Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34-951-952914 Fax: +34-951-952749
Domain of interest and research
Broad knowledge of trusted execution technologies and security on virtual platforms. An important part of my work at NICS lab has been to study embedded hardware security mechanisms (e.g. TPM, SE). I have followed its progression over the years and this has allowed, for example, the definition of the concept of digital witness (patent ES2587584, WO2017068222), in which I am immersed as part of the IoTest project team. As you can see, my last papers are about the definition of this novel concept, which is part of the topic IoT-Forensics. I am currently analyzing the possibilities of implantation of this technology in cellular networks.
- Security in mobile platforms
- PhD in Computer Science, University of Málaga, Spain (2015).
- Master in Software Engineering and Artificial Intelligence, a post graduate program with quality mention from the Spanish Ministry of Science and Education, University of Malaga, Spain (2011).
- M.Sc. in Computer Science, University of Malaga, Spain (2008).
- "IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations",
In Sensors, vol. 18, issue 2, no. 492, MDPI, 02/2018.
ISI JCR Impact Factor 2016: 2.677 DOI
IoT-Forensics is a novel paradigm for the acquisition of electronic evidence whose operation is conditioned by the peculiarities of the Internet of Things (IoT) context. As a branch of computer forensics, this discipline respects the most basic forensic principles of preservation, traceability, documentation, and authorization. The digital witness approach also promotes such principles in the context of the IoT while allowing personal devices to cooperate in digital investigations by voluntarily providing electronic evidence to the authorities. However, this solution is highly dependent on the willingness of citizens to collaborate and they may be reluctant to do so if the sensitive information within their personal devices is not sufficiently protected when shared with the investigators. In this paper, we provide the digital witness approach with a methodology that enables citizens to share their data with some privacy guarantees. We apply the PRoFIT methodology, originally defined for IoT-Forensics environments, to the digital witness approach in order to unleash its full potential. Finally, we show the feasibility of a PRoFIT-compliant digital witness with two use cases.Impact Factor: 2.677Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
- "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices",
In IEEE Network, IEEE Communications Society, pp. 12-19, 2016.
ISI JCR Impact Factor 2016: 7.230 DOI
Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.Impact Factor: 7.230Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
- "Digital Witness and Privacy in IoT: Anonymous Witnessing Approach",
In 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 642-649, 08/2017.
The digital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a Digital Chain of Custody to an authorised entity. As one of the cores of the digital witness, binding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, digital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known.
- "IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations", In Sensors, vol. 18, issue 2, no. 492, MDPI, 02/2018. ISI JCR Impact Factor 2016: 2.677 DOI
- Security & QoS Tradeoffs
- "Contextualising Heterogeneous Information in Unified Communications with Security Restrictions",
In Computer Communications, vol. 68, Elsevier, pp. 33-46, 09/2015.
ISI JCR Impact Factor 2015: 2.099 DOI
The lack of abstraction in a growing semantic, virtual and abstract world poses new challenges for assessing security and QoS tradeoffs. For example, in Future Internet scenarios, where Unified Communications (UC) will take place, being able to predict the final devices that will form the network is not always possible. Without this information the analysis of the security and QoS tradeoff can only be based on partial information to be completed when more information about the environment is available. In this paper, we extend the description of context-based parametric relationship model, providing a tool for assessing the security and QoS tradeoff (SQT) based on interchangeable contexts. Our approach is able to use the heterogeneous information produced by scenarios where UC is present.Impact Factor: 2.099Journal Citation Reports® Science Edition (Thomson Reuters, 2015)
- "Dynamic Knowledge-based Analysis in non-Secure 5G Green Environments using Contextual Data",
In IEEE Systems Journal, vol. 11, issue 4, no. 99, IEEE, pp. 2479-2489, 12/2017.
ISI JCR Impact Factor 2016: 3.882 DOI
The growing number of parameters in heteroge- neous networks, as is the case of the fifth generation (5G) Green networks, greatly complicates the analysis of the Security and Quality of Service Tradeoff (SQT). However, studying these types of relationships is crucial in Future Internet scenarios to prevent potential points of failure and to enhance the use of limited resources, increasing the user’s experience. Therefore, it is fundamental to provide tools and models for training, so that the users understand these dependencies and solve them prior to deploying new solutions. In this paper, a Recommendation System for SQT (SQT-RS) is deployed in 5G Green systems, considering the particular case of relay networks and the impact of eavesdropping and jamming contexts on the models generated by the user, aided by SQT-RS. With this goal in mind, we provide a component for the user to automatically select specific contexts based on 5G Green capabilities.Impact Factor: 3.882Journal Citation Reports® Science Edition (Thomson Reuters, 2016)
- "Contextualising Heterogeneous Information in Unified Communications with Security Restrictions", In Computer Communications, vol. 68, Elsevier, pp. 33-46, 09/2015. ISI JCR Impact Factor 2015: 2.099 DOI
Attended courses and seminars
- Computer Forensics and Penetration Testing, Malaga, Spain (2016).
- (ISC)2 CCFP Live Online training (2015).
- Computer Forensics from a Legal Perspective, Malaga, Spain (2014).
- Cryptographic Application Development Android, Malaga, Spain (2011-12).
- Service Protocol Verification, Malaga, Spain (2010).
- IPICS’09. Intensive Programme on Information and Communication Security, from July 26th to August 8th of 2009, Vienna, Austria.
- Associate Editor:
- Journal of Information Processing Systems (JIPS).
- Program Committee Member:
- TrustCom 2016 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 23-26 August, Tianjin (China), 2016.
- GC15-CISS 2015 - IEEE Globecom'15 - Communication & Information System Security Symposium, 6-10 December in San Diego, CA (USA).
- TrustCom 2015 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 20-22 August, Helsinki (Finland).
- e-Commerce 2015 - 12th International Conference on e-Commerce and Digital Marketing, 21-23 July in Las Palmas de Gran Canaria (Spain).
- NFSP 2014 - 3rd International Workshop on Network Forensics, Security and Privacy (NFSP), Madrid (Spain), July.
- e-Commerce 2012 - IADIS International Conference e-Commerce 2012, Lisbon (Portugal), July.
- Invited Reviewer in Journals:
- IEEE Wireless Communications Magazine. ISSN: 1536-1284.
- Journal of Sensors. Hindawi. ISSN: 1687-725X.
- Wireless Networks (WINE). Springer. ISSN: 1022-0038.
- Computers & Security (COSE). Elsevier Advanced Technology. ISSN: 0167-4048.
- Journal of Computer Security (JCS). ISSN: 0926-227X.
- IEEE Internet of Things Journal (IoT-J). ISSN: 2327-4662.
- International Journal of Information Security. Springer-verlag Publication, heidelberg. ISSN: 1615-5270.
- Information Systems Security Journal. The official Journal of (ISC)2, a Taylor & Francis Group Publication. ISSN: 1939-3547.
- IET Information Security Journal. Institution of Engineering and Technology. ISSN: 1751-8717.
- Computer Standards & Interfaces. Elsevier Science Press. ISSN: 0920-5489.
- Symmetry-Basel. MDPI Open Access Journal. ISSN: 2073-8994.
- Journal of Information Security and Applications. Elsevier. ISSN: 2214-2126.
- External Reviewer in Conferences:
- 2017 - DPM, IFIP-SEC, NSS, ARES, TrustCom, TrustBus, ESORICS, JNIC, ATCS, DPM, SePrIoT, ISC, ISPEC.
- 2016 - ACISP, ARES, TrustBus, NSS, ISPEC.
- 2015 - AsiaCCS, RIoT, IFIP-SEC, WISE, WISSE, DBSec'15, ITSC, WISTP'15, ESORICS, JITEL, ISC, NSS, QASA, JNIC, iNetSec, ICICS, WF-IoT.
- 2014 - ARES, ACNS, ESORICS, SecureComm, STM, CANS, QASA, ICISS.
- 2013 - DPM, Jitel, AsiaCCS, PST, IFIPTM.
- 2012 - Inscrypt, ESSOS, ESORICS.
- 2011 - ESORICS.
- 2010 - ESORICS.