Rodrigo Roman

PostDoctoral Researcher

Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34-951-952914    Fax: +34-951-952749

 Domain of interest and research

  • Protecting the Internet of Things
  • Security in Wireless Sensor Networks
  • Design and Development of Security Architectures
  • Protection of Critical Infrastructures

Current research

  • "Bring security to the real world": For Dr. Roman, security should not be an obscure concept that is difficult to apply, but a simple idea that can be easily explained and deployed. Consequently, Dr. Roman's research is mainly focused on providing useful and relevant security solutions that fulfill the requirements of both applications and its users.
    • Security solutions for the Internet of Things: One of our goals is to provide security mechanisms for various IoT scenarios, such as monitoring solutions for Industrial Internet of Things scenarios (SADCIP project) and the introduction of the "digital witness" concept in IoT Forensics (IoTest project).
    • Security Architectures: Another of our goals is to define and create security architectures that fulfill the requirements of the application and its environment. Currently we are studying the security of edge paradigms, such as Fog Computing and Mobile Edge Computing..


  • Ph.D. in Computer Science (with European Doctorate mention), University of Malaga (June 2008).
  • Undergraduate Research Fellow, Institute for Infocomm Research (I2R), Singapore (August 2003 - December 2004).
  • MSc. in Computer Engineering, University of Malaga (August 2003).
  • BSc. in Computer Science, University of Malaga (August 2000).

Relevant publications

  • A. Nieto, R. Roman, and J. Lopez, "Digital Witness: Safeguarding Digital Evidence by using Secure Architectures in Personal Devices", In IEEE Network, IEEE Communications Society, pp. 12-19, 2016. ISI JCR Impact Factor 2016: 7.230 DOI More..


    Personal devices contain electronic evidence associated with the behaviour of their owners and other devices in their environment, which can help clarify the facts of a cyber-crime scene. These devices are usually analysed as containers of proof. However, it is possible to harness the boom of personal devices to define the concept of digital witnesses, where personal devices are able to actively acquire, store, and transmit digital evidence to an authorised entity, reliably and securely. This article introduces this novel concept, providing a preliminary analysis on the management of digital evidence and the technologies that can be used to implement it with security guarantees in IoT environments. Moreover, the basic building blocks of a digital witness are defined.

    Impact Factor: 7.230
    Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • R. Roman, J. Lopez, and M. Mambo, "Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges", In Future Generation Computer Systems, vol. 78, issue 1, Elsevier, pp. 680-698, 01/2018. ISI JCR Impact Factor 2016: 3.997 DOI More..


    For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

    Impact Factor: 3.997
    Journal Citation Reports® Science Edition (Thomson Reuters, 2016)

  • R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things", In Computer Networks, vol. 57, Elsevier, pp. 2266–2279, July 2013. ISI JCR Impact Factor 2013: 1.282 DOI More..


    In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.

    Impact Factor: 1.282
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  • R. Roman, P. Najera, and J. Lopez, "Securing the Internet of Things", In IEEE Computer, vol. 44, no. 9, IEEE, pp. 51 -58, Sept 2011. ISI JCR Impact Factor 2011: 1.47 DOI More..


    This paper presents security of Internet of things. In the Internet of Things vision, every physical object has a virtual component that can produce and consume services Such extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure its safe and ethical use. The Internet and its users are already under continual attack, and a growing economy-replete with business models that undermine the Internet’s ethical use-is fully focused on exploiting the current version’s foundational weaknesses.

    Impact Factor: 1.47
    Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

  • J. Lopez, R. Roman, and C. Alcaraz, "Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks", In Foundations of Security Analysis and Design 2009, LNCS 5705, Springer Berlin/Heidelberg, pp. 289-338, August, 2009. DOI More..


    As sensor networks are more and more being implemented in real world settings, it is necessary to analyze how the different requirements of these real-world applications can influence the security mechanisms. This paper offers both an overview and an analysis of the relationship between the different security threats, requirements, applications, and security technologies. Besides, it also overviews some of the existing sensor network standards, analyzing their security mechanisms.

Attended courses and seminars

  • European Intensive Programme on Information & Communication Systems Security (IPICS), August 2003.

Scientific Activities

  • Editor:
    • International Journal on Advances in Security - IARIA
    • Information Security Journal: A Global Perspective - Taylor and Francis Group
  • Guest Editor:
    • Journal of Security and Communication Networks - Wiley ("Security in a Completely Interconnected World")
    • Journal of Security and Communication Networks - Wiley ("Protecting the Internet of Things"
    • Journal of Communication Systems - Wiley ("Advanced Processing Technologies and Applications for Mobile Communication Systems")
  • General (co)chair:
    • 2011: ACNS
    • 2010: SecIoT
  • Program (co)chair:
    • 2012: SecIoT
    • 2011: IWCS
  • Program committee member (last 5 years):
    • 2016: TrustBus, WISTP, SIoT, ISI WIC.
    • 2015: SIoT
    • 2014: WF-IoT, SNDS, ComNet-IoT, NCCA
    • 2013: PECCS, SNDS, WCNC, Globecom-IoT Symposia, AIM, TrustBus, RFIDSec, SeTTIT, CloudCom, EUC, ASPI
  • Organization committee member:
    • 2008: ESORICS
    • 2007: CRITIS, EuroPKI,JITEL


  • IEEE, member.