Chica, Sergio; Marín, Andrés; Arroyo-Guardeño, David; Díaz, Jesús; Almenares, Florina; Díaz, Daniel Enhancing the anonymity and auditability of whistleblowers protection Conference 2022. Abstract | Links | BibTeX | Tags: anonymous whistleblowing, compromise, cynamon, ECDHE, group signatures, permissioned blockchain Marín-López, Andrés; Chica-Manjarrez, Sergio; Arroyo, David; Almenares-Mendoza, Florina; Díaz-Sánchez, Daniel Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain Journal Article In: Electronics, vol. 9, pp. 1865, 2020, ISSN: 2079-9292. Abstract | Links | BibTeX | Tags: cynamon, inteligenciafuentesabiertas, permissioned blockchain, scalability, security auditing, smart grid security2022
@conference{almenarez015,
title = {Enhancing the anonymity and auditability of whistleblowers protection},
author = {Sergio Chica and Andrés Marín and David Arroyo-Guardeño and Jesús Díaz and Florina Almenares and Daniel Díaz },
url = {http://hdl.handle.net/10261/275765},
doi = {https://doi.org/10.20350/digitalCSIC/14702},
year = {2022},
date = {2022-11-30},
urldate = {2022-11-30},
abstract = { In our democracy a trade-off between checks and balances is mandatory. To play the role of balances, it is necessary to have information that is often only obtainable through channels that ensure the anonymity of the source. Here we present a work in progress of a system that provides anonymity to sources in a open and auditable system, oriented to audit systems of critical infrastructure and built on our previous work autoauditor.},
keywords = {anonymous whistleblowing, compromise, cynamon, ECDHE, group signatures, permissioned blockchain},
pubstate = {published},
tppubtype = {conference}
}
2020
@article{marin002,
title = {Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain},
author = {Andrés Marín-López and Sergio Chica-Manjarrez and David Arroyo and Florina Almenares-Mendoza and Daniel Díaz-Sánchez },
url = {https://www.mdpi.com/2079-9292/9/11/1865
},
doi = {https://doi.org/10.3390/electronics9111865},
issn = {2079-9292},
year = {2020},
date = {2020-11-06},
urldate = {2020-11-06},
journal = {Electronics},
volume = {9},
pages = {1865},
abstract = {With the transformation in smart grids, power grid companies are becoming increasingly
dependent on data networks. Data networks are used to transport information and commands for
optimizing power grid operations: Planning, generation, transportation, and distribution. Performing
periodic security audits is one of the required tasks for securing networks, and we proposed in a
previous work AUTOAUDITOR, a system to achieve automatic auditing. It was designed according
to the specific requirements of power grid companies, such as scaling with the huge number of
heterogeneous equipment in power grid companies. Though pentesting and security audits are
required for continuous monitoring, collaboration is of utmost importance to fight cyber threats.
In this paper we work on the accountability of audit results and explore how the list of audit result
records can be included in a blockchain, since blockchains are by design resistant to data modification.
Moreover, blockchains endowed with smart contracts functionality boost the automation of both
digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such
system exists. We perform throughput evaluation to assess the feasibility of the system and show
that the system is viable for adaptation to the inventory systems of electrical companies.},
keywords = {cynamon, inteligenciafuentesabiertas, permissioned blockchain, scalability, security auditing, smart grid security},
pubstate = {published},
tppubtype = {article}
}
dependent on data networks. Data networks are used to transport information and commands for
optimizing power grid operations: Planning, generation, transportation, and distribution. Performing
periodic security audits is one of the required tasks for securing networks, and we proposed in a
previous work AUTOAUDITOR, a system to achieve automatic auditing. It was designed according
to the specific requirements of power grid companies, such as scaling with the huge number of
heterogeneous equipment in power grid companies. Though pentesting and security audits are
required for continuous monitoring, collaboration is of utmost importance to fight cyber threats.
In this paper we work on the accountability of audit results and explore how the list of audit result
records can be included in a blockchain, since blockchains are by design resistant to data modification.
Moreover, blockchains endowed with smart contracts functionality boost the automation of both
digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such
system exists. We perform throughput evaluation to assess the feasibility of the system and show
that the system is viable for adaptation to the inventory systems of electrical companies.
Publications
Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain Journal Article In: Electronics, vol. 9, pp. 1865, 2020, ISSN: 2079-9292.2022
2020