Publications

Export results:
Author Title Type [ Year(Asc)]
Filters: First Letter Of Title is E  [Clear All Filters]
J. E. Rubio, M. Manulis, C. Alcaraz, and J. Lopez, "Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics",
European Symposium on Research in Computer Security (ESORICS2019), vol. 11736, pp. 263-280, 09/2019. DOI More..
PDF icon RubioESORICS2019.pdf (489.08 KB)
C. Alcaraz, J. Rodriguez, R. Roman, and J. E. Rubio, "Estado y Evolución de la Detección de Intrusiones en los Sistemas Industriales",
III Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2017), 2017. More..

Abstract

Debido a la necesidad de proteger los sistemas industriales ante amenazas, se hace necesario comprender cual es el verdadero alcance de los mecanismos capaces de detectar potenciales anomalías e intrusiones. Es por tanto el objetivo de este artículo analizar el estado y la evolución, tanto académica como industrial, de los mecanismos de detección de intrusiones en este campo, así como estudiar su aplicabilidad actual y futura.

PDF icon 1653.pdf (271.14 KB)
R. Rios, and J. Lopez, "Evolución y nuevos desafios de privacidad en la Internet de las Cosas",
XIV Reunión Española sobre Criptología y Seguridad de la Información, pp. 209-213, 10/2016. More..

Abstract

La Internet de las Cosas (en inglés, Internet of Things (IoT)) es una evolución de la Internet tal y como lo conocemos. Esta nueva versión de Internet incorpora objetos de la vida cotidiana, rompiendo así barrera de los digital y extendiéndose al mundo físico. Estos objetos interactuarán entre sí y con otras entidades tanto de manera local como remota, y estarán dotados de cierta capacidad computacional y sensores para que sean conscientes de lo que ocurre en su entorno. Esto traerá consigo un sinfín de posibilidades y nuevos servicios, pero también dará lugar a nuevos y mayores riesgos de privacidad para los ciudadanos. En este artículo, estudiamos los problemas de privacidad actuales de una de las tecnologías claves para el desarrollo de este prometedor paradigma, las redes de sensores, y analizamos como pueden evolucionar y surgir nuevos riesgos de privacidad al ser completamente integradas en la Internet.

 

PDF icon Rios2016a.pdf (263.7 KB)
F. Moyano, C. Fernandez-Gago, K. Beckers, and M. Heisel, "Engineering Trust- and Reputation-based Security Controls for Future Internet Systems",
The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015), pp. 1344-1349, 08/2015. DOI More..
PDF icon moyano15SAC.pdf (284.13 KB)
F. Moyano, C. Fernandez-Gago, K. Beckers, and M. Heisel, "Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements",
Smart Grid Security - Second International Workshop, J. Cuellar Eds., LNCS 8448, Springer, pp. 166-180, Aug, 2014. DOI More..
PDF icon moyano14smartgridsec.pdf (404.33 KB)
A. Nieto, "Evaluation of Dynamic Instantiation in CPRM-based Systems",
9th International Conference on Risk and Security of Internet and Systems (CRiSIS'14), vol. 8924, Springer, pp. 52-66, 2014. DOI More..

Abstract

Context-based Parametric Relationship Models (CPRMs) reduce the complexity of working with various numbers of parameters and dependencies, by adding particular contexts to the final scheme when it is required, dynamically. In this paper the cost of including new information in CPRM is properly analysed, considering the information in the parametric trees defined for the parameters in the CPRM-based system. Some strategies for mitigating the cost of the instantiation process are proposed.

 

W.. Joosen, J. Lopez, F.. Martinelli, and F.. Massacci, "Engineering Secure Future Internet Services",
Future Internet Assembly 2011: Achievements and Technological Promises (FIA 2011), LNCS 6656, Springer Berlin Heidelberg, pp. 177-191, 2011. More..

Abstract

      In this paper we analyze the need and the opportunity forestablishing a discipline for engineering secure Future Internet Services,typically based on research in the areas of software engineering, of serviceengineering and security engineering. Generic solutions that ignore thecharacteristics of Future Internet services will fail, yet it seems obviousto build on best practices and results that have emerged from variousresearch communities.The paper sketches various lines of research and strands within each lineto illustrate the needs and to sketch a community wide research plan. Itwill be essential to integrate various activities that need to be addressedin the scope of secure service engineering into comprehensive softwareand service life cycle support. Such a life cycle support must deliverassurance to the stakeholders and enable risk and cost management forthe business stakeholders in particular. The paper should be considereda call for contribution to any researcher in the related sub domains inorder to jointly enable the security and trustworthiness of Future Internetservices.

PDF icon 1622.pdf (240.09 KB)
C. Alcaraz, A. Balastegui, and J. Lopez, "Early Warning System for Cascading Effect Control in Energy Control Systems",
5th International conference on Critical Information Infrastructures Security (CRITIS’10), LNCS 6712, Springer, pp. 55-67, September, 2010. More..

Abstract

A way of controlling a cascading effect caused by a failure or a threat in a critical system is using intelligent mechanisms capable of predicting anomalous behaviours and also capable of reacting against them in advance. These mechanisms are known as Early Warning Systems (EWS) and this will be precisely the main topic of this paper. Specially, we present an EWS design based on a Wireless Sensor Network (using the ISA100.11a standard) that constantly supervise the application context. This EWS is also based on forensic techniques to provide dynamic learning capacities. As a result, this new approach will aid to provide a reliable control of incidences by offering a dynamic alarm management, identification of the most suitable field operator to attend an alarm, reporting of causes and responsible operators, and learning from new anomalous situations.

PDF icon Alcaraz2010b.pdf (5.6 MB)
D. G. Rosado, E. Fernandez-Medina, and J. Lopez, "Extensión UML para Casos de Uso Reutilizables en entornos Grid Móviles Seguros",
XIV Jornadas de Ingeniería del Software y Bases de Datos (JISBD 2009), Antonio Vallecillo and Goiuria Sagardui (Eds.), pp. 331-342, September, 2009. More..

Abstract

 

 

 

Los sistemas Grid nos permiten construir sistemas complejos concaracterísticas diferenciadoras (interoperabilidad entre múltiples dominios deseguridad, autenticación y autorización a través de dominios, sistema dinámicoy heterogéneo, etc.). Con el desarrollo de la tecnología wireless y losdispositivos móviles, el Grid llega a ser el candidato perfecto para que losusuarios móviles puedan realizar trabajos complejos, a la vez que añaden nuevacapacidad computacional al Grid. Estamos construyendo un proceso completode desarrollo para sistemas Grid móviles seguros, y una de las actividades es elanálisis de requisitos, que está basado en casos de uso reutilizables. En esteartículo, presentaremos una extensión UML para casos de uso de seguridad yGrid, los cuales capturan el comportamiento de este tipo de sistemas. Estaextensión UML está siendo aplicado a un caso real para construir diagramas decasos de uso de la aplicación, incorporando los aspectos de seguridadnecesarios.

PDF icon rosado2009e.pdf (372.27 KB)
D. G. Rosado, E. Fernandez-Medina, J. Lopez, and M. Piattini, "Engineering Process Based On Grid Use Cases For Mobile Grid Systems",
Third International Conference on Software and Data Technologies (ICSOFT’08), Springer, pp. 146-151, 2008. More..

Abstract

 

The interest to incorporate mobile devices into Grid systems has arisen with two main purposes. The firstone is to enrich users of these devices while the other is that of enriching the own Grid infrastructure.Security of these systems, due to their distributed and open nature, is considered a topic of great interest. Aformal approach to security in the software life cycle is essential to protect corporate resources. However,little attention has been paid to this aspect of software development. Due to its criticality, security should beintegrated as a formal approach into the software life cycle. We are developing a methodology ofdevelopment for secure mobile Grid computing based systems that helps to design and build secure Gridsystems with support for mobile devices directed by use cases and security use cases and focused onservice-oriented security architecture. In this paper, we will present one of the first steps of ourmethodology consisting of analyzing security requirements of mobile grid systems. This analysis will allowus to obtain a set of security requirements that our methodology must cover and implement.

 

 

PDF icon rosado2008a.pdf (813.44 KB)
D. Galindo, R. Roman, and J. Lopez, "An Evaluation of the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks",
X Reunión Española sobre Criptología y Seguridad de la Información (RECSI’08), pp. 231-236, September, 2008. More..

Abstract

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, the energy saving of computationally inexpensive security primitives (like those using symmetric key cryptography) can be nullified by the bigger amount of data they require to be sent. In this work we study the energy cost of key agreement protocols between peers in a network using public key cryptography techniques. Our concern is to reduce the amount of data to be exchanged. Our main news is that a computationally very demanding security primitive, such as identity-based authenticated key exchange, can present energy-wise a better performance than traditional public key based key exchange in realistic scenarios such as Underwater Wireless Sensor Networks. Such a result is not to be expected in wired networks.

PDF icon Galindo2008a.pdf (293.39 KB)
I. Agudo, C. Fernandez-Gago, and J. Lopez, "An Evolutionary Trust and Distrust Model",
4th Workshop on Security and Trust Management (STM’08), ENTCS 224, Elsevier, pp. 3-12, 2008. DOI More..

Abstract

In this paper we propose a trust model, where besides considering trust and distrust, we also consider another parameter that measures the reliability on the stability of trust or distrust. The inclusion of this new parameter will allow us to use trust in a more accurate way. We consider trust is not static but dynamic and trust values can change along time. Thus, we will also take time into account, using it as a parameter of our model. There is very little work done about the inclusion of time as an influence on trust. We will show the applicability of our model in the scenario of the process of reviewing papers for a conference. Sometimes for these kind of processes the Chair of the conference should first find the suitable reviewers. He can make this selection by using our model. Once the reviewers are selected they send out their reviews to the Chair who can also use our model in order to make the final decision about acceptance of papers.

PDF icon Agudo2008b.pdf (129.8 KB)
M. Carbonell, J. Maria Sierra, J. A. Onieva, J. Lopez, and J. Zhou, "Estimation of TTP Features in Non-repudiation Service",
7th International Conference on Computational Science and Its Applications (ICCSA’07), LNCS 4706, Springer, pp. 549-558, 2007. More..

Abstract

In order to achieve a high performance in a real implementation of the non-repudiation service it is necessary to estimate timeouts, TTP features, publication key time, number of originators and recipients, and other relevant parameters. An initial work of the authors focused on a basic event-oriented simulation model for the estimation of timeouts. In the actual work, we present a set of extensions to that basic model for the estimation of the TTP features (storage capacity and ftp connection capacity). We present and analyze the new and valuable results obtained.

J. A. Onieva, J. Lopez, R. Roman, and J. Zhou, "Extension de una plataforma DRM basada en OMA con servicios de No Repudio",
IX Reunion Española sobre Criptologia y Seguridad de la Informacion (RECSI’06), UOC S.L., pp. 129-141, 2006. More..

Abstract

Digital Rights Management (DRM) es un término general para cualesquiera de las soluciones que permite a un vendedor de contenido en forma electrónica controlar el material y restringir su uso de distintas maneras. Estas soluciones son posibles, por un lado gracias a técnicas de la Seguridad de la Información, principalmente cifrado de datos, y por otro a la distribución, de manera independiente, de contenido y derechos digitales. Esto permite que los consumidores puedan acceder libremente al contenido, pero sólo aquellos que adquieran el derecho digital apropiado (RO) podrán procesarlo. Como servicio de seguridad considerado en diversas capas del marco de seguridad definido por la recomendación ITU X.805, casi todas las aplicaciones necesitan considerar la propiedad de no repudio en las etapas iniciales de su diseño. Desafortunadamente, esto no ha sido así en general, y más concretamente en especificaciones DRM; debido a consideraciones en la práctica y al tipo de contenido a distribuir. Analizamos este servicio para un marco de DRM y proporcionamos una solución que permita que la adquisición de derechos digitales sea un operación que no pueda repudiarse.

PDF icon JoseA.Onieva2006a.pdf (230.13 KB)
R. Roman, and J. Lopez, "Especificación de Sistemas Electrónicos de Microdonaciones",
III Simposio Español de Comercio Electrónico, pp. 95-104, June, 2005. More..

Abstract

Los sistemas electrónicos de pago permiten que un comprador adquiera a un vendedor una serie de productos y servicios de forma virtual. Sin embargo, estos sistemas no tienen en cuenta el escenario en el que un comprador se convierte en donante, accediendo al servicio de forma gratuita. En este artículo se presenta el concepto y características de las microdonaciones, o la donación de cantidades tan pequeñas como un céntimo de euro en el contexto del comercio electrónico. También se muestra como la microdonación es algo necesario en el contexto actual de Internet, y como es posible su implementación basándose en sistemas de micropago.

PDF icon Roman2005c.pdf (362.76 KB)
J. A. Onieva, J. Zhou, J. Lopez, and R. Roman, "Extending an OMA-based DRM Framework with Non-Repudiation Services",
5th Symposium on Signal Processing and Information Technology (ISSPIT’05), IEEE, pp. 472-477, 2005. More..

Abstract

Digital Rights Management (DRM) is an umbrella term for any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in various ways that can be specified by the vendor. These arrangements are provided through security techniques, mainly encryption, and the distribution, in a detached manner, of content and rights. This allows free access to the content by the consumers, but only those carrying the proper Right Object (RO) will be able to process such content. As a security service considered in different layers of the security framework defined by ITU X.805, almost all applications need to consider non-repudiation in the very beginning of their design. Unfortunately this has not been done so far in DRM specifications due to practical issues and the type of content distributed. We analyze this service for the a DRM framework and provide a solution which allows the right objects acquisition to be undeniable.

PDF icon Onieva2005.pdf (226.67 KB)
J. A. Onieva, J. Zhou, and J. Lopez, "Enhancing Certified Email Service for Timeliness and Multicast",
Fourth International Network Conference, University of Plymouth, pp. 327-335, 2004. More..

Abstract

Certified email is a value-added service of ordinary email, in which a sender wants to obtain a receipt from a recipient. Fair exchange protocols are a key component for certified email service to ensure fairness, i.e., the items held by two parties are exchanged without one party obtaining an advantage. We can find in the literature simple and fast optimistic protocols for fair electronic exchange and, more specifically, for certified electronic mail (CEM) and electronic contract signing (ECS). We have observed that some aspects of those protocols could be substantially improved. This paper presents two major contributions. Firstly, we provide a solution that allows both parties to end the protocol timely in an asynchronous way. Then, we extend the certified email service to the multicast scenario.

PDF icon Onieva2004b.pdf (87.54 KB)
I. Agudo, J. Lopez, and J. J. Ortega, "Especificación formal y verificación de requisitos de Seguridad",
VIII Reunión Española sobre Criptología y Seguridad de la Información (VIII RECSI), pp. 225-235, Sep 2004.
S. Gurgens, J. Lopez, and R. Peralta, "Efficient Detection of Failure Modes in Electronic Commerce Protocols",
IEEE International Workshop on Electronic Commerce and Security, IEEE Press, pp. 850-857, September, 1999. More..

Abstract

The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smartcards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.

Modify or remove your filters and try again.