Digital Witnesses: trusted devices for Cybersecurity in IoT

Spanish Ministry of Economy and Competitiveness, National Programme for Fostering Excellence in Scientific and Technical Research (TIN2015-72634-EXP /AEI).
Duration: 14/06/2017 to 14/06/2019

Project Overview: 
The Internet of Things (IoT) is growing to be a major global technological force, and also becoming a cornerstone of the European economic fabric in the short and medium term. However, it is also among the environments most threatened by the incessant increase of cybercrime. In this sense, within the IoT, cyber attacks can be perpetrated by any device with minimal computing and communications capabilities, from anywhere, and with total impunity; thus it becomes a problem that is impossible to solve only with existing tools.

This project aims to help solve this problem by introducing a security solution that is radically different from those that have been used until now. In particular, this project proposes the design and development of Digital Witnesses, trusted electronic devices capable of obtaining electronic evidence and safeguarding it in a protected area. Using these devices as a foundation, the IoTest project aims to offer a dynamic solution that will record events on heterogeneous, unpredictable and uncertain scenarios.

Moreover, since existing digital evidence processes and regulations are not prepared to deal with the new cybersecurity issues created by these highly dynamic and distributed scenarios, the deployment of digital witnesses will result on a qualitative advancement in the evolution of electronic evidence management systems, improving their effectiveness in the detection of attacks and identification of cybercriminals.



Figure - Digital Chain of Custody for IoT (DCoC-IoT)



  • A. Nieto, A. Acien, and J. Lopez, "Capture the RAT: Proximity-based Attacks in 5G using the Routine Activity Theory",
    The 16th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2018), IEEE, 08/2018, In Press. More..


    The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems can not be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory. 

  • A. Nieto, R. Rios, and J. Lopez, "A Methodology for Privacy-Aware IoT-Forensics",
    16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 626-633, 08/2017. DOI More..


    The Internet of Things (IoT) brings new challenges to digital forensics. Given the number and heterogeneity of devices in such scenarios, it bring extremely difficult to carry out investigations without the cooperation of individuals. Even if they are not directly involved in the offense, their devices can yield digital evidence that might provide useful clarification in an investigation. However, when providing such evidence they may leak sensitive personal information. This paper proposes PRoFIT; a new model for IoT-forensics that takes privacy into consideration by incorporating the requirements of ISO/IEC 29100:2011 throughout the investigation life cycle. PRoFIT is intended to lay the groundwork for the voluntary cooperation of individuals in cyber crime investigations.

  • A. Nieto, R. Rios, and J. Lopez, "Digital Witness and Privacy in IoT: Anonymous Witnessing Approach",
    16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), IEEE, pp. 642-649, 08/2017. DOI More..


    The digital witness approach defines the collaboration between IoT devices - from wearables to vehicles - to provide digital evidence through a Digital Chain of Custody to an authorised entity. As one of the cores of the digital witness, binding credentials unequivocally identify the user behind the digital witness. The objective of this article is to perform a critical analysis of the digital witness approach from the perspective of privacy, and to propose solutions that help include some notions of privacy in the scheme (for those cases where it is possible). In addition, digital anonymous witnessing as a tradeoff mechanism between the original approach and privacy requirements is proposed. This is a clear challenge in this context given the restriction that the identities of the links in the digital chain of custody should be known. 

  • A. Nieto, and R. Rios, "Requisitos y soluciones de privacidad para la testificación digital",
    III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), vol. Actas del JNIC 2017, Servicio de Publicaciones de la URJC, pp. 51-58, 2017. More..
  • A. Nieto, R. Rios, and J. Lopez, "PRoFIT: modelo forense-IoT con integración de requisitos de privacidad",
    XIII Jornadas de Ingeniería Telemática (JITEL 2017), vol. Libro de actas, Editorial Universitat Politècnica de València, pp. 302-309, 01/2018, 2017. DOI More..
  • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices",
    IEEE Network, IEEE Communications Society, pp. 12-19, 2016. DOI (I.F.: 7.230)More..


    Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

    Impact Factor: 7.230
    Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • A. Nieto, R. Roman, and J. Lopez, "Testificación Digital",
    Revista SIC, vol. 122, Ediciones CODA, pp. 94-98, Nov 2016. More..


    El creciente número de dispositivos interconectados trae consigo problemas de seguridad bien conocidos; por ejemplo, aquellos debidos a las vulnerabilidades en protocolos muy diversos –muchos de ellos propietarios– y al factor de error humano introducido por los usuarios. Sin embargo, cabe preguntarse cómo podemos usar el despliegue de tales dispositivos en beneficio de la ciberseguridad. En el proyecto IoTest se está desarrollando una solución, el Testigo Digital, que permitirá a los dispositivos personales con arquitectura de seguridad embebida reaccionar ante ataques virtuales, protegiéndonos de los ciberataques emergentes.

  • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Digital Evidence Management Framework for the Internet of Things",
    ERCIM News, no. 106, ERCIM EEIG, pp. 9-9, 07/2016.
  • A. Nieto, R. Roman, and J. Lopez, "Testigo digital: delegación vinculante de evidencias electrónicas para escenarios IoT",
    II Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2016), pp. 109-116, 06/2016. More..


    En un mundo en el que los usuarios dependen cada vez más de sus dispositivos, éstos almacenan gran cantidad de datos y son una fuente muy valiosa de información sobre su entorno. Sin embargo, la heterogeneidad y la densidad de los objetos conectados, características propias de la Internet de las Cosas (IoT), sirven de velo para ocultar conductas maliciosas que afectan a estos dispositivos, sin que quede rastro de tales acciones. En este artículo definimos el concepto de testigo digital: funcionalidad que permitirá a los dispositivos personales y otros objetos colaborar para implementar una cadena de custodia digital en la IoT. El fin perseguido es ofrecer soluciones que mitiguen los efectos de la ciberdelincuencia, amparándose en la colaboración de los dispositivos con arquitecturas de seguridad embebidas para alertar de conductas maliciosas, y dejar constancia de éstas.

  • A. Nieto, R. Roman, and J. Lopez, "Arquitectura funcional para la cadena de custodia digital en objetos de la IoT",
    XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 168-173, 10/2016. More..


    En la Internet de los Objetos (IoT, por sus siglas en inglés), los ataques pueden ser perpetrados desde dispositivos que enmascaran su rastro ayudándose de la densidad de objetos y usuarios. Actualmente la idea de que los dispositivos de usuario almacenan evidencias que pueden ser muy valiosas para frenar ataques es bien conocida. Sin embargo, la colaboración de éstos para denunciar posibles abusos telemáticos aún está por definir. Los testigos digitales son dispositivos concebidos para definir la participación de dispositivos de usuario en una cadena de custodia digital. La idea es que las evidencias se generan, almacenan y transfieren siguiendo los requisitos marcados por las normas actuales (p.ej. UNE 71505), pero respetando las restricciones en recursos de los dispositivos. En este artículo proponemos una arquitectura funcional para la implementación del concepto de testigo digital en dispositivos heterogéneos de la IoT.