COMPROMISE
COMPROMISE: Mejorando la confidencialidad y privacidad en protocolos de comunicaciones
AGENCIA ESTATAL DE INVESTIGACION (AEI)
(Ref. PID2020-113795RB-C32)
9/ 2021
--
8/ 2024
Nowadays, mobile devices and networks allow us to be constantly connected anywhere. Often, these interactions leave a digital footprint that we are not aware of. Data, such as location information linked to our posts or searches in our browser may be processed by ML techniques that might allow a third party to infer sensitive information about our lives, such as location footprint. Consequently, there is a growing concern about the loss of control over personal data and the potential negative impact in our lives. Technology is now at a crossroads: trying to balance privacy and utility in scenarios that combine massive exchange communications, big databases and distributed and collaborative ML techniques towards the network edge. Precisely, the COMPROMISE project combines our knowledge in the areas of security, privacy, communication protocols, quality of service and ML, to face privacy improvements in network protocols and prevent privacy attacks, protecting communications with mechanisms that balance the trade-off between utility and privacy."
Publications
Chica, Sergio; Marín-López, Andrés; Arroyo, David; Almenares-Mendoza, Florina; Díaz-Sánchez, Daniel
Enhancing the anonymity and auditability of whistleblowers protection Proceedings Article
In: pp. 413 - 422, Springer International Publishing, 2023, ISBN: 978-3-031-21229-1.
@inproceedings{pa057,
title = {Enhancing the anonymity and auditability of whistleblowers protection},
author = {Sergio Chica and Andrés Marín-López and David Arroyo and Florina Almenares-Mendoza and Daniel Díaz-Sánchez},
doi = {https://doi.org/10.1007/978-3-031-21229-1_38},
isbn = {978-3-031-21229-1},
year = {2023},
date = {2023-01-08},
pages = {413 - 422},
publisher = {Springer International Publishing},
abstract = {In our democracy a trade-off between checks and balances is mandatory. To play the role of balances, it is necessary to have information that is often only obtainable through channels that ensure the anonymity of the source. Here we present a work in progress of a system that provides anonymity to sources in a open and auditable system, oriented to audit systems of critical infrastructure and built on our previous work autoauditor.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In our democracy a trade-off between checks and balances is mandatory. To play the role of balances, it is necessary to have information that is often only obtainable through channels that ensure the anonymity of the source. Here we present a work in progress of a system that provides anonymity to sources in a open and auditable system, oriented to audit systems of critical infrastructure and built on our previous work autoauditor.
Díaz-Sanchez, Daniel; Almenarez-Mendoza, Florina; Marín-López, Andres; Rojo-Rivas, Isabel
A Hybrid Approach to Ephemeral PKI Credentials Validation and Auditing Proceedings Article
In: Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022), pp. 1043 - 1054, Springer International Publishing, 2022, ISBN: 978-3-031-21332-8.
@inproceedings{pa056,
title = {A Hybrid Approach to Ephemeral PKI Credentials Validation and Auditing},
author = {Daniel Díaz-Sanchez and Florina Almenarez-Mendoza and Andres Marín-López and Isabel Rojo-Rivas },
isbn = {978-3-031-21332-8},
year = {2022},
date = {2022-12-20},
urldate = {2022-12-20},
booktitle = {Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022)},
pages = {1043 - 1054},
publisher = {Springer International Publishing},
abstract = {IoT/M2M solutions are expected to rely on near computing infrastructures for deployment of services, frequently ephemeral, that will need adequate protection. Communication protocols in IoT services have widely adopted TLS/PKI as the de facto security standard despite PKI was not designed for issuing short lived credentials. Moreover, after several Certificate Authorities were compromised, some Certificate Pinning proposal were developed to give an additional verification to PKI certificates. Some Certificate Pinning solutions, as Certificate Transparency, provide long term auditing information for PKI certificates issued by renowned Certificate Authorities only, whereas others, as DANE, are able to verify self-issued certificates and give support for security islands that would benefit the development of IoT/M2M micro services but cannot provide long term auditing information. This article describe DANEAudits, a novel service with the objective of complementing DANE with long term auditing information without the need of new Trusted Third Parties different from the information owner.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
IoT/M2M solutions are expected to rely on near computing infrastructures for deployment of services, frequently ephemeral, that will need adequate protection. Communication protocols in IoT services have widely adopted TLS/PKI as the de facto security standard despite PKI was not designed for issuing short lived credentials. Moreover, after several Certificate Authorities were compromised, some Certificate Pinning proposal were developed to give an additional verification to PKI certificates. Some Certificate Pinning solutions, as Certificate Transparency, provide long term auditing information for PKI certificates issued by renowned Certificate Authorities only, whereas others, as DANE, are able to verify self-issued certificates and give support for security islands that would benefit the development of IoT/M2M micro services but cannot provide long term auditing information. This article describe DANEAudits, a novel service with the objective of complementing DANE with long term auditing information without the need of new Trusted Third Parties different from the information owner.
