Ana Nieto

PostDoctoral Researcher


Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34-951-952914    Fax: +34-951-952749
E-mail: nieto@lcc.uma.es

Domain of interest and research

Broad knowledge of trusted execution technologies and security on virtual platforms. An important part of my work at NICS lab has been to study embedded hardware security mechanisms (e.g. TPM, SE). I have followed its progression over the years and this has allowed, for example, the definition of the concept of digital witness (patent ES2587584, WO2017068222), in which I am immersed as part of the IoTest project team. My last papers are about the definition of this novel concept, which is part of the topic IoT-Forensics. I am currently analyzing the possibilities of implantation of this technology in cellular networks.

Current research

Education

  • PhD in Computer Science, University of Málaga, Spain (2015).
  • Master in Software Engineering and Artificial Intelligence, a post graduate program with quality mention from the Spanish Ministry of Science and Education, University of Malaga, Spain (2011).
  • M.Sc. in Computer Science, University of Malaga, Spain (2008).

Relevant Publications

  • 5G Security
    • A. Nieto, A. Acien, and J. Lopez, "Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory",
      The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), IEEE, 08/2018, In Press. More..

      Abstract

      The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory. 

    • A. Nieto, "An Overview of Proactive Forensic Solutions and its Applicability to 5G",
      IEEE 5G World Forum (5GWF), IEEE, 07/2018. More..

      Abstract

      This article analyses the state of the art of proactive forensic solutions and highlights the importance of preparing the 5G ecosystem to serve digital forensic purposes. The analysis considers the current 5G threat landscape from the ENISA report, and discusses how some of the attacks could be mitigated using proactive forensic mechanisms. In addition, the requirements for deploying proactive forensic solutions in 5G are classified, and analysed based on the specific threats against 5G. 

    • A. Nieto, A. Acien, and G. Fernandez, "Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation",
      Mobile Networks and Applications (MONET), Springer US, In Press. (I.F.: 2.497)More..

      Abstract

      Crowdsourcing can be a powerful weapon against cyberattacks in 5G networks. In this paper we analyse this idea in detail, starting from the use cases in crowdsourcing focused on security, and highlighting those areas of a 5G ecosystem where crowdsourcing could be used to mitigate local and remote attacks, as well as to discourage criminal activities and cybercriminal behaviour. We pay particular attention to the capillary network, where an infinite number of IoT objects coexist. The analysis is made considering the different participants in a 5G IoT ecosystem.

      Impact Factor: 2.497
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

    • A. Nieto, N. Nomikos, J. Lopez, and C. Skianis, "Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data",
      IEEE Systems Journal, vol. 11, issue 4, no. 99, IEEE, pp. 2479-2489, 12/2017. DOI (I.F.: 4.337)More..

      Abstract

      The growing number of parameters in heteroge- neous networks, as is the case of the fifth generation (5G) Green networks, greatly complicates the analysis of the Security and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities. 

      Impact Factor: 4.337
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

  • IoT-Forensics
    • A. Nieto, R. Rios, and J. Lopez, "IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations",
      Sensors, vol. 18, issue 2, no. 492, MDPI, 02/2018. DOI (I.F.: 2.475)More..

      Abstract

      IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.

      Impact Factor: 2.475
      Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

    • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices",
      IEEE Network, IEEE Communications Society, pp. 12-19, 2016. DOI (I.F.: 7.230)More..

      Abstract

      Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

      Impact Factor: 7.230
      Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

See all publications

Teaching (current):

  • Diseño y Configuración de Sistemas Seguros en Red. Master Universitario en Ingeniería Informática. Universidad de Málaga.
  • Seguridad Informática e Informática Forense. Graduado en Criminología. Facultad de Derecho. Universidad de Málaga.
  • Hacking ético / Ethical hacking. Curso de Introducción a la Ciberseguridad en Sistemas Informáticos. Universidad de Málaga.
  • Curso de Formación Superior de Director de Seguridad Privada. Seguridad de la Información. Facultad de Derecho. Universidad de Málaga. 

Attended courses and seminars

  • Computer Forensics and Penetration Testing, Malaga, Spain (2016).
  • (ISC)2 CCFP Live Online training (2015).
  • Computer Forensics from a Legal Perspective, Malaga, Spain (2014).
  • Cryptographic Application Development Android, Malaga, Spain (2011-12).
  • Service Protocol Verification, Malaga, Spain (2010).
  • IPICS’09.  Intensive Programme on Information and Communication Security, from July 26th to August 8th of 2009, Vienna, Austria.

Scientific Activities

  • IEEE 5G Security WG.
  • Associate Editor:
    • ​Journal of Information Processing Systems (JIPS).
  • Program Committee Member:
    • 2018:
      • TrustBus 2018 - International Conference on Trust, Privacy & Security in Digital Business, 5-6 September, Regensburg, Germany.
    • 2017:
      • SePrIoT 2017 - 1st Workshop on Security and Privacy in the Internet of Things, 22-24 October, Niagara Falls, Canada.
      • TrustBus 2017 - International Conference on Trust, Privacy & Security in Digital Business, 28-31 August, Lyon, France. 
    • 2016:
      • TrustCom 2016  - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 23-26 August, Tianjin (China), 2016.
    • 2015:
      • GC15-CISS 2015 - IEEE Globecom'15 - Communication & Information System Security Symposium, 6-10 December in San Diego, CA (USA).  
      • TrustCom 2015 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 20-22 August, Helsinki (Finland). 
      • e-Commerce 2015 - 12th International Conference on e-Commerce and Digital Marketing, 21-23 July in Las Palmas de Gran Canaria (Spain).
    • 2014: 
      • NFSP 2014 - 3rd International Workshop on Network Forensics, Security and Privacy (NFSP), Madrid (Spain), July.
    • 2012: 
      • e-Commerce 2012 - IADIS International Conference e-Commerce 2012, Lisbon (Portugal), July.
  • Invited Reviewer in Journals:
    • IEEE Wireless Communications Magazine. ISSN: 1536-1284.
    • Journal of Sensors. Hindawi. ISSN: 1687-725X.
    • Wireless Networks (WINE). Springer. ISSN: 1022-0038.
    • Computers & Security (COSE). Elsevier Advanced Technology. ISSN: 0167-4048.
    • Journal of Computer Security (JCS). ISSN: 0926-227X.
    • IEEE Internet of Things Journal (IoT-J). ISSN: 2327-4662.
    • International Journal of Information Security. Springer-verlag Publication, heidelberg. ISSN: 1615-5270.
    • Information Systems Security Journal. The official Journal of (ISC)2, a Taylor & Francis Group Publication. ISSN: 1939-3547.
    • IET Information Security Journal. Institution of Engineering and Technology. ISSN: 1751-8717.
    • Computer Standards & Interfaces. Elsevier Science Press. ISSN: 0920-5489.
    • Symmetry-Basel. MDPI Open Access Journal. ISSN: 2073-8994. 
    • Journal of Information Security and Applications. Elsevier. ISSN: 2214-2126.
  • External Reviewer in Conferences: