Edificio de Investigación Ada Byron
C/ Arquitecto Francisco Peñalosa, nº 18
Ampliación Campus de Teatinos. Universidad de Málaga
29071 Málaga (Spain)
Phone: +34-951-952939 Fax: +34-951-952749
Domain of interest and research
- Privacy-Enhancing Technologies
- Covert Communication Channels
- Edge Computing Security
- PhD in Computer Science (University of Málaga, Spain, 2014)
- MSC in Computer Science (University of Málaga, Spain, 2008)
- BSc in Computer Science (University of Skövde, Sweden, 2007)
- "Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies",
23rd European Symposium on Research in Computer Security (ESORICS 2018), Springer, In Press.
Location privacy has mostly focused on scenarios where users remain static. However, investigating scenarios where the victims present a particular mobility pattern is more realistic. In this paper, we consider abstract attacks on services that provide location information on other users in the proximity. In that setting, we quantify the required effort of the attacker to localize a particular mobile victim. We prove upper and lower bounds for the effort of an optimal attacker. We experimentally show that a Linear Jump Strategy (LJS) practically achieves the upper bounds for almost uniform initial distributions of victims. To improve performance for less uniform distributions known to the attacker, we propose a Greedy Updating Attack Strategy (GUAS). Finally, we derive a realistic mobility model from a real-world dataset and discuss the performance of our strategies in that setting.
- "Evolving privacy: From sensors to the Internet of Things",
Future Generation Computer Systems, vol. 75, Elsevier, pp. 46–57, 10/2017. DOI (I.F.: 4.639)
The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.Impact Factor: 4.639Journal Citation Reports® Science Edition (Thomson Reuters, 2017)
- "Query Privacy in Sensing-as-a-Service Platforms",
32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), S. De Capitan di Vimercati, and F. Martinelli Eds., IFIP Advances in Information and Communication Technology (AICT) 502, Springer, pp. 141–154, 05/2017. DOI
The Internet of Things (IoT) promises to revolutionize the way we interact with the physical world. Even though this paradigm is still far from being completely realized, there already exist Sensing-as-a-Service (S2aaS) platforms that allow users to query for IoT data. While this model offers tremendous benefits, it also entails increasingly challenging privacy issues. In this paper, we concentrate on the protection of user privacy when querying sensing devices through a semi-trusted S2aaS platform. In particular, we build on techniques inspired by proxy re-encryption and k-anonymity to tackle two intertwined problems, namely query privacy and query confidentiality. The feasibility of our solution is validated both analytically and empirically.
"Location Privacy in Wireless Sensor Networks",
CRC Series in Security, Privacy and Trust, Taylor & Francis, 2016.
- "Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN",
17th European Symposium on Research in Computer Security (ESORICS 2012), S. Foresti, M. Yung, and F. Martinelli Eds., LNCS 7459, Springer, pp. 163-180, Sep 2012. DOI
The singular communication model in wireless sensor networks (WSNs) originate pronounced traffic patterns that allow a local observer to deduce the location of the base station, which must be kept secret for both strategical and security reasons. In this work we present a new receiver-location privacy solution called HISP (Homogenous Injection for Sink Privacy). Our scheme is based on the idea of hiding the flow of real traffic by carefully injecting fake traffic to homogenize the transmissions from a node to its neighbors. This process is guided by a lightweight probabilistic approach ensuring that the adversary cannot decide with sufficient precision in which direction to move while maintaining a moderate amount of fake traffic. Our system is both validated analytically and experimentally through simulations.
You can find the full list here.
Attended courses and seminars
- FOSAD 2013: 13th International School on Foundations of Security Analysis and Design. Bertinoro, Italy (2013)
- Control Systems Security Models, Malaga, Spain (2010)
- Service Protocol Verification, Malaga, Spain (2010)
- IPICS 2009: Intensive Programme on Information and Communication Security. Viena, Austria (2010)
- SWING 2009: 4th Bertinoro PhD School on Security of Wireless Networking. Bertinoro, Italy (2009)
- Security and Privacy for wireless resource constrained devices, University of Malaga, Spain (2009)
- SWING 2008: 3rd Bertinoro PhD School on Security of Wireless Networking. Bertinoro, Italy (2008)
- Program (co)Chair
- 2018: DPM
- Organization committee member:
- Program committee member:
- 2018: WITC, NSS, TrustBus, BIC
- 2017: icSoftComp, FutureTech, TrustBus, DEPEND, BIC
- 2016: DEPEND, TrustCom
- 2015: FutureTech, TrustCom, DEPEND, PE-WASUN, CUTE,
- 2014: ACSA, SMPE, FutureTech, DASC, DEPEND, ATC
- 2013: STA, FutureTech, ATC, UCES, WTA
- 2012: Future Tech, ATC, STA, ACSA, WTA, WPS, SmartIT
- 2011: SmartPhone, IWCS, STA, ATC, WTA
- 2010: SmartPhone
- IEEE Member