Full Professor (Catedrático)
Computer Science Department, University of Malaga
Campus de Teatinos s/n,29071 - Malaga (Spain)
Phone: +34-952-131327 Fax: +34-952-131397
- Co-Editor in Chief, International Journal of Information Security (IJIS), Springer
- Editorial Board member:
- IEEE Wireless Communications, IEEE
- Computers & Security, Elsevier
- IEEE Internet of Things Journal, IEEE
- IET Information Security, IET
- International Journal on Critical Infrastructure Protection, Elsevier
- Journal of Computer Security, IOS Press
- Security and Communications Network, John Wiley & Sons
- Journal of Network and Computer Applications, Elsevier
- International Journal of Communication Systems, John Wiley & Sons
- Information Computer Security Journal, Emerald
- International Journal of Internet Technology and Secured Transactions, Inderscience Publishers
- Cryptology & Information Security series, IOS Press
- Computer Communications, Elsevier (2009-2012)
- Wireless Communications and Mobile Computing, John Wiley & Sons (2008-2011)
- Computer Networks, Elsevier (2008-2011)
- IEEE Senior Member
- ACM Senior Member
- Spanish representative in IFIP Technical Committee 11 - Security and Privacy Protection in Information Processing Systems
- Member of the Spanish Mirror Committee JTC1 of ISO
- Chair, ERCIM Working Group on Security and Trust Management (ERCIM-STM) (2009-2012)
- Chair, IFIP Working Group 11.11 on Trust Management (2006-2009)
PhD Thesis (co)Advisor
- Ruben Rios (2014)
- Pablo Najera (2013)
- Cristina Alcaraz (2011)
- David García (2009)
- Isaac Agudo (2008)
- Rodrigo Román (2008)
- Vicente Benjumea (2007)
- José A. Onieva (2006)
- José A. Montenegro (2006)
- Juan J. Ortega (2005)
- Antonio Maña (2003)
Recent selected publications
"Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense", In LNCS, vol. 6715, Springer, 2012. "Secure Multi-Party Non-Repudiation Protocols and Applications", In Advances in Information Security, vol. 43, Springer, 2009.
- "On the features and challenges of security and privacy in distributed internet of things",
In Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013.
ISI JCR Impact Factor 2013: 1.282 DOI
In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.Impact Factor: 1.282Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
- "Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection",
In Computer Standards & Interfaces, vol. 36, issue 3, Elsevier, pp. 501-512, 2014.
ISI JCR Impact Factor 2014: 0.879 DOI
Situational awareness for critical infrastructure protection, such as for energy control systems, has become a topic of interest in recent years. Despite attempts to address this area of research, more progress is still necessary to find attractive solutions that help bring about prevention and response at all times from anywhere and at any time. Given this need, we therefore propose in this paper, a smart mechanism able to offer a wide-area situational awareness with the ability to: (i) Control the real state of the observed infrastructure, (ii) respond to emergency situations and (iii) assess the degree of ccuracy of the entire control system. To address these aspects, the mechanism is based on a hierarchical configuration of industrial sensors for control, the ISA100.11a standard for the prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighbourhood. As proof of the functionality and feasibility of the mechanism for critical contexts, a software application implemented in nesC and Java is also presented in this paper.Impact Factor: 0.879Journal Citation Reports® Science Edition (Thomson Reuters, 2014)
- "Security of Industrial Sensor Network-based Remote Substations in the context of the Internet of Things",
In Ad Hoc Networks, vol. 11, Elsevier, pp. 1091–1104, 2013.
ISI JCR Impact Factor 2013: 1.943 DOI
The main objective of remote substations is to provide the central system with sensitive information from critical infrastructures, such as generation, distribution or transmission power systems. Wireless sensor networks have been recently applied in this particular context due to their attractive services and inherent benefits, such as simplicity, reliability and cost savings. However, as the number of control and data acquisition systems that use the Internet infrastructure to connect to substations increases, it is necessary to consider what connectivity model the sensor infrastructure should follow: either completely isolated from the Internet or integrated with it as part of the Internet of Things paradigm. This paper therefore addresses this question by providing a thorough analysis of both security requirements and infrastructural requirements corresponding to all those TCP/IP integration strategies that can be applicable to networks with constrained computational resources.Impact Factor: 1.943Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
- "Wide-Area Situational Awareness for Critical Infrastructure Protection",
In IEEE Computer, vol. 46, no. 4, IEEE Computer Society, pp. 30-37, 2013.
ISI JCR Impact Factor 2013: 1.438 DOI
Combining a wide-area situational awareness (WASA) methodological framework with a set of requirements for awareness construction can help in the development and commissioning of future WASA cyberdefense solutionsImpact Factor: 1.438Journal Citation Reports® Science Edition (Thomson Reuters, 2013)
- "Selecting key management schemes for WSN applications",
In Computers & Security, vol. 31, no. 38, Elsevier, pp. 956–966, Nov 2012.
ISI JCR Impact Factor 2012: 1.158 DOI
Key management in wireless sensor networks (WSN) is an active research topic. Due to the fact that a large number of key management schemes (KMS) have been proposed in the literature, it is not easy for a sensor network designer to know exactly which KMS best fits in a particular WSN application. In this article, we offer a comprehensive review on how the application requirements and the properties of various key management schemes influence each other. Based on this review, we show that the KMS plays a critical role in determining the security performance of a WSN network with given application requirements. We also develop a method that allows the network designers to select the most suitable KMS for a specific WSN network setting. In addition, the article also addresses the issues on the current state-of-the-art research on the KMS for homogeneous (i.e. non-hierarchical) networks to provide solutions for establishing link-layer keys in various WSN applications and scenarios.Impact Factor: 1.158Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
- "Securing the Internet of Things",
In IEEE Computer, vol. 44, no. 9, IEEE, pp. 51 -58, Sept 2011.
ISI JCR Impact Factor 2011: 1.47 DOI
This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.Impact Factor: 1.47Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
- "A Security Analysis for Wireless Sensor Mesh Networks in Highly Critical Systems",
In Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 40, no. 4, IEEE, pp. 419-428, July, 2010.
ISI JCR Impact Factor 2010: 2.105 DOI
Nowadays, critical control systems are a fundamental component contributing to the overall performance of critical infrastructures in our society, most of which belong to the industrial sector. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zigbee PRO, WirelessHART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. The main purpose of this paper has been to review these three standards and analyze their security. We have identified a set of threats and potential attacks in their routing protocols, and we consequently provide recommendations and countermeasures to help Industry protect its infrastructures.Impact Factor: 2.105Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
- "A Scale Based Trust Model for Multi-Context Environments",
In Computers and Mathematics with Applications, vol. 60, Elsevier, pp. 209-216, July, 2010.
ISI JCR Impact Factor 2010: 1.472 DOI
When interactions among users of a system have to take place, for example, over the internet, establishing trust relationships among these users becomes crucial. However, the way this trust is established depends to a certain extent on the context where the interactions take place. Most of the time, trust is encoded as a numerical value that might not be very meaningful for a not very experienced user. In this paper we propose a model that takes into account the semantic and the computational sides of trust. This avoids users having to deal directly with the computational side; they instead deal with meaningful labels such as Bad or Good in a given context.Impact Factor: 1.472Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
- "A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures",
In Wireless Communications and Mobile Computing, vol. 11, Wiley, pp. 267-276, 2011.
The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.
- "On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks",
In Wireless Communications and Mobile Computing, vol. 12, Wiley, pp. 133-143, Jan 2012.
ISI JCR Impact Factor 2012: 0.863 DOI
Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).Impact Factor: 0.863Journal Citation Reports® Science Edition (Thomson Reuters, 2012)
- "A methodology for security assurance-driven system development",
In Requirements Engineering, vol. 16, no. 1, Springer, pp. 55-73, Mar 2011.
ISI JCR Impact Factor 2011: 0.971 DOI
In this work, we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.Impact Factor: 0.971Journal Citation Reports® Science Edition (Thomson Reuters, 2011)
- "Trust Management Systems for Wireless Sensor Networks: Best practices",
In Computer Communications, vol. 33, no. 9, Elsevier, pp. 0140-3664, 2010.
ISI JCR Impact Factor 2010: 0.816 DOI
Wireless sensor networks (WSNs) have been proven a useful technology for perceiving information about the physical world and as a consequence has been used in many applications such as measurement of temperature, radiation, flow of liquids, etc. The nature of this kind of technology, and also their vulnerabilities to attacks make the security tools required for them to be considered in a special way. The decision making in a WSN is essential for carrying out certain tasks as it aids sensors establish collaborations. In order to assist this process, trust management systems could play a relevant role. In this paper, we list the best practices that we consider are essential for developing a good trust management system for WSN and make an analysis of the state of the art related to these practices.Impact Factor: 0.816Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
- "Integrating Wireless Sensor Networks and the Internet: A Security Analysis",
In Internet Research, vol. 19, no. 2, Emerald, pp. 246-259, Mar 2009.
ISI JCR Impact Factor 2009: 0.844 DOI
Purpose: This paper aims to analyze the security issues that arise when integrating wireless sensor networks (WSN) and the internet. Also, it seeks to review whether existing technology mechanisms are suitable and can be applied in this context. Design/methodology/approach: The paper considers the possible approaches that can be used to connect a WSN with the internet, and analyzes the security of their interactions. Findings: By providing the services of the network through a front-end proxy, a sensor network and the internet can interact securely. There are other challenges to be solved if the sensor nodes are integrated into the internet infrastructure, although there exists interesting advances on his matter. Research limitations and implications: The complete integration of sensor networks and the internet still remains as an open issue. Practical implications: With the current state of the art, it is possible to develop a secure sensor network that can provide its services to internet hosts with certain security properties. Originality/value: The paper studies the interactions between sensor networks and the internet from the point of view of security. It identifies both solutions and research challenges.Impact Factor: 0.844Journal Citation Reports® Science Edition (Thomson Reuters, 2009)
- "A security framework for a workflow-based grid development platform.",
In Computer Standards and Interfaces, vol. 32, no. 5-6, Elsevier, pp. 230-245, Oct 2010.
ISI JCR Impact Factor 2010: 0.868 DOI
This paper describes the security framework that is to be developed for the generic grid platform created for the project GREDIA. This platform is composed of several components that need to be secured. The platform uses the OGSA standards, so that the security framework will follow GSI, the portion of Globus that implements security. Thus, we will show the security features that GSI already provides and we will outline which others need to be created or enhanced.Impact Factor: 0.868Journal Citation Reports® Science Edition (Thomson Reuters, 2010)
- Citekey ferrer-gomilla2009 not found
- "Multi-Party Nonrepudiation: A survey",
In ACM Comput. Surveys, vol. 41, no. 1, pp. 5, December, 2008.
ISI JCR Impact Factor 2008: 9.92
Nonrepudiation is a security service that plays an important role in many Internet applications. Traditional two-party nonrepudiation has been studied intensively in the literature. This survey focuses on multiparty scenarios and provides a comprehensive overview. It starts with a brief introduction of fundamental issues on nonrepudiation, including the types of nonrepudiation service and cryptographic evidence, the roles of trusted third-party, nonrepudiation phases and requirements, and the status of standardization. Then it describes the general multiparty nonrepudiation problem, and analyzes state-of-the-art mechanisms. After this, it presents in more detail the 1-N multiparty nonrepudiation solutions for distribution of different messages to multiple recipients. Finally, it discusses advanced solutions for two typical multiparty nonrepudiation applications, namely, multiparty certified email and multiparty contract signing.Impact Factor: 9.92Journal Citation Reports® Science Edition (Thomson Reuters, 2008)
- "Situation Awareness Mechanisms for Wireless Sensor Networks",
In IEEE Communications Magazine, vol. 46, no. 4, IEEE, pp. 102-107, April, 2008.
ISI JCR Impact Factor 2008: 2.799 DOI
A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.Impact Factor: 2.799Journal Citation Reports® Science Edition (Thomson Reuters, 2008)
- "Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?",
In 1st International Workshop on the Security of the Internet of Things (SecIoT’10), IEEE, pp. xxxx, December, 2010.
Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.
- "Early Warning System for Cascading Effect Control in Energy Control Systems",
In 5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010.
A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.
- "Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks",
In Foundations of Security Analysis and Design 2009, LNCS 5705, Springer Berlin/Heidelberg, pp. 289-338, August, 2009.
As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.
- "KeyLED - Transmitting Sensitive Data over out-of-band Channels in Wireless Sensor Networks",
In 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS’08), IEEE, pp. 796-801, September, 2008.
An out-of-band (OoB) channel can be defined as an extra channel, different from the main wireless channel, that has additional security properties. They are specially suitable for protecting spontaneous interactions and exchanging sensitive data between previously unknown devices. Due to the vulnerable nature of wireless sensor networks (WSN), these kind of channels might be useful for protecting certain sensor network operations. In this paper we analyze the applicability of out-of-band channels to wireless sensor networks, and specify why an optical channel should be a good candidate for implementing an extra channel in sensor nodes. Also, we analyze how the existing security threats may affect this type of channel. Finally, the suitability and usability of optical channels for sensor networks is demonstrated by means of a prototype.
- "A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks",
In Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08), LNCS 5339, Springer, pp. 120-132, December, 2008.
Wireless sensors are low power devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. The latter is specially dramatic in underwater wireless sensor networks (UWSN), where the acoustic transmission mechanisms are less reliable and more energy-demanding. Saving in communication is thus the primary concern in underwater wireless sensors. With this constraint in mind, we argue that non-interactive identity-based key agreement built on pairings provides the best solution for key distribution in large UWSN when compared to the state of the art. At first glance this claim is surprising, since pairing computation is very demanding. Still, pairing-based non-interactive key establishment requires minimal communication and at the same time enjoys excellent properties when used for key distribution.
- "Fair Traceable Multi-Group Signatures",
In Financial Cryptography and Data Security (FC’08), LNCS 5143, Springer, pp. 265-281, January, 2008.
This paper presents fair traceable multi-group signatures (FTMGS) which have enhanced capabilities compared to group and traceable signatures that are important in real world scenarios combining accountability and anonymity. The main goal of the primitive is to allow multi groups that are managed separately (managers are not even aware of the other ones), yet allowing users (in the spirit of the Identity 2.0 initiative) to manage what they reveal about their identity with respect to these groups by themselves. This new primitive incorporates the following additional features: (a) While considering multiple groups it discourages users from sharing their private membership keys through two orthogonal and complementary approaches. In fact, it merges functionality similar to credential systems with anonymous type of signing with revocation. (b) The group manager now mainly manages joining procedures, and new entities (called fairness authorities and consisting of various representatives, possibly) are involved in opening and revealing procedures. In many systems scenario assuring fairness in anonymity revocation is required.We specify the notion and implement it with a security proof of its properties (in the ROM).
- "Anonymity 2.0: X.509 Extensions Supporting Privacy-friendly Authentication",
In Sixth International Workshop on Cryptology and Network Security (CANS’07), LNCS 4856, Springer, pp. 265-281, December, 2007.
We present a semantic extension to X.509 certificates that allows incorporating new anonymity signature schemes into the X.509 framework. This fact entails advantages to both components. On the one hand, anonymous signature schemes benefit from all the protocols and infrastructure that the X.509 framework provides. On the other hand, the X.509 framework incorporates anonymity as a very interesting new feature. This semantic extension is part of a system that provides user’s controlled anonymous authorization under the X.509 framework. Additionally, the proposal directly fits themuch active Identity 2.0 effort,where anonymity is a major supplementary feature that increases the self-control of one’s identity and privacy which is at the center of the activity.
- "On the features and challenges of security and privacy in distributed internet of things", In Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. ISI JCR Impact Factor 2013: 1.282 DOI