Publications

Export results:
Author [ Title(Desc)] Type Year
Filters: First Letter Of Title is E  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
E
C. Alcaraz, C. Fernandez-Gago, and J. Lopez, "An Early Warning System based on Reputation for Energy Control Systems",
IEEE Transactions on Smart Grid, vol. 2, no. 4, IEEE, pp. 827-834, Nov 2011. DOI More..

Abstract

Most of energy control or SCADA (Supervisory Control and Data Acquisition) systems are very dependent on advanced technologies and on traditional security mechanisms for protecting the a system against anomalous events. Security mechanisms are not enough to be used in critical systems, since they can only detect anomalous events occurring at a certain moment in time. For this reason it becomes of paramount importance the usage of intelligent systems with capability for preventing anomalous situations and reacting against them on time. This type of systems are, for example, Early Warning Systems (EWS). In this paper, we propose an EWS based on Wireless Sensor Networks (WSNs) (under the ISA100.11a standard) and reputation for controling the network behaviour. The WSN are organized into clusters where a Cluster Head (CH) is designated. This CH will contain a Reputation Manager Module. The usability of this approach is also analyzed considering a Smart Grid scenario.} keywords = {Critical Information Infrastructures, Sensor Networks, Early Warning Systems, Reputation, SCADA Systems, Smart Grid.

PDF icon Alcaraz2011.pdf (495.57 KB)
J. A. Onieva, R. Rios, R. Roman, and J. Lopez, "Edge-Assisted Vehicular Networks Security",
IEEE Internet of Things Journal, vol. 6, issue 5, IEEE Computer Society, pp. 8038-8045, 10/2019. DOI (I.F.: 9.936)More..

Abstract

Edge Computing paradigms are expected to solve some major problems affecting current application scenarios that rely on Cloud computing resources to operate. These novel paradigms will bring computational resources closer to the users and by doing so they will not only reduce network latency and bandwidth utilization but will also introduce some attractive context-awareness features to these systems. In this paper we show how the enticing features introduced by Edge Computing paradigms can be exploited to improve security and privacy in the critical scenario of vehicular networks (VN), especially existing authentication and revocation issues. In particular, we analyze the security challenges in VN and describe three deployment models for vehicular edge computing, which refrain from using vehicular- to-vehicular communications. The result is that the burden imposed to vehicles is considerably reduced without sacrificing the security or functional features expected in vehicular scenarios.

Impact Factor: 9.936
Journal Citation Reports® Science Edition (Thomson Reuters, 2019)

PDF icon onieva2019vec.pdf (416.43 KB)
J. Zhou, W-Y. Chin, R. Roman, and J. Lopez, "An Effective Multi-layered Defense Framework Against Spam",
Information Security Technical Report, vol. 12, no. 3, Elsevier, pp. 179-185, 2007. DOI More..

Abstract

Spam is a big problem for email users. The battle between spamming and anti-spamming technologies has been going on for many years. Though many advanced anti-spamming technologies are progressing significantly, spam is still able to bombard many email users. The problem worsens when some anti-spamming methods unintentionally filtered legitimate emails instead! In this paper, we first review existing anti-spam technologies, then propose a layered defense framework using a combination of anti-spamming methods. Under this framework, the server-level defense is targeted for common spam while the client-level defense further filters specific spam for individual users. This layered structure improves on filtering accuracy and yet reduces the number of false positives. A sub-system using our pre-challenge method is implemented as an add-on in Microsoft Outlook 2002. In addition, we extend our client-based pre-challenge method to a domain-based solution thus further reducing the individual email users’ overheads.

PDF icon Zhou2007.pdf (549.17 KB)
D. Nuñez, C. Fernandez-Gago, and J. Luna, "Eliciting Metrics for Accountability of Cloud Systems",
Computers & Security, vol. 62, Elsevier, pp. 149-164, 08/2016. DOI (I.F.: 2.849)More..

Abstract

Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute toward its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability at- tributes is very abstract and complex, in the first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics. 

Impact Factor: 2.849
Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

PDF icon nunez2016eliciting.pdf (460.29 KB)
I. Agudo, J. Lopez, and J. A. Montenegro, "Enabling Attribute Delegation in Ubiquitous Environments",
Mobile Networks and Applications, vol. 13, no. 3-4, Springer, pp. 398-410, August, 2008. DOI (I.F.: 1.619)More..

Abstract

When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), it is possible to reach a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. The PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work we present an approach to solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. However, we relate the two classes of attributes are related by defining a simple ontology. While domain attribute credentials are defined using SAML notation, global attributes are defined using X.509 certificates. For this reason, we additionally introduce XSAML so that both kinds of credentials are integrated. We also introduce the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

Impact Factor: 1.619
Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

PDF icon Agudo2008d.pdf (647.04 KB)
D. Galindo, R. Roman, and J. Lopez, "On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks",
Wireless Communications and Mobile Computing, vol. 12, Wiley, pp. 133-143, Jan 2012. DOI (I.F.: 0.863)More..

Abstract

Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).

Impact Factor: 0.863
Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

PDF icon Galindo2010.pdf (261.6 KB)
D. Nuñez, I. Agudo, and J. Lopez, "Escrowed decryption protocols for lawful interception of encrypted data",
IET Information Security, vol. 13, issue 5, IET, pp. 498 -- 507, 09/2019. More..

Abstract

Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called `custodians'; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.

R. Roman, J. Lopez, and S. Gritzalis, "Evolution and Trends in the Security of the Internet of Things",
IEEE Computer, vol. 51, issue 7, IEEE Computer Society, pp. 16-25, 07/2018. DOI (I.F.: 3.564)More..
Impact Factor: 3.564
Journal Citation Reports® Science Edition (Thomson Reuters, 2018)

J. Lopez, R. Rios, F. Bao, and G. Wang, "Evolving privacy: From sensors to the Internet of Things",
Future Generation Computer Systems, vol. 75, Elsevier, pp. 46–57, 10/2017. DOI (I.F.: 4.639)More..

Abstract

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration. 

Impact Factor: 4.639
Journal Citation Reports® Science Edition (Thomson Reuters, 2017)

PDF icon Lopez2017iotpriv.pdf (440.5 KB)
R. Rios, and J. Lopez, "Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks",
The Computer Journal, vol. 54, Oxford University Press, pp. 1603-1615, Sept 2011. DOI (I.F.: 0.785)More..

Abstract

The source-location privacy problem in Wireless Sensor Networks has been traditionally tackled by the creation of random routes for every packet transmitted from the source nodes to the base station. These schemes provide a considerable protection level at a high cost in terms of message delivery time and energy consumption. This overhead is due to the fact that the data routing process is done in a blind way, without knowledge about the location of the attacker. In this work we propose the Context-Aware Location Privacy (CALP) approach, which takes advantage of the ability of sensor nodes to perceive the presence of a mobile adversary in their vicinity in order to transmit data packets in a more energy-efficient and privacy-preserving manner. In particular, we apply the concepts of CALP to the development of a shortest-path CALP routing algorithm. A permissive and a strict version of the protocol are studied for different adversarial models and the proposed schemes are evaluated through simulation experiments in terms of privacy protection and energy consumption. Finally, we present the conclusions of the paper as well as possible extensions of this work.

Impact Factor: 0.785
Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

PDF icon Rios2011b.pdf (573.86 KB)