The Cloud Computing concept appeared as a response to the necessity of bringing computation and storage services following a flexible and on-demand business model. However, from its conception the cloud computing paradigm, and its associated nature of outsourced data management and computation, has bring also some security and privacy problems. Security in cloud computing has been traditionally regarded as one of the major concerns by enterprises and organizations. Moreover, there is no global and harmonized policies for data protection among different countries, which makes interoperability difficult both at legal and technical levels. Trust in the different actors that conform the cloud ecosystem is also a challenging issue, since the cloud model is inherently opaque. All these problems have hindered the adoption of cloud computing.
For example, the problem of accountability (e.g., "who is responsible of the security and proper stewardship of my data in the cloud?") has not a clear answer nowadays, as there is no accountability frameworks for distributed IT services. This leads to difficulty for users to understand, influence and determine how their service providers respond to their obligations. To this matter, NICS participates in the FP7 project A4Cloud, which aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud. A4Cloud will create solutions to support users in deciding and tracking how their data is used by cloud service providers.
Computing has become a major focus in many research areas. One of the current trends in cloud computing is the federation of different cloud providers. A federation of clouds would enable local cloud providers (i.e., SMEs) to build business alliances with other cloud providers (possibly scattered around the globe), for offering more competitive solutions. In this direction, NICS is working on the FISICCO project, where we aim to develop and integrate of services for federating and interconnecting cloud computing infrastructures in a secure way, through the extension of existing interconnection architectures and the definition of new connectors. FISICCO can be seen as an extension of existing interconnection architectures, that will lead cloud computing to an upper level of interoperability. Another research area within this project is addressing the problem of privacy and data confidentiality in cloud-based identity services using cryptographic means.
There are different deployment models depending on the level of abstraction used to define the services offered by the Cloud. The lower level, also known as Infrastructure as a Service (IaaS), deals with the hardware and virtualization techniques. How resources communicate in such a distributed setup and how interactions are authenticated is still work in progress. In the PASSIVE project we have worked towards an authentication scheme for applications, users and resources that is suitable for its use in large and highly dynamic deployments such as the Cloud.
Critical (Information) Infrastructures Protection (CIIP/CIP) has become one of the most cutting-edge research areas in recent years. Private and public entities are joining efforts to offer more and more attractive solutions that help governments/industries protect their infrastructures. Within the CIIP field, we highlight the Supervisory Control and Data Acquisition (SCADA) systems in charge of monitoring 24/7 the general performance of the underlying system and its services, such as transportation, communication, energy or water. At present, this control is mainly based on ICT where wireless communication systems and the Internet play a relevant role in the local and remote control tasks. However, it is also important to stress that this new way of controlling brings about numerous security gaps with new vulnerabilities, faults and errors that may be exploited by cyber-attacks against the availability, integrity and confidentiality of the system, such as stealth attacks.
Given that SCADA systems are the main elements of the protection of CIs, such as Smart Grids, NICS has dedicated part of its effort to understand how the use of the current ICT, standards and communication systems can ensure operational performance and security at all times (CRISIS), addressing its researches towards topics related to situational awareness, prevention, response, restoration of states, securization and privacy. The group has designed diverse types of solutions under the CIP context, considering a set of technologies (sensors, smart meters (SECRET), RTUs, servers, etc.), methodologies (PROTECT-IC, FACIES), standards (ZigBee PRO, WirelessHART, ISA100.11a, IEC-62351, NIST-7628/800-82), protocols (Modbus, DNP3, ICCP, IEC-104) and paradigms (IoT or cloud computing - TIGRIS) have been broadly analysed, and some of them have been applied for the protection, such as wireless sensor networks, intrusion detection systems, techniques and tools to evaluate behaviours, and so on.
At present, we are addressing aspects related to: (i) Secure interconnection between several control systems (i.e., SCADA1 system - SCADA2 system through PISCIS); (ii) design of a secure platform for the integration of Smart Grid components, where the cloud computing must be integrated (TIGRIS); (iii) identification of methodologies for intrusion and anomaly detection in water treatment systems, and detection of stealth attacks (FACIES); and (iv) implementation of power networks to model Smart Grid environments and evaluate the effects caused by external influences, in addition to implementing recovery strategies of controllability respecting the dominance properties (CAIN).
It is hard to find a globally accepted definition of the term Identity and even harder to precisely define what is understood by Identity Management. User Authentication, Access Control and Privilege Management form the core three aspects of Identity Management that have been the focus of NICS research from the very beginning. With the emergence of the Internet of Services, more and more complex aspects regarding identity have arisen, most of them related with its interoperability. There have been many developments in this field that have derived in the specification of standards for Identity Federation services. Those developments have motivated further research on related areas such as Trust Management and User Privacy.
At NICS we have covered most of the research areas that fall under Identity Management, some of them as a primary focus and some others transversally in the context of another research area. In a national project called PRIVILEGE we focused on the definition of a common framework for privilege management paying special attention to delegation and how to provide anonymity in attribute certificates. The work developed by NICS at the European project SPIKE focuses on the development of agile solutions for the authentication, authorisation and identity federation for allied companies. In the PICOS European project we concentrated on the privacy issues arising from the use of social community services.
Additionally, we have worked on the application of identity management systems in Future Internet scenarios. Cloud Computing promises a plethora of services in the cloud, among them there exists an opportunity to externalise the Identity Management service bringing great security and privacy concerns. Some solutions to these problems have been provided within the FISSICO project. Besides user authentication, we worked towards the authentication and authorisation of applications and resources within the PASSIVE and OSAMI projects. Another core element of the Future Internet are smart environments where the user interacts with objects surrounding him. NICS has also developed a privacy-aware user authentication solution that allows users to access proximity-based services without disclosing personally identifiable information.
The vision of the Internet of Things (IoT) is founded on the following premise: it is possible to create a world-wide network of interconnected objects, or things, which will probably be readable, recognizable, locatable, addressable, and/or controllable via the Internet. There are various strategies that can be used for realizing the vision of the IoT: from data acquisition networks connected to a centralized infrastructure (usually the Cloud), to distributed systems that are autonomous enough to actively collaborate with each other. However, no matter what strategy is used, there will be always various security challenges that need to be addressed: from protocol and network security to user/thing authentication, ownership, and trust. In fact, security and privacy are of paramount importance for the successful adoption of this new paradigm: in a world with potentially billions of things, the number of attack vectors available to malicious attackers will be staggering. Moreover, such attacks will target our everyday things (cars, appliances, etc) - and our everyday lives.
NICS has analyzed, under the umbrella of the SPRINT and NESSoS projects, the security and privacy threats that affect all IoT implementation strategies. These analyses have served not only as a foundation for the creation of novel concepts under active development, such as the idea of a ‘Digital Witness’ (IoTest), but also as a starting point for the development of various protection mechanisms (e.g. secure communications, security and quality of service) in projects such as IOT-SEC. Moreover, NICS is currently analyzing the deployment of security and privacy mechanisms in areas such as the Industrial Internet of Things / Industry 4.0 (SADCIP) and Fog Computing / Mobile Edge Computing [Roman16], and has also studied the implementation of IoT security and privacy mechanisms in other areas such as intelligent transport systems (DEPHISIT), smart metering and smart street lighting (TIGRIS), smart cities (ENVIA, BIO-VIA), and e-Health [Najera12].
The network communication grounds (and among them, distance and lack of trust) makes translation of paper-based procedures to networked digital ones not a trivial task. Thus, in order to realise security in Internet (or any other networked including mobile) applications, special protocols are needed to ensure that any dispute could be solved between users if the network fails or an entity misbehaves. In the computer security field, these protocols are known as non-repudiation protocols, a key element for the provision of the non-repudiation service as standardised by the ITU-T X.813.
Research oriented to non-repudiation protocols has been active since the beginning of this millennium; considering in most occasions only two parties as the players of the protocol design scenario. The work in NICS has been focused in multi-party non-repudiation protocols analysis, design, simulation and implementation. This work covers from general designs and analysis to application-driven design and implementation (as the non-repudiation supported OMA-DRM framework developed in the UBISEC project). At the same time, multi-party non repudiation protocols serve as the basis for other value-added services like Certified Electronic Mail and Contract Signing protocols. In this direction NICS has designed optimal multi-party protocols and studied their properties compatibility.
Radio Frequency IDentification (RFID) technology provides a seamless link between the items of the physical world and the information system including identification, information and computation capabilities. Due to this, it is being adopted in several sectors and is expected to be a key technology in the upcoming Internet of Things. However, its features turn it into a double-edge sword which arise several privacy and anonymity threats which combined with its extremely constrained computation and communication capabilities has turned RFID security into a relevant and complex research field.
From our group, we have and are working on the secure integration of RFID technology in a variety of scenarios. Up to now, our research has focused in two main scenarios: personal documentation and healthcare environments, both supported by research projects. In the context of the IDENTICA project, we focused on the secure integration of RFID technology in personal documentation. We introduced our concept of secure hybrid documentation and provided suitable mechanisms to improve their security properties. Part of this work included a fully functional prototype implementation of a robust and reliable key management infrastructure to manage the keys required for access the tag and establish a secure communication channel in RFID-based documents.
In the context of the CIES project, we devised the integration of RFID technology in healthcare environments in order ro improve reliability and safety of involved processes with the provision of two lab-tested solutions. First, we proposed a secure RFID-based medical equipment tracking system for healthcare facilities enabling both real-time locations and theft prevention which lab testing showed up relevant limitations of RFID technology. Moreover, we analyzed and provided a solution for care and control of patients in a hospital. Our prototype provides a secure backup data source from personnel and patients' tags, as well as an offline working mode which increase application reliability and patient's safety.
Security has traditionally been considered once the system is implemented and deployed as an after-the-fact property. This has led to poor security solutions in the form of patches that solve security problems only when a security incident has already caused damage. The area of secure software engineering takes a preventive approach by considering security in every phase of the Software Development Life Cycle (SDLC).
The underlying idea of secure software and service engineering is that software must be built with a security mind-set from the very beginning. Security is a cross-cutting concern that spans along the whole SDLC, from requirements engineering to assurance. Tackling security in every phase in a consistent and holistic way is thus a necessity to build trustworthy services and systems.
We have approached this area by considering both the SDLC as a whole and some of its stages. In the first direction, we have elaborated on development processes and assurance-based development methodologies. In the latter approach, mainly framed within the NESSoS EU project, we are concerned with security requirements specification and security frameworks for assisting during the architecture and implementation phases of the SDLC. In particular, one of our primary focus is on how to include trust and reputation requirements and models as part of systems from the very beginning, and not after-the-fact in an ad-hoc manner, which has been the standard for many years.
Since their origins trust management systems have been used in order to assist entities that have to interact with others in a system. It has been a very important tool for the decision-making process. Sometimes, the information available about the other entities is not enough for establishing a secure exchange of information, but still the interaction must take place. Trust management systems try to supply this lack of information. In the last years, due to the growth of electronic communications and transactions, reputation systems have been developed to aid trust management systems for assisting the trust decision process.
In order to establish the trust relationship a trust management system is usually composed of a symbolic language for representing trust and a way of measuring trust (trust metrics), that derives the trust assessment. At NICS we have mainly concentrated on designing different trust models. In particular, we designed a trust model based on graph theory and characterized the most suitable trust metrics to be used in each case depending on its properties or the nature of the system. Sometimes, the application case is dynamic and therefore the inclusion of time as a parameter for measuring trust is very convenient. We designed a trust model where besides trust and reliability as parameters time was also considered. Other trust models designed at NICS include delegation privileges for access control or a scale-based model. We also investigated how in the context of federated identity management trust perception can be exported by using a federated reputation system.
As an application of trust and reputation management to a specific field we considered the field Wireless Sensor Networks. We identified which are the main features that a trust and reputation management system should include for its application to WSN and which are the best practices that should govern their design. As an extension to the application of trust and reputation management to WSN we have developed a reputation-based early warning system for critical infrastructures.
Wireless Sensor Networks, or WSN, have evolved in the past years from a promising research field to a useful technology applicable to numerous scenarios, such as home and industrial environments. Security is a key factor for the successful deployment of this type of networks, as there are multiple issues (e.g. the capabilities of the nodes and the existence of multiple attack points) that must be carefully considered in order to assure a fault tolerant provisioning of protected services. The importance of security is acknowledged by current WSN specifications, such as Zigbee or ISA100.11a, which define their own security mechanisms and protocols.
Moreover, there are also incoming standards strictly focused on WSN security, such as ISO/IEC 29180 and ITU-IT X.1312. Nevertheless, as security is highly related to the needs of an application and its environment, NICS has been working on the analysis and development of security mechanisms specially adapted for the requirements of WSN applications. Not only NICS has studied different areas such as the use of cryptographic algorithms, the distribution of keying material, and the existence of network status systems, but also has provided some guidelines to integrate those mechanisms in middleware architectures (project SMEPP). Moreover, although WSN is a strategic component of the future Internet of Things, there are still various security challenges that need to be solved from a local perspective. Such challenges were analyzed by NICS in the projects ARES and SPRINT.