DI - COSEC - Artículos en Congresos Internacionales
Permanent URI for this collection
Browse
Recent Submissions
Now showing 1 - 20 of 34
Publication Eye-based keystroke prediction for natural texts - a feasibility analysis(IEEE, 2022-12-09) Reverte Cazorla, José; Fuentes García-Romero de Tejada, José María de; González Manzano, Lorena; Comunidad de Madrid; Agencia Estatal de Investigación (España); Universidad Carlos III de MadridThe use of videoconferencing is on the rise after COVID-19, being common to look at the screen and see someone typing. A side-channel attack may be launched to infer the text written from the face image. In this paper, we analyse the feasibility of such an attack, being the first proposal which work with a complete keyset (50 keys) and natural texts. We use different scenarios, lighting conditions and natural texts to increase realism. Our study involves 30 participants, who typed 49,365 keystrokes. We characterize the effect of lighting, gender, age and use of glasses. Our results show that on average 13.71% of keystrokes are revealed without error, and up to 31.8%, 52.5% and 61.2% are guessed with a maximum error of 1, 2 and 3 keys, respectively.Publication A nested decision tree for event detection in smart grids(European Association for the Development of Renewable Energy, Environment and Power Quality (EA4EPQ), 2022-09) Turanzas, J.; Alonso Martínez, Mónica; Amarís Duarte, Hortensia Elena; Gutierrez, J.; Pastrana Portillo, SergioDigitalization process experienced by traditional power networks towards smart grids extend the challenges faced by power grid operators to the field of cybersecurity. False data injection attacks, one of the most common cyberattacks in smart grids, could lead the power grid to sabotage itself. In this paper, an event detection algorithm for cyberattack in smart grids is developed based on a decision tree. In order to find the most accurate algorithm, two different decision trees with two different goals have been trained: one classifies the status of the network, corresponding to an event, and the other will classify the location where the event is detected. To train the decision trees, a dataset made by co-simulating a power network and a communication network has been used. The decision trees are going to be compared in different settings by changing the division criteria, the dataset used to train them and the misclassification cost. After looking at their performance independently, the best way to combine them into a single algorithm is presented.Publication Characterizing eve: analysing cybercrime actors in a large underground forum(Springer, 2018-09-10) Pastrana Portillo, Sergio; Hutchings, Alice; Caines, Andrew; Buttery, PaulaUnderground forums contain many thousands of active users, but the vast majority will be involved, at most, in minor levels of deviance. The number who engage in serious criminal activity is small. That being said, underground forums have played a significant role in several recent high-profile cybercrime activities. In this work we apply data science approaches to understand criminal pathways and characterize key actors related to illegal activity in one of the largest and longest-running underground forums. We combine the results of a logistic regression model with k-means clustering and social network analysis, verifying the findings using topic analysis. We identify variables relating to forum activity that predict the likelihood a user will become an actor of interest to law enforcement, and would therefore benefit the most from intervention. This work provides the first step towards identifying ways to deter the involvement of young people away from a career in cybercrime.Publication SmartLED: Smartphone-based covert channels leveraging the notification LED(IEEE, 2020-12-29) González Manzano, Lorena; Bernárdez, Sergio; Fuentes García-Romero de Tejada, José María de; Comunidad de Madrid; European Commission; Ministerio de Economía y Competitividad (España); Universidad Carlos III de MadridThe widespread adoption of smartphones make them essential in daily routines. Thus, they can be used to create a covert channel without raising suspicions. To avoid detection, networkless communications are preferred. In this paper, we propose SmartLED, a mechanism to build covert channels leveraging a widely available smartphone feature - its notification LED. The secret is encoded through LED blinks using Manhattan encoding. SmartLED is assessed in real-world indoor and outdoor scenarios, considering different distances up to 5 meters. Our results show that the best performance is achieved in dark settings - 34.8 s. are needed to exfiltrate a 7-byte password to a distance of 1 m. Remarkably, distance does not cause a great impact on effective transmission time and shorter blinks do not lead to substantially greater transmission errorsPublication A primer on Open Source Intelligence (OSINT) leveraging existing tools(2020-10-14) González Manzano, Lorena; Comunidad de Madrid; Universidad Carlos III de MadridThe acquisition of intelligence from public open sources, known as Open Source INTelligence (OSINT), is a common practice in many investigations. Data analysis skills are a priority, as well as the knowledge of OSINT tools to relieve the burden of data gathering and analysis. Though data analysis has received a lot of attention, OSINT tools are much less explored. In this regard, and with the intent to be especially useful for newcomers in this discipline, this paper presents a classification of OSINT tools from the professional and academic point of view,. Afterwards, a set of open challenges are highlighted.Publication SoNeUCON_{ABC}Pro: an access control model for social networks with translucent user provenance(Springer, 2018-01) González Manzano, Lorena; Slaymaker, Mark; Fuentes García-Romero de Tejada, José María de; Vayenas, DimitrisWeb-Based Social Networks (WBSNs) are used by millions of people worldwide. While WBSNs provide many benefits, privacy preservation is a concern. The management of access control can help to assure data is accessed by authorized users. However, it is critical to provide sufficient flexibility so that a rich set of conditions may be imposed by users. In this paper we coin the term user provenance to refer to tracing users actions to supplement the authorisation decision when users request access. For example restricting access to a particular photograph to those which have “liked” the owners profile. However, such a tracing of actions has the potential to impact the privacy of users requesting access. To mitigate this potential privacy loss the concept of translucency is applied. This paper extends SoNeUCONABC model and presents SoNeUCONABCPro, an access control model which includes translucent user provenance. Entities and access control policies along with their enforcement procedure are formally defined. The evaluation demonstrates that the system satisfies the imposed goals and supports the feasibility of this model in different scenarios.Publication ase-PoW: a proof of ownership mechanism for cloud deduplication in hierarchical environments(Springer International Publishing, 2016-10-10) González Manzano, Lorena; Fuentes García-Romero de Tejada, José María de; Choo, Kim-Kwang RaymondProof-of-Ownership (PoW) can be an efective deduplication technique to reduce storage requirements, by providing cloud storage servers the capability to guarantee that clients only upload and download files that they are in possession of. In this paper, we propose an attribute symmetric encryption PoW scheme (ase-PoW) for hierarchical environments such as corporations, in which (1) the external cloud service provider is honest-but-curious and (2) there is a exible access control in place to ensure only users with the right privilege can access sensitive files. This is, to the best of our knowledge, the first such scheme and it is built upon the ce-PoW scheme of Gonzalez-Manzano and Orfila (2015). Ase-PoW outperforms ce-PoW in that it does not suffer from content-guessing attacks, it reduces client storage needs and computational workload.Publication Seguridad en redes sociales: problemas, tendencias y retos futuros(2014-01-23) González-Manzano, Lorena; González-Tablas, Ana Isabel; Fuentes, José María de; Ribagorda Garnacho, ArturoEl abrumador crecimiento de las Redes Sociales (RSs) junto con su gran utilización, estimulan su constante investigación y mejora. Sin embargo, el uso de las RSs no está exento de problemas de seguridad y, en concreto, de privacidad. De hecho, es aquí donde este trabajo contribuye. En base a las recientes investigaciones y tendencias, se presentan un total de diez problemas asociados con la privacidad en las RSs. Además, cada problema es acompañado de directrices que pretenden ser la base de futuras investigaciones y desarrollos. Finalmente, se analiza de forma global la dificultad técnica de abordar estos problemas, así como su alcance en las RS.Publication U+F Social Network Protocol: Achieving interoperability and reusability between Web Based Social Networks(IEEE, 2012) González-Manzano, Lorena; González-Tablas, Ana Isabel; Fuentes, José María de; Ribagorda Garnacho, ArturoAlong the time many Web Based Social Networks (WBSNs) have appeared, but not all of them offer the same services. Users may use multiple WBSNs to satisfy their requirements. Besides, operations such as the creation of accounts or the establishment of groups, are repeated in all of them, being a tedious issue. To address this matter, this paper proposes a protocol, based on the UMA core protocol and the FOAF project, to attain interoperability and reusability of resources, identity data and access control policies across different WBSNs. Moreover, an evaluation and a security analysis are presented.Publication Towards a comparable evaluation for VANET protocols: NS-2 experiments builder assistant and extensible test bed(IS-ITS AG, 2011) Munera, José; Fuentes, José María de; González-Tablas, Ana IsabelIn order to validate an Intelligent Transportation System (ITS) application or service, simulation techniques are usually employed. Nowadays, there are two problems associated to this kind of validation: the relative complexity of existing simulators and the lack of common criteria in the creation of simulation experiments. The first one makes it hard for users not familiar with a simulation tool to create and execute comprehensive experiments. The second one leads to a situation in which different proposals are validated in different scenarios, thus making it difficult to compare their performance. This work contributes on addressing both problems by proposing VanSimFM, an open-source assistant tool for creating NS-2 simulation experiments, and by defining an extensible test bed which contains a set of simulation scenarios. The test bed is intended to represent the different situations that may be found in a real vehicular environment.Publication L–PEP: a logic to reason about privacy–enhancing cryptography protocols(Springer, 2011) Alcaide Raya, Almudena; Abdallah, Ali; González-Tablas Ferreres, Ana Isabel; Fuentes, José María deIn recent years, many cryptography protocols have been designed, for many different scenarios, with the purpose of preserving security of communications as well as privacy and anonymity of participant entities. In general, every proposed solution has possed a real challenge to the existing formal methods of protocol analysis and verification. The main goal of this work is the proposal of a logic to reason about privacy-enhancing monotonic and non-monotonic cryptography protocols. The new logic will be called L-PEP and it extends the existing Rubin's logic of beliefs.Publication Nature-inspired synthesis of rational protocols(Springer, 2008) Alcaide Raya, Almudena; Estévez Tapiador, Juan Manuel; Hernández-Castro, Julio C.; Ribagorda Garnacho, ArturoRational cryptography is an emerging field which combines aspects traditionally related to security with concepts described in economic theoretical frameworks. For example, it applies game theory concepts to address security problems arising when executing cryptographic protocols. The aim is to replace the assumption of a worst-case attacker by the notion of rational agents that try to maximize their payoffs. In this work, we define a formal framework and a meta--heuristic technique for the automated synthesis of multi-party rational exchange security (M-RES) protocols. We provide experimental results for a simple scenario where a 3-party rational exchange protocol is automatically designed.Publication An Architecture for User-managed Location Sharing in the Future Internet of Services(2010) González-Tablas, Ana Isabel; Alam, Mohammad; Hoffmann, MarioIn this paper we analyse the problem of providing an user-managed system for sharing the user’s location information in the Future Internet of Services, and propose some architectural mechanisms to support this kind of system. Our approach is based on the work done within Kantara’s UMA WG. Furthermore, we highlight open issues that still need to be addressed in location information sharing scenarios.Publication Towards a privacy-respectful telematic verification system for vehicle & driver authorizations(Springer, 2011) González-Tablas Ferreres, Ana Isabel; Alcaide Raya, Almudena; Suárez-Tangil, Guillermo; Fuentes, José María de; Barroso-Pérez, IsraelThe use of ubiquitous technologies to implement a telematic on-the-road verification of driver and vehicle authorizations would provide significant benefits regarding road safety, economic costs and convenience. Privacy-aware digital credentials would enable such a service although some challenges exist. The goal of this on-going work is to address these challenges. The first contribution herein presented is an enhanced data model of driver and vehicle authorizations. Secondly, we provide an analysis of existing privacy-aware digital credential systems that may support the implementation of the system.Publication A functional framework to evade network IDS(IEEE, 2011-01) Pastrana, Sergio; Orfila, Agustín; Ribagorda Garnacho, ArturoSignature based Network Intrusion Detection Systems (NIDS) apply a set of rules to identify hostile traffic in network segments. Currently they are so effective detecting known attacks that hackers seek new techniques to go unnoticed. Some of these techniques consist of exploiting network protocols ambiguities. Nowadays NIDS are prepared against most of these evasive techniques, as they are recognized and sorted out. The emergence of new evasive forms may cause NIDS to fail. In this paper we present an innovative functional framework to evade NIDS. Primary, NIDS are modeled accurately by means of Genetic Programming (GP). Then, we show that looking for evasions on models is simpler than directly trying to understand the behavior of NIDS. We present a proof of concept showing how to evade a self-built NIDS regarding two publicly available datasets. Our framework can be used to audit NIDS.Publication A multi-agent scanner to detect stored-XSS vulnerabilities(IEEE, 2010-11) Galán, Eduardo; Alcaide Raya, Almudena; Orfila Díaz-Pabon, Agustín; Blasco Alís, JorgeThe cross-site scripting (XSS) has become a common vulnerability of many web sites and web applications. XSS consists in the exploitation of input validation flaws, with the purpose of injecting arbitrary script code which is later executed at the web browser of the victim. One interesting possibility to prevent this type of vulnerability is the use of vulnerability scanners. However, current scanners are capable of detecting just one of the two main modalities of XSS attacks. This paper introduces a novel multi–agent system for the automated scanning of web sites to detect the presence of XSS vulnerabilities exploitable by an stored–XSS attack. The rate of detection of the system is evaluated in two different scenarios.Publication Modeling NIDS evasion with genetic programming(CSREA Press, 2010-07) Pastrana, Sergio; Orfila, Agustín; Ribagorda Garnacho, ArturoNowadays, Network Intrusion Detection Systems are quickly updated in order to prevent systems against new attacks. This situation has provoked that attackers focus their efforts on new sophisticated evasive techniques when trying to attack a system. Unfortunately, most of these techniques are based on network protocols ambiguities [1], so NIDS designers must take them into account when updating their tools. In this paper, we present a new approach to improve the task of looking for new evasive techniques. The core of our work is to model existing NIDS using the Genetic Pro- gramming paradigm. Thus, we obtain models that simulate the behavior of NIDS with great precision, but with a much simpler semantics than the one of the NIDS. Looking for this easier semantics allows us to easily construct evasions on the model, and therefore on the NIDS, as their behavior is quite similar. Our results show how precisely GP can model a NIDS behavior.Publication Robust new method in frequency domain watermarking(Springer, 2001-10) Sánchez, David; Orfila, Agustín; Hernández-Castro, Julio C.; Sierra, José M.This article presents a new and robust watermarking method in the frequency domain that improves over the existing ones. It is robust to JPEG compression, very configurable, simple, efficient and very easy to implement. Apart from JPEG test, it shows very good results in all tests applied.Publication Printers are dangerous(IEEE, 2001-10) Hernández-Castro, Julio C.; Sierra, José M.; González-Tablas, Ana Isabel; Orfila, AgustínIn the last years, many new intelligent full-featured peripherals that assist information systems have appeared. Those peripherals, such as printers, copiers, PDA organizers, Web cameras, etc. usually have a very friendly way of configuration and management (via http, ftp or telnet servers) and offer more networked services everyday. Their computation, memory and networking capabilities have also increased in the last years. Nowadays, many of them are comparable to workstations and run complete operating systems such as Linux or Solaris. All those factors imply that these devices could represent a real threat to the security of information systems. This problem is even worse because most of those peripherals have been considered inoffensive and not many administrators are aware of their security risks. The most representative example is printers, which have been traditionally considered totally harmless devices. At the present time, that idea is difficult to defend because many security incidents related with networked printers have arisen in the last years. System and security administrators have traditionally focused their efforts in fortifying servers and hosts only, but it seems that this view is not enough for assuring security nowadays.Publication Labelling clusters in an intrusion detection system using a combination of clustering evaluation techniques(IEEE, 2006-01) Petrovic, Slovodan; Álvarez, Gonzalo; Orfila, Agustín; Carbó Rubiera, Javier IgnacioA new clusters labelling strategy, which combines the computation of the Davies-Bouldin index of the clustering and the centroid diameters of the clusters is proposed for application in anomaly based intrusion detection systems (IDS). The aim of such a strategy is to detect compact clusters containing very similar vectors and these are highly likely to be attack vectors. Experimental results comparing the effectiveness of a multiple classifier IDS with such a labelling strategy and that of the classical cardinality labelling based IDS show that the proposed strategy behaves much better in a heavily attacked environment where massive attacks are present. The parameters of the labelling algorithm can be varied in order to adapt to the conditions in the monitored network.