Isaac Agudo

Associate Professor

Computer Science Department, University of Malaga
Campus de Teatinos s/n,29071 - Malaga (Spain)
Phone: (+34) 952136315 / 951952913    Fax: (+34) 952131397


Current research

  • Applied crypto for IoT and Cloud scenarios: Analysis of current security problems ,and proposal of new solutions, in Cloud and IoT scenarios, in particular with regard to Privacy and Confidentiality.
  • Digital Identity: New requirements for interoperable identity scheme in the Future Internet. Exploring the possiblities of mobile devices as identity enablers.
  • Authentication, Authorization and Delegation: Definition and implementation of privacy frienly autentication mechanisms.


  • Ph.D. in Computer Science (with European Doctorate mention), University of Malaga (July 2008).
  • MSc. in Mathematics, University of Malaga (July 2002).
  • BSc. in Computer Science, UNED, Spain (August 2007).

Relevant publications

  • D. Nuñez, I. Agudo, and J. Lopez, "NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU", In 10th ACM Symposium on Information, Computer and Communications Security (AsiaCCS), pp. 179-189, 04/2015. DOI More..


    The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehlé and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.

  • D. Nuñez, I. Agudo, and J. Lopez, "A Parametric Family of Attack Models for Proxy Re-Encryption", In 28th IEEE Computer Security Foundations Symposium, IEEE Computer Society, pp. 290-301, 07/2015. DOI More..


    Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) which provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from ``plain'' IND-CPA to ``full'' IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent ``CCA1- secure'' scheme from PKC 2014 whose security model does not capture chosen-ciphertext attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.

  • D. Nuñez, and I. Agudo, "BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service", In International Journal of Information Security, vol. 13, issue 2, Springer, pp. 199-215, 2014. ISI JCR Impact Factor 2014: 0.963 DOI More..


    Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control; however, at the same time it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. In this paper we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection. In particular, we describe how a SAML-based system can be augmented to employ proxy re-encryption techniques for achieving data condentiality with respect to the cloud provider, while preserving the ability to supply the identity service. This is an innovative contribution to both the privacy and identity management landscapes.

    Impact Factor: 0.963
    Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

  • C. Fernandez-Gago, I. Agudo, and J. Lopez, "Building Trust from Context Similarity Measures", In Computer Standards & Interfaces, Special Issue on Security in Information Systems, vol. 36, issue 4, Elsevier, pp. 792-800, 2014. ISI JCR Impact Factor 2014: 0.879 DOI More..


     Trust is an essential feature of any system where entities have to collaborate among them. Trust can assist entities making decisions about what is the best entity for establishing a certain collaboration. It would be desirable to simulate behaviour of users as in social environments where they tend to establish relationships or to trust users who have common interests or share some of their opinions, i.e., users who are similar to them to some extent. Thus, in this paper we first introduce the concept of context similarity among entities and from it we derive a similarity network which can be seen as a graph. Based on this similarity network we dene a trust model that allows us also to establish trust along a path of entities. A possible applications of our model are proximity-based trust establishment. We validate our model in this scenario.


    Impact Factor: 0.879
    Journal Citation Reports® Science Edition (Thomson Reuters, 2014)

  • I. Agudo, R. Rios, and J. Lopez, "A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control", In Computers & Security, vol. 39 (B), Elsevier, pp. 117-126, 11/2013. ISI JCR Impact Factor 2013: 1.172 DOI More..


    Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.

    Impact Factor: 1.172
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  • D. Nuñez, I. Agudo, and J. Lopez, "Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services", In IEEE CloudCom 2012, IEEE Computer Society, pp. 241 - 248, Dec 2012. DOI More..


    The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

  • I. Agudo, et al., "Cryptography Goes to the Cloud", In 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), C. Lee, J-M. Seigneur, J. J. Park, and R. R. Wagner Eds., Communications in Computer and Information Science 187, Springer, pp. 190-197, June, 2011. DOI More..


    In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computation will become popular in the near future, opening the doors of the Cloud to customers with higher security requirements.

  • J. L. Vivas, I. Agudo, and J. Lopez, "A methodology for security assurance-driven system development", In Requirements Engineering, vol. 16, no. 1, Springer, pp. 55-73, Mar 2011. ISI JCR Impact Factor 2011: 0.971 DOI More..


    In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.

    Impact Factor: 0.971
    Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

  • I. Agudo, C. Fernandez-Gago, and J. Lopez, "A Model for Trust Metrics Analysis", In 5th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’08), LNCS 5185, Springer, pp. 28-37, 2008. DOI More..


    Trust is an important factor in any kind of network essential, for example, in the decision-making process. As important as the definition of trust is the way to compute it. In this paper we propose a model for defining trust based on graph theory and show examples of some simple operators and functions that will allow us to compute trust.

Courses and seminars

  • European Intensive Programme on Information & Communication Systems Security (IPICS), September 2012.
  • Computer Science Paradigms - Esp. in Information Security. University of la Laguna, November 2012

Scientific Activities

  • Editorial Board:
    • Information Security Journal: A Global Perspective
    • International Journal of Digital Content Technology and its Applications (JDCTA)
    • International Journal of Research in Computer Science (IJORCS)
    • International Journal of Advances in Electrical & Electronics Engineering (IJAEEE)
  • Organization committee member:
    • The 11th FTRA International Conference on Secure and Trust Computing, data management, and Applications (STA 2014)
    • 5th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013) Security and Privacy track, Bristol, UK, December 2-5, 2013
    • 10th European PKI Workshop (EuroPKI 2013) in conjuntion with European Symposium on Research in Computer Security (ESORICS 2013), 9 – 13 September 2013, Egham, United Kingdom.
    • 7th International Conference on Trust Management (IFIPTM 2013), Malaga, Spain, June 3-7, 2013.
    • 1st International Workshop on ‘Security & Trust for Applications in Virtualised Environments’ (STAVE 2011) in conjunction with The 8th FTRA International Conference on Secure and Trust Computing, data management, and Applications, Greece, 28-30 June 2011
    • 7th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2010) in conjunction with the 21th International Conference on Database and Expert Systems Applications (DEXA 2010), Bilbao, Spain, 30 August - 3 September 2010.
  • Program committee member: 
    • 6th International Conference on e-Democracy: Citizen rights in the world of the new computing paradigms, 10-11 December 2015, Athens, Greece
    • 12th International Conference on Trust, Privacy & Security in Digital Business - TRUSTBUS, 1-2 September 2015, Valencia, Spain.
    • 10th International Conference on Availability, Reliability and Security - ARES, 24-28 August 2015, Toulouse, France.
    • 1st special track on Security and Privacy in Healthcare IT in the 26th IEEE International Symposium on Computer-Based Medical Systems, 20-22 June, 2013, Porto, Portugal.
    • 5th International Symposium on Security and Multimodality in Pervasive Environments (SMPE-11) 22-25 March, 2011, Biopolis, Singapore
    • 7th European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI'10) 23-24 September, 2010, Athens, Greece
    • 6th International Conference on Web Information Systems and Technologies (WEBIST 2010) 7-10 April, 2010, Valencia, Spain
    • 2nd. Ibero-American Web Application Security Conference (IBWAS'10) 25-26 November, 2010, Lisbon, Portugal
    • 4th International Symposium on Security and Multimodality in Pervasive Environments (SMPE-10) 20-23 April, 2010, Perth, Australia
    • 3rd International Conference on Computational Intelligence in Security for Information Systems (CISIS'10) 11-12 November, 2010, Leon, Spain
    • FTRA 2010 International Symposium on Advances in Cryptography, Security and Applications for Future Computing (ACSA-10) 9-11 December, 2010, Gwangju, Korea
    • Sixth European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI'09) 10-11 September, 2009, Pisa, Italy
    • 2009 International Conference on Security and Cryptography (SECRYPT 2009) 7-10 July, 2009, Milan, Italy
    • 2009 International Conference on Information Security and Privacy (ISP-09) 13-16 July, 2009, Orlando, USA
    • The 3rd International Conference on Information Security and Assurance (ISA'2009) 25-27 June, 2009, Korea University, Seoul, Korea
    • 3rd International Conference on Multimedia and Ubiquitous Engineering (MUE'09) June 4-6 2009. Qingdao, China.
    • International Conference on Web Information Systems and Technologies 2009 (WEBIST'2009) March 23-26 2009. Lisboa, Portugal.
    • Fifth European PKI Workshop (EuroPKI'08) 16-17 June, 2008, Trondheim, Norway.
    • International Conference on Computational Intelligence and Security 2007 (CIS'2007) 15-19 December, 2007, International Conference Center of Harbin Institure of Technology (HIT), Harbin, China