards in Practial Information Security", In ERCIM News, vol. 49, pp. 38-40, 2002. More..

Abstract

The transition from traditional commerce to electronic and mobile commerce is fostered by aspects like convenience, speed and ease of use. However, security issues remain unsolved. Smart cards open new possibilities for the development of security schemes and protocols that can provide security in applications such as electronic payments or software protection where traditional cryptographic tools are not useful. The GISUM group is involved in several research projects that make use of smart cards. Current applications include a secure electronic forms framework for government-citizen relations, electronic ticketing systems for GMS phones and Internet, a PDA-based digital signature environment, public transport, access control systems, software protection and banking applications. This report focuses on two recent projects: the eTicket electronic ticketing project (1FD97 1269 C02 02 (TAP)), a coordinated project with the Carlos III University of Madrid; and the Alcance project, consisting of the development of a secure electronic forms framework for secure Internet-based communication between citizens and the public administration (1FD97 0850 (TIC)).

PDF icon JavierLopez2002d.pdf (119.71 KB)
J. Lopez, et al., "Towards a Trustful and Flexible Environment for Secure Communications with Public Administrations", In First International Conference on Electronic Government (EGOV’02), LNCS 2456, Springer, pp. 211-214, September, 2002. More..

Abstract

Interaction of citizens and private organizations with Public Administrations can produce meaningful benefits in the accessibility, efficiency and availability of documents, regardless of time, location and quantity. Although there are some experiences in the field of e-government there are still some technological and legal difficulties that avoid a higher rate of communications with Public Administrations through Internet, not only from citizens, but also from private companies. We have studied two of the technological problems, the need to work in a trustful environment and the creation of tools to manage electronic versions of the paper-based forms.

PDF icon JavierLopez2002g.pdf (72.46 KB)
J. Lopez, J. J. Ortega, and J. M. Troya, "Verification of Authentication Protocols using SDL-method", In First International Workshop on Security in Information Systems (SIS’02), pp. 61-71, April, 2002. More..

Abstract

Authentication between protocol agents is widely studied in the cryptographic protocol analysis area. It is essential in a virtual environment to rely on protocol parties’ identity. In the academic literature there are many protocols that provide the authentication property. We present in this paper a new mechanism to verify authentication using SDL, general purpose specification language. We have defined a generic schema in SDL that allow us to specify a security system and check system behavior when a malicious agent ( the intruder ) is present. We have used the EKE authentication protocol to illustrate how the mechanism works.

PDF icon JavierLopez2002a.pdf (45.71 KB)
J. Lopez, A. Mana, and M. I. Yague, "XML-Based Distributed Access Control System", In Third International Conference on E-Commerce and Web Technologies (ECWeb’02), LNCS 2455, Springer, pp. 203-213, September, 2002. More..

Abstract

The use of attribute certificates and the concept of mobile policies have been proposed to overcome some of the limitations of the role based access control (RBAC) paradigm and to implement security requirements such as the ‘‘originator controlled’’ (ORCON) policy. Mobile policies are attached to the data that they control and enforced by their execution in trusted servers. In this paper we extend this idea to allow the execution of the policies in untrusted systems. Our extension allows that policies are bound to the data but not attached to it. By this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designed to express policies in a simple and unambiguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.

PDF icon JavierLopez2002e.pdf (481.94 KB)
2003
S. Gurgens, J. Lopez, and R. Peralta, "Analysis of E-commerce Protocols: Adapting a Traditional Technique", In International Journal of Information Security, vol. 2, no. 1, Springer, pp. 21-36, 2003. More..

Abstract

We present the adaptation of our model for the validation of key distribution and authentication protocols to address some of the specific needs of protocols for electronic commerce. The two models defer in both the threat scenario and in the protocol formalization. We demonstrate the suitability of our adaptation by analyzing a specific version of the Internet Billing Server protocol introduced by Carnegie MellonUniversity. Our analysis shows that, while the security properties a key distribution or authentication protocol shall provide are well understood, it is often not clear which properties an electronic commerce protocol can or shall provide. We use the automatic theorem proving software ‘‘Otter’’ developed at Argonne National Laboratories for state space exploration.

PDF icon SigridGuergens2003.pdf (222.22 KB)
J. Lopez, J. J. Ortega, and J. M. Troya, "Applying SDL to Formal Analysis of Security Systems", In 11th International SDL Forum (SDL’03), LNCS 2708, Springer-Verlag, pp. 300-317, July, 2003. More..

Abstract

Nowadays, it is widely accepted that critical systems have to be formally analysed in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques commonly used in communication protocols to the analysis of cryptographic ones. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on MSC, which can be automatically translated into a generic SDL specification. This SDL system can then be used for the analysis of the desired security properties, by using an observer process schema. Apart from our main goal of providing a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.

PDF icon JavierLopez2003b.pdf (1.05 MB)
J. Lopez, A. Mana, J. maria troya, and M. Yague, "Applying the Semantic Web Layers to Access Control", In IEEE International Workshop on Web Semantics (WebS’03), IEEE Press, pp. 622-626, 2003. More..
PDF icon 1719.pdf (41 KB)
E. Dawson, J. Lopez, J. A. Montenegro, and E. Okamoto, "BAAI: Biometric Authentication and Authorization Infrastructure", In IEEE International Conference on Information Technology (ITRE’03), IEEE, pp. 274-278, 2003. DOI More..

Abstract

The combined use of authorization and authentication infrastructures has led to AAIs (authorization and authentication infrastructures). These new infrastructures supply identification and authorization services to a distributed environment There are many possibilities of linkages to get AAIs; one of them is to include the PMI (privilege management infrastructure) as authorization infrastructure and an authentication infrastructure that can be a PKI (public key infrastructure) or kerberos. This symbiosis gives service to applications and servers. However, in physical environments where the physical presence of an individual is required, it is necessary to use biometric systems. This paper describes the development of a solution that combines the relationship between the biometric based systems and the PMIs to finally obtain the biometric AAI.

E. Okamoto, et al., "Certificate Retrieval and Validation in Online Systems", In Symposium on Cryptography and Information Security (SCIS’03), pp. 25-30, January, 2003. More..

Abstract

In order to more effectively deal with certificate management issues in PKIs, there is growing interest in supplementing offline X.509 PKI models with online services. An analysis of the security requirements of online models will be presented. Proposed online and delegated processing models will be evaluated in relation to these requirements.

PDF icon EijiOkamoto2003.pdf (146.11 KB)
J. Lopez, J. J. Ortega, J. M. Troya, and J. L. Vivas, "High-level Specification of Security Systems", In IEEE Globecom 2003 - Communications Security Track, IEEE Press, pp. 1506-1510, December, 2003. More..

Abstract

In order to study the security systems, we have developed a methodology for the application to the analysis of cryptographic protocols of the formal analysis techniques commonly used in communication protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on HMSC/MSC, which can be automatically translated into a generic SDL specification.

PDF icon javierlopez2003.pdf (55.43 KB)
J. Lopez, J. J. Ortega, J. M. Troya, and J. L. Vivas, "How to Specify Security Services: A Practical Approach", In 7th IFIP Conference on Multimedia and Communications Security (CMS’03), LNCS 2828, Springer-Verlag, pp. 158-171, October, 2003. More..

Abstract

Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.

PDF icon javierlopez2003a.pdf (400.31 KB)
J. Lopez, et al., "Integrating PMI Services in CORBA Applications", In Computer Standards & Interfaces, vol. 25, no. 4, pp. 391-409, 2003. ISI JCR Impact Factor 2003: 0.523 More..

Abstract

Application-level access control is an important requirement in many distributed environments. For instance, in new scenarios such as e-commerce, access to resources by previously unknown users is an essential problem to be solved. The integration of Privilege Management Infrastructure (PMI) services in the access control system represents a scalable way to solve this problem. Within the CORBA standards, the Resource Access Decision (RAD) facility is a mechanism used by security-aware applications to obtain authorization decisions and to manage access decision policies. This paper presents PMI-RAD, an approach to integrate the services of an external PMI into CORBA applications using the RAD facility. In particular, the integration of the external PMI in the access control system is based on the semantic description of the PMI services. Our RAD implementation requests and verifies attribute certificates from the PMI in a transparent way for CORBA objects.

Impact Factor: 0.523
Journal Citation Reports® Science Edition (Thomson Reuters, 2003)

PDF icon JavierLopez2003c.pdf (93.71 KB)
J. A. Onieva, J. Zhou, M. Carbonell, and J. Lopez, "Intermediary Non-Repudiation Protocols", In 5th Conference on Electronic Commerce, IEEE Computer Society, pp. 207-214, June, 2003. More..

Abstract

n commercial transactions, an intermediary might be involved to help transacting parties to conduct their business. Nevertheless, the intermediary may not be fully trusted. In this paper, we introduce the concept of intermediary (or agent) in a non-repudiation protocol, define the aims of intermediary non-repudiation protocols, and analyze their security requirements. We present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible.

PDF icon Onieva2003b.pdf (134.78 KB)
J. A. Onieva, J. Zhou, M. Carbonell, and J. Lopez, "A Multi-Party Non-Repudiation Protocol for Exchange of Different Messages", In 18th IFIP International Information Security Conference. Security and Privacy in the Age of Uncertainty (IFIP SEC’03), IFIP, pp. 37-48, May, 2003. More..

Abstract

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of multi-party non-repudiation protocols, and analyze the previous work where one originator is able to send the same message to many recipients. We propose a new multi-party non-repudiation protocol for sending different messages to many recipients. We also discuss the improvements achieved with respect to the multiple instances of a two-party non-repudiation protocol, and present some applications that would benefit from them.

PDF icon Onieva2003.pdf (203.9 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Practical Service Charge for P2P Content Distribution", In Fifth International Conference on Information and Communications Security, LNCS 2836, Springer, pp. 112 - 123, October, 2003. More..

Abstract

With emerging decentralized technologies, peer-to-peer (P2P) content distribution arises as a new model for storage and transmission of data. In this scenario, one peer can be playing different roles, either as a distributor or as a receiver of digital contents. In order to incentivize the legal distribution of these contents and prevent the network from free riders, we propose a charging model where distributors become merchants and receivers become customers. To help in the advertisement of digital contents and collection of payment details, an intermediary agent is introduced. An underlying P2P payment protocol presented in [1] is applied to this scenario without total trust on the intermediary agent.

PDF icon Onieva2003a.pdf (185.68 KB)
M. Soriano, J. Lopez, and F. Jordi Eds., "Second Spanish Conference on Electronic Commerce, SCE’03, Barcelona, 10-11 June 2003, Proceedings", In SCE’03, vol. 7, Fundacion Dintel, 2003.
J. Lopez, et al., "A Secure Solution for Commercial Digital Libraries", In Online Information Review Journal, vol. 27, no. 3, Emerald, pp. 147-159, 2003. ISI JCR Impact Factor 2003: 0.417 More..
Impact Factor: 0.417
Journal Citation Reports® Science Edition (Thomson Reuters, 2003)

PDF icon 1708.pdf (126.04 KB)
J. A. Montenegro, and J. Lopez, "Taxonomía de las Infraestructuras de Autorización y Autentificación", In XIII Jornadas TELECOM I+D 2003, Noviembre, 2003.
J. L. Vivas, J. A. Montenegro, and J. Lopez, "Towards Business Process-Driven Framework for Security Engineering with the UML", In 6th International Conference on Information Security (ISC’03), LNCS 2851, Springer-Verlag, pp. 381-395, October, 2003. More..

Abstract

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is commonly at the business process level that customers and end users are able to express their security needs. In addition, systems are often developed by automating existing manual business processes. Since many security notions belongs conceptually to the world of business processes, it is natural to try to capture and express them in the context of business models in which moreover customers and end users feel most comfortable. In this paper, based on experience drawn from an ongoing work within the CASENET project \cite{CASENET}, we propose a UML-based business process-driven framework for the development of security-critical systems.

PDF icon josevivas2003.pdf (206.96 KB)
S. Rusell, E. Dawson, E. Okamoto, and J. Lopez, "Virtual Certificates and Synthetic Certificates: New Paradigms for Improving Public Key Validation", In Computer Communications, vol. 26, no. 16, Elsevier, pp. 1826-1838, 2003. ISI JCR Impact Factor 2003: 0.508 More..

Abstract

The certificate paradigm is applied recursively to obtain the public keys of a number of Certification Authorities and, accordingly, to obtain the public keys of a number of final entities. Thus, validation of the authorized public key of a party in a network transaction is commonly based on processing the certificate chain descended from a trusted root issuer, involving non-negligible time and cost. Those chains become long in communications between large organizations, which is the typical case of e-commerce and e-government applications. The process of validation of extensive chains introduces performance problems in two aspects: signature verification and revocation checking. That is, the repeated processing of long chains of certificates creates severe efficiency problems. This fact causes that most of the advantages provided by Public Key Infrastructures (PKIs) are not conveniently exploited. In this paper we analyze the scenarios in which large volumes of digitally signed transactions between commercial entities exist. These cases require of interoperation among PKIs. We show that solutions available in those scenarios still involve processing of too long chains of certificates, either at the receiving computer or by an outsourced entity. For this reason, we propose new concepts of virtual certificate and synthetic certificate for faster and less costly processing of certificate chains. In this way, communications in a certificate-based intercommunity can be highly improved. We also show how these types of certificates can be applied in practice.

Impact Factor: 0.508
Journal Citation Reports® Science Edition (Thomson Reuters, 2003)

PDF icon SelwynRusell2003.pdf (227.92 KB)
2004
J. A. Onieva, J. Zhou, J. Lopez, and M. Carbonell, "Agent-mediated non-repudiation protocols", In Electronic Commerce Research and Applications, vol. 3, no. 2, Elsevier, pp. 152-162, 2004. More..

Abstract

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes in electronic commerce. In commercial transactions, an intermediary (or agent) might be involved to help transacting parties to conduct their business. Nevertheless, such an intermediary may not be fully trusted. In this paper, we propose agent-mediated non-repudiation protocols and analyze their security requirements. We first present a simple scenario with only one recipient, followed by a more complicated framework where multiple recipients are involved and collusion between them is possible. We also identify applications that could take advantage of these agent-mediated non-repudiation protocols.

PDF icon Onieva2004a.pdf (196.82 KB)
J. Zhou, J. A. Onieva, and J. Lopez, "Analysis of a Free Roaming Agent Result-Truncation Defense Scheme", In 6th Conference on E-Commerce (CEC’04), IEEE Computer Society, pp. 221-226, June, 2004. More..

Abstract

Mobile agents play an important role in electronic commerce. Security in free-roaming agents is especially hard to achieve when the mobile code is executed in hosts that may behave maliciously. Some schemes have been proposed to protect agent data (or computation results). However, a known vulnerability of these techniques is the truncation attack where two visited hosts (or one revisited host) can collude to discard the partial results collected between their respective visits. Cheng and Wei proposed a scheme in ICICS’02 to defense against the truncation of computation results of free-roaming agents. Cheng-Wei scheme is effective against such an attack in most cases. However, we demonstrate that it still suffers from the truncation attack when a special loop is established on the path of a free-roaming agent. We further propose two amendments to Cheng-Wei scheme to avoid such an attack.

PDF icon JianyingZhou2004.pdf (115 KB)
J. Lopez, R. Oppliger, and G. Pernul, "Authentication and Authorization Infrastructures (AAIs): A Comparative Survey", In Computers & Security, vol. 23, no. 7, Elsevier, pp. 578-590, 2004. ISI JCR Impact Factor 2004: 0.412 More..

Abstract

In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed systems, and that proper authorization and access control requires infrastructural support in one way or another. This support can be provided, for example, by an authentication and authorization infrastructure (AAI). Against this background, we overview, analyze, discuss, and put into perspective some technologies that can be used to build and operate AAIs. More specifically, we address Microsoft .NET Passport and some related activities (e.g. the Liberty Alliance Project), Kerberos-based solutions, and AAIs that are based on digital certificates and public key infrastructures (PKIs). We conclude with the observation that there is no single best approach for providing an AAI, that every approach has specific advantages and disadvantages, and that a comprehensive AAI must combine various technologies and approaches.

Impact Factor: 0.412
Journal Citation Reports® Science Edition (Thomson Reuters, 2004)

PDF icon JavierLopez2004.pdf (2.22 MB)
J. A. Montenegro, J. Lopez, and F. Moya, "Diseño e Implementación del Marco de Trabajo de Certificado de Atributos X509 para la Delegación de Privilegios", In VIII Reunión Española sobre Criptología y Seguridad de la información (VIII RECSI),Madrid, pp. 571-581, Septiembre, 2004. More..

Abstract

Este trabajo muestra los detalles de una implementacion prototipo del marco de trabajo de Certificados de Atributos X.509 (Xac), propuesto por la recomendacion ITU-T. La implementacion utiliza como base de la plataforma la librer

PDF icon JoseA.Montenegro2004.pdf (177.35 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Enhancing Certified Email Service for Timeliness and Multicast", In Fourth International Network Conference, University of Plymouth, pp. 327-335, 2004. More..

Abstract

Certified email is a value-added service of ordinary email, in which a sender wants to obtain a receipt from a recipient. Fair exchange protocols are a key component for certified email service to ensure fairness, i.e., the items held by two parties are exchanged without one party obtaining an advantage. We can find in the literature simple and fast optimistic protocols for fair electronic exchange and, more specifically, for certified electronic mail (CEM) and electronic contract signing (ECS). We have observed that some aspects of those protocols could be substantially improved. This paper presents two major contributions. Firstly, we provide a solution that allows both parties to end the protocol timely in an asynchronous way. Then, we extend the certified email service to the multicast scenario.

PDF icon Onieva2004b.pdf (87.54 KB)
I. Agudo, J. Lopez, and J. J. Ortega, "Especificación formal y verificación de requisitos de Seguridad", In VIII Reunión Española sobre Criptología y Seguridad de la Información (VIII RECSI), pp. 225-235, Sep 2004.
V. Benjumea, J. Lopez, J. A. Montenegro, and J. M. Troya, "A First Approach to Provide Anonymity in Attribute Certificates", In 2004 International Workshop on Practice and Theory in Public Key Cryptography (PKC’04), LNCS 2947, Springer, pp. 402-415, March, 2004. More..

Abstract

This paper focus on two security services for internet applications:authorization and anonymity. Traditional authorization solutionsare not very helpful for many of the Internet applications; however,attribute certificates proposed by ITU-T seems to be well suited andprovide adequate solution. On the other hand, special attention is paidto the fact that many of the operations and transactions that are part ofInternet applications can be easily recorded and collected. Consequently,anonymity has become a desirable feature to be added in many cases. Inthis work we propose a solution to enhance the X.509 attribute certificatein such a way that it becomes a conditionally anonymous attributecertificate. Moreover, we present a protocol to obtain such certificatesin a way that respects users’ anonymity by using a fair blind signaturescheme. We also show how to use such certificates and describe a fewcases where problems could arise, identifying some open problems.

PDF icon VicenteBenjumea2004.pdf (183.42 KB)
A. Mana, et al., "A Framework for Secure Execution of Software", In International Journal of Information Security (IJIS), vol. 3, no. 2, Springer, pp. 99-112, 2004. More..

Abstract

    The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues.We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solutions depends on two basic premises: (i) to increase the physical security by using tamperproof devices, and (ii) to increase the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user can not modify the software to bypass an operation that is crucial: checking the presence of the token. However, the experience shows that the second premise is not realistic because the analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources. In this paper, we review the most relevant works related to software protection, present a taxonomy of those works and, most important, we introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of previous premises; that is, Smartprot has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of Smart- Prot as well as the protocols developed to manage licenses. Finally, we provide an analysis of its implementation details.

PDF icon AntonioMana2004.pdf (496.63 KB)
J. Lopez, S. Qing, and E. Okamoto Eds., "Information and Communications Security, 6th International Conference, ICICS 2004, Malaga, Spain, October 27-29, 2004, Proceedings", In ICICS, vol. 3269, Springer, 2004. More..
J. A. Onieva, J. Lopez, and J. Zhou, "Mejorando Servicios de Correo Electronico Certificado con Prontitud Temporal y Multicasting", In VIII Reunión Española sobre Criptología y Seguridad de la información (RECSI’04). Avances en Criptologia y Seguridad de la Informacion, Diaz de Santos, pp. 537-546, 2004. More..

Abstract

El correo electrónico certificado es un servicio añadido al correo electrónico estándar, en el cual el remitente desea obtener un recibo procedente del destinatario. Para este servicio, encontramos que los protocolos de intercambio (justo) son un componente principal para asegurar la corrección en la ejecución de los servicios de correo electrónico certificado, ya que los ítems que ambas partes presentan (en este caso específico, el mensaje de correo y el recibo del mismo) deben ser intercambiados sin que ninguna de las partes obtenga una ventaja durante el proceso sobre la otra. Podemos encontrar en esta línea de investigación protocolos optimistas eficientes para el intercambio electrónico, y mas concretamente para Correo Electrónico Certificado (CEC) y Firma Electrónica de Contratos (FEC). Realizando un estudio adecuado hemos observado que algunos aspectos de dichos protocolos podrían ser mejorados. En este artículo proponemos una solución que permite a ambas entidades terminar el protocolo de forma asíncrona. También extendemos el protocolo a múltiples usuarios.

PDF icon JoseA.Onieva2004d.pdf (139.28 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Non-repudiation Protocols for Multiple Entities", In Computer Communications, vol. 27, no. 16, pp. 1608-1616, 2004. ISI JCR Impact Factor 2004: 0.574 More..

Abstract

Non-repudiation is a security service that provides cryptographic evidence to support the settlement of disputes. In this paper, we introduce the state-of-the-art of non-repudiation protocols for multiple entities. We extend an existing multi-party non-repudiation (MPNR) protocol to allow an originator to send different messages to many recipients in a single transaction. We further propose an optimistic multi-party non-repudiation protocol for exchange of different messages. The performance of our protocols with enhanced functionalities is still promising in comparison with existing MPNR protocols.

Impact Factor: 0.574
Journal Citation Reports® Science Edition (Thomson Reuters, 2004)

PDF icon Onieva2004c.pdf (217.87 KB)
J. Lopez, A. Mana, J. A. Montenegro, and J. J. Ortega, "PKI Design Based on the Use of On-line Certification Authorities", In International Journal of Information Security (IJIS), vol. 2, no. 2, Springer, pp. 91-102, 2004. More..

Abstract

Public-Key Infrastructures (PKIs) are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert’eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert’eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. Because we have considered the revocation problem as priority in the design process, and with a big influence in the rest of the PKI components, we have developed an alternative solution to the use of Certificate Revocation Lists (CRLs), which has become one of the strongest points in this new scheme.

PDF icon JavierLopez2004b.pdf (283.07 KB)
J. Zhou, J. A. Onieva, and J. Lopez, "Protecting Free Roaming Agents against Result-Truncation Attack", In 60th IEEE Vehicular Technology Conference (VTC’04), IEEE Vehicular Technology Society Press, pp. 3271-3274, 2004. More..

Abstract

Mobile agents are especially useful in electronic commerce, for both wired and wireless environments. Nevertheless, there are still many security issues on mobile agents to be addressed, for example, data confidentiality, non-repudiability, forward privacy, publicly verifiable forward integrity, insertion defense, truncation defense, etc. One of the hardest security problems for free roaming agents is truncation defense where two visited hosts (or one revisited host) can collude to discard the partial results collected between their respective visits. We present a new scheme satisfying those security requirements, especially protecting free roaming agents against result-truncation attack.

PDF icon Zhou2004.pdf (95.34 KB)
S. K. Katsikas, S. Gritzalis, and J. Lopez Eds., "Public Key Infrastructure, First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings", In EuroPKI, vol. 3093, Springer, 2004. More..
I. Agudo, and J. Lopez, "Specification and formal verification of security requirements", In 5th international conference on Computer systems and technologies (CompSysTech ’04), ACM, pp. 1-6, 2004. DOI More..

Abstract

With the grown of internet and distributed applications, security requirements are going inherent to the software development process. Each time one communicates with some other one there are relevant security risk that must be taken in account. This is what is happening in the new soft-ware applications using client/server architecture. We propose including security requirements at the top level of development process, together with functional requirements because they are much related. With this information we are able to extract all communication protocols that are involved in our application and their associated security goals. This is the input to a verification phase in which we look for security flaws. The last step, and the more useful (and the not yet finished) is to use this information to modify our initial specification at the top level of the development process

J. Lopez, J. A. Montenegro, R. Oppliger, and G. Pernul, "On a Taxonomy of Systems for Authentication and/or Authorization Services", In TERENA Networking Conference, June, 2004. More..

Abstract

In this work we elaborate on a taxonomy of systems that provide either joint solutions for both authentication and authorization problems, or solutions for only one of the problems. Basically, we do not focus our work on theoretical systems that have been proposed only in the literature. On the other hand, we focus on: (i) systems that are already developed; (ii) systems that are under development or deployment; and (iii) systems that are still in the initial stages of design but are supported by international working groups or bodies. More precisely, we elaborate on a taxonomy of systems that are (or will be soon) available to final users.

PDF icon JavierLopez2004a.pdf (19.35 KB)
M. Carbonell, et al., "Timeout Estimation using a Simulation Model for Non-repudiation Protocols", In 2nd Workshop on Internet Communications Security (WICS’04), (within Computational Science and its Applications International Conference), LNCS 3043, Springer, pp. 903-914, May, 2004. More..

Abstract

An essential issue for the best operation of non-repudiation protocols is to figure out their timeouts. In this paper, we propose a simulation model for this purpose since timeouts depend on specific scenario features such as network speed, TTP characteristics, number of originators and recipients, etc. Based on a one-to-many Markowicth’s protocol simulation model as a specific example, we have worked out various simulation experiments.

PDF icon MildreyCarbonell2004.pdf (324.28 KB)
S. K. Katsikas, J. Lopez, and G. Pernul Eds., "Trust and Privacy in Digital Business, First International Conference, TrustBus 2004, Zaragoza, Spain, August 30 - September 1, 2004, Proceedings", In TrustBus, vol. 3184, Springer, 2004. More..
2005
R. Roman, J. Lopez, and J. Zhou, "Análisis de Seguridad en Redes Inalámbricas de Sensores", In V Jornadas de Ingenería Telemática (JITEL’05), pp. 335-343, Septiembre, 2005. More..

Abstract

The design and development of security infrastructures and protocols for Wireless Sensor Networks is a difficult task, due to several factors like the constraints of the sensor nodes and the public nature of the communication channels. The intrinsic features of these networks create numerous security problems. In this paper, we analyze and put into perspective those problems.

PDF icon R.Roman2005.pdf (233.58 KB)
R. Roman, J. Lopez, and J. Zhou, "Aplicación de Sistemas de Detección de Intrusiones en Redes de Sensores", In Simposio sobre Computación Ubicua e Inteligencia Ambiental (UCAmI’05), pp. 113-120, September, 2005. More..

Abstract

Los sistemas de detección de intrusiones (IDS) son una herramienta imprescindible de seguridad a la hora de proteger una red. Recientemente se han investigado y desarrollado arquitecturas de IDS para redes inalámbricas, en concreto para redes "Ad Hoc". No obstante, no existe un trabajo previo que desarrolle una arquitectura de IDS para una red de sensores. En este artículo, analizamos porque los sistemas IDS de redes "Ad Hoc" no pueden aplicarse a redes de sensores, e introducimos una arquitectura de IDS para redes de sensores que incorpora una nueva técnica para vigilar las comunicaciones de la red en ciertos escenarios.

PDF icon Roman2005b.pdf (467.35 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Attacking an asynchronous multi-party contract signing protocol", In Proceedings of 6th International Conference on Cryptology in India, LNCS 3797, Springer, pp. 311–321, Decemeber, 2005. More..

Abstract

Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. From a designing point of view, digital contract signing is a particular form of electronic fair exchange. Protocols for generic exchange of digital signatures exist. There are also specific protocols for two-party contract signing. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we analyze an optimistic N-party contract signing protocol, and point out its security problem, thus demonstrating further work needs to be done on the design and analysis of secure and optimistic multi-party contract signing protocols.

PDF icon Onieva2005a.pdf (150.72 KB)
R. Roman, J. Zhou, and J. Lopez, "Casual Virtual Private Network", In International Journal of Computer Systems Science & Engineering, vol. 3, CRL Publishing, pp. 185-192, 2005. ISI JCR Impact Factor 2005: 0.119 More..

Abstract

Virtual Private Networks (VPNs) provide a cost-effective way for securing communications using public and insecure networks like the Internet. The main purpose of a VPN is to securely and transparently connect two or more remote networks to form virtually a single network, using centralized security policies for better management and protection. However, in certain scenarios, users may not require such a transparent access to the resources within their networks, but only want temporary secure access to internal services based on their own demands. We call the network architecture with such a feature as Casual VPN. In this paper, we present the notion of Casual VPN, and explain why traditional VPN architectures and protocols are unable to offer Casual VPN services. We also propose and define the operation of a particular Casual VPN architecture, C-VPN, which additionally allows the management of TCP and UDP-based protocols.

Impact Factor: 0.119
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)

PDF icon Roman2005f.pdf (501.2 KB)
J. Lopez, R. Oppliger, and G. Pernul, "Classifying Public Key Certificates", In 2nd European PKI Workshop: Research and Applications (EuroPKI’05), LNCS 3545, Springer, pp. 135-143, June, 2005. More..

Abstract

In spite of the fact that there are several companies that (try to) sell public key certificates, there is still no unified or standardized classification scheme that can be used to compare and put into perspective the various offerings. In this paper, we try to start filling this gap and propose a four-dimensional scheme that can be used to uniformly describe and classify public key certificates. The scheme distinguishes between (i) who owns a certificate, (ii) how the certificate owner is registered, (iii) on what medium the certificate (or the private key, respectively) is stored, and (iv) what type of functionality the certificate is intended to be used for. We think that using these or similar criteria to define and come up with unified or even standardized classes of public key certificate is useful and urgently needed in practice.

PDF icon JavierLopez2005a.pdf (132.5 KB)
I. Agudo, et al., "Delegation Perspective of Practical Authorization Schemes", In Fifth International Network Conference (INC’05), pp. 157-164, 2005. More..
PDF icon IsaacAgudo2005a.pdf (64.72 KB)
R. Roman, and J. Lopez, "Especificación de Sistemas Electrónicos de Microdonaciones", In III Simposio Español de Comercio Electrónico, pp. 95-104, June, 2005. More..

Abstract

Los sistemas electrónicos de pago permiten que un comprador adquiera a un vendedor una serie de productos y servicios de forma virtual. Sin embargo, estos sistemas no tienen en cuenta el escenario en el que un comprador se convierte en donante, accediendo al servicio de forma gratuita. En este artículo se presenta el concepto y características de las microdonaciones, o la donación de cantidades tan pequeñas como un céntimo de euro en el contexto del comercio electrónico. También se muestra como la microdonación es algo necesario en el contexto actual de Internet, y como es posible su implementación basándose en sistemas de micropago.

PDF icon Roman2005c.pdf (362.76 KB)
J. A. Onieva, J. Zhou, J. Lopez, and R. Roman, "Extending an OMA-based DRM Framework with Non-Repudiation Services", In 5th Symposium on Signal Processing and Information Technology (ISSPIT’05), IEEE, pp. 472-477, 2005. More..

Abstract

Digital Rights Management (DRM) is an umbrella term for any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in various ways that can be specified by the vendor. These arrangements are provided through security techniques, mainly encryption, and the distribution, in a detached manner, of content and rights. This allows free access to the content by the consumers, but only those carrying the proper Right Object (RO) will be able to process such content. As a security service considered in different layers of the security framework defined by ITU X.805, almost all applications need to consider non-repudiation in the very beginning of their design. Unfortunately this has not been done so far in DRM specifications due to practical issues and the type of content distributed. We analyze this service for the a DRM framework and provide a solution which allows the right objects acquisition to be undeniable.

PDF icon Onieva2005.pdf (226.67 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "A Graphical Delegation Solution for X.509 Attribute Certificates", In ERCIM News, no. 63, ERCIM, pp. 33-34, October, 2005. More..
PDF icon IsaacAgudo2005.pdf (157.48 KB)
S. Qing, W. Mao, J. Lopez, and G. Wang Eds., "Information and Communications Security, 7th International Conference, ICICS 2005, Beijing, China, December 10-13, 2005, Proceedings", In ICICS, vol. 3783, Springer, 2005. More..
J. Zhou, J. Lopez, R. H. Deng, and F. Bao Eds., "Information Security, 8th International Conference, ISC 2005, Singapore, September 20-23, 2005, Proceedings", In ISC, vol. 3650, Springer, 2005. More..
M. Yague, A. Mana, and J. Lopez, "A Metadata-based Access Control Model for Web Services", In Internet Research Journal, vol. 15, no. 1, Emerald, pp. 99-116, 2005. More..
PDF icon 1707.pdf (365.96 KB)
M. Carbonell, J. A. Onieva, J. Lopez, and J. Zhou, "Modelo de Simulacion para la Estimacion de Parametros en los protocolos de no Repudio", In III Simposio Español de Comercio Electronico (SCE’05), Universitat de les Illes Balears, pp. 151-164, 2005. More..

Abstract

El no repudio es un requisito de seguridad cuya importancia se ha hecho evidente con el crecimiento del comercio electrónico. Muchos protocolos se han desarrollado como solución a este requisito. La gran mayoría incluye en su especificación parámetros cuyos valores no son fáciles de especificar pues dependen de las condiciones reales de implementación del mismo como los tiempos límites, las características de la TTP, tiempo de publicación de las claves, etc. En este trabajo proponemos un modelo que nos ayudará en la estimación de esos parámetros basado en la simulación del escenario real. Para la explicación y prueba del modelo mostramos un conjunto de experimentos.

PDF icon MildreyCarbonell2005.pdf (360.56 KB)
J. Zhou, J. A. Onieva, and J. Lopez, "Optimised Multi-Party Certified Email Protocols", In Information Management & Computer Security Journal, vol. 13, no. 5, pp. 350-366, 2005. More..

Abstract

As a value-added service to deliver important data over the Internet with guaranteed receipt for each successful delivery, certified email has been discussed for years and a number of research papers appeared in the literature. But most of them deal with the two-party scenarios, i.e., there are only one sender and one recipient. In some applications, however, the same certified message may need to be sent to a set of recipients. In this paper, we presents two optimized multi-party certified email protocols. They have three major features. (1) A sender could notify multiple recipients of the same information while only those recipients who acknowledged are able to get the information. (2) Both the sender and the recipients can end a protocol run at any time without breach of fairness. (3) The exchange protocols are optimized, each of which have only three steps.

PDF icon Zhou2005.pdf (232.69 KB)
A. Munoz, J. A. Onieva, and J. Lopez, "Perfiles Seguros para Comercio Movil", In III Simposio Español de Comercio Electronico (SCE’05), Universitat de les Illes Balears, pp. 235-244, 2005. More..

Abstract

Los escenarios de comercio móvil existentes en la actualidad presentan muchas deficiencias. La mayoría de estos escenarios, como no podría ser de otra forma, tienen en cuenta aspectos relativos a la seguridad, prestando especial atención a las propiedades de Autenticación y Autorización. De entre los elementos esenciales que se utilizan para proporcionar estos servicios de seguridad, los perfiles son un elemento común que permiten la personalización de los servicios del usuario móvil. Sin embargo, los perfiles también precisan de una administración segura. En este trabajo presentamos unas consideraciones iniciales respecto a los distintos tipos de perfiles, sus niveles de seguridad para cada tipo, así como indicaciones para el almacenamiento de manera segura. Por lo tanto, analizaremos las distintas alternativas como medio de almacenamiento, discutiéndolas y prestando especial atención a las tarjetas inteligentes.

PDF icon AntonioMunoz2005a.pdf (97.73 KB)
R. Roman, J. Lopez, and J. Zhou, "Protección contra el Spam Utilizando Desafíos a Priori", In V Jornadas de Ingeniería Telemática (JITEL’05), pp. 375-382, September, 2005. More..

Abstract

Spam is considered to be one of the biggest problems in messaging systems. In the area of email Spam, A high number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. In this paper, we introduce a new scheme, called pre-challenge scheme, which avoids problems that exists in other schemes such as delay of service and denial of service. Some new mechanisms are employed to reach a good balance between security against Spam and convenience to email users. In addition, our scheme can be used for protecting other types of messaging systems, such as Instant Messaging (IM) and Blogs, against Spam.

PDF icon Roman2005a.pdf (280.64 KB)
R. Roman, J. Zhou, and J. Lopez, "Protection Against Spam using Pre-Challenges", In 20th IFIP International Information Security Conference (IFIP-SEC’05), R. Sasaki, S. Qing, E. Okamoto, and H. Yoshiura Eds., Springer, pp. 281-294, May, 2005. More..

Abstract

Spam turns out to be an increasingly serious problem to email users. A number of anti-spam schemes have been proposed and deployed, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge is imposed on an email sender. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service attacks. In this paper, we introduce a pre-challenge scheme that avoids those problems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed to reach a good balance between security against spam and convenience to email users.

PDF icon Roman2005d.pdf (174.76 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "A Representation Model of Trust Relationships with Delegation Extensions", In 3th International Conference on Trust Management (iTRUST’05), LNCS 3477, Springer, pp. 9-22, May, 2005. DOI More..

Abstract

Logic languages establish a formal framework to solve authorization and delegation conflicts. However, we consider that a visual representation is necessary since graphs are more expressive and understandable than logic languages. In this paper, and after overviewing previous works using logic languages, we present a proposal for graph representation of authorization and delegation statements. Our proposal is based on Varadharajan et al. solution, though improve several elements of that work. We also discuss about the possible implementation of our proposal using attribute certificates.

PDF icon IsaacAgudo2005b.pdf (251.54 KB)
A. Munoz, J. A. Onieva, and J. Lopez, "On Secure Profiling", In 1st International Workshop on Secure Ubiquitous Networks (SUN’05), IEEE Press, pp. 214-218, August, 2005. More..

Abstract

Ubiquitous environments have several drawbacks to be solved. Most of them are focused on security, and relevant ones are authorization and authentication. Amongst the essential elements to adequately provide solutions, we can find profiles. A profile can be defined as a repository to store structured data from users, networks, devices, applications, etc. As profiles are needed in ubiquitous environments, and these need of secure management as well, in this paper, we provide some initial guidance on the security storage of profiles and on security levels needed for each type of profile. Additionally, we review different alternatives to bear profiles, concluding that smartcards are the most suitable devices.

PDF icon AntonioMunoz2005.pdf (182.15 KB)
R. Roman, J. Zhou, and J. Lopez, "On the Security of Wireless Sensor Networks", In Computational Science and Its Applications (ICCSA’05), LNCS 3482, Springer, pp. 681-690, May, 2005. DOI More..

Abstract

Wireless Sensor Networks are extremely vulnerable against any kind of internal or external attacks, due to several factors such as resource-constrained nodes and lack of tamper-resistant packages. As a result, security must be an important factor to have in mind when designing the infrastructure and protocols of sensor networks. In this paper we survey the state-of-the-art security issues in sensor networks and highlight the open areas of research.security issues in sensor networks and highlight the open areas of research.

PDF icon Roman2005e.pdf (111.92 KB)
J. Lopez, J. J. Ortega, and J. M. Troya, "Security Protocols Analysis: A SDL-based Approach", In Computer Standards & Interfaces, vol. 27, no. 3, Elsevier, pp. 489-499, 2005. ISI JCR Impact Factor 2005: 0.62 More..

Abstract

Organizations need to develop formally analyzed systems in order to achieve well-known formal method benefits. In order to study the security of communication systems, we have developed a methodology for the application of the formal analysis techniques, commonly used in communication protocols, to the analysis of cryptographic protocols. In particular, we have extended the design and analysis phases with security properties. Our proposal uses a specification notation based on one of the most used standard requirement languages HMSC/MSC, which can be automatically translated into a generic SDL specification. The SDL system obtained can then be used for the analysis of the addressed security properties, by using an observer process schema. Besides our main goal to provide a notation for describing the formal specification of security systems, our proposal also brings additional benefits, such as the study of the possible attacks to the system, and the possibility of re-using the specifications produced to describe and analyse more complex systems.

Impact Factor: 0.62
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)

PDF icon JavierLopez2005b.pdf (181.92 KB)
J. Lopez, et al., "Specification and Design of Advanced Authentication and Authorization Services", In Computer Standards & Interfaces, vol. 27, no. 5, Elsevier, pp. 467-478, Jun 2005. ISI JCR Impact Factor 2005: 0.62 DOI More..

Abstract

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common at the business process level that customers and end users are able to express their security needs. Among the security needs of Internet applications, authentication and authorization services are outstanding and, sometimes, privacy becomes a parallel requirement. In this paper, we introduce a methodology for the specification of security requirements and use a case study to apply our solution. We further detail the resulting system after extending it with an Authentication and Authorization Infrastructure.

Impact Factor: 0.62
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)

PDF icon javierlopez2005c.pdf (210.49 KB)
S. K. Katsikas, J. Lopez, and G. Pernul, "Trust, Privacy and Security in Digital Business", In International Journal of Computer Systems, Science & Engineering, vol. 20, no. 6, CRL Publishing, 2005. ISI JCR Impact Factor 2005: 0.119 More..

Abstract

An important aspect of e-business is the area of e-commerce. According to recent surveys, one of the most severe restraining factors for the proliferation of e-commerce, as measured by the gap between predicted market value and actual development is the (lack of) security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. A large number of individuals are not willing to engage in e-commerce (or are only participating at a reduced level) simply because they do not trust the e-commerce sites and the underlying information and communication technologies to be secure enough. This paper first considers privacy and security requirements for e-commerce applications; it then discusses methods and technologies that can be used to fulfil these requirements.

Impact Factor: 0.119
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)

PDF icon SokratisKatsikas2005a.pdf (215.19 KB)
S. K. Katsikas, J. Lopez, and G. Pernul Eds., "Trust, Privacy and Security in Digital Business: Second International Conference, TrustBus 2005, Copenhagen, Denmark, August 22-26, 2005, Proceedings", In TrustBus, vol. 3592, Springer, 2005. More..
S. K. Katsikas, J. Lopez, and G. Pernul, "Trust, Privacy and Security in E-business: Requirements and Solutions", In 10th Panhellenic Conference in Informatics (PCI’05), LNCS 3746, Springer, pp. 548-558, November, 2005. More..

Abstract

  An important aspect of e-business is the area of e-commerce. One of the most severe restraining factors for the proliferation of e-commerce, is the lack of trust between customers and sellers, consumer privacy concerns and the lack of security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. This paper considers trust privacy and security issues in e-commerce applications and discusses methods and technologies that can be used to fulfil the pertinent requirements.

PDF icon SokratisKatsikas2005.pdf (240.98 KB)
J. Lopez, R. Oppliger, and G. Pernul, "Why Public Key Infrastructures have failed so far?", In Internet Research, vol. 15, no. 5, Emerald, pp. 544-556, 2005. ISI JCR Impact Factor 2005: 0.688 More..

Abstract

Since public key cryptography is a fundamental technology for electronic commerce, people have often argued that public key infrastructures and corresponding certification services are the gold-mines of the information age. Contrary to these relatively high expectations, public key infrastructures have not really taken off and many certification service providers have even gone out of business. In this paper, we overview and discuss the technical, economical, legal, and social reasons why public key infrastructures have failed so far, summarize the lessons learnt, and give our expectations about the future development of the field.

Impact Factor: 0.688
Journal Citation Reports® Science Edition (Thomson Reuters, 2005)

PDF icon JavierLopez2005.pdf (101.63 KB)
2006
V. Benjumea, J. Lopez, and J. M. Troya, "Anonymous Attribute Certificates based on Traceable Signatures", In Internet Research, vol. 16, no. 2, Elsevier, pp. 120-139, 2006. ISI JCR Impact Factor 2006: 0.607 More..

Abstract

  In Benjumea et. al (Benjumea, 2004) we introduced the concept of anonymousattribute certificates in order to integrate anonymity capabilities in the standardizedX.509 attribute certificates. That solution was based on the use of fair-blind signatures(Stadler, 1995), but did not explore further possibilities of constructing similar datastructures based on more advanced signature schemes. In this new work, we propose anew type of anonymous attribute certificates that is based on the more recently proposedtraceable signature scheme (Kiayias, 2004a), providing a new anonymous authorizationsolution with interesting features that were not covered in the aforementioned scheme.Thus, this new solution allows users to make use of their attribute certificates in ananonymous way, but under certain circumstances it allows to disclose the users’ identities,trace the transactions carried out by any specific user, or revoke any anonymousattribute certificate. An additional contribution of this work is that it pays special attentionto the preservation of the unlinkability property between transactions, makingimpossible the creation of anonymous user profiles.

Impact Factor: 0.607
Journal Citation Reports® Science Edition (Thomson Reuters, 2006)

PDF icon VicenteBenjumea2006a.pdf (320.1 KB)
R. Roman, J. Zhou, and J. Lopez, "An Anti-spam Scheme Using Pre-challenges", In Computer Communications, vol. 29, no. 15, Elsevier, pp. 2739-2749, 2006. ISI JCR Impact Factor 2006: 0.444 DOI More..

Abstract

Unsolicited Commercial Email, or Spam, is nowadays an increasingly serious problem to email users. A number of anti-spam schemes have been proposed in the literature and some of them have been deployed in email systems, but the problem has yet been well addressed. One of those schemes is challenge-response, in which a challenge, ranging from a simple mathematical problem to a hard-AI problem, is imposed on an email sender in order to forbid machine-based spam reaching receivers’ mailboxes. However, such a scheme introduces new problems for the users, e.g., delay of service and denial of service. In this paper, we introduce the pre-challenge scheme, which is based on the challenge-response mechanism and takes advantage of some features of email systems. It assumes each user has a challenge that is defined by the user himself/herself and associated with his/her email address, in such a way that an email sender can simultaneously retrieve a new receiver’s email address and challenge before sending an email in the first contact. Some new mechanisms are employed in our scheme to reach a good balance between security against spam and convenience to normal email users. Our scheme can be also used for protecting other messaging systems, like Instant Messaging and Blog comments.

Impact Factor: 0.444
Journal Citation Reports® Science Edition (Thomson Reuters, 2006)

PDF icon Roman2006a.pdf (355.8 KB)
P. Najera, and J. Lopez, "Aplicación de la Tecnología RFID a Entornos Sanitarios", In 2nd International Workshop of Ubiquitous Computing & Ambient Intelligence (wUCAmI’06), University of Castilla La Mancha, pp. 83-95, November, 2006. More..

Abstract

La tecnología RFID, que permite la identificación única de cualquier ser u objeto sin necesidad de contacto ni línea de visión directa, se está adoptando ampliamente en todo tipo de campos al producir un salto cualitativo en la integración de la informática con el entorno. En este artículo se muestra su estado del arte y se afrontan dos soluciones orientadas a paliar las necesidades en entornos sanitarios. Por un lado, un sistema de seguimiento de dispositivos en el interior de un centro médico que permite su localización inmediata y la prevención de hurtos usando RFID pasivo UHF con un testeo de fiabilidad, y por otro, una solución de control y atención de pacientes ingresados en planta usando RFID pasivo HF obteniéndose un demostrador plenamente funcional

R. Roman, J. Zhou, and J. Lopez, "Applying Intrusion Detection Systems to Wireless Sensor Networks", In IEEE Consumer Communications & Networking Conference (CCNC 2006), IEEE, pp. 640-644, January, 2006. DOI More..

Abstract

The research of Intrusion Detection Systems (IDS) is a mature area in wired networks, and has also attracted many attentions in wireless ad hoc networks recently. Nevertheless, there is no previous work reported in the literature about IDS architectures in wireless sensor networks. In this paper, we discuss the general guidelines for applying IDS to static sensor networks, and introduce a novel technique to optimally watch over the communications of the sensors’ neighborhood on certain scenarios.

PDF icon Roman2006.pdf (144.74 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "Attributes Delegation Based on Ontologies and Context Information", In 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia on Security (CMS’06), LNCS 4237, Springer, pp. 54-66, October, 2006. DOI More..

Abstract

This paper presents a model for delegation based on partial orders, proposing the subclass relation in OWL as a way to represent the partial orders. Delegation and authorization decisions are made based on the context. In order to interact with the context, we define the Type of a credential as a way to introduce extra information regarding context constraints. When reasoning about delegation and authorization relationships, our model benefits from partial orders, defining them over entities, attributes and the credential type. Using these partial orders, the number of credentials required is reduced. It also classifies the possible criteria for making authorization decisions based on the context, in relation to the necessary information.

PDF icon IsaacAgudo2006.pdf (165.46 KB)
J. Lopez Eds., "Critical Information Infrastructures Security, First International Workshop, CRITIS 2006, Samos, Greece, August 31 - September 1, 2006, Revised Papers", In CRITIS, vol. 4347, Springer, 2006. More..
J. A. Onieva, J. Lopez, R. Roman, and J. Zhou, "Extension de una plataforma DRM basada en OMA con servicios de No Repudio", In IX Reunion Española sobre Criptologia y Seguridad de la Informacion (RECSI’06), UOC S.L., pp. 129-141, 2006. More..

Abstract

Digital Rights Management (DRM) es un término general para cualesquiera de las soluciones que permite a un vendedor de contenido en forma electrónica controlar el material y restringir su uso de distintas maneras. Estas soluciones son posibles, por un lado gracias a técnicas de la Seguridad de la Información, principalmente cifrado de datos, y por otro a la distribución, de manera independiente, de contenido y derechos digitales. Esto permite que los consumidores puedan acceder libremente al contenido, pero sólo aquellos que adquieran el derecho digital apropiado (RO) podrán procesarlo. Como servicio de seguridad considerado en diversas capas del marco de seguridad definido por la recomendación ITU X.805, casi todas las aplicaciones necesitan considerar la propiedad de no repudio en las etapas iniciales de su diseño. Desafortunadamente, esto no ha sido así en general, y más concretamente en especificaciones DRM; debido a consideraciones en la práctica y al tipo de contenido a distribuir. Analizamos este servicio para un marco de DRM y proporcionamos una solución que permita que la adquisición de derechos digitales sea un operación que no pueda repudiarse.

PDF icon JoseA.Onieva2006a.pdf (230.13 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "Graphical Representation of Authorization Policies for Weighted Credentials", In 11th Australasian Conference on Information Security and Privacy (ACISP’06), LNCS 4058, Springer, pp. 383-394, 2006. DOI More..

Abstract

This paper elaborates on a solution to represent authorization and delegation in a graphical way, allowing users to better interpret delegation relationships. We make use of Weighted Trust Graph (WTG) as an instrument to represent delegation and authorization, extending it to cope with more complicated concepts, and providing a graphical representation of the level of confidence that exists between two entities regarding a resource or attribute. We represent the level of confidence for each pair of entities as a point in an axis diagram, as a set of points, or as a set of triangular regions depending on the accuracy we need. Then, we use the same diagram to represent the set of acceptable confidence level, that we call authorization policy set. In this way, a single diagram can be used to decide about authorization, thus providing a powerful tool for systems in which interaction of users is needed.

PDF icon Agudo2006a.pdf (263.9 KB)
S. K. Katsikas, et al. Eds., "Information Security, 9th International Conference, ISC 2006, Samos Island, Greece, August 30 - September 2, 2006, Proceedings", In ISC, vol. 4176, Springer, 2006. More..
M. Carbonell, J. Maria Sierra, and J. Lopez, "Modelo de pago con intermediario. Su aplicación a un escenario real", In IX Reunión Española sobre Criptología y Seguridad de la información (IX RECSI), pp. 35-46, Sep 2006.
I. Agudo, J. Lopez, and J. A. Montenegro, "Políticas de delegación para credenciales ponderadas y su representación gráfica", In IX Reunión Española sobre Criptología y Seguridad de la información (RECSI’06), pp. 311-322, Septiembre, 2006. More..
PDF icon IsaacAgudo2006a.pdf (574.78 KB)
J. Lopez, A. Mana, and A. Munoz, "A Secure and Auto-configurable Environment for Mobile Agents in Ubiquitous Computing Scenarios", In Third International Conference on Ubiquitous Intelligence and Computing, LNCS 4159, no. 4159, Springer, pp. 977-987, August, 2006. More..

Abstract

The increased heterogeneity and dynamism of new computing paradigms and especially of ubiquitous computing models is boosting the need for auto-configurable systems. In these new scenarios, heterogeneity and dynamism are inherent properties and applications are built by aggregating distributed information and services that are not under the control of a single entity. Furthermore, the current trend towards distributed computing poses important problems related to the need to transmit large amounts of data between the distributed nodes of the computing system; the control over the information; and the flexibility to adapt to heterogeneous client requirements. These characteristics are difficult to manage by traditional computing models. For these reasons, the mobile agent paradigm is gaining momentum and the interest of researchers and industry in this paradigm is increasing. In this paper we present a solution to provide a secure and auto-configurable environment for mobile agents in ubiquitous computing scenarios. Our approach is based on two main building blocks: trusted platforms and profiles.

PDF icon JavierLopez2006.pdf (61.69 KB)
J. Lopez, J. A. Montenegro, and R. Roman, "Service-Oriented Security Architecture for CII based on Sensor Networks", In 2nd International Workshop on Security Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’06), IEEE Press, pp. 1-6, June, 2006. More..

Abstract

The extraordinary growth of the Information Society is originating a high dependency on ICT. This provokes that those strongly interrelated technological infrastructures, as well as the information systems that underpin them, become highly critical, since their disruption would lead to high economical, material and, sometimes, human loss. As a consequence, the protection of these Critical Information Infrastructures is becoming a major objective for governments and companies. In this paper, we give an overview of the main challenges and open research issues on Critical Information Infrastructure security, and introduce an on-going research project that, using wireless sensor networks as an underlying technology, is dealing with those problems. Our research project focuses on the development of protection, control, evaluation, maintenance and verification mechanisms, integrated into a secure service-oriented architecture.

PDF icon JavierLopez2006a.pdf (66.6 KB)
V. Benjumea, J. Lopez, and J. M. Troya, "Specification of a Framework for the Anonymous Use of Privileges", In Telematics and Informatics, vol. 23, no. 3, Elsevier, pp. 179-195, 2006. More..

Abstract

In this paper we have defined an open framework to support open distributed applications where anonymous transactions based on user privileges play an important role. The goal of the framework is to provide a basis to the application level, and is presented from an open and general perspective where many different implementation schemes can fit. Moreover, we have presented a set of requirements that implementation schemes must fulfill to conform a fully anonymous privilege system, which guarantees to supported applications that anonymity will be preserved in remote transactions. Finally, we present an application scenario using the services provided by the framework in order to better show the possibilities of what this type of systems offers.

PDF icon VicenteBenjumea2006.pdf (174.49 KB)
J. Zhou, J. A. Onieva, and J. Lopez, "A Synchronous Multi-Party Contract Signing Protocol Improving Lower Bound of Steps", In 21st International Information Security Conference (IFIP SEC’06), no. 201, Springer, pp. 221-232, May, 2006. More..

Abstract

Contract signing is a fundamental service in doing business. The Internet has facilitated the electronic commerce, and it is necessary to find appropriate mechanisms for contract signing in the digital world. A number of two-party contract signing protocols have been proposed with various features. Nevertheless, in some applications, a contract may need to be signed by multiple parties. Less research has been done on multi-party contract signing. In this paper, we propose a new synchronous multi-party contract signing protocol that, with n parties, it reaches a lower bound of 3(n − 1) steps in the all-honest case and 4n − 2 steps in the worst case (i.e., all parties contact the trusted third party). This is so far the most efficient synchronous multi-party contract signing protocol in terms of the number of messages required. We further consider the additional features like timeliness and abuse-freeness in the improved version.

PDF icon JianyingZhou2006.pdf (165.89 KB)
J. Lopez, "Unleashing Public-Key Cryptography in Wireless Sensor Networks", In Journal of Computer Security, vol. 14, no. 5, IOS Press, pp. 469-482, 2006.
2007
C. Alcaraz, R. Roman, and J. Lopez, "Análisis de primitivas criptográficas para redes de sensores", In VI Jornadas de Ingeniería Telemática (JITEL’07), pp. 401-408, September, 2007. More..

Abstract

Security in wireless sensor networks is very limited due to highly-constrained hardware of sensor nodes. To protect services is necessary to use secure foundations, known as security primitives, like part of a protocol. Theses primitives must assure at least confidentiality in the communication channel, authentication of the peers involved in an information exchange, and integrity of the messages. There are many primitives such as symmetric encryption, hash functions and public key cryptography, but not all of them can be supported by sensor nodes since require high resource levels, for example memory. This paper contains a deep analysis of available and suitable security primitives for sensor nodes, as well as an analysis of hardware and software implementations. Besides, it has been developed an experiment with two implementations, and it has been created a new and improved version using the optimizations of each.

PDF icon Alcaraz2007.pdf (205.14 KB)
V. Benjumea, S. G. Choi, J. Lopez, and M. Yung, "Anonymity 2.0: X.509 Extensions Supporting Privacy-friendly Authentication", In Sixth International Workshop on Cryptology and Network Security (CANS’07), LNCS 4856, Springer, pp. 265-281, December, 2007. More..

Abstract

We present a semantic extension to X.509 certificates that allows incorporating new anonymity signature schemes into the X.509 framework. This fact entails advantages to both components. On the one hand, anonymous signature schemes benefit from all the protocols and infrastructure that the X.509 framework provides. On the other hand, the X.509 framework incorporates anonymity as a very interesting new feature. This semantic extension is part of a system that provides user’s controlled anonymous authorization under the X.509 framework. Additionally, the proposal directly fits themuch active Identity 2.0 effort,where anonymity is a major supplementary feature that increases the self-control of one’s identity and privacy which is at the center of the activity.

PDF icon VicenteBenjumea2007ba.pdf (363.03 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "Attribute delegation in ubiquitous environments", In 3rd international conference on Mobile multimedia communications (MobiMedia ’07), ICST, pp. 43:1–43:6, 2007. More..

Abstract

When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), this one reaches a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. Additionally, the PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work, we solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. The two classes of attributes are related by defining a simple ontology. We also introduce in the paper the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

PDF icon Agudo2007a.pdf (903.72 KB)
J. Biskup, and J. Lopez Eds., "Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings", In ESORICS, vol. 4734, Springer, 2007. More..
J. Lopez, and B. M. H"ammerli Eds., "Critical Information Infrastructures Security, Second International Workshop, CRITIS 2007, Málaga, Spain, October 3-5, 2007. Revised Papers", In CRITIS, vol. 5141, Springer, 2007. DOI More..
J. Lopez, I. Agudo, and J. A. Montenegro, "On the deployment of a real scalable delegation service", In Information Security Technical Report, vol. 12, no. 3, Elsevier, pp. 139-147, Jun 2007. DOI More..

Abstract

      This paper explains the evolution of the concept of delegation since its first references in the context of distributed authorization to the actual use as a fundamental part of a privilege management architecture. The work reviews some of the earliest contributions that pointed out the relevance of delegation when dealing with distributed authorization, in particular we comment on PolicyMaker and Keynote, and also on SDSI/SPKI. Then, we elaborate on Federation as a particular case of delegation, and remark the importance given to federation by the industry. Finally, the paper discusses about privilege management infrastructures, introducing a new mechanism to extend their functionality using advanced delegation services.

PDF icon JavierLopez2007.pdf (366.06 KB)
J. Zhou, W-Y. Chin, R. Roman, and J. Lopez, "An Effective Multi-layered Defense Framework Against Spam", In Information Security Technical Report, vol. 12, no. 3, Elsevier, pp. 179-185, 2007. DOI More..

Abstract

Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users’ overheads.

PDF icon Zhou2007.pdf (549.17 KB)
M. Carbonell, et al., "Estimation of TTP Features in Non-repudiation Service", In 7th International Conference on Computational Science and Its Applications (ICCSA’07), LNCS 4706, Springer, pp. 549-558, 2007. More..

Abstract

In order to achieve a high performance in a real implementation of the non-repudiation service it is necessary to estimate timeouts, TTP features, publication key time, number of originators and recipients, and other relevant parameters. An initial work of the authors focused on a basic event-oriented simulation model for the estimation of timeouts. In the actual work, we present a set of extensions to that basic model for the estimation of the TTP features (storage capacity and ftp connection capacity). We present and analyze the new and valuable results obtained.

R. Roman, C. Fernandez-Gago, and J. Lopez, "Featuring Trust and Reputation Management Systems for Constrained Hardware Devices", In 1st International Conference on Autonomic Computing and Communication Systems (Autonomics’07), ICST, October, 2007. More..

Abstract

Research on trust management systems for wireless sensor networks is still at a very early stage and few works have done so far. It seems that for those works which deal with the topic general features of how these systems should be are not clearly identified. In this paper we try to identify the main features that a trust management system should have and justify their importance for future developments.

PDF icon Roman2007c.pdf (110.26 KB)
J. L. Vivas, J. A. Montenegro, and J. Lopez, "Grid Security Architecture: Requirements, Fundamentals, Standards and Models", In Security in Distributed, Grid, Mobile, and Pervasive Computing, Y.. Xiao Eds., Auerbach Publications, pp. 255-288, April, 2007. More..
PDF icon vivas2007.pdf (321.43 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Hacia un Proceso sistemático para el desarrollo de sistemas Grid Seguros con Dispositivos Móviles", In IV Congreso Iberoamericano de Seguridad Informática (CIBSI’07), Sebastián Cañón, M.A., pp. 111-124, 2007.
I. Agudo, J. Lopez, and J. A. Montenegro, "Implementation aspects of a delegation system", In 3rd international conference on Mobile multimedia communications (MobiMedia ’07), ICST, pp. 50:1–50:6, 2007. More..

Abstract

In this paper we simulate an authorization and delegation system using knowledge based technology. This proposal is part of a visual tool that is intended to be an implementation of the theoretical model weighted trust graph (WTG). A brief description of WTG Model and its associated tool is included in the text. In essence, the model is based on the inclusion of real numbers between zero and one in certificates to represent the trust level between the entities involved in them. This trust level is used to control delegation. Moreover, attributes from di_erent domains may be interrelated, so attribute delegation is also taken into account. The proposed Simulation Engine supports one directional and bidirectional search algorithms.

PDF icon Agudo2007.pdf (193.04 KB)
J. A. Onieva, et al., "Integration of non-repudiation services in mobile DRM scenarios", In Telecommunications Systems, vol. 35, pp. 161-176, September, 2007. More..

Abstract

In any kind of electronic transaction, it is extremely important to assure that any of the parties involved can not deny their participation in the information exchange. This security property, which is called non-repudiation, becomes more important in Digital Rights Management (DRM) scenarios, where a consumer can freely access to certain contents but needs to obtain the proper Right Object (RO) from a vendor in order to process it. Any breach in this process could result on financial loss for any peer, thus it is necessary to provide a service that allows the creation of trusted evidence. Unfortunately, non-repudiation services has not been included so far in DRM specifications due to practical issues and the type of content distributed. In this paper we analyze how to allow the integration of non-repudiation services to a DRM framework, providing a set of protocols that allows the right objects acquisition to be undeniable, alongside with a proof-of-concept implementation and a validation process.

PDF icon JoseA.Onieva2007a.pdf (292.68 KB)
J. Lopez, C. Alcaraz, and R. Roman, "On the Protection and Technologies of Critical Information Infrastructures.", In On Foundations of Security Analysis and Design IV, FOSAD 2006/2007, Springer, LNCS 4677, pp. 160-182, 2007. DOI More..

Abstract

Critical Infrastructures are complex and highly interconnected systems that are crucial for the well-being of the society. Any type of failure can cause significant damage, affecting one or more sectors due to their inherent interdependency. Not only the infrastructures are critical, but also the information infrastructures that manage, control and supervise them. Due to the seriousness of the consequences, the protection of these critical (information) infrastructures must have the highest priority. It is the purpose of this book chapter to review and discuss about these infrastructures, to explain their elements, and to highlight their research and development issues. This chapter will also discuss the role of Wireless Sensor Network (WSN) technology in the protection of these infrastructures.

PDF icon Lopez2007.pdf (156.78 KB)
J. Lopez, P. Samarati, and J. L. Ferrer Eds., "Public Key Infrastructure, 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, Palma de Mallorca, Spain, June 28-30, 2007, Proceedings", In EuroPKI, vol. 4582, Springer, 2007. More..
P. Najera, and J. Lopez, "RFID: Technological Issues and Privacy Concerns", In Digital Privacy: Theory, Technologies, and Practices, A.. Acquisti, S. Gritzalis, C.. Lambrinoudakis, and S. De Capitan di Vimercati Eds., Auerbach Publications, pp. 285-306, December, 2007. More..
PDF icon Najera2007.pdf (137.2 KB)
R. Roman, C. Alcaraz, and J. Lopez, "The Role of Wireless Sensor Networks in the Area of Critical Information Infrastructure", In Information Security Technical Report, vol. 12, no. 1, Elsevier, pp. 24-31, 2007. DOI More..

Abstract

Critical Infrastructures, such as energy, banking, and transport, are an essential pillar to the well-being of the national and international economy, security and quality of life. These infrastructures are dependent on a spectrum of highly interconnected information infrastructures for their smooth, reliable and continuous operation. The field of protecting such Critical Information Infrastructures, or CIIP, faces numerous challenges, such as managing the secure interaction between peers, assuring the resilience and robustness of the overall system, and deploying warning and alert systems, amongst others. In this tapestry of CIIP, Wireless Sensor Networks can be used as an invaluable tool due to their intelligent distributed control capabilities, alongside with their capability to work under severe conditions. In this paper, we justify why Wireless Sensor Networks technology is suitable for providing security for these scenarios, describing both their advantages and research issues and their role in the overall scheme of protecting the Critical Information Infrastructures.

PDF icon Roman2007a.pdf (183.54 KB)
R. Roman, C. Alcaraz, and J. Lopez, "A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes", In Mobile Networks and Applications, vol. 12, no. 4, Springer, pp. 231-244, August, 2007. ISI JCR Impact Factor 2007: 0.586 DOI More..

Abstract

In a wireless sensor network environment, a sensor node is extremely constrained in terms of hardware due to factors such as maximizing lifetime and minimizing physical size and overall cost. Nevertheless, these nodes must be able to run cryptographic operations based on primitives such as hash functions, symmetric encryption and public key cryptography in order to allow the creation of secure services. Our objective in this paper is to survey how the existing research-based and commercial-based sensor nodes are suitable for this purpose, analyzing how the hardware can influence the provision of the primitives and how software implementations tackles the task of implementing instances of those primitives. As a result, it will be possible to evaluate the influence of provision of security in the protocols and applications/scenarios where sensors can be used.

Impact Factor: 0.586
Journal Citation Reports® Science Edition (Thomson Reuters, 2007)

PDF icon Roman2007.pdf (280.7 KB)
C. Fernandez-Gago, R. Roman, and J. Lopez, "A Survey on the Applicability of Trust Management Systems for Wireless Sensor Networks", In 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’07), IEEE Computer Society, pp. 25-30, 2007. DOI More..

Abstract

Trust plays an important role in human life environments and virtual organizations. In the context of a network, trust may help its elements to decide whether another member of the same network is being uncooperative or malicious. Trust becomes quite important in self-configurable and autonomous systems, such as wireless sensor networks (WSN). However, very little effort has been done in the field of trust management in WSN. On the other hand, some efforts have been made in quite related fields such as Ad-hoc and P2P networks. In this paper we give an overview of existing trust management solutions, mainly those developed for Ad-Hoc and P2P networks and, more importantly, investigate their suitability to WSN. We also provide some guidelines to aid the development of trust management systems for WSN according to the nature of these networks.

PDF icon FernandezGago2007.pdf (137.36 KB)
2008
C. Alcaraz, R. Roman, and J. Lopez, "Análisis de la Aplicabilidad de las Redes de Sensores para la Protección de Infraestructuras de Información Críticas", In VI Jornadas de Ingeniería Telemática (JITEL’08), pp. 437, September, 2008. More..

Abstract

Las infraestructuras críticas, como el sector energético, la banca, el transporte, y muchas otras, son un pilar esencial para en bienestar de la sociedad y la economía de un país. Estas infraestructuras dependen a su vez de ciertas infraestructuras de información, las cuales permiten su correcto funcionamiento. La tarea de proteger esas infraestructuras (de información) críticas es compleja y multidimensional, con una gran cantidad de desafíos por resolver. Precisamente, las redes de sensores pueden ser de gran ayuda para esta tarea, debido a suscapacidades de control distribuidas y a su habilidad de funcionar en situaciones extremas. Este artículo analiza la utilidad de las redes de sensores en este contexto, describiendo tanto sus capacidades como sus posibles roles y mecanismos de integración para la protección de infraestructuras (de información) críticas.

PDF icon Alcaraz2008.pdf (87.41 KB)
V. Benjumea, J. Lopez, and J. M. Troya, "Anonymity Analysis in Credentials-based Systems: A Formal Framework", In Computer Standards & Interfaces, vol. 30, no. 4, Elsevier, pp. 253-261, 2008. ISI JCR Impact Factor 2008: 1.074 More..

Abstract

  Anonymity has been formalized and some metrics have been defined in the scope of anonymizing communication channels. In this paper, such formalization has been extended to cope with anonymity in those scenarios where users must anonymously prove that they own certain privileges to perform remote transactions. In these types of scenarios, the authorization policy states the privileges required to perform a given remote transaction. The paper presents a framework to analyze the actual degree of anonymity reached in a given transaction and allows its comparison with an ideal anonymity degree as defined by the authorization policy, providinga tool to model, design and analyze anonymous systems in different scenarios.    

Impact Factor: 1.074
Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

PDF icon VicenteBenjumea2008.pdf (248.09 KB)
J.. Zhou, K. T. Das, and J. Lopez, "An Asynchronous Node Replication Attack in Wireless Sensor Networks", In 23rd International Information Security Conference (SEC 2008), vol. 278, pp. 125-139, 2008.
S. Jajodia, and J. Lopez Eds., "Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, Málaga, Spain, October 6-8, 2008. Proceedings", In ESORICS, vol. 5283, Springer, 2008. More..
I. Agudo, C. Fernandez-Gago, and J. Lopez, "Delegating Privileges over Finite Resources: A Quota Based Delegation Approach", In 5th International Workshop on Formal Aspects in Security and Trust (FAST’08), LNCS 5491, Springer, pp. 302-315, 2008. DOI More..

Abstract

When delegation in real world scenarios is considered, the delegator (the entity that posses the privileges) usually passes the privileges on to the delegatee (the entity that receives the privileges) in such a way that the former looses these privileges while the delegation is effective. If we think of a physical key that opens a door, the privilege being delegated by the owner of the key is opening the door. Once the owner of the key delegates this privilege to another entity, by handing over the key, he is not able to open the door any longer. This is due to the fact that the key is not copied and handed over but handed over to the delegatee. When delegation takes place in the electronic world, the delegator usually retains also the privileges. Thus, both users have them simultaneously. This situation, which in most cases is not a problem, may be undesirable when dealing with certain kind of resources. In particular, if we think of finite resources, those in which the number of users accessing simultaneously is finite, we can not allow that a user delegating his access privilege is also granted access when the delegation if effective. In this paper we propose an approach where each user is delegated an access quota for a resource. If further delegating of the delegated quota occurs, this is subtracted from his quota. That is, when delegating, part of the quota remains with the delegator and another part goes to the delegatee. This allows a more fairly access to the resource. Moreover, we show that this approach can also be applied to any kind of resources by defining appropriate authorization policies.

PDF icon Agudo2008.pdf (304.18 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "Enabling Attribute Delegation in Ubiquitous Environments", In Mobile Networks and Applications, vol. 13, no. 3-4, Springer, pp. 398-410, August, 2008. ISI JCR Impact Factor 2008: 1.619 DOI More..

Abstract

When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

Impact Factor: 1.619
Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

PDF icon Agudo2008d.pdf (647.04 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Engineering Process Based On Grid Use Cases For Mobile Grid Systems", In Third International Conference on Software and Data Technologies (ICSOFT’08), Springer, pp. 146-151, 2008. More..

Abstract

 

The interest to incorporate mobile devices into Grid systems has arisen with two main purposes. The firstone is to enrich users of these devices while the other is that of enriching the own Grid infrastructure.Security of these systems, due to their distributed and open nature, is considered a topic of great interest. Aformal approach to security in the software life cycle is essential to protect corporate resources. However,little attention has been paid to this aspect of software development. Due to its criticality, security should beintegrated as a formal approach into the software life cycle. We are developing a methodology ofdevelopment for secure mobile Grid computing based systems that helps to design and build secure Gridsystems with support for mobile devices directed by use cases and security use cases and focused onservice-oriented security architecture. In this paper, we will present one of the first steps of ourmethodology consisting of analyzing security requirements of mobile grid systems. This analysis will allowus to obtain a set of security requirements that our methodology must cover and implement.

 

 

PDF icon rosado2008a.pdf (813.44 KB)
D. Galindo, R. Roman, and J. Lopez, "An Evaluation of the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks", In X Reunión Española sobre Criptología y Seguridad de la Información (RECSI’08), pp. 231-236, September, 2008. More..

Abstract

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, the energy saving of computationally inexpensive security primitives (like those using symmetric key cryptography) can be nullified by the bigger amount of data they require to be sent. In this work we study the energy cost of key agreement protocols between peers in a network using public key cryptography techniques. Our concern is to reduce the amount of data to be exchanged. Our main news is that a computationally very demanding security primitive, such as identity-based authenticated key exchange, can present energy-wise a better performance than traditional public key based key exchange in realistic scenarios such as Underwater Wireless Sensor Networks. Such a result is not to be expected in wired networks.

PDF icon Galindo2008a.pdf (293.39 KB)
I. Agudo, C. Fernandez-Gago, and J. Lopez, "An Evolutionary Trust and Distrust Model", In 4th Workshop on Security and Trust Management (STM’08), ENTCS 224, Elsevier, pp. 3-12, 2008. DOI More..

Abstract

In this paper we propose a trust model, where besides considering trust and distrust, we also consider another parameter that measures the reliability on the stability of trust or distrust. The inclusion of this new parameter will allow us to use trust in a more accurate way. We consider trust is not static but dynamic and trust values can change along time. Thus, we will also take time into account, using it as a parameter of our model. There is very little work done about the inclusion of time as an influence on trust. We will show the applicability of our model in the scenario of the process of reviewing papers for a conference. Sometimes for these kind of processes the Chair of the conference should first find the suitable reviewers. He can make this selection by using our model. Once the reviewers are selected they send out their reviews to the Chair who can also use our model in order to make the final decision about acceptance of papers.

PDF icon Agudo2008b.pdf (129.8 KB)
V. Benjumea, S. G. Choi, J. Lopez, and M. Yung, "Fair Traceable Multi-Group Signatures", In Financial Cryptography and Data Security (FC’08), LNCS 5143, Springer, pp. 265-281, January, 2008. More..

Abstract

This paper presents fair traceable multi-group signatures (FTMGS) which have enhanced capabilities compared to group and traceable signatures that are important in real world scenarios combining accountability and anonymity. The main goal of the primitive is to allow multi groups that are managed separately (managers are not even aware of the other ones), yet allowing users (in the spirit of the Identity 2.0 initiative) to manage what they reveal about their identity with respect to these groups by themselves. This new primitive incorporates the following additional features: (a) While considering multiple groups it discourages users from sharing their private membership keys through two orthogonal and complementary approaches. In fact, it merges functionality similar to credential systems with anonymous type of signing with revocation. (b) The group manager now mainly manages joining procedures, and new entities (called fairness authorities and consisting of various representatives, possibly) are involved in opening and revealing procedures. In many systems scenario assuring fairness in anonymity revocation is required.We specify the notion and implement it with a security proof of its properties (in the ROM).

PDF icon VicenteBenjumea2008ab.pdf (532.38 KB)
C. Alcaraz, et al., "Gestión segura de redes SCADA", In Nuevas tendencias en gestión de redes, Novática, no. 196, CEPIS, pp. 20-25, December, 2008. More..

Abstract

En el momento que se introduce en el mercado nuevas tecnologías basadas en entornos distribuidos comienzan a surgir en paralelo nuevos problemas de seguridad en los sistemas SCADA (Supervisory Control and Data Acquisition), los cuales monitorizan y gestionan otras infraestructuras de gran complejidad y escala. Un fallo o una interrupción en uno de sus componentes podría suponer un impacto negativo sobre la funcionalidad de otras infraestructuras, por lo que se hace necesario realizar frecuentes análisis de seguridad para así mantener actualizado el conocimiento y proveer recomendaciones y/o soluciones para mitigar o evitar futuras ocurrencias, garantizando una gestión de red fiable y siempre disponible.

PDF icon Alcaraz2008a.pdf (329.92 KB)
R. Roman, C. Alcaraz, and N. Sklavos, "On the Hardware Implementation Efficiency of Cryptographic Primitives", In Wireless Sensor Network Security, J. Lopez, and J. Zhou Eds., IOS Press, 2008. More..

Abstract

Security has been proven a crucial factor in the provision of data services and especially in the computer-related environments. While wired and wireless networks come to all sectors of everyday life, security tries to satisfy the growing needs for confidentiality, integrity and non-repudiation. There are many instances of security primitives and each one of them has different requirements in terms of processing power, word size, etc. Therefore, it is important to review the functionality of the less resource-demanding encryption algorithms in order to analyze their theoretical suitability to the existent sensor node hardware. Still, the constraints inherent to the sensor nodes advise against the total dependence on software-based implementations, even more in the case of expensive primitives.

PDF icon Roman2008.pdf (394.11 KB)
R. Roman, and J. Lopez, "KeyLED - Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks", In 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08), IEEE, pp. 796-801, September, 2008. DOI More..

Abstract

An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.

PDF icon Roman2008b.pdf (161.47 KB)
D. Galindo, R. Roman, and J. Lopez, "A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks", In Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08), LNCS 5339, Springer, pp. 120-132, December, 2008. DOI More..

Abstract

Wireless sensors are low power devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. The latter is specially dramatic in underwater wireless sensor networks (UWSN), where the acoustic transmission mechanisms are less reliable and more energy-demanding. Saving in communication is thus the primary concern in underwater wireless sensors. With this constraint in mind, we argue that non-interactive identity-based key agreement built on pairings provides the best solution for key distribution in large UWSN when compared to the state of the art. At first glance this claim is surprising, since pairing computation is very demanding. Still, pairing-based non-interactive key establishment requires minimal communication and at the same time enjoys excellent properties when used for key distribution.

PDF icon Galindo2008aa.pdf (229 KB)
I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Model for Trust Metrics Analysis", In 5th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’08), LNCS 5185, Springer, pp. 28-37, 2008. DOI More..

Abstract

Trust is an important factor in any kind of network essential, for example, in the decision-making process. As important as the definition of trust is the way to compute it. In this paper we propose a model for defining trust based on graph theory and show examples of some simple operators and functions that will allow us to compute trust.

PDF icon Agudo2008a.pdf (129.8 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Multi-Party Nonrepudiation: A survey", In ACM Comput. Surveys, vol. 41, no. 1, pp. 5, December, 2008. ISI JCR Impact Factor 2008: 9.92 More..

Abstract

Nonrepudiation is a security service that plays an important role in many Internet applications. Traditional two-party nonrepudiation has been studied intensively in the literature. This survey focuses on multiparty scenarios and provides a comprehensive overview. It starts with a brief introduction of fundamental issues on nonrepudiation, including the types of nonrepudiation service and cryptographic evidence, the roles of trusted third-party, nonrepudiation phases and requirements, and the status of standardization. Then it describes the general multiparty nonrepudiation problem, and analyzes state-of-the-art mechanisms. After this, it presents in more detail the 1-N multiparty nonrepudiation solutions for distribution of different messages to multiple recipients. Finally, it discusses advanced solutions for two typical multiparty nonrepudiation applications, namely, multiparty certified email and multiparty contract signing.

Impact Factor: 9.92
Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

PDF icon JoseA.Onieva2008a.pdf (478.03 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "PSecGCM: Process for the development of Secure Grid Computing based Systems with Mobile devices", In International Conference on Availability, Reliability and Security (ARES’08), IEEE Computer Society, pp. 136-143, 2008. More..

Abstract

 

A Grid computing system is defined as a platformthat supports distributed system applications which require fastaccess to a large quantity of distributed resources in acoordinated manner. With the development of wirelesstechnology and mobile devices, the Grid becomes the perfectcandidate so that mobile users can make complex works that addnew computational capacity to the Grid. Security of thesesystems, due to their distributed and open nature, receives greatinterest. The growing size and profile of the grid requirecomprehensive security solutions as they are critical to thesuccess of the endeavour. A formal approach to security in thesoftware life cycle is essential to protect corporate resources.However, little thought has been given to this aspect of softwaredevelopment. Due to its criticality, security should be integratedas a formal approach in the software life cycle. A methodology ofdevelopment for secure mobile Grid computing based systems isdefined, that is to say, an engineering process that defines thesteps to follow so that starting from the necessities to solve, wecan design and construct a secure Grid system with support formobile devices that is able to solve and cover these necessities.

 

 

PDF icon rosado2008.pdf (164.18 KB)
P. Najera, F. Moyano, and J. Lopez, "Secure Integration of RFID Technology in Personal Documentation for Seamless Identity Validation", In 3rd Symposium of Ubiquitous Computing and Ambient Intelligence 2008, Advances in Soft Computing 51/2009, Springer, pp. 134-138, October, 2008. DOI More..

Abstract

Seamless human identification and authentication in the information system is a fundamental step towards the transparent interaction between the user and its context proposed in ambient intelligence. In this context, the IDENTICA project is aimed to the design and implementation of a distributed authentication platform based on biometrics (i.e. voice and facial image) and personal documentation. In this paper, we present our work in this project focused on the secure integration of RFID technology in personal documentation in order to provide seamless identity validation. Our actual work status, first results and future directions are described in detail.

PDF icon PNajera2009.pdf (37.61 KB)
C. Alcaraz, et al., "Secure Management of SCADA Networks", In Novatica, New Trends in Network Management, vol. 9, no. 6, Cepis UPGRADE, pp. 22-28, December, 2008. More..

Abstract

When a Supervisory Control and Data Acquisition (SCADA) system monitors and manages other complex infrastructures through the use of distributed technologies, it becomes a critical infrastructure by itself: A failure or disruption in any of its components could implicate a serious impact on the performance of the other infrastructures. The connection with other systems makes a SCADA system more vulnerable against attacks, generating new security problems. As a result, it is essential to perform diverse security analysis frequently in order to keep an updated knowledge and to provide recommendations and/or solutions to mitigate or avoid anomalous events. This will facilitate the existence of a suitable, reliable, and available control network.

PDF icon Alcaraz2008b.pdf (325.52 KB)
S. Furnell, S. K. Katsikas, J. Lopez, and A. Patel, Securing Information and Communications Systems: Principles, Technologies and Applications , Artech House, 2008. More..
R. Roman, J. Lopez, and S. Gritzalis, "Situation Awareness Mechanisms for Wireless Sensor Networks", In IEEE Communications Magazine, vol. 46, no. 4, IEEE, pp. 102-107, April, 2008. ISI JCR Impact Factor 2008: 2.799 DOI More..

Abstract

A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.

Impact Factor: 2.799
Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

PDF icon Roman2008a.pdf (280.63 KB)
J. Lopez, and J. Zhou, "Wireless Sensor Networks Security", In Cryptology and Information Security Series, vol. 1, IOS Press, 2008. More..
2009
C. Alcaraz, et al., "Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems", In 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’09), Springer-Verlag, pp. 86-94, September, 2009. DOI More..

Abstract

SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.

PDF icon Alcaraz2009.pdf (289.68 KB)
J. Lopez, R. Roman, and C. Alcaraz, "Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks", In Foundations of Security Analysis and Design 2009, LNCS 5705, Springer Berlin/Heidelberg, pp. 289-338, August, 2009. DOI More..

Abstract

As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.

PDF icon Lopez2009.pdf (380.21 KB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Applying a UML Extension to build Use Cases diagrams in a secure mobile Grid application", In 5th International Workshop on Foundations and Practices of UML, LNCS 5833, Springer Berlin Heidelberg, pp. 126-136, 2009. More..

Abstract

 

Systems based on Grid computing have not traditionally beendeveloped through suitable methodologies and have not taken into accountsecurity requirements throughout their development, offering technical securitysolutions only during the implementation stages. We are creating a developmentmethodology for the construction of information systems based on GridComputing, which is highly dependent on mobile devices, in which securityplays a highly important role. One of the activities in this methodology is therequirements analysis which is use-case driven. In this paper, we build use casediagrams for a real mobile Grid application by using a UML-extension, calledGridUCSec-Profile, through which it is possible to represent specific mobileGrid features and security aspects for use case diagrams, thus obtainingdiagrams for secure mobile Grid environments.

 

 

PDF icon rosado2009f.pdf (249 KB)
I. Agudo, C. Fernandez-Gago, and J. Lopez, "Concurrent access control for multi-user and multi-processor systems based on trust relationships", In Concurrency and Computation: Practice and Experience, vol. 21, John Wiley & Sons, pp. 1389-1403, July, 2009. ISI JCR Impact Factor 2009: 1.004 DOI More..

Abstract

Concurrent access control is an old problem in many fields in Computer Science. It has been solved in many languages and systems, using mechanisms like monitors or priority queues. Nowadays computers implement multi-core capabilities. This means that they are virtually capable of execution of processes in parallel. This requires new techniques and open new issues in the field of concurrent access control. Moreover, most operating systems are multi-user; thus, we have to focus on a multi-processor multi-user scenario. Trust becomes a paramount aspect when building distributed applications; the same applies on a lower scale in modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps in deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on the access requests and to order granted requests in terms of their associated trust level

Impact Factor: 1.004
Journal Citation Reports® Science Edition (Thomson Reuters, 2009)

PDF icon Agudo2009.pdf (180.3 KB)
R. Roman, J. Lopez, and C. Alcaraz, "Do Wireless Sensor Networks Need to be Completely Integrated into the Internet?", In 3rd CompanionAble Workshop - Future Internet of People, Things and Services (IoPTS) eco-Systems, xxxx, pp. xxxx, December, 2009. More..

Abstract

Wireless sensor networks are considered as an integral part of the Internet of Things paradigm. Not only they provide a virtual presence to elements of the real world, but also allow any computationalsystem to know about the physical state of those elements thanks to the use of embedded sensors. In order to belong to the Internet of Things, the elements of a sensor network can implement Internet protocols and services such as the TCP/IP stack and web services. Still, a question that must be raised at this point of time is whether all sensor network applications should be completely integrated into the Internet or not. The purpose of this paper is to analyze this question, reviewing the challenges and security requirements of Internet-enabled sensor networks.

PDF icon roman2009.pdf (106.88 KB)
D. Gritzalis, and J. Lopez Eds., "Emerging Challenges for Security, Privacy and Trust, 24th IFIP TC 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18-20, 2009. Proceedings", In SEC, vol. 297, Springer, 2009. DOI More..
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Extensión UML para Casos de Uso Reutilizables en entornos Grid Móviles Seguros", In XIV Jornadas de Ingeniería del Software y Bases de Datos (JISBD 2009), Antonio Vallecillo and Goiuria Sagardui (Eds.), pp. 331-342, September, 2009. More..

Abstract

 

 

 

Los sistemas Grid nos permiten construir sistemas complejos concaracterísticas diferenciadoras (interoperabilidad entre múltiples dominios deseguridad, autenticación y autorización a través de dominios, sistema dinámicoy heterogéneo, etc.). Con el desarrollo de la tecnología wireless y losdispositivos móviles, el Grid llega a ser el candidato perfecto para que losusuarios móviles puedan realizar trabajos complejos, a la vez que añaden nuevacapacidad computacional al Grid. Estamos construyendo un proceso completode desarrollo para sistemas Grid móviles seguros, y una de las actividades es elanálisis de requisitos, que está basado en casos de uso reutilizables. En esteartículo, presentaremos una extensión UML para casos de uso de seguridad yGrid, los cuales capturan el comportamiento de este tipo de sistemas. Estaextensión UML está siendo aplicado a un caso real para construir diagramas decasos de uso de la aplicación, incorporando los aspectos de seguridadnecesarios.

PDF icon rosado2009e.pdf (372.27 KB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Hacia una Arquitectura de Servicios de Seguridad para entornos Grid móviles", In V Congreso Iberoamericano de Seguridad Informática (CIBSI’09), Universidad de la República, Uruguay, pp. 409-423, 2009. More..

Abstract

 

Grid móvil incluye las características de los sistemas Grid junto conlas peculiaridades de la computación móvil, añadiendo la propiedad de soportarusuarios y recursos móviles de forma homogénea, transparente, segura yeficiente. La seguridad de estos sistemas, debido a su naturaleza abierta ydistribuida, es un tema de gran interés. Una arquitectura de seguridad basada enSOA proporciona una arquitectura distribuida diseñada para interoperabilidadde servicios, fácil integración, y acceso seguro, simple y extensible. Por tanto,una arquitectura orientada a servicios de seguridad es construida para entornosGrid móviles, ofreciendo servicios de seguridad a usuarios móviles quienesusan servicios Grid y recursos para ejecutar sus trabajos y tareas. Estaarquitectura es integrada con otras arquitecturas existentes proporcionandomayor seguridad y permitiendo que los usuarios móviles puedan acceder aservicios Grid existentes ofreciendo nuevos y necesarios servicios de seguridadpara Grid móviles. Hemos definido un conjunto de servicios de seguridad, quejunto a protocolos, políticas y estándares de seguridad forman una arquitecturade seguridad orientada a servicios para entornos Grid móviles. Esta arquitecturaes abierta, escalable, dinámica, interoperable y flexible.

 

 

PDF icon rosado2009d.pdf (314.97 KB)
R. Roman, and J. Lopez, "Integrating Wireless Sensor Networks and the Internet: A Security Analysis", In Internet Research, vol. 19, no. 2, Emerald, pp. 246-259, Mar 2009. ISI JCR Impact Factor 2009: 0.844 DOI More..

Abstract

Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context.

Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions.

Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter.

Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue.

Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties.

Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.

Impact Factor: 0.844
Journal Citation Reports® Science Edition (Thomson Reuters, 2009)

PDF icon roman2009a.pdf (394.32 KB)
I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Multidimensional Reputation Scheme for Identity Federations", In Sixth European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI’09), LNCS 6391, Springer, pp. 225-238, 2009. DOI More..

Abstract

Deciding who to trust in the internet of services paradigm is an important and open question. How to do it in an optimal way is not always easy to determine. Trust is usually referred to a particular context whereas a single user may interact in more than one given context. We are interested in investigating how a Federated Reputation System can help exporting trust perceptions from one context to another. We propose a model for deriving trust in online services. In this context, trust is defined as the level of confidence that the service provider holds on the subject interacting with it to behave in a proper way while using the service. Thus, we derive trust by using the reputation values that those users have gained for interacting with these services.

PDF icon Agudo2009a.pdf (238.71 KB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Obtaining Security Requirements for a Mobile Grid System", In International Journal of Grid and High Performance Computing, vol. 1, IGI-Global, pp. 1-17, Jan 2009. DOI More..

Abstract

Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, withthe additional feature of supporting mobile users and resources ina seamless, transparent, secure and efficient way. Security ofthese systems, due to their distributed and open nature, isconsidered a topic of great interest. We are elaborating amethodology of development to build secure mobile grid systemsconsidering security on all life cycle. In this paper we present thepractical results applying our methodology to a real case,specifically we apply the part of security requirements analysis toobtain and identify security requirements of a specific applicationfollowing a set of tasks defined for helping us in the definition,identification and specification of the security requirements onour case study. The methodology will help us to build a securegrid application in a systematic and iterative way.

PDF icon rosado2009c.pdf (219.29 KB)
X.. Xiang, J. Lopez, H.. Wang, and W.. Zhou Eds., "Proceeding of the 3rd International Conference on Network and System Security (NSS 2009)", In 3rd International Conference on Network and System Security (NSS 2009), IEEE Computer Sociaty, OCT 2009.
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Reusable Security Use Cases for Mobile Grid environments", In Workshop on Software Engineering for Secure Systems, IEEE, pp. 1-8, 2009. More..

Abstract

 

Due to the growing complexity of softwaredevelopment, developing software through systematicprocesses is becoming more and more important.Likewise, it is important that the development processused integrates security aspects from the first stages atthe same level as other functional and non-functionalrequirements. In the last years, GRID technology hasshown to be the most important one and it allows us tobuild very complex information systems with differentand remarkable features (interoperability betweenmultiple security domains, cross-domainauthentication and authorization, dynamic,heterogeneous and limited mobile devices, etc).Traditionally, systems based on GRID Computing havenot been developed through adequate methodologiesand have not taken into account security requirementsthroughout their development, only offering securitytechnical solutions at the implementation stages. Thispaper shows part of a development methodology thatwe are elaborating for the construction of informationsystems based on Grid Computing highly dependent onmobile devices where security plays a very importantrole. Specifically, in this paper, we will present theanalysis phase, managed by reusable use casesthrough which we can define the requirements andneeds of these systems obtaining an analysis modelthat can be used as input to the following phase of themethodology, the design phase of mobile Grid systems.

 

 

PDF icon rosado2009b.pdf (444.47 KB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Reutilización de Casos de Uso en el Desarrollo de Sistemas Grid seguros", In XII Conferencia Iberoamericana de Ingeniería de Requisitos y Ambientes de Software (IDEAS’09), University of Colombia, pp. 388-393, 2009. More..

Abstract

El desarrollo software debe estar basado en un proceso sistemático y estructurado donde se definan los métodos y técnicas a utilizar en todo su ciclo de vida, ayudando así a obtener un producto de calidad. Es igualmente importante que el proceso sistemático considere aspectos de seguridad desde las primeras etapas, integrándola como un elemento más en el ciclo de desarrollo. En este artículo mostramos la metodología de desarrollo sistemático que sirve de guía para el desarrollo de cualquier sistema Grid con dispositivos móviles, considerando la seguridad durante todas las fases de desarrollo, lo que nos permitirá obtener como resultado sistemas Grid seguros, robustos y escalables. Este artículo presenta la fase de análisis, dirigida por casos de uso reutilizables, mediante los cuales se definen los requisitos y necesidades de estos sistemas, y es aplicada a un caso de estudio real de un Grid para el acceso de contenidos multimedia en un contexto periodístico.

 

J. A. Onieva, J. Lopez, and J. Zhou, "Secure Multi-Party Non-Repudiation Protocols and Applications", In Advances in Information Security, vol. 43, Springer, 2009. More..
M. Carbonell, J. Maria Sierra, and J. Lopez, "Secure multiparty payment with an intermediary entity", In Computers and Security, vol. 28, no. 5, Elsevier, pp. 289-300, 2009. ISI JCR Impact Factor 2009: 1.488 More..
Impact Factor: 1.488
Journal Citation Reports® Science Edition (Thomson Reuters, 2009)

PDF icon 1705.pdf (409.62 KB)
J. L. Vivas, I. Agudo, and J. Lopez, "Security Assurance During the Software Development Process", In International Conference on Computer Systems and Technologies (CompSysTech09), ACM, pp. 11.7.1-11.7.6, 2009. DOI More..

Abstract

Assurance has been a major topic for critical systems. Assurance is usually associated with safety conditions but has also an important role for checking security requirements. Security is best assured if it is addressed holistically, systematically, and from the very beginning in the software’s development process. We propose to integrate assurance and system development by letting the different stages of the system development life-cycle be mapped to the structure of the assurance case.

 

PDF icon vivas09.pdf (31.06 KB)
P. Najera, F. Moyano, and J. Lopez, "Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents", In Journal of Universal Computer Science, vol. 15, pp. 970-991, 2009. ISI JCR Impact Factor 2009: 0.669 DOI More..

Abstract

Traditional paper documents are not likely to disappear in the near future as they are present everywhere in daily life, however, paper-based documentation lacks the link with the digital world for agile and automated processing. At the same time it is prone to cloning, alteration and counterfeiting attacks. E-passport defined by ICAO and implemented in 45 countries is the most relevant case of hybrid documentation (i.e. paper format with electronic capabilities) to date, but, as the advantages of hybrid documentation are recognized more and more will undoubtedly appear. In this paper, we present the concept and security requirements of general-use e-documents, analyze the most comprehensive security solution (i.e. ePassport security mechanisms) and its suitability for general-purpose e-documentation. Finally, we propose alternatives for the weakest and less suitable protocol from ePassports: the BAC (Basic Access Control). In particular, an appropriate key management infrastructure for access control to document memory is discussed in conjunction with a prototype implementation.

Impact Factor: 0.669
Journal Citation Reports® Science Edition (Thomson Reuters, 2009)

PDF icon Najera2009.pdf (293.84 KB)
R. Roman, C. Fernandez-Gago, J. Lopez, and H. Hwa Chen, "Trust and Reputation Systems for Wireless Sensor Networks", In Security and Privacy in Mobile and Wireless Networking, S. Gritzalis, T. Karygiannis, and C. Skianis Eds., Troubador Publishing Ltd, pp. 105-128, 2009. More..

Abstract

The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.

PDF icon Roman2009b.pdf (291.67 KB)
2010
C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Acceso seguro a redes de sensores en SCADA a través de Internet", In XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 337-342, September, 2010. More..

Abstract

Las Infraestructuras Críticas (ICs) son monitorizadas por sistemas altamente complejos, conocidos como sistemas SCADA (Sistemas de Control y Adquisición de Datos), cuyo principal soporte se encuentra en las subestaciones, las cuales miden de primera instancia el estado real de tales ICs. Para mejorar este control, la industria está actualmente demandando la integración en el modelo tradicional de dos avances tecnológicos: Internet y las redes de sensores inalámbricas. Sin embargo, su incorporación requiere analizar los requisitos de seguridad que surgen en dicho contexto, así como diversos aspectos correlacionados (ej. mantenimiento, rendimiento, seguridad y optimización) y, en base a estos, la estrategia de integración más adecuada para satisfacer dichos requisitos. Este artículo proporciona dicho análisis en profundidad con el fin de ofrecer un modelo de integración seguro adecuado para entornos críticos.

PDF icon Alcaraz2010.pdf (496.18 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Analysis of Secure Mobile Grid Systems: A Systematic Approach", In Information and Software Technology, vol. 52, Elsevier, pp. 517-536, May 2010. ISI JCR Impact Factor 2010: 1.527 DOI More..

Abstract

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.

Impact Factor: 1.527
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

Y.. Qiu, J.. Zhou, J.. Baek, and J. Lopez, "Authentication and Key Establishment in Dynamic Wireless Sensor Networks", In Sensors, vol. 10, pp. 3718-3731, 2010. More..
PDF icon 1694.pdf (325.85 KB)
J. L. Ferrer-Gomilla, J. A. Onieva, M. Payeras, and J. Lopez, "Certified electronic mail: Properties revisited", In Computers & Security, vol. 29, no. 2, pp. 167 - 179, 2010. ISI JCR Impact Factor 2010: 0.889 DOI More..

Abstract

Certified electronic mail is an added value to traditional electronic mail. In the definition of this service some differences arise: a message in exchange for a reception proof, a message and a non repudiation of origin token in exchange for a reception proof, etc. It greatly depends on whether we want to emulate the courier service or improve the service in the electronic world. If the definition of the service seems conflictive, the definition of the properties and requirements of a good certified electronic mail protocol is even more difficult. The more consensuated features are the need of a fair exchange and the existence of a trusted third party (TTP). Each author chooses the properties that considers the most important, and many times the list is conditioned by the proposal. Which kind of TTP must be used? Must it be verifiable, transparent and/or stateless? Which features must the communication channel fulfil? Which temporal requirements must be established? What kind of fairness is desired? What efficiency level is required? Are confidentiality or transferability of the proofs compulsory properties? In this paper we collect the definitions, properties and requirements related with certified electronic mail. The aim of the paper is to create a clearer situation and analyze how some properties cannot be achieved simultaneously. Each protocol designer will have to decide which properties are the most important in the environment in where the service is to be deployed.

Impact Factor: 0.889
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon FerrerGomilla2009.pdf (301.65 KB)
J. A. Montenegro, J. Lopez, and R. Peralta, "Computacion Segura Multiparte Aplicada a Subastas Electrónicas", In IX Jornadas de Ingeniería Telemenatica (JITEL 2010), Octubre, 2010. More..

Abstract

La confidencialidad ha pasado de ser un requisito de seguridad a ser considerado como requisito funcional y de obligado cumplimiento e inclusión en todos los sistemas de comunicaciones. Un inconveniente que presenta las técnicas criptográficas, utilizadas para obtener la confidencialidad de la información, surge cuando varias entidades se ven forzadas a compartir información secreta para realizar tareas puntuales de colaboración, ya que las primitivas tradicionales utilizadas para conseguir la confidencialidad resultan poco flexibles. La situación ideal permitiría hacer posible dicha colaboración sin que ninguna de las partes revele la información aportada. En este escenario entra en juego la tecnología de Computación Segura Multiparte (CSM) que posibilita realizar operaciones con la información compartida sin tener que hacerla pública. Este trabajo muestra una solución CSM aplicada a una subasta electrónica que permite la realización de la subasta sin que las apuestas sean reveladas a ningún participante, incluyendo el subastador, por lo que no necesita el estableciendo de ninguna autoridad confiable. Aunque la literatura ofrece una amplia variedad de propuestas teóricas de CSM desde su creación en la década de los ochenta, no es común su aplicacion práctica en situaciones reales.

PDF icon JoseA.Montenegro2010.pdf (682.33 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Developing a Secure Mobile Grid System through a UML Extension", In Journal of Universal Computer Science, vol. 16, no. 17, Springer, pp. 2333-2352, Sep 2010. ISI JCR Impact Factor 2010: 0.578 DOI More..

Abstract

The idea of developing software through systematic development processes toimprove software quality is not new. Nevertheless, there are still many information systemssuch as those of Grid Computing which are not developed through methodologies that areadapted to their most differentiating features. A systematic development process for Gridsystems that supports the participation of mobile nodes and incorporates security aspects intothe entire software lifecycle will thus play a significant role in the development of systemsbased on Grid computing. We are creating a development process for the construction ofinformation systems based on Grid Computing, which is highly dependent on mobile devices,in which security plays a highly important role. One of the activities in this process is that ofanalysis which is focused on ensuring that the system’s security and functional requirements areelicited, specified and modelled. In our approach, this activity is driven by use cases andsupported by the reusable repository. This obtains, builds, defines and refines the use cases ofthe secure Mobile Grid systems which represent the functional and non-functional requirementsof this kind of systems. In this paper, we present the proposed development process throughwhich we introduce the main aspects of the UML profile defined for building use case diagramsin the mobile Grid context through which it is possible to represent specific mobile Gridfeatures and security aspects, showing in detail how to build use case diagrams for a real mobile Grid application by using our UML profile, denominated as GridUCSec-Profile.

Impact Factor: 0.578
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

C. Alcaraz, A. Balastegui, and J. Lopez, "Early Warning System for Cascading Effect Control in Energy Control Systems", In 5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010. More..

Abstract

A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

PDF icon Alcaraz2010b.pdf (5.6 MB)
J. Lopez, R. Roman, and P. Najera, "Los Desafíos de Seguridad en la Internet de los Objetos", In Revista SIC, vol. 88, Ediciones CODA, pp. 66-73, Feb 2010. More..

Abstract

El paradigma de la Internet de los Objetos, donde todos aquellos objetos físicos que nos rodean tendrán la capacidad de generar y consumir información en el ámbito de un mundo virtual, se encuentra cada vez más cerca. Es ahora un buen momento para llamar la atención sobre sus principales desafíos de seguridad, tanto desde un punto de vista global como asociados a sus elementos más importantes (la tecnología RFID y las redes de sensores). Así, este paradigma puede ser plenamente comprendido y protegido, evolucionando hacia uno de los nuevos pilares del futuro.

PDF icon jlopez09.pdf (1.06 MB)
J. Forne, et al., "Pervasive Authentication and Authorization Infrastructures for Mobile Users", In Computer and Security, vol. 29, elsevier, pp. 501-514, 2010. ISI JCR Impact Factor 2010: 0.889 DOI More..

Abstract

Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.

Impact Factor: 0.889
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon JordiForne2009.pdf (4.07 MB)
I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Scale Based Trust Model for Multi-Context Environments", In Computers and Mathematics with Applications, vol. 60, Elsevier, pp. 209-216, July, 2010. ISI JCR Impact Factor 2010: 1.472 DOI More..

Abstract

When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.

Impact Factor: 1.472
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon Agudo2010b.pdf (279.77 KB)
C. Alcaraz, and J. Lopez, "A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems", In IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, vol. 40, no. 4, IEEE, pp. 419-428, July, 2010. ISI JCR Impact Factor 2010: 2.105 DOI More..

Abstract

Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.

Impact Factor: 2.105
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon Alcaraz2010a.pdf (557 KB)
J. Cuellar, J. Lopez, G. Barthe, and A. Pretschner Eds., ""Security and Trust Management"", In 6th International Workshop, STM 2010, Athens, Greece, September 23-24, 2010. Proceedings, vol. 6710, 2010. More..
J. L. Vivas, C. Fernandez-Gago, A. Benjumea, and J. Lopez, "A security framework for a workflow-based grid development platform.", In Computer Standards and Interfaces, vol. 32, no. 5-6, Elsevier, pp. 230-245, Oct 2010. ISI JCR Impact Factor 2010: 0.868 DOI More..

Abstract

This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.

Impact Factor: 0.868
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon vivas2009.pdf (1.34 MB)
R. Rios, and J. Lopez, "Source Location Privacy Considerations in Wireless Sensor Networks", In 4th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI’10), L. Fuentes, N. Gámez, and J. Bravo Eds., IBERGARCETA PUBLICACIONES, S.L., pp. 29 - 38, Sept., 2010. More..

Abstract

Wireless Sensor Networks are considered to be one of the cornerstones of Ambient Intelligence since they can be used in countless applications, where sensors are unobtrusively embedded into the environment to perform operations like monitoring, tracking and reporting. In such scenarios, privacy issues must be carefully considered since the mere observation of the network operation might reveal great amounts of private information to unauthorised parties. One of the problems that is gaining more attention in the realm of privacy, is the location privacy problem, which aims to prevent an attacker from obtaining the location of specific nodes of interest to him. In this paper we provide a general overview of the proposed solutions to counter this threat. Finally, we will also discuss some open challenges and future directions of research for a convenient management of privacy issues in smart environments.

PDF icon Rios2010.pdf (352.58 KB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "A Study of Security Approaches for the Development of Mobile Grid Systems", In 5th International Conference on Software and Data Technologies (ICSOFT’10), vol. 1, Springer, pp. 133-138, july, 2010. More..

Abstract

Mobile Grid systems allow us to build highly complex information systems with various and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc), which demand secure development methodologies to build quality software, offering methods, techniques and tools that facilitate the work of the entire team involved in software development. These methodologies should be supported by Grid security architectures that define the main security aspects to be considered, and by solutions to the problem of how to integrate mobile devices within Grid systems. Some approaches regarding secure development methodologies of Grid security architectures and of the integration of mobile devices in the Grid have been found in literature, and these are analyzed and studied in this paper, offering a comparison framework of all the approaches related to security in Mobile Grid environments.

J. Lopez, R. Roman, I. Agudo, and C. Fernandez-Gago, "Trust Management Systems for Wireless Sensor Networks: Best practices", In Computer Communications, vol. 33, no. 9, Elsevier, pp. 0140-3664, 2010. ISI JCR Impact Factor 2010: 0.816 DOI More..

Abstract

Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.

Impact Factor: 0.816
Journal Citation Reports® Science Edition (Thomson Reuters, 2010)

PDF icon JavierLopezMunoz2010.pdf (210.98 KB)
S. K. Katsikas, J. Lopez, and M. Soriano Eds., "Trust, Privacy and Security in Digital Business, 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings", In TrustBus, vol. 6264, Springer, 2010. DOI More..
C. Alcaraz, P. Najera, J. Lopez, and R. Roman, "Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?", In 1st International Workshop on the Security of the Internet of Things (SecIoT’10), IEEE, pp. xxxx, December, 2010. More..

Abstract

Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.

PDF icon calcaraz10.pdf (343.96 KB)
2011
J. Lopez, and G. Tsudik, 9th International Conference on Applied Cryptography and Network Security (ACNS 2011) , vol. 6715, Springer, Aug 2011. More..
P. Najera, R. Roman, and J. Lopez, "Acceso seguro a nodos RFID en una arquitectura de red personal", In X Jornadas de Ingeniería Telemática (JITEL 2011), K. Hackbarth, R. Agüero, and R. Sanz Eds., Universidad de Cantabria, pp. 104 - 111, 09/2011. More..

Abstract

El paradigma de red personal (PN) permitirá la interacción y colaboración del creciente abanico de dispositivos personales. Con tal fin la PN ha de integrar en su seno múltiples tecnologías heterogéneas con diversas capacidades computacionales y de comunicación de forma segura. En particular, la incorporación de la tecnología RFID en objetos personales conlleva múltiples riesgos de seguridad y privacidad que han suscitado un elevado interés de la comunidad investigadora en los últimos años. Más allá de su seguridad de forma aislada, su integración en la PN y la interacción de ésta con redes de área extensa como Internet of Things requieren una arquitectura de red personal adecuada para tal contexto. Este artículo proporciona los fundamentos de tal arquitectura segura incluyendo el análisis de aspectos como la incorporación e inicialización de las restringidas etiquetas RFID en la red personal, la autenticación tanto de miembros de la PN como de usuarios y servicios remotos en su acceso a las tecnologías de contexto, el control de las políticas de privacidad y el establecimiento de canales seguros de comunicación supervisados.

R. Rios, and J. Lopez, "Analysis of Location Privacy Solutions in Wireless Sensor Networks", In IET Communications, vol. 5, Institution of Engineering and Technology, pp. 2518 - 2532, Nov 2011. ISI JCR Impact Factor 2011: 0.829 DOI More..

Abstract

Extensive work has been done on the protection of Wireless Sensor Networks (WSNs) from the hardware to the application layer. However, only recently, the privacy preservation problem has drawn the attention of the research community because of its challenging nature. This problem is exacerbated in the domain of WSNs due to the extreme resource limitation of sensor nodes. In this paper we focus on the location privacy problem in WSNs, which allows an adversary to determine the location of nodes of interest to him. We provide a taxonomy of solutions based on the power of the adversary and the main techniques proposed by the various solutions. In addition, we describe and analyse the advantages and disadvantages of different approaches. Finally, we discuss some open challenges and future directions of research.

Impact Factor: 0.829
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon Rios2011a.pdf (597.01 KB)
D. G. Rosado, E.. Fernandez-Medina, M.. Pattini, and J. Lopez, "Analysis of Secure Mobile Grid Systems: A systematic approach", In XVI Jornadas de Ingeniería del Software y Bases de Datos (JISBD 2011), Servizo de publicacións da Universidade da Coruña, pp. 487-491, 2011. More..

Abstract

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system’s requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. Generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments.

PDF icon 1642.pdf (44.27 KB)
R. Roman, J. Lopez, and P. Najera, "A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures", In Wireless Communications and Mobile Computing, vol. 11, Wiley, pp. 267-276, 2011. ISI JCR Impact Factor 2011: 0.884 DOI More..

Abstract

The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.

Impact Factor: 0.884
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon Roman2010.pdf (243.44 KB)
C. Alcaraz, C. Fernandez-Gago, and J. Lopez, "An Early Warning System based on Reputation for Energy Control Systems", In IEEE Transactions on Smart Grid, vol. 2, no. 4, IEEE, pp. 827-834, Nov 2011. DOI More..

Abstract

Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario.} keywords = {Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.

PDF icon Alcaraz2011.pdf (495.57 KB)
W.. Joosen, J. Lopez, F.. Martinelli, and F.. Massacci, "Engineering Secure Future Internet Services", In Future Internet Assembly 2011: Achievements and Technological Promises (FIA 2011), LNCS 6656, Springer Berlin Heidelberg, pp. 177-191, 2011. More..

Abstract

      In this paper we analyze the need and the opportunity forestablishing a discipline for engineering secure Future Internet Services,typically based on research in the areas of software engineering, of serviceengineering and security engineering. Generic solutions that ignore thecharacteristics of Future Internet services will fail, yet it seems obviousto build on best practices and results that have emerged from variousresearch communities.The paper sketches various lines of research and strands within each lineto illustrate the needs and to sketch a community wide research plan. Itwill be essential to integrate various activities that need to be addressedin the scope of secure service engineering into comprehensive softwareand service life cycle support. Such a life cycle support must deliverassurance to the stakeholders and enable risk and cost management forthe business stakeholders in particular. The paper should be considereda call for contribution to any researcher in the related sub domains inorder to jointly enable the security and trustworthiness of Future Internetservices.

PDF icon 1622.pdf (240.09 KB)
R. Rios, and J. Lopez, "Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks", In The Computer Journal, vol. 54, Oxford University Press, pp. 1603-1615, Sept 2011. ISI JCR Impact Factor 2011: 0.785 DOI More..

Abstract

The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.

Impact Factor: 0.785
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon Rios2011b.pdf (573.86 KB)
R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, "Key management systems for sensor networks in the context of the Internet of Things", In Computers & Electrical Engineering, vol. 37, Elsevier, pp. 147-159, Mar 2011. ISI JCR Impact Factor 2011: 0.837 DOI More..

Abstract

If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.

Impact Factor: 0.837
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon roman2011.pdf (586.42 KB)
C. Alcaraz, I. Agudo, D. Nuñez, and J. Lopez, "Managing Incidents in Smart Grids à la Cloud", In IEEE CloudCom 2011, IEEE Computer Society, pp. 527-531, Nov-Dec 2011. DOI More..

Abstract

During the last decade, the Cloud Computing paradigm has emerged as a panacea for many problems in traditional IT infrastructures. Much has been said about the potential of Cloud Computing in the Smart Grid context, but unfortunately it is still relegated to a second layer when it comes to critical systems. Although the advantages of outsourcing those kind of applications to the cloud is clear, data confidentiality and operational privacy stand as mayor drawbacks. In this paper, we try to give some hints on which security mechanisms and more specific, which cryptographic schemes, will help a better integration of Smart Grids and Clouds. We propose the use of Virtual SCADA in the Cloud (VS-Cloud) as a mean to improve reliability and efficiency whilst maintaining the same protection level as in traditional SCADA architectures.

 

PDF icon 1643.pdf (272.71 KB)
J. L. Vivas, I. Agudo, and J. Lopez, "A methodology for security assurance-driven system development", In Requirements Engineering, vol. 16, no. 1, Springer, pp. 55-73, Mar 2011. ISI JCR Impact Factor 2011: 0.971 DOI More..

Abstract

In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.

Impact Factor: 0.971
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon vivas2010.pdf (1.27 MB)
P. Najera, and J. Lopez, "Real-time Location and Inpatient Care Systems Based on Passive RFID", In Journal of Network and Computer Applications, vol. 34, Elsevier, pp. pp. 980-989, 2011. ISI JCR Impact Factor 2011: 1.065 DOI More..

Abstract

RFID technology meets identification and tracking requirements in healthcare environments with potential to speed up and increase reliability of involved processes. Due to this, high expectations for this integration have emerged, but hospital and medical centers interested in adoption of RFID technology require prior knowledge on how to squeeze RFID capabilities, real expectations and current challenges. In this paper, we show our lab tested solutions in two specific healthcare scenarios. On the one hand, we analyze the case of a medical equipment tracking system for healthcare facilities enabling both real-time location and theft prevention. Worth-noting aspects such as possible EMI interferences, technology selection and management of RFID data from hospital information system are analyzed. Lab testing of system reliability based on passive UHF RFID is provided for this case. On the other hand, we analyze and provide a solution for care and control of patients in a hospital based on passive HF RFID with the result of a fully functional demonstrator. Our prototype squeezes RFID features in order to provide a backup data source from patient’s wristband. It also provides an offline working mode aiming to increase application reliability under network fail down and therefore, improving patient’s safety. Considerations regarding lessons learned and challenges faced are exposed.

Impact Factor: 1.065
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon Najera2010.pdf (241.66 KB)
C. Alcaraz, J. Lopez, J. Zhou, and R. Roman, "Secure SCADA Framework for the Protection of Energy Control Systems", In Concurrency and Computation Practice & Experience, vol. 23, no. 12, John Wiley & Sons, Inc., pp. 1414-1430, Aug 2011. ISI JCR Impact Factor 2011: 0.636 DOI More..

Abstract

Energy distribution systems are becoming increasingly widespread in today’s society. One of the elements that is used to monitor and control these systems are the SCADA (Supervisory Control and Data Acquisition) systems. In particular, these control systems and their complexities, together with the emerging use of the Internet and wireless technologies, bring new challenges that must be carefully considered. Examples of such challenges are the particular bene¯ts of the integration of those new technologies, and also the e®ects they may have on the overall SCADA security. The main task of this paper is to provide a framework that shows how the integration of di®erent state-of-the-art technologies in an energy control system, such as Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs), and the Internet, can bring some interesting benefits such as status management and anomaly prevention, while maintaining the security of the whole system.

Impact Factor: 0.636
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon Alcaraz2011a.pdf (908.82 KB)
R. Roman, P. Najera, and J. Lopez, "Securing the Internet of Things", In IEEE Computer, vol. 44, no. 9, IEEE, pp. 51 -58, Sept 2011. ISI JCR Impact Factor 2011: 1.47 DOI More..

Abstract

This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.

Impact Factor: 1.47
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon 1633.pdf (373.78 KB)
D. G. Rosado, E.. Fernandez-Medina, and J. Lopez, "Security in the Developments Process of Mobile Grid Systems", In Advances in Grid Computing, Zoran Constantinescu, Intech, pp. 173-198, 2011. More..
PDF icon 1626.pdf (774.86 KB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Security Services Architecture for Secure Mobile Grid Systems", In Journal of Systems Architecture, vol. 57, Elsevier, pp. 240-258, 2011. ISI JCR Impact Factor 2011: 0.444 More..

Abstract

 Mobile Grid, is a full inheritor of the Grid with the additional feature that it supports mobile users andresources. Security is an important aspect in Grid based systems, and it is more complex to ensure thisin a mobile platform owing to the limitations of resources in these devices. A Grid infrastructure that supportsthe participation of mobile nodes and incorporates security aspects will thus play a significant rolein the development of Grid computing. The idea of developing software through systematic developmentprocesses to improve software quality is not new. However, many information systems such as those ofGrid Computing are still not developed through methodologies which have been adapted to their mostdifferentiating features. The lack of adequate development methods for this kind of systems in whichsecurity is taken into account has encouraged us to build a methodology to develop them, offering adetailed guide for their analysis, design and implementation. It is important to use software V&V techniques,according to IEEE Std. 1012 for Software Verification and Validation, to ensure that a software systemmeets the operational needs of the user. This ensures that the requirements for the system arecorrect, complete, and consistent, and that the life-cycle products correctly design and implement systemrequirements. This paper shows part of a development process that we are elaborating for the constructionof information systems based on Grid Computing, which are highly dependent on mobile devices inwhich security plays a highly important role. In the design activity of the process, we design a securityarchitecture which serves as a reference for any mobile Grid application that we wish to build since thissecurity architecture defines a complete set of security services which will be instantiated depending onthe requirements and features found in previous activities of the process. A V&V task is also defined in thedesign activity to validate and verify both the architecture built and the traceability of the artifacts generatedin this activity. In this paper, we will present the service-oriented security architecture for MobileGrid Systems which considers all possible security services that may be required for any mobile Grid application.

Impact Factor: 0.444
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

R. Roman, J. Lopez, C. Alcaraz, and H. Hwa Chen, "SenseKey - Simplifying the Selection of Key Management Schemes for Sensor Networks", In 5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE’11), IEEE, March, 2011. DOI More..

Abstract

Key Management Schemes (KMS) are a very important security mechanism for Wireless Sensor Networks (WSN), as they are used to manage the credentials (i.e. secret keys) that are needed by the security primitives. There is a large number of available KMS protocols in the literature, but it is not clear what should network designers do to choose the most suitable protocol for the needs of their applications. In this paper, we consider that given a certain set of application requirements, the network designer can check which properties comply with those requirements and select the KMS protocols that contains those particular properties. Therefore, we study the relationship between requirements and properties, and we provide a web tool, the SenseKey tool, that can be used to automatically obtain an optimal set of KMS protocols.

PDF icon Roman11SK.pdf (143.01 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Systematic Design of Secure Mobile Grid Systems", In Journal of Network and Computer Applications, vol. 34, Elsevier, pp. 1168-1183, 2011. ISI JCR Impact Factor 2011: 1.065 More..

Abstract

 Grid computing has arisen as an evolution of distributed systems mainly focused on the sharing of and remote access to resources in a uniform, transparent, secure, efficient and reliable manner. It is possible to join Grid technology and mobile technology in order to create one of the most promising technologies and developments to appear in recent years, in that they enrich one another and provide new solutions that solve many of the limitations and problems found in different technologies. Security is a very important factor in Mobile Grid Computing and is also difficult to achieve owing to the open nature of wireless networks and heterogeneous and distributed environments. Success in obtaining a secure system originates in incorporating security from the first stages of the development process. It has therefore been necessary to define a development process for this kind of systems in which security is incorporated in all stages of the development and the features and particularities of the Mobile Grid systems are taken into consideration. This paper presents one of the activities of this development process, the design activity, which consists of defining and designing a security software architecture. This architecture will be built from a security architecture, defined as reference architecture, in which security services, interfaces and operations are defined with the purpose of defining a reference security architecture which covers the majority of security requirements identified in the analysis activity. The design activity will build the system architecture that will be the input artefact for the subsequent activity in the process, which is the construction activity.

Impact Factor: 1.065
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid systems", In IEICE Trans. on Information and Systems, vol. E94-D, IEICE, pp. 243-254, Feb 2011. ISI JCR Impact Factor 2011: 0.178 DOI More..

Abstract

The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.
 

Impact Factor: 0.178
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon rosado2009.pdf (302.25 KB)
2012
C. Alcaraz, and J. Lopez, "Addressing Situational Awareness in Critical Domains of a Smart Grid", In 6th International Conference on Network and System Security (NSS 2012), LNCS 7645 7645, Springer-Verlag, pp. 58-71, November 2012. DOI More..

Abstract

Control and situational awareness are two very important aspects within critical control systems, since potential faults or anomalous behaviors could lead to serious consequences by hiding the real status of supervised critical infrastructures. Examples of these infrastructures are energy generation, transmission or distribution systems that belong to Smart Grid systems. Given the importance of these systems for social welfare and its economy, a situational awareness-based model, composed of a set of current technologies, is proposed in this paper. The model focuses on addressing and offering a set of minimum services for protection, such as prevention, detection, response, self-evaluation and maintenance, thereby providing a desirable protection in unplanned situations.

 

PDF icon 1729.pdf (518.81 KB)
R. Rios, and J. Lopez, "Adecuación de soluciones de anonimato al problema de la privacidad de localización en WSN", In XII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2012), U.. Zurutuza, R.. Uribeetxeberria, and I.. Arenaza-Nuño Eds., pp. 309-314, Sep 2012. More..

Abstract

Los patrones de tráfico característicos de las redes inalámbricas de sensores (WSNs) dan lugar al problema de la privacidad de localización. De manera similar, el tráfico de los usuarios en Internet revela información sensible que puede ser protegida mediante sistemas de comunicación anónima (ACS). Por ello, este trabajo analiza la posibilidad de adaptar las soluciones de anonimato tradicionales al problema particular de las redes de sensores. Hasta el momento estas soluciones habían sido rechazadas sin un análisis riguroso, argumentando simplemente que eran demasiado exigentes computacionalmente para los nodos sensores. Nuestros resultados demuestran que, en general, algunos ACS no cumplen los requisitos de privacidad necesarios en WSNs mientras que otros, que si los cumplen, se valen de una cantidad de recursos que superan la capacidad de los sensores.

PDF icon Rios2012b.pdf (156.9 KB)
R. Roman, et al., "Advanced Secure Multimedia Services for Digital Homes", In Information Systems Frontiers, vol. 14, Springer, pp. 527-540, July 2012. ISI JCR Impact Factor 2012: 0.851 DOI More..

Abstract

Our society is becoming increasingly more IT-oriented, and the images and sounds that reflect our daily life are being stored mainly in a digital form. This digital personal life can be part of the home multimedia contents, and users demand access and possibly share these contents (such as photographs, videos, and music) in an ubiquitous way: from any location and with any device. The purpose of this article is twofold. First, we introduce the Feel@Home system, whose main objective is to enable the previously mentioned vision of an ubiquitous digital personal life. Second, we describe the security architecture of Feel@Home, analyzing the security and privacy requirements that identify which threats and vulnerabilities must be considered, and deriving the security building blocks that can be used to protect both IMS-based and VPN-based solutions.

Impact Factor: 0.851
Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

PDF icon Roman2010a.pdf (1.36 MB)
J. Lopez, R.. Setola, and S.. Wolthusen Eds., "Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense", In LNCS, vol. 6715, Springer, 2012. More..
C. Alcaraz, and J. Lopez, "Analysis of Requirements for Critical Control Systems", In International Journal of Critical Infrastructure Protection (IJCIP), vol. 5, Elsevier, pp. 137–145, 2012. ISI JCR Impact Factor 2012: 0.63 DOI More..

Abstract

The use of modern information and communications technologies in supervisory control and data acquisition (SCADA) systems used in the critical infrastructure has become an important topic of research. The modernization significantly enhances operational performance, but also introduces security issues and the associated risks. This paper formally analyzes how the introduction of new technologies can impact control systems and ultimately affect the performance of the critical infrastructure systems being controlled. Five control system requirements are identified with the goal of proposing new operational requirements that trade-off performance and security.

Impact Factor: 0.63
Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

PDF icon 1730.pdf (705.14 KB)
J. A. Onieva, et al., "Como proteger la privacidad de los usuarios en Internet. Verificación anónima de la mayoría de edad", In XII Reunión Española sobre Criptología y Seguridad de la Información - RECSI 2012, Mondragon, pp. 297-302, Sep 2012. More..
PDF icon onieva2012.pdf (676.25 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Conceptual Framework for Trust Models", In 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), S. Fischer-Hübner, S. Katsikas, and G. Quirchmayr Eds., LNCS 7449, Springer Verlag, pp. 93-104, Sep 2012. DOI More..

Abstract

During the last twenty years, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that will be used for analyzing their features and for comparing heterogeneous and relevant trust models.

PDF icon moyano2012trustbus.pdf (470.63 KB)
D. Galindo, R. Roman, and J. Lopez, "On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks", In Wireless Communications and Mobile Computing, vol. 12, Wiley, pp. 133-143, Jan 2012. ISI JCR Impact Factor 2012: 0.863 DOI More..

Abstract

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).

Impact Factor: 0.863
Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

PDF icon Galindo2010.pdf (261.6 KB)
R. Rios, J. A. Onieva, and J. Lopez, "HIDE_DHCP: Covert Communications Through Network Configuration Messages", In Proceedings of the 27th IFIP TC 11 International Information Security and Privacy Conference (SEC 2012), D. Gritzalis, S. Furnell, and M. Theoharidou Eds., IFIP AICT 376, Springer Boston, pp. 162-173, June 2012. DOI More..

Abstract

Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in multilevel security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. We analyze a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication. From this analysis we observe several features that can be effectively exploited for subliminal data transmission. This results in the implementation of HIDE_DHCP, which integrates three covert channels that accommodate to different stealthiness and bandwidth requirements

PDF icon Rios2012.pdf (400 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Implementing Trust and Reputation Systems: A Framework for Developers’ Usage", In International Workshop on Quantitative Aspects in Security Assurance, 2012. More..

Abstract

During the last decades, a huge amount of trust and reputation models have been proposed, each of them with their own particularities and targeting different domains. While much effort has been made in defining ever-increasing complex models, little attention has been paid to abstract away the particularities of these models into a common set of easily understandable concepts. We propose a conceptual framework for computational trust models that is used for developing a component-oriented development framework that aims to assist developers during the implementation phase.

PDF icon moyano12qasa.pdf (609.67 KB)
D. Nuñez, I. Agudo, and J. Lopez, "Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services", In IEEE CloudCom 2012, IEEE Computer Society, pp. 241 - 248, Dec 2012. DOI More..

Abstract

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

PDF icon nunez2012integrating.pdf (254.97 KB)
J. Cuellar, and J. Lopez Eds., "Proceedings of the 3rd International ACMSigsoft Symposium on Architecting Critical Systems (ISARCS 2012)", In 3rd International ACMSigsoft Symposium on Architecting Critical Systems (ISARCS 2012), ACM, Jun 2012. More..
Y.. Xiang, J. Lopez, C.. Kuo, and W.. Zhou Eds., "Proceedings of the 4th International Symposium on Cyberspace Safety and Security (CSS 2012)", In 4th International Symposium on Cyberspace Safety and Security (CSS 2012), vol. LNCS, Springer, Dec 2012. More..
R. Rios, J. Cuellar, and J. Lopez, "Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN", In 17th European Symposium on Research in Computer Security (ESORICS 2012), S. Foresti, M. Yung, and F. Martinelli Eds., LNCS 7459, Springer, pp. 163-180, Sep 2012. DOI More..

Abstract

The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.

PDF icon Rios2012d.pdf (524.61 KB)
P. Najera, R. Roman, and J. Lopez, "Secure architecure for the integration of RFID and sensors in personal networks", In 7th International Workshop on Security and Trust Management (STM’11), LNCS 7170, Springer, pp. 207-222, 2012. DOI More..

Abstract

The secure integration of RFID technology into the personal network paradigm, as a context-aware technology which complements body sensor networks, would provide notable benefits to applications and potential services of the PN. RFID security as an independent technology is reaching an adequate maturity level thanks to research in recent years; however, its integration into the PN model, interaction with other network resources, remote users and service providers requires a specific security analysis and a PN architecture prepared to support these resource-constrained pervasive technologies. This paper provides such PN architecture and analysis. Aspects such as the management of personal tags as members of the PN, the authentication and secure communication of PN nodes and remote users with the context-aware technologies, and the enforcement of security and privacy policies are discussed in the architecture.

PDF icon Najera_STM11.pdf (551.02 KB)
A. Nieto, and J. Lopez, "Security and QoS relationships in Mobile Platforms", In The 4th FTRA International Conference on Computer Science and its Applications (CSA 2012), Lecture Notes in Electrical Engineering 203, Springer Netherlands, pp. 13-21, 2012. DOI More..

Abstract

Mobile platforms are becoming a fundamental part of the user’s daily life. The human-device relationship converts the devices in a repository of personal data that may be stolen or modified by malicious users. Moreover, wireless capabilities open the door to several malicious devices, and mobility represents an added difficulty in the detection of malicious behavior and in the prevention of the same. Furthermore, smartphones are subject to quality of service (QoS) restrictions, due to the user needs for multimedia applications and, in general, the need to be always-on. However, Security and QoS requirements are largely confronted and the mobility and heterogeneous paradigm on the Future Internet makes its coexistence even more difficult, posing new challenges to overcome. We analyze the principal challenges related with Security and QoS tradeoffs in mobile platforms. As a result of our analysis we provide parametric relationships between security and QoS parameters focused on mobile platforms.

PDF icon Nieto2012c.pdf (1.4 MB)
A. Nieto, and J. Lopez, "Security and QoS tradeoffs: towards a FI perspective", In Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, IEEE, pp. 745-750, 03/2012. DOI More..

Abstract

 Motivated by the growing convergence of diverse types of networks and the raise of new concepts such as Future Internet (FI), in this paper we present an analysis of current research on the development of security mechanisms in a tradeoff with Quality of Service (QoS) mechanisms. More precisely, we pay attention to the Security and QoS problems in resource-constrained networks that are candidates to be an important part of the FI due to their proximity to the user or because of their contribution to the information society. We analyse the current state of the research on security and QoS in the integration of sensors, MANET and cellular networks, with the aim of providing a critical point of view, allowing us to assess whether it is possible that such integration of networks is both secure and efficient.

PDF icon Nieto2012b.pdf (1.32 MB)
C. Alcaraz, G. Fernandez, and F. Carvajal, "Security Aspects of SCADA and DCS Environments", In Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense, J. Lopez, S.. Wolthunsen, and R. Setola Eds., Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense. LNCS 7130. 7130, Springer-Verlag, pp. 120-149, September 2012. More..

Abstract

SCADA Systems can be seen as a fundamental component in Critical Infrastructures, having an impact in the overall performance of other Critical Infrastructures interconnected. Currently, these systems include in their network designs different types of Information and Communication Technology systems (such as the Internet and wireless technologies), not only to modernize operational processes but also to ensure automation and real-time control. Nonetheless, the use of these new technologies will bring new security challenges, which will have a significant impact on both the business process and home users. Therefore, the main purpose of this Chapter is to address these issues and to analyze the interdependencies of Process Control Systems with ICT systems, to discuss some security aspects and to offer some possible solutions and recommendations.

PDF icon BC2011Alcaraz.pdf (683.38 KB)
C. Alcaraz, J. Lopez, R. Roman, and H-H. Chen, "Selecting key management schemes for WSN applications", In Computers & Security, vol. 31, no. 38, Elsevier, pp. 956–966, Nov 2012. ISI JCR Impact Factor 2012: 1.158 DOI More..

Abstract

Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.

Impact Factor: 1.158
Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

PDF icon AlcarazR2012.pdf (326.12 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Service-Oriented Trust and Reputation Architecture", In Proceedings of the Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2012), J. Cuellar, and N. Koch Eds., CEUR-WS 834, CEUR-WS, pp. 41-46, 2012. More..

Abstract

As the Future Internet arrives, more complex, service-based applications are spreading. These applications pose several challenges, including the huge amount of entities that must interact and their het- erogeneity. The success of these applications depends on the collaboration and communication of these entities, that might belong to different or- ganizations and administrative domains. Therefore, trust and reputation become two crucial issues. We propose the specification and design of a service-based security architecture that stresses the delivery of trust and reputation services to any application that might require them.

PDF icon moyano2012essosds.pdf (188.61 KB)
F. Moyano, C. Fernandez-Gago, I. Agudo, and J. Lopez, "A Task Ordering Approach for Automatic Trust Establishment", In Proceedings of the 2012 International Symposium on Engineering Secure Software and Systems (ESSoS 2012), G. Barthe, B. Livshits, and R. Scandariato Eds., LNCS 7159, Springer, pp. 76–89, Feb 2012. DOI More..

Abstract

Trust has become essential in computer science as a way of assisting the process of decision-making, such as access control. In any system, several tasks may be performed, and each of these tasks might pose different associated trust values between the entities of the system. For instance, in a file system, reading and overwriting a file are two tasks that pose different trust values between the users who can carry out these tasks. In this paper, we propose a simple model for automatically establishing trust relationships between entities considering an established order among tasks.

PDF icon Moyano_ESSoS12.pdf (526.84 KB)
A. Nieto, and J. Lopez, "Traffic Classifier for Heterogeneous and Cooperative Routing through Wireless Sensor Networks", In Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, IEEE, pp. 607-612, 03/2012. DOI More..

Abstract

 

Wireless Sensor Networks (WSN) are networks composed of autonomous devices manufactured to solve a specific problem, with limited computational capabilities and resource-constrained (e.g. limited battery). WSN are used to monitor physical or environmental conditions within an area (e.g. temperature, humidity). The popularity of the WSN is growing, precisely due to the wide range of sensors available. As a result, these networks are being deployed as part of several infrastructures. However, sensors are designed to collaborate only with sensors of the same type. In this sense, taking advantage of the heterogeneity of WSN in order to provide common services, like it is the case of routing, has not been sufficiently considered. For this reason, in this paper we propose a routing protocol based on traffic classification and role-assignment to enable heterogeneous WSN for cooperation. Our approach considers both QoS requirements and lifetime maximization to allow the coexistence of different applications in the heterogeneous network infrastructure.

 

PDF icon Nieto2012a.pdf (372.72 KB)
G. Draper-Gil, et al., "Un protocolo para la firma de contratos en escenarios multi-two-party con atomicidad", In XII Reunión Española de Criptología y Seguridad de la Información, pp. 357-362, 09/2012. More..

Abstract

Los avances tecnológicos que está experimentando el mundo digital (Internet, comunicaciones, etc.) están acercando a consumidores y proveedores. Los proveedores pueden ofrecer sus productos directamente a los consumidores finales, y éstos son capaces de acceder a los proveedores desde cualquier lugar y en cualquier momento. A la hora de adquirir productos o
servicios, esta facilidad de acceso permite a los consumidores consultar distintas ofertas de diferentes proveedores. Pero en el caso de que el consumidor quiera múltiples productos, como los paquetes turísticos, formados por vuelos, hoteles, excursiones, etc, los consumidores carecen de herramientas que les permitan realizar la contratación multi-two-party de manera atómica. En
este artículo presentamos un protocolo de firma de contratos multi-two-party con atomicidad que garantiza la equitatividad de todas las partes.

PDF icon 422.pdf (93.98 KB)
2013
A. Nieto, and J. Lopez, "Analysis and Taxonomy of Security/QoS tradeoff solutions for the Future Internet", In Security and Communication Networks (SCN) Journal, vol. 7, issue 12, Wiley-Blackwell, pp. 2778-2803, 2013. ISI JCR Impact Factor 2013: 0.433 DOI More..

Abstract

Motivated by the growing convergence of diverse types of networks and the rise of concepts such as Future Internet (FI), in this paper we analyse the coexistence of security mechanisms and Quality of Service (QoS) mechanisms in resourceconstrained networks, that are relevant types of networks within the FI environment. More precisely, we analyse the current state of the research on security and QoS in the integration of Wireless Sensor Networks (WSNs), Mobile Ad-Hoc Networks (MANETs) and cellular networks. Furthermore, we propose a taxonomy to identify similarities among these technologies, as well as the requirements for network interconnection. As a result, we define a dependency-based model for the analysis of Security and QoS tradeoff, and also define a high-level integration architecture for networks in the FI setting. The final goal is to provide a critical point of view that allows to assess whether such an integration of networks can be both secure and efficient.

Impact Factor: 0.433
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon nietoscn13.pdf (1.67 MB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Building Trust and Reputation In: A Development Framework for Trust Models Implementation", In 8th International Workshop on Security and Trust Management (STM 2012), A. Jøsang, P. Samarati, and M. Petrocchi Eds., LNCS 7783, Springer, pp. 113-128, 2013. DOI More..

Abstract

During the last years, many trust and reputation models have been proposed, each one targeting different contexts and purposes, and with their own particularities. While most contributions focus on defining ever-increasing complex models, little attention has been paid to the process of building these models inside applications during their implementation. The result is that models have traditionally considered as ad-hoc and after-the-fact solutions that do not always fit with the design of the application. To overcome this, we propose an object-oriented development framework onto which it is possible to build applications that require functionalities provided by trust and reputation models. The framework is extensible and flexible enough to allow implementing an important variety of trust models. This paper presents the framework, describes its main components, and gives examples on how to use it in order to implement three different trust models.

 

PDF icon moyano2012stm.pdf (571.19 KB)
R. Rios, J. A. Onieva, and J. Lopez, "Covert Communications through Network Configuration Messages", In Computers & Security, vol. 39, Part A, Elsevier, pp. 34 - 46, Nov 2013. ISI JCR Impact Factor 2013: 1.172 DOI More..

Abstract

Covert channels are a form of hidden communication that may violate the integrity of systems. Since their birth in Multi-Level Security systems in the early 70’s they have evolved considerably, such that new solutions have appeared for computer networks mainly due to vague protocols specifications. In this paper we concentrate on short-range covert channels and analyze the opportunities of concealing data in various extensively used protocols today. From this analysis we observe several features that can be effectively exploited for subliminal data transmission in the Dynamic Host Configuration Protocol (DHCP). The result is a proof-of-concept implementation, HIDE\_DHCP, which integrates three different covert channels each of which accommodate to different stealthiness and capacity requirements. Finally, we provide a theoretical and experimental analysis of this tool in terms of its reliability, capacity, and detectability.

Impact Factor: 1.172
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon rios2013a.pdf (565.05 KB)
C. Alcaraz, and J. Lopez, "FACIES: online identification of Failure and Attack on interdependent Critical InfrastructurES", In European CIIP Newsletter, vol. 7, European_CIIP_Newsletter, pp. 11-13, Nov 2013. More..

Abstract

 FACIES aims to protect water treatment systems and their control systems against accidental or intentional incidents such as failures, anomalies and cyber-attacks with a particular emphasis on stealth attacks.

R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things", In Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. ISI JCR Impact Factor 2013: 1.282 DOI More..

Abstract

In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.

Impact Factor: 1.282
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon roman2013iot.pdf (407.59 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Framework for Enabling Trust Requirements in Social Cloud Applications", In Requirements Engineering, vol. 18, issue 4, Springer London, pp. 321-341, Nov 2013. ISI JCR Impact Factor 2013: 1.147 DOI More..

Abstract

Cloud applications entail the provision of a huge amount of heterogeneous, geographically-distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.

Impact Factor: 1.147
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon moyano2013re.pdf (1.25 MB)
D. Nuñez, I. Agudo, and J. Lopez, "Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption", In Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013, September 2013. More..

Abstract

The advent of cloud computing has provided the opportunity to externalize the identity management processes, shaping what has been called Identity Management as a Service (IDaaS). However, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. As part of this PhD thesis, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection through the use of proxy re-encryption.

PDF icon nunez2013leveraging.pdf (276.87 KB)
R. Rios, J. Cuellar, and J. Lopez, "Ocultación de la estación base en redes inalámbricas de sensores", In XI Jornadas de Ingeniería Telemática (JITEL 2013), J. E. Díaz Verdejo, J. Navarro Ortiz, and J. J. Ramos Muñoz Eds., Asociación de Telemática, pp. 481-486, Oct 2013. More..

Abstract

La estación base es el elemento más importante en un red de sensores y, por tanto, es necesario evitar que un atacante pueda hacerse con el control de este valioso dispositivo. Para ello, el atacante puede valerse tanto de técnicas de análisis de tráfico como de la captura de nodos. En este trabajo presentamos un esquema que consta de dos fases, la primera está dedicada a homogeneizar los patrones de tráfico y la segunda encargada de perturbar las tablas de rutas de los nodos. Ambas fases permiten mantener a la estación base fuera del alcance del atacante con un coste computacional insignificante y un consumo energético moderado. La validez de nuestro esquema ha sido validada analíticamente y a través de numerosas simulaciones.

PDF icon rios2013b.pdf (348.08 KB)
I. Agudo, R. Rios, and J. Lopez, "A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control", In Computers & Security, vol. 39 (B), Elsevier, pp. 117-126, 11/2013. ISI JCR Impact Factor 2013: 1.172 DOI More..

Abstract

Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.

Impact Factor: 1.172
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon agudo2013.pdf (436.44 KB)
S. Furnell, C. Lambrinoudakis, and J. Lopez Eds., "Proceedings of the 10th International Conference on Trust, Privacy, and Security in Digital Business (TRUSTBUS 2013)", In 10th International Conference on Trust, Privacy and Security in Digital Business (TRUSTBUS 2013), vol. LNCS 8058, Springer, Aug 2013. More..
B.. Hammerli, N.. Svendsen, and J. Lopez Eds., "Proceedings of the 7th International Conference on Critical Information Infrastructures Security (CRITIS 2012)", In 7th International Conference on Critical Information Infrastructures Security (CRITIS 2012), vol. LNCS 7722, Springer, 2013. More..
J. Lopez, X. Huang, and R. Sandhu Eds., Proceedings of the 7th International Conference on Network and System Security (NSS 2013) , vol. LNCS, no. 7873, Springer, Jun 2013. More..
J. A. Montenegro, M. J. Fischer, J. Lopez, and R. Peralta, "Secure sealed-bid online auctions using discreet cryptographic proofs", In Mathematical and Computer Modelling, vol. 57, Elsevier, pp. 2583–2595, Jun 2013. ISI JCR Impact Factor 2013: 2.02 DOI More..

Abstract

This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, the winning bid is determined without information about the losing bids leaking to either the auctioneer or other bidders. Practical implementation of the protocol is feasible using circuit-based cryptographic proofs along with additively homomorphic bit commitment. Moreover, we propose the development of a Proof Certificatestandard. These certificates convey sufficient information to recreate the cryptographic proofs and verify them offline.

Impact Factor: 2.02
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon MFLR13.pdf (606.16 KB)
C. Alcaraz, R. Roman, P. Najera, and J. Lopez, "Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things", In Ad Hoc Networks, vol. 11, Elsevier, pp. 1091–1104, 2013. ISI JCR Impact Factor 2013: 1.943 DOI More..

Abstract

The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.

Impact Factor: 1.943
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon 1752.pdf (1.21 MB)
J. Lopez, C. Alcaraz, and R. Roman, "Smart Control of Operational Threats in Control Substations", In Computers & Security, vol. 38, Elsevier, pp. 14-27, OCT 2013. ISI JCR Impact Factor 2013: 1.172 DOI More..

Abstract

Any deliberate or unsuitable operational action in control tasks of critical infrastructures, such as energy generation, transmission and distribution systems that comprise sub-domains of a Smart Grid, could have a significant impact on the digital economy: without energy, the digital economy cannot live. In addition, the vast majority of these types of critical systems are configured in isolated locations where their control depends on the ability of a few, supposedly trustworthy, human operators. However, this assumption of reliabilty is not always true. Malicious human operators (criminal insiders) might take advantage of these situations to intentionally manipulate the critical nature of the underlying infrastructure. These criminal actions could be not attending to emergency events, inadequately responding to incidents or trying to alter the normal behaviour of the system with malicious actions. For this reason, in this paper we propose a smart response mechanism that controls human operators’ operational threats at all times. Moreover, the design of this mechanism allows the system to be able to not only evaluate by itself, the situation of a particular scenario but also to take control when areas are totally unprotected and/or isolated. The response mechanism, which is based on Industrial Wireless Sensor Networks (IWSNs) for the constant monitoring of observed critical infrastructures, on reputation for controlling human operators’ actions, and on the ISA100.11a standard for alarm management, has been implemented and simulated to evaluate its feasibility for critical contexts.

Impact Factor: 1.172
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon 1770.pdf (1.58 MB)
L. Cazorla, C. Alcaraz, and J. Lopez, "Towards Automatic Critical Infrastructure Protection through Machine Learning", In 8th International Conference on Critical Information Infrastructures Security, vol. 8328, Springer, pp. 197-203, 2013. DOI More..

Abstract

Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology

PDF icon 1805.pdf (110.09 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "Towards Engineering Trust-aware Future Internet Systems", In 3rd International Workshop on Information Systems Security Engineering (WISSE 2013), X. Franch, and P. Soffer Eds., LNBIP 148, Springer-Verlag, pp. 490-501, Jun 2013. DOI More..

Abstract

Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.

PDF icon moyano13wisse.pdf (505.78 KB)
F. Moyano, B. Baudry, and J. Lopez, "Towards Trust-Aware and Self-Adaptive Systems", In 7th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2013), C. Fernandez-Gago, I. Agudo, F. Martinelli, and S. Pearson Eds., AICT 401, Springer, pp. 255-262, Jun 2013. DOI More..

Abstract

The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Software engineering currently provides frameworks to develop reasoning engines that automatically take reconfiguration decisions and that support the runtime adaptation of distributed, heterogeneous applications. However, these frameworks have very limited support to address security concerns of these application, hindering their usage for FI scenarios. We address this challenge by enhancing self-adaptive systems with the concepts of trust and reputation. Trust will improve decision-making processes under risk and uncertainty, in turn improving security of self-adaptive FI applications. This paper presents an approach that includes a trust and reputation framework into a platform for adaptive, distributed component-based systems, thus providing software components with new abilities to include trust in their reasoning process.  

PDF icon moyano2013ifiptm.pdf (585.82 KB)
F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Trust and Reputation Framework", In Doctoral Symposium of the International Symposium on Engineering Secure Software and Systems (ESSoS-DS 2013), M. Heisel, and E. Marchetti Eds., CEUR-WS 965, CEUR-WS, pp. 7-12, 2013. More..

Abstract

The Future Internet is posing new security challenges as their scenarios are bringing together a huge amount of stakeholders and devices that must interact under unforeseeable conditions. In addition, in these scenarios we cannot expect entities to know each other beforehand, and therefore, they must be involved in risky and uncertain collaborations. In order to minimize threats and security breaches, it is required that a well-informed decision-making process is in place, and it is here where trust and reputation can play a crucial role. Unfortunately, services and applications developers are often unarmed to address trust and reputation requirements in these scenarios. To overcome this limitation, we propose a trust and reputation framework that allows developers to create trust- and reputation-aware applications.  

PDF icon moyano2013essosds.pdf (217.23 KB)
R. Rios, and J. Lopez, "(Un)Suitability of Anonymous Communication Systems to WSN", In IEEE Systems Journal, vol. 7, no. 2, IEEE Systems Council, pp. 298 - 310, Jun 2013. ISI JCR Impact Factor 2013: 1.746 DOI More..

Abstract

Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals’ traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes’ communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes.

Impact Factor: 1.746
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon Rios2012a.pdf (488.58 KB)
P. Najera, R. Roman, and J. Lopez, "User-centric secure integration of personal RFID tags and sensor networks", In Security and Communication Networks, vol. 6, Wiley-Blackwell, pp. 1177–1197, Oct 2013. ISI JCR Impact Factor 2013: 0.433 DOI More..

Abstract

A personal network (PN) should enable the collaboration of user’s devices and services in a flexible, self-organizing and friendly manner. For such purpose, the PN must securely accommodate heterogeneous technologies with uneven computational and communication resources. In particular, personal RFID tags can enable seamless recognition of user’s context, provide user authentication and enable novel services enhancing the quality and quantity of data handled by the PN. However, the highly constrained features of common RFID tags and their passive role in the network highlights the need of an adequate secure communication model with personal tags which enables their participation as a member of the PN. In this paper, we present our concept of PN, with special emphasis on the role of RFID and sensor networks, and define a secure architecture for PNs including methods for the secure access to context-aware technologies from both local PN members and the Internet of Things. The PN architecture is designed to support differentiated security mechanisms to maximize the level of security for each type of personal device. Furthermore, we analyze which security solutions available in the literature can be adapted for our architecture, as well as the challenges and security mechanisms still necessary in the secure integration of personal tags.

Impact Factor: 0.433
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

C. Alcaraz, and J. Lopez, "Wide-Area Situational Awareness for Critical Infrastructure Protection", In IEEE Computer, vol. 46, no. 4, IEEE Computer Society, pp. 30-37, 2013. ISI JCR Impact Factor 2013: 1.438 DOI More..

Abstract

Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutions

 

Impact Factor: 1.438
Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

PDF icon 1761.pdf (1.56 MB)
2014
C. Fernandez-Gago, I. Agudo, and J. Lopez, "Building Trust from Context Similarity Measures", In Computer Standards & Interfaces, Special Issue on Security in Information Systems, vol. 36, issue 4, Elsevier, pp. 792-800, 2014. ISI JCR Impact Factor 2014: 0.879 DOI More..

Abstract

 Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.

 

Impact Factor: 0.879
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

PDF icon CSI13.pdf (573.29 KB)
A. Nieto, and J. Lopez, "A Context-based Parametric Relationship Model (CPRM) to Measure the Security and QoS tradeoff in Configurable Environments", In IEEE International Conference on Communications (ICC'14), IEEE Communications Society, pp. 755-760, 06/2014. DOI More..

Abstract

Heterogeneity of future networks requires the use of extensible models to understand the Security and QoS tradeoff. We believe that a good starting point is to analyze the Security and QoS tradeoff from a parametric point of view and, for this reason, in a previous paper, we defined the Parametric Rela- tionship Model (PRM) to define relationships between Security and QoS parameters. In this paper, we extend that approach in order to change the behaviour of the model so that different contexts in the same system are considered; that is, to provide a Context-based Parametric Relationship Model (CPRM). The final aim is to provide useful tools for system administrators in order to help them deal with Security and QoS tradeoff issues in the configuration of the environment. 

PDF icon 431.pdf (1.12 MB)
D. Nuñez, I. Agudo, and J. Lopez, "Delegated Access for Hadoop Clusters in the Cloud", In IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2014), IEEE, pp. 374-379, 12/2014. DOI More..

Abstract

Among Big Data technologies, Hadoop stands out for its capacity to store and process large-scale datasets. However, although Hadoop was not designed with security in mind, it is widely used by plenty of organizations, some of which have strong data protection requirements. Traditional access control solutions are not enough, and cryptographic solutions must be put in place to protect sensitive information. In this paper, we describe a cryptographically-enforced access control system for Hadoop, based on proxy re-encryption. Our proposed solution fits in well with the outsourcing of Big Data processing to the cloud, since information can be stored in encrypted form in external servers in the cloud and processed only if access has been delegated. Experimental results show that the overhead produced by our solution is manageable, which makes it suitable for some applications.

PDF icon nunez2014delegated.pdf (600.22 KB)
C. Alcaraz, and J. Lopez, "Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection", In Computer Standards & Interfaces, vol. 36, issue 3, Elsevier, pp. 501-512, 2014. ISI JCR Impact Factor 2014: 0.879 DOI More..

Abstract

 Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of  ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.

Impact Factor: 0.879
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

PDF icon alcaraz2013a.pdf (1.94 MB)
M. Heisel, W. Joosen, J. Lopez, and F. Martinelli, "Engineering Secure Future Internet Services and Systems- Current Research", In Lecture Notes in Computer Science, vol. 8431, no. Lect.Notes ComputerState-of-the-Art Surveys, Springer , 2014. More..

Abstract

This State-of-the-Art Survey contains a selection of papers representing state-of-the-art results in the engineering of secure software-based Future Internet services and systems, produced by the NESSoS project researchers. The engineering approach of the Network of Excellence NESSoS, funded by the European Commission, is based on the principle of addressing security concerns from the very beginning in all software development phases, thus contributing to reduce the amount of software vulnerabilities and enabling the systematic treatment of security needs through the engineering process. The 15 papers included in this volume deal with the main NESSoS research areas: security requirements for Future Internet services; creating secure service architectures and secure service design; supporting programming environments for secure and composable services; enabling security assurance and integrating former results in a risk-aware and cost-aware software life-cycle.

F. Moyano, C. Fernandez-Gago, B. Baudry, and J. Lopez, "Engineering Trust-Awareness and Self-adaptability in Services and Systems", In Engineering Secure Future Internet Services and Systems, vol. LNCS 8431, no. 8431, Springer, pp. 180-209, 03/2014. DOI More..

Abstract

The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Models@run.time is a promising model-driven approach that supports the runtime adaptation of distributed, heterogeneous systems. Yet frameworks that accommodate this paradigm have limited support to address security concerns, hindering their usage in real scenarios. We address this challenge by enhancing models@run.time with the concepts of trust and reputation. Trust improves decision-making processes under risk and uncertainty and constitutes a distributed and flexible mechanism that does not entail heavyweight administration. This chapter introduces a trust and reputation framework that is integrated into a distributed component model that implements the models@run.time paradigm, thus allowing software components to include trust in their reasoning process. The framework is illustrated in a smart grid scenario.

PDF icon moyano14esfi.pdf (3.2 MB)
A. Nieto, and J. Lopez, "Herramienta para la Compensación de Parámetros de QoS y Seguridad", In XIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2014), pp. 303-308, 09/2014. More..

Abstract

El análisis conjunto de mecanismos de seguridad y QoS es esencial para las redes heterogéneas donde diversos dispositivos pueden coexistir en entornos dinámicos. En concreto, los dispositivos no siempre pueden ser conocidos, por lo que diferentes requisitos y mecanismos pueden surgir para el análisis. En este artículo, proponemos una herramienta para facilitar la configuración de entornos basada en el análisis paramétrico de dependencias, tomando como base de conocimiento un conjunto de parámetros de seguridad y QoS. Esta forma de análisis de parámetros a alto nivel permite considerar las dependencias y la compensación entre mecanismos con independencia del sistema de información subyacente. Posibilita por tanto evaluar el impacto que tales mecanismos, y otros definidos acorde al modelo, tienen sobre un sistema previo a su despliegue. 

PDF icon 909.pdf (470.04 KB)
J. L. Hernández-Ardieta, et al., "An Intelligent and Adaptive Live Simulator: A new Concept for Cybersecurity Training", In 9th Future Security Conference, 2014. More..

Abstract

The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a potential solution for cybersecurity training. However, in spite of the advances achieved, there is still an urgent need to address some open challenges. In this paper we present a novel simulator that solves some these challenges. First, we analyse the main properties that any cybersecurity training solution should comprise, and evaluate to what extent training simulators can meet them. Next, we introduce the functional architecture and innovative features of the simulator, of which a functional prototype has already been released. Finally, we demonstrate how these capabilities are put into practice in training courses already available in the simulator.

PDF icon 1637.pdf (1005.4 KB)
R. Rios, J. Lopez, and J. Cuellar, "Location Privacy in WSNs: Solutions, Challenges, and Future Trends", In Foundations of Security Analysis and Design VII, vol. 8604, no. LNCS, Springer, pp. 244-282, 2014. DOI More..

Abstract

Privacy preservation is gaining popularity in Wireless Sensor Network (WSNs) due to its adoption in everyday scenarios. There are a number of research papers in this area many of which concentrate on the location privacy problem. In this paper we review and categorise these solutions based on the information available to the adversary and his capabilities. But first we analyse whether traditional anonymous communication systems conform to the original requirements of location privacy in sensor networks. Finally, we present and discuss a number of challenges and future trends that demand further attention from the research community.

PDF icon ruben2014a.pdf (686.66 KB)
A. Nieto, and J. Lopez, "A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms", In Mobile Networks and Applications (MONET) Journal, vol. 19, issue 1, Springer US, pp. 64-78, 02/2014. ISI JCR Impact Factor 2014: 1.045 DOI More..

Abstract

Today, mobile platforms are multimedia devices that provide different types of traffic with the consequent particular performance demands and, besides, security concerns (e.g. privacy). However, Security and QoS requirements quite often conflict to a large degree; the mobility and heterogeneous paradigm of the Future Internet makes coexistence even more difficult, posing new challenges to overcome. Probably, one of the main challenges is to identify the specific reasons why Security and QoS mechanisms are so related to each other. In this paper, we present a Parametric Relationship Model (PRM) to identify the Security and QoS dependencies, and to elaborate on the Security and QoS tradeoff. In particular, we perform an analysis that focus on the mobile platform environment and, consequently, also considers subjective parameters such user’s experience, that is crucial for increasing the usability of new solutions in the Future Internet. The final aim of our contribution is to facilitate the development of secure and efficient services for mobile platforms.

Impact Factor: 1.045
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

PDF icon nieto2013mone.pdf (666.18 KB)
J. A. Montenegro, and J. Lopez, "A practical solution for sealed bid and multi-currency auctions", In Computers & Security, vol. 45, Elsevier, pp. 186-198, 09/2014. ISI JCR Impact Factor 2014: 1.031 DOI More..

Abstract

This paper introduces a sealed bid and multi-currency auction using secure multiparty computation (SMC).

Two boolean functions, a comparison and multiplication function, have been designed as required to apply SMC. These functions are applied without revealing any information, not even to trusted third parties such as the auctioneer. A type of Zero Knowledge proof, discreet proof, has been implemented with three variants, interactive, regular and reduced non interactive proofs. These proofs make it possible to verify the correctness of the functions whilst preserving the privacy of the bid values. Moreover, a system performance evaluation of the proposal has been realized on heterogeneous platforms, including a mobile platform. The evaluation concludes that our proposal is practical even on mobile platforms.

Impact Factor: 1.031
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

PDF icon MoLo15.pdf (1.48 MB)
J. Lopez, R. Rios, and J. Cuellar, "Preserving Receiver-Location Privacy in Wireless Sensor Networks", In Information Security Practice and Experience (ISPEC 2014), vol. 8434, Springer, pp. 15-27, 05/2014. DOI More..

Abstract

Wireless sensor networks (WSNs) are exposed to many different types of attacks. Among these, the most devastating attack is to compromise or destroy the base station since all communications are addressed exclusively to it. Moreover, this feature can be exploited by a passive adversary to determine the location of this critical device. This receiver-location privacy problem can be reduced by hindering traffic analysis but the adversary may still obtain location information by capturing a subset of sensor nodes in the field. This paper addresses, for the first time, these two problems together in a single solution

PDF icon Lopez2014prl.pdf (254.78 KB)
N. Nomikos, et al., "Relay Selection for Secure 5G Green Communications", In Telecommunication Systems , Springer US, pp. 1-19, 11/2014. ISI JCR Impact Factor 2014: 0.705 DOI More..

Abstract

In this article, we present relay selection policies in applications with secrecy requirements which are of interest in the fifth generation (5G) of wireless networks. More specifically, we provide a classification of relays based on their distinct communication attributes, such as processing, multiple antennas, storage, channel estimation, density and security level. In addition, we discuss the level of efficiency exhibited by each relay class, regarding their impact in delay-critical applications and green communications applications, while aiming at a specific security level at the physical layer. Then, relay selection policies are proposed taking into consideration the goals set by each application. Numerical evaluation of the proposed policies in terms of the average secrecy rate, average delay and power reduction show improved performance compared to other state-of-the-art solutions. 

Impact Factor: 0.705
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

A. Nieto, and J. Lopez, "Security and QoS Tradeoff Recommendation System (SQT-RS) for Dynamic Assessing CPRM-based Systems", In 10th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (Q2SWinet'14), ACM, pp. 25-32, 09/2014. DOI More..

Abstract

Context-based Parametric Relationship Models (CPRM) define complex dependencies between different types of parameters. In particular, Security and QoS relationships, that may occur at different levels of abstraction, are easily identified using CPRM. However, the growing number of parameters and relationships, typically due to the heterogeneous scenarios of future networks, increase the complexity of the final diagrams used in the analysis, and makes the current solution for assessing Security and QoS tradeoff (SQT) impractical for untrained users. In this paper, we define a recommendation system based on contextual parametric relationships in accordance with the definition of CPRM. The inputs for the system are generated dynamically based on the context provided by CPRM-based systems.

 

PDF icon 932.pdf (626.17 KB)
C. Alcaraz, and J. Lopez, "WASAM: A Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids", In Future Generation Computer Systems, vol. 30, Elsevier, pp. 146-154, 2014. ISI JCR Impact Factor 2014: 2.786 DOI More..

Abstract

Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of high-level functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.

Impact Factor: 2.786
Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

PDF icon alcaraz2013b.pdf (956.89 KB)
2015
L. Cazorla, C. Alcaraz, and J. Lopez, "Awareness and Reaction Strategies for Critical Infrastructure Protection", In Computers and Electrical Engineering, vol. 47, issue October, Elsevier, pp. 299-317, 2015. ISI JCR Impact Factor 2015: 1.084 DOI More..

Abstract

Current Critical Infrastructures (CIs) need intelligent automatic active reaction mechanisms to protect their critical processes against cyber attacks or system anomalies, and avoid the disruptive consequences of cascading failures between interdependent and interconnected systems. In this paper we study the Intrusion Detection, Prevention and Response Systems (IDPRS) that can offer this type of protection mechanisms, their constituting elements and their applicability to critical contexts. We design a methodological framework determining the essential elements present in the IDPRS, while evaluating each of their sub-components in terms of adequacy for critical contexts. We review the different types of active and passive countermeasures available, categorizing them and assessing whether or not they are suitable for Critical Infrastructure Protection (CIP). Through our study we look at different reaction systems and learn from them how to better create IDPRS solutions for CIP. 

Impact Factor: 1.084
Journal Citation Reports® Science Edition (Thomson Reuters, 2015)

PDF icon cazorla2015b.pdf (469.16 KB)
A. Nieto, and J. Lopez, "Contextualising Heterogeneous Information in Unified Communications with Security Restrictions", In Computer Communications, vol. 68, Elsevier, pp. 33-46, 09/2015. ISI JCR Impact Factor 2015: 2.099 DOI More..

Abstract

The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.

Impact Factor: 2.099
Journal Citation Reports® Science Edition (Thomson Reuters, 2015)

PDF icon NL-COMCOM15.pdf (2 MB)
D. Nuñez, I. Agudo, and J. Lopez, "NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU", In 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), pp. 179-189, 04/2015. DOI More..

Abstract

The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.

PDF icon nunez2015ntrureencrypt.pdf (326.98 KB)
D. Nuñez, I. Agudo, and J. Lopez, "A Parametric Family of Attack Models for Proxy Re-Encryption", In 28th IEEE Computer Security Foundations Symposium, IEEE Computer Society, pp. 290-301, 07/2015. DOI More..

Abstract

Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ``plain'' IND-CPA to ``full'' IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ``CCA1- secure'' scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.

PDF icon nunez2015parametric.pdf (342.55 KB)
D. Nuñez, I. Agudo, and J. Lopez, "Privacy-Preserving Identity Management as a Service", In Accountability and Security in the Cloud, M. Felici, and C. Fernandez-Gago Eds., Lecture Notes in Computer Science 8937, Springer International Publishing, pp. 114-125, 2015. DOI More..

Abstract

In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.

R. Rios, J. Cuellar, and J. Lopez, "Probabilistic receiver-location privacy protection in wireless sensor networks", In Information Sciences, vol. 321, Elsevier, pp. 205 - 223, 07/2015. ISI JCR Impact Factor 2015: 3.364 DOI More..

Abstract

Wireless sensor networks (WSNs) are continually exposed to many types of attacks. Among these, the attacks targeted at the base station are the most devastating ones since this essential device processes and analyses all traffic generated in the network. Moreover, this feature can be exploited by a passive adversary to determine its location based on traffic analysis. This receiver-location privacy problem can be reduced by altering the traffic pattern of the network but the adversary may still be able to reach the base station if he gains access to the routing tables of a number of sensor nodes. In this paper we present HISP-NC (Homogenous Injection for Sink Privacy with Node Compromise protection), a receiver-location privacy solution that consists of two complementary schemes which protect the location of the base station in the presence of traffic analysis and node compromise attacks. The HISP-NC data transmission protocol prevents traffic analysis by probabilistically hiding the flow of real traffic with moderate amounts of fake traffic. Moreover, HISP-NC includes a perturbation mechanism that modifies the routing tables of the nodes to introduce some level of uncertainty in attackers capable of retrieving the routing information from the nodes. Our scheme is validated both analytically and experimentally through extensive simulations.

Impact Factor: 3.364
Journal Citation Reports® Science Edition (Thomson Reuters, 2015)

PDF icon rios2015.pdf (692.33 KB)
L. Cazorla, C. Alcaraz, and J. Lopez, "A Three-Stage Analysis of IDS for Critical Infrastructures", In Computers & Security, vol. 55, no. November, Elsevier, pp. 235-250, 2015. ISI JCR Impact Factor 2015: 1.64 More..

Abstract

The correct operation of Critical Infrastructures (CIs) is vital for the well being of society, however these complex systems are subject to multiple faults and threats every day. International organizations around the world are alerting the scientific community to the need for protection of CIs, especially through preparedness and prevention mechanisms. One of the main tools available in this area is the use of Intrusion Detection Systems (IDSs). However, in order to deploy this type of component within a CI, especially within its Control System (CS), it is necessary to verify whether the characteristics of a given IDS solution are compatible with the special requirements and constraints of a critical environment. In this paper, we carry out an extensive study to determine the requirements imposed by the CS on the IDS solutions using the Non-Functional Requirements (NFR) Framework. The outcome of this process are the abstract properties that the IDS needs to satisfy in order to be deployed within a CS, which are refined through the identification of satisficing techniques for the NFRs. To provide quantifiable measurable evidence on the suitability of the IDS component for a CI, we broaden our study using the Goal Question Metric (GQM) approach to select a representative set of metrics. A requirements model, refined with satisficing techniques and sets of metrics which help assess, in the most quantifiable way possible, the suitability and performance of a given IDS solution for a critical scenario, constitutes the results of our analysis.

Impact Factor: 1.64
Journal Citation Reports® Science Edition (Thomson Reuters, 2015)

PDF icon lorena2015c.pdf (1.54 MB)
2016
D. Nuñez, I. Agudo, and J. Lopez, "On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption", In Security and Communication Networks, vol. 9, issue 12, Wiley, pp. 1769-1785, 08/2016. ISI JCR Impact Factor 2016: 1.067 DOI More..

Abstract

Several generic methods exist for achieving chosen-ciphertext attack (CCA)-secure public-key encryption schemes from weakly secure cryptosystems, such as the Fujisaki–Okamoto and REACT transformations. In the context of proxy re-encryption (PRE), it would be desirable to count on analogous constructions that allow PRE schemes to achieve better security notions. In this paper, we study the adaptation of these transformations to proxy re-encryption and find both negative and positive results. On the one hand, we show why it is not possible to directly integrate these transformations with weakly secure PRE schemes because of general obstacles coming from both the constructions themselves and the security models, and we identify 12 PRE schemes that exhibit these problems. On the other hand, we propose an extension of the Fujisaki–Okamoto transformation for PRE, which achieves a weak form of CCA security in the random oracle model, and we describe the sufficient conditions for applying it

Impact Factor: 1.067
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon nunez2016application.pdf (437.22 KB)
A. Nieto, R. Roman, and J. Lopez, "Arquitectura funcional para la cadena de custodia digital en objetos de la IoT", In XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 10/2016. More..

Abstract

En la Internet de los Objetos (IoT, por sus siglas en inglés), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayudándose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboración de éstos para denunciar posibles abusos telemáticos aún está por definir. Los testigos digitales son dispositivos concebidos para definir la participación de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este artículo proponemos una arquitectura funcional para la implementación del concepto de testigo digital en dispositivos heterogéneos de la IoT.

PDF icon 1582.pdf (921.02 KB)
L. Cazorla, C. Alcaraz, and J. Lopez, "Cyber Stealth Attacks in Critical Information Infrastructures", In IEEE Systems Journal, issue 99, IEEE, pp. 1-15, 03/2016. ISI JCR Impact Factor 2016: 3.882 DOI More..

Abstract

Current Critical Infrastructures (CIs) are complex interconnected industrial systems that, in recent years, have incorporated information and communications technologies such as connection to the Internet and commercial off-the-shelf components. This makes them easier to operate and maintain, but exposes them to the threats and attacks that inundate conventional networks and systems. This paper contains a comprehensive study on the main stealth attacks that threaten CIs, with a special focus on Critical Information Infrastructures (CIIs). This type of attack is characterized by an adversary who is able to finely tune his actions to avoid detection while pursuing his objectives. To provide a complete analysis of the scope and potential dangers of stealth attacks we determine and analyze their stages and range, and we design a taxonomy to illustrate the threats to CIs, offering an overview of the applicable countermeasures against these attacks. From our analysis we understand that these types of attacks, due to the interdependent nature of CIs, pose a grave danger to critical systems where the threats can easily cascade down to the interconnected systems. 

Impact Factor: 3.882
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon cazorla2016cyber.pdf (689.18 KB)
A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Digital Evidence Management Framework for the Internet of Things", In ERCIM News, no. 106, ERCIM EEIG, pp. 9-9, 07/2016.
A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices", In IEEE Network, IEEE Communications Society, pp. 12-19, 2016. ISI JCR Impact Factor 2016: 7.230 DOI More..

Abstract

Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

Impact Factor: 7.230
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon ieeenet16-nrl.pdf (1002.02 KB)
C. Alcaraz, J. Lopez, and K-K. Raymond Choo, "Dynamic Restoration in Interconnected RBAC-based Cyber-Physical Control Systems", In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (SECRYPT 2016), pp. 19-27, 2016. DOI More..

Abstract

Increasingly, automatic restoration is an indispensable security measure in control systems (e.g. those used in critical infrastructure sectors) due to the importance of ensuring the functionality of monitoring infrastructures. Modernizing the interconnection of control systems to provide interoperability between different networks, at a low cost, is also a critical requirement in control systems. However, automated recovery mechanisms are currently costly, and ensuring interoperability particularly at a low cost remains a topic of scientific challenge. This is the gap we seek to address in this paper. More specifically, we propose a restoration model for interconnected contexts, taking into account the theory of supernode and structural controllability, as well as the recommendations given by the IEC-62351-8 standard (which are mainly based on the implementation of a role-based access control system).

PDF icon 1585.pdf (2.17 MB)
R. Rios, and J. Lopez, "Evolución y nuevos desafios de privacidad en la Internet de las Cosas", In XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 209-213, 10/2016. More..

Abstract

La Internet de las Cosas (en inglés, Internet of Things (IoT)) es una evolución de la Internet tal y como lo conocemos. Esta nueva versión de Internet incorpora objetos de la vida cotidiana, rompiendo así barrera de los digital y extendiéndose al mundo físico. Estos objetos interactuarán entre sí y con otras entidades tanto de manera local como remota, y estarán dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traerá consigo un sinfín de posibilidades y nuevos servicios, pero también dará lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este artículo, estudiamos los problemas de privacidad actuales de una de las tecnologías claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.

 

PDF icon Rios2016a.pdf (263.7 KB)
R. Rios, J. Lopez, and J. Cuellar, "Location Privacy in Wireless Sensor Networks", In CRC Series in Security, Privacy and Trust, Taylor & Francis, 2016. More..
F. Moyano, C. Fernandez-Gago, and J. Lopez, "A Model-driven Approach for Engineering Trust and Reputation into Software Services", In Journal of Network and Computer Applications, vol. 69, Elsevier, pp. 134-151, 04/2016. ISI JCR Impact Factor 2016: 3.500 More..
Impact Factor: 3.500
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon JNCA16.pdf (613.36 KB)
D. Nuñez, I. Agudo, and J. Lopez, "Nuevas nociones de seguridad y transformaciones genéricas para criptosistemas de recifrado delegado", In XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 174-179, 10/2016. More..

Abstract

El recifrado delegado (proxy re-encryption) es un tipo de cifrado de clave pública que permite delegar la capacidad de transformar textos cifrados de una clave pública a otra, sin que se pueda obtener ninguna información sobre el mensaje subyacente. Por este motivo, representa un candidato natural para construir mecanismos criptográficos de control de acceso. En este artículo estudiamos algunos de los problemas de seguridad de este tipo de criptosistemas. En primer lugar, examinamos las nociones de seguridad e identificamos una nueva familia paramétrica de modelos de ataque, que considera la disponibilidad tanto del oráculo de descifrado como de recifrado. En segundo lugar, estudiamos la aplicabilidad de transformaciones genéricas para mejorar la seguridad, centrándonos en la transformación Fujisaki-Okamoto, y formulamos las condiciones que nos permiten aplicarla.

PDF icon nunez2016nuevas.pdf (472.48 KB)
C. Alcaraz, J. Lopez, and S. Wolthusen, "Policy Enforcement System for Secure Interoperable Control in Distributed Smart Grid Systems", In Journal of Network and Computer Applications, vol. 59, Elsevier, pp. 301–314, 01/2016. ISI JCR Impact Factor 2016: 3.500 More..

Abstract

Interoperability of distributed systems in charge of monitoring and maintaining the different critical domains belonging to Smart Grid scenarios comprise the central topic of this paper. Transparency in control transactions under a secure and reliable architecture is the aim of the policy enforcement system proposed here. The approach is based on the degree of observation of a context and on the role-based access control model defined by the IEC-62351-8 standard. Only authenticated and authorised entities are able to take control of those distributed elements (e.g., IEC-61850 objects) located at distant geographical locations and close to the critical infrastructures (e.g., substations). To ensure the effectiveness of the approach, it is built on graphical-theoretical formulations corresponding to graph theory, where it is possible to illustrate power control networks through power-law distributions whose monitoring relies on structural controllability theory. The interconnection of these distributions is subject to a network architecture based on the concept of the supernode where the interoperability depends on a simple rule-based expert system. This expert system focuses not only on accepting or denying access, but also on providing the means to attend to extreme situations, avoiding, as much as possible, the overloading of the communication. Through one practical study we also show the functionalities of the approach and the benefits that the authorisation itself can bring to the interoperability

Impact Factor: 3.500
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon alcaraz2016POL.pdf (1.81 MB)
R. Rios, C. Fernandez-Gago, and J. Lopez, "Privacy-Aware Trust Negotiation", In 12th International Workshop on Security and Trust Management (STM), vol. LNCS 9871, Springer, pp. 98-105, 09/2016. DOI More..

Abstract

Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.

PDF icon rios2016b.pdf (237.78 KB)
C. Alcaraz, and J. Lopez, "Safeguarding Structural Controllability in Cyber-Physical Control Systems", In The 21st European Symposium on Research in Computer Security (ESORICS 2016), vol. 9879, Springer, pp. 471-489, 2016. More..

Abstract

Automatic restoration of control wireless networks based on dynamic cyber-physical systems has become a hot topic in recent years, since most of their elements tend to have serious vulnerabilities that may be exploited by attackers. In fact, any exploitation may rapidly extend to the entire control network due to its problem of non-locality, where control properties of a system and its structural controllability can disintegrate over time. Unfortunately, automated self-healing processes may become costly procedures in which the reliability of the strategies and the time-critical of any recovery of the control can become key factors to re-establish the control properties in due time. This operational need is precisely the aim of this paper, in which four reachability-based recovery strategies from a thereotical point of view are proposed so as to find the best option/s in terms of optimization, robustness and complexity. To do this, new definitions related to structural controllability in relation to the type of distribution of the network and its control load capacity are given in this paper, resulting in an interesting practical study.

PDF icon 1598.pdf (606.93 KB)
A. Nieto, R. Roman, and J. Lopez, "Testificación Digital", In Revista SIC, vol. 122, Ediciones CODA, pp. 94-98, Nov 2016. More..

Abstract

El creciente número de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos –muchos de ellos propietarios– y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse cómo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se está desarrollando una solución, el Testigo Digital, que permitirá a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegiéndonos de los ciberataques emergentes.

PDF icon nrlSIC16.pdf (476.98 KB)
A. Nieto, R. Roman, and J. Lopez, "Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT", In II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 06/2016. More..

Abstract

En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.

PDF icon 1578.pdf (2.04 MB)
2017
J. E. Rubio, C. Alcaraz, R. Roman, and J. Lopez, "Analysis of Intrusion Detection Systems in Industrial Ecosystems", In 14th International Conference on Security and Cryptography (SECRYPT 2017), 2017. More..
PDF icon 1662.pdf (312.9 KB)
C. Alcaraz, L. Cazorla, and J. Lopez, "Cyber-Physical Systems for Wide-Area Situational Awareness", In Cyber-Physical Systems: Foundations, Principles and Applications, no. Intelligent Data-Centric Systems, Academic Press, pp. 305 - 317, 2017. DOI More..

Abstract

Abstract Cyber-physical systems (CPSs), integrated in critical infrastructures, could provide the minimal services that traditional situational awareness (SA) systems demand. However, their application in SA solutions for the protection of large control distributions against unforeseen faults may be insufficient. Dynamic protection measures have to be provided not only to locally detect unplanned deviations but also to prevent, respond, and restore from these deviations. The provision of these services as an integral part of the SA brings about a new research field known as wide-area situational awareness (WASA), highly dependent on CPSs for control from anywhere across multiple interconnections, and at any time. Thus, we review the state-of-the art of this new paradigm, exploring the different preventive and corrective measures considering the heterogeneity of CPSs, resulting in a guideline for the construction of automated WASA systems.

PDF icon 1590.pdf (544.05 KB)
A. Nieto, R. Rios, and J. Lopez, "Digital Witness and Privacy in IoT: Anonymous Witnessing Approach", In 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 642-649, 08/2017. More..

Abstract

The digital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a Digital Chain of Custody to an authorised entity. As one of the cores of the digital witness, binding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, digital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known. 

PDF icon 1654.pdf (1.44 MB)
A. Nieto, N. Nomikos, J. Lopez, and C. Skianis, "Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data", In IEEE Systems Journal, vol. 11, issue 4, no. 99, IEEE, pp. 2479-2489, 12/2017. ISI JCR Impact Factor 2016: 3.882 DOI More..

Abstract

The growing number of parameters in heteroge- neous networks, as is the case of the fifth generation (5G) Green networks, greatly complicates the analysis of the Security and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities. 

Impact Factor: 3.882
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon NietNLS15.pdf (1.13 MB)
J. Lopez, R. Rios, F. Bao, and G. Wang, "Evolving privacy: From sensors to the Internet of Things", In Future Generation Computer Systems, vol. 75, Elsevier, pp. 46–57, 10/2017. ISI JCR Impact Factor 2016: 3.997 DOI More..

Abstract

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration. 

Impact Factor: 3.997
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon Lopez2017iotpriv.pdf (440.5 KB)
R. Rios, R. Roman, J. A. Onieva, and J. Lopez, "From Smog to Fog: A Security Perspective", In 2nd IEEE International Conference on Fog and Edge Mobile Computing (FMEC 2017), IEEE Computer Society, pp. 56-61, 06/2017. DOI More..

Abstract

Cloud computing has some major limitations that hinder its application to some specific scenarios (e.g., Industrial IoT, and remote surgery) where there are particularly stringent requirements, such as extremely low latency. Fog computing is a specialization of the Cloud that promises to overcome the aforementioned limitations by bringing the Cloud closer to end-users. Despite its potential benefits, Fog Computing is still a developing paradigm which demands further research, especially on security and privacy aspects. This is precisely the focus of this paper: to make evident the urgent need for security mechanisms in Fog computing, as well as to present a research strategy with the necessary steps and processes that are being undertaken within the scope of the SMOG project, in order to enable a trustworthy and resilient Fog ecosystem.

PDF icon Ruben2017smog.pdf (486.34 KB)
A. Nieto, R. Rios, and J. Lopez, "A Methodology for Privacy-Aware IoT-Forensics", In 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 626-633, 08/2017. More..
PDF icon 1652.pdf (517.19 KB)
G. Fernandez, A. Nieto, and J. Lopez, "Modeling Malware-driven Honeypots", In 14th International Conference On Trust, Privacy & Security In Digital Business (TrustBus 2017), vol. 10442, Springer International Publishing, pp. 130-144, 08/2017. More..

Abstract

In this paper we propose the Hogney architecture for the deployment of malware-driven honeypots. This new concept refers to honeypots that have been dynamically configured according to the environment expected by malware. The adaptation mechanism designed here is built on services that offer up-to-date and relevant intelligence information on current threats. Thus, the Hogney architecture takes advantage of recent Indicators Of Compromise (IOC) and information about suspicious activity currently being studied by analysts. The information gathered from these services is then used to adapt honeypots to fulfill malware requirements, inviting them to unleash their full strength.

PDF icon 1656.pdf (406.21 KB)
C. Fernandez-Gago, F. Moyano, and J. Lopez, "Modelling Trust Dynamics in the Internet of Things", In Information Sciences, vol. 396, Elsevier, pp. 72-82, 2017. ISI JCR Impact Factor 2016: 4.832 DOI More..

Abstract

The Internet of Things (IoT) is a paradigm based on the interconnection of everyday objects. It is expected that the ‘things’ involved in the IoT paradigm will have to interact with each other, often in uncertain conditions. It is therefore of paramount importance for the success of IoT that there are mechanisms in place that help overcome the lack of certainty. Trust can help achieve this goal. In this paper, we introduce a framework that assists developers in including trust in IoT scenarios. This framework takes into account trust, privacy and identity requirements as well as other functional requirements derived from IoT scenarios to provide the different services that allow the inclusion of trust in the IoT.

Impact Factor: 4.832
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon Fer_IS17.pdf (1002.43 KB)
C. Alcaraz, J. Lopez, and S. Wolthunsen, "OCPP Protocol: Security Threats and Challenges", In IEEE Transactions on Smart Grid, vol. 8, issue 5, IEEE, pp. 2452 - 2459, 02/2017. ISI JCR Impact Factor 2016: 6.645 More..

Abstract

One benefit postulated for the adoption of Electric Vehicles (EVs) is their ability to act as stabilizing entities in smart grids through bi-directional charging, allowing local or global smoothing of peaks and imbalances. This benefit, however, hinges indirectly on the reliability and security of the power flows thus achieved. Therefore this paper studies key security properties of the alreadydeployed Open Charge Point Protocol (OCPP) specifying communication between charging points and energy management systems. It is argued that possible subversion or malicious endpoints in the protocol can also lead to destabilization of power networks. Whilst reviewing these aspects, we focus, from a theoretical and practical standpoint, on attacks that interfere with resource reservation originating with the EV, which may also be initiated by a man in the middle, energy theft or fraud. Such attacks may even be replicated widely, resulting in over- or undershooting of power network provisioning, or the (total/partial) disintegration of the integrity and stability of power networks.

Impact Factor: 6.645
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon AlcarazLopezWolthusen2017.pdf (389.27 KB)
A. Nieto, R. Rios, and J. Lopez, "PRoFIT: modelo forense-IoT con integración de requisitos de privacidad", In XIII Jornadas de Ingeniería Telemática (JITEL 2017), 09/2017. More..
PDF icon 1655.pdf (456.17 KB)
J. Lopez, et al., "Protecting Industry 4.0 against Advanced Persistent Threats", In European CIIP Newsletter, vol. 11, issue 26, no. 1, European CIIP Newsletter, pp. 27-29, 03/2017. More..
PDF icon lopez2017ecn.pdf (226.62 KB)
D. Nuñez, I. Agudo, and J. Lopez, "Proxy Re-Encryption: Analysis of Constructions and its Application to Secure Access Delegation", In Journal of Network and Computer Applications, vol. 87, Elsevier, pp. 193-209, 06/2017. ISI JCR Impact Factor 2016: 3.500 DOI More..

Abstract

This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud. 

Impact Factor: 3.500
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon nunez2017proxy.pdf (687.13 KB)
R. Rios, D. Nuñez, and J. Lopez, "Query Privacy in Sensing-as-a-Service Platforms", In 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), S. De Capitan di Vimercati, and F. Martinelli Eds., IFIP Advances in Information and Communication Technology (AICT) 502, Springer, pp. 141–154, 05/2017. DOI More..

Abstract

The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically. 

PDF icon Rios2017query.pdf (367.05 KB)
J. E. Rubio, C. Alcaraz, and J. Lopez, "Recommender System for Privacy-Preserving Solutions in Smart Metering", In Pervasive and Mobile Computing, Pervasive and Mobile Computing, 2017. ISI JCR Impact Factor 2016: 2.349 More..

Abstract

Nowadays, Smart Grid is envisaged to provide several benefits to both customers and grid operators. However, Smart Meters introduce many privacy issues if consumption data is analysed. In this paper we analyse the main techniques that address privacy when collecting electricity readings. In addition to privacy, it is equally important to preserve efficiency to carry on with monitoring operations, so further control requirements and communication protocols are also studied. Our aim is to provide guidance to installers who intend to integrate such mechanisms on the grid, presenting an expert system to recommend an appropriate deployment strategy.

Impact Factor: 2.349
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon rubiorecommender17.pdf (461.99 KB)
C. Alcaraz, J. Lopez, and K-K. Raymond Choo, "Resilient Interconnection in Cyber-Physical Control Systems", In Computers & Security, vol. 71, Elsevier, pp. 2-14, 11/2017. ISI JCR Impact Factor 2016: 2.849 DOI More..

Abstract

Secure interconnection between multiple cyber-physical systems has become a fundamental requirement in many critical infrastructures, where security may be centralized in a few nodes of the system. These nodes could, for example, have the mission of addressing the authorization services required for access in highlyrestricted remote substations. For this reason, the main aim of this paper is to unify all these features, together with the resilience measures so as to provide control at all times under a limited access in the field and avoid congestion. Concretely, we present here an optimal reachability-based restoration approach, capable of restoring the structural control in linear times taking into account: structural controllability, the supernode theory, the good practices of the IEC-62351 standard and the contextual conditions. For context management, a new attribute is specified to provide a more complete authorization service based on a practical policy, role and attribute-based access control (PBAC + RBAC + ABAC). To validate the approach, two case studies are also discussed under two strategic adversarial models.

Impact Factor: 2.849
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

C. Alcaraz, and J. Lopez, "Secure Interoperability in Cyber-Physical Systems", In Security Solutions and Applied Cryptography in Smart Grid Communications, IGI Global, USA, IGI Global, pp. 137-158, 2017. DOI More..

Abstract

Transparency in control transactions under a secure network architecture is a key topic that must be discussed when aspects related to interconnection between heterogeneous cyber-physical systems (CPSs) arise. The interconnection of these systems can be addressed through an enforcement policy system responsible for managing access control according to the contextual conditions. However, this architecture is not always adequate to ensure a rapid interoperability in extreme crisis situations, and can require an interconnection strategy that permits the timely authorized access from anywhere at any time. To do this, a set of interconnection strategies through the Internet must be studied to explore the ability of control entities to connect to the remote CPSs and expedite their operations, taking into account the context conditions. This research constitutes the contribution of this chapter, where a set of control requirements and interoperability properties are identified to discern the most suitable interconnection strategies.

PDF icon 1603.pdf (546.13 KB)
2018
R. Roman, J. Lopez, and M. Mambo, "Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges", In Future Generation Computer Systems, vol. 78, issue 1, Elsevier, pp. 680-698, 01/2018. ISI JCR Impact Factor 2016: 3.997 DOI More..

Abstract

For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

Impact Factor: 3.997
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon RomanFog16.pdf (775.54 KB)
In Press
J. E. Rubio, R. Roman, and J. Lopez, "Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection", In The 12th International Conference on Critical Information Infrastructures Security, In Press.
C. Alcaraz, and J. Lopez, "A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability", In IEEE Systems Journal, IEEE, 10/2017, In Press. ISI JCR Impact Factor 2016: 3.882 DOI More..

Abstract

The protection of critical user-centric applications, such as Smart Grids and their monitoring systems, has become one of the most cutting-edge research areas in recent years. The dynamic complexity of their cyber-physical systems (CPSs) and their strong inter-dependencies with power systems, are bringing about a significant increase in security problems that may be exploited by attackers. These security holes may, for example, trigger the disintegration of the structural controllability properties due to the problem of non-locality, affecting, sooner or later, the provision of the essential services to end-users. One way to address these situations could be through automatic checkpoints in charge of inspecting the healthy status of the control network and its critical nature. This inspection can be subject to special mechanisms composed of trustworthy cyberphysical elements capable of detecting structural changes in the control and activating restoration procedures with support for warning. This is precisely the aim of this paper, which presents a CPSs-based checkpoint model with the capacity to manage heterogeneous replications that help ensure data redundancy, thereby guaranteeing the validity of the checkpoints. As a support to this study, a theoretical and practical analysis is addressed to show the functionality of the approach in real contexts.

Impact Factor: 3.882
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

D. Nuñez, I. Agudo, and J. Lopez, "The fallout of key compromise in a proxy-mediated key agreement protocol", In 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'17), vol. LNCS 10359, In Press. More..

Abstract

In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk. 

R. Rios, C. Fernandez-Gago, and J. Lopez, "Modelling Privacy-Aware Trust Negotiations", In Computers & Security, Elsevier, In Press. ISI JCR Impact Factor 2016: 2.849 DOI More..

Abstract

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

Impact Factor: 2.849
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon Ruben2017trust.pdf (425.82 KB)
J. E. Rubio, C. Alcaraz, and J. Lopez, Preventing Advanced Persistent Threats in Complex Control Networks , 22nd European Symposium on Research in Computer Security (ESORICS 2017), In Press.
J. E. Rubio, C. Alcaraz, and J. Lopez, "Selecting Privacy Solutions to Prioritise Control in Smart Metering Systems", In The 11th International Conference on Critical Information Infrastructures Security, vol. LNCS, In Press. More..

Abstract

The introduction of the Smart Grid brings with it several benefits to society, because its bi-directional communication allows both users and utilities to have better control over energy usage. However, it also has some privacy issues with respect to the privacy of the customers when analysing their consumption data. In this paper we review the main privacy-preserving techniques that have been proposed and compare their efficiency, to accurately select the most appropriate ones for undertaking control operations. Both privacy and performance are essential for the rapid adoption of Smart Grid technologies.