Llano-Miraval, Juan Diego; Campo, Celeste; García-Rubio, Carlos; Moure-Garrido, Marta AI Versus IoT Security: Fingerprinting and Defenses Against TLS Handshake-Based IoT Device Classification Journal Article In: IEEE Access, vol. 13, pp. 165607 - 165622, 2025, ISSN: 2169-3536. Abstract | Links | BibTeX | Tags: cryptography, Discovery, Fingerprint recognition, I-Shaper, Internet of Things, Metadata, Protocols, Qursa, Ramones, Security Blanco-Romero, Javier; Lorenzo, Vicente; Almenares, Florina; Díaz-Sánchez, Daniel; and Celeste Campo,; García-Rubio, Carlos Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols Conference 2024 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2024, ISBN: 979-8-3503-5424-9. Abstract | Links | BibTeX | Tags: coap, compromise, cryptography, I-Shaper, IoT, MQTT-SN, Post-Quantum Cryptography, PQC, Protocols, Qursa Díaz-Sánchez, Daniel; Guerrero, Rosa Sánchez; López, Andrés Marín; Almenares, Florina; Arias, Patricia A H.264 SVC distributed content protection system with flexible key stream generation Proceedings Article In: 2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin), IEEE, 2022, ISSN: 2166-6814. Abstract | Links | BibTeX | Tags: Cloud computing, cryptography, multimedia, servicioseguridad Proserpio, Davide; Sanvido, Fabio; Arias-Cabarcos, Patricia; Sánchez-Guerrero, Rosa; Almenárez-Mendoza, Florina; Díaz-Sánchez, Daniel; Marín-López, Andrés Introducing Infocards in NGN to Enable User-Centric Identity Management Proceedings Article In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 1930-529X. Abstract | Links | BibTeX | Tags: authentication, cryptography, IP networks, Protocols Díaz-Sánchez, Daniel; Sanvido, Fabio; Proserpio, Davide; Marín, Andrés Extended DLNA protocol: Sharing protected pay TV contents Proceedings Article In: 2010 Digest of Technical Papers International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2010, ISSN: 2158-3994. Abstract | Links | BibTeX | Tags: cryptography, Protection, Protocols Diaz-Sánchez, Daniel; Marín, Andrés; Almenárez, Florina; Cortes, Alberto DVB-H Key Management System for UMTS Capable Devices Proceedings Article In: 2008 Digest of Technical Papers - International Conference on Consumer Electronics, Institute of Electrical and Electronics Engineers (IEEE), 2008, ISSN: 2158-3994. Abstract | Links | BibTeX | Tags: 3G, cryptography, Digital video broadcasting, Protection, visualizacioncontenidosTDT2025
@article{juandiego001,
title = {AI Versus IoT Security: Fingerprinting and Defenses Against TLS Handshake-Based IoT Device Classification},
author = {Juan Diego Llano-Miraval and Celeste Campo and Carlos García-Rubio and Marta Moure-Garrido},
url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11168239},
doi = {https://doi.org/10.1109/ACCESS.2025.3611160},
issn = {2169-3536},
year = {2025},
date = {2025-09-17},
urldate = {2025-09-17},
journal = {IEEE Access},
volume = {13},
pages = {165607 - 165622},
abstract = {The number of Internet of Things (IoT) devices in smart homes is steadily increasing, enhancing convenience but also raising security concerns. While secure communication protocols like Transport Layer Security (TLS) are commonly used, attackers can still exploit metadata to profile users and identify vulnerabilities. This research focuses on analyzing the TLS handshake, where encryption parameters are established. Although newer versions of TLS aim to encrypt the Server Name Indication (SNI), we observed that some devices in real-world environments still transmit SNI in plaintext, potentially exposing device identities. Given this practical variability in SNI transmission among diverse IoT devices, we conducted two parallel studies, one including the SNI and one without it, while avoiding Media Access Control (MAC) and Internet Protocol (IP) addresses due to their inherent variability and privacy implications. We used TLS handshake parameters as input for machine learning algorithms to fingerprint IoT devices, classify them by type, and identify manufacturers. Six machine learning models were evaluated: Support Vector Machine (SVM), a multi-layer perceptron (MLP), Random Forest (RF), Convolutional Neural Network (CNN), XGBoost, and CNN+RF. The results showed that CNN+RF achieved the highest accuracy, reaching 99% for device type classification. However, our proposed countermeasure, which enhances TLS handshake privacy by obfuscating specific parameters, significantly reduced fingerprinting accuracy to a maximum of 80% when SNI was excluded. These findings highlight the potential risks of TLS metadata exposure and demonstrate the effectiveness of privacy-enhancing countermeasures in mitigating IoT device fingerprinting attacks.},
keywords = {cryptography, Discovery, Fingerprint recognition, I-Shaper, Internet of Things, Metadata, Protocols, Qursa, Ramones, Security},
pubstate = {published},
tppubtype = {article}
}
2024
@conference{javierblanco002,
title = {Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols},
author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares and Daniel Díaz-Sánchez and and Celeste Campo and Carlos García-Rubio},
url = {https://ieeexplore.ieee.org/abstract/document/10733716/figures#figures},
doi = {https://doi.org/10.1109/ISCC61673.2024.10733716},
isbn = {979-8-3503-5424-9},
year = {2024},
date = {2024-10-31},
urldate = {2024-10-31},
booktitle = {2024 IEEE Symposium on Computers and Communications (ISCC)},
publisher = {IEEE},
abstract = {Post-Quantum Cryptography (PQC) is a practical and cost-effective solution to defend against emerging quantum computing threats. So, leading worldwide security agencies and standardization bodies strongly advocate for the proactive integration of PQ cryptography into underlying frameworks to support applications, protocols, and services. The current research predominantly addresses the incorporation of PQC in Internet communication protocols such as HTTP and DNS; nevertheless, the focus on embedded devices has been limited to evaluating PQC’s integration within TLS/DTLS in isolation. Hence, there is a notable gap in understanding how PQC impacts IoT-specific communication protocols. This paper presents the integration of PQC into two communication protocols specifically tailored for IoT devices, the Constrained Application Protocol (CoAP) and MQTT for Sensor Networks (MQTT-SN), via the wolfSSL library. These two integrations contribute to the understanding of PQC’s implications for IoT communication protocols.},
keywords = {coap, compromise, cryptography, I-Shaper, IoT, MQTT-SN, Post-Quantum Cryptography, PQC, Protocols, Qursa},
pubstate = {published},
tppubtype = {conference}
}
2022
@inproceedings{PA012,
title = {A H.264 SVC distributed content protection system with flexible key stream generation},
author = {Daniel Díaz-Sánchez and Rosa Sánchez Guerrero and Andrés Marín López and Florina Almenares and Patricia Arias},
url = {https://ieeexplore.ieee.org/document/6336520},
doi = {https://doi.org/10.1109/ICCE-Berlin.2012.6336520},
issn = {2166-6814},
year = {2022},
date = {2022-10-22},
urldate = {2022-10-22},
booktitle = {2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin)},
publisher = {IEEE},
abstract = {Modern scalable coding techniques, as H264 SVC, are adequate to save processing power and bandwidth. Moreover, if the enhancements of a SVC encoded content are protected, it is possible to enable pay-per-quality systems. Transcoding and protection entail huge doses of processing power at provider side and should be distributed. Moreover, processing key streams to decrypt enhancements that were encrypted separately can increase the complexity at receiver side. This abstract describes a distributed system for content encoding and protection that generates a flexible key stream that simplifies the receiver.},
keywords = {Cloud computing, cryptography, multimedia, servicioseguridad},
pubstate = {published},
tppubtype = {inproceedings}
}
2011
@inproceedings{pa024,
title = {Introducing Infocards in NGN to Enable User-Centric Identity Management},
author = {Davide Proserpio and Fabio Sanvido and Patricia Arias-Cabarcos and Rosa Sánchez-Guerrero and Florina Almenárez-Mendoza and Daniel Díaz-Sánchez and Andrés Marín-López },
url = {https://ieeexplore.ieee.org/document/5683383},
doi = {https://doi.org/10.1109/GLOCOM.2010.5683383},
issn = {1930-529X},
year = {2011},
date = {2011-01-10},
booktitle = {2010 IEEE Global Telecommunications Conference GLOBECOM 2010},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {With the rapid evolution of networks and the widespread penetration of mobile devices with increasing capabilities, that have already become a commodity, we are getting a step closer to ubiquity. Thus, we are moving a great part of our lives from the physical world to the online world, i.e. social interactions, business transactions, relations with government administrations, etc. However, while identity verification is easy to handle in the real world, there are many unsolved challenges when dealing with digital identity management, especially due to the lack of user awareness when it comes to privacy. Thus, with the aim to enhance the navigation experience and security in multiservice and multiprovider environments the user must be empowered to control how her attributes are shared and disclosed between different domains.With these goals on mind, we leverage the benefits of the Infocard technology and introduce this usercentric paradigm into the emerging NGN architectures. This paper proposes a way to combine the gains of a SAML federation between service and identity providers with the easiness for the final user of the Inforcard System using the well known architectural schema of IP Multimedia Subsystem.},
keywords = {authentication, cryptography, IP networks, Protocols},
pubstate = {published},
tppubtype = {inproceedings}
}
2010
@inproceedings{pa037,
title = {Extended DLNA protocol: Sharing protected pay TV contents},
author = {Daniel Díaz-Sánchez and Fabio Sanvido and Davide Proserpio and Andrés Marín},
url = {https://ieeexplore.ieee.org/document/5418687},
doi = {https://doi.org/10.1109/ICCE.2010.5418687},
issn = {2158-3994},
year = {2010},
date = {2010-02-10},
booktitle = {2010 Digest of Technical Papers International Conference on Consumer Electronics (ICCE)},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {DLNA can be considered as a good candidate for sharing protected contents among authorized devices. There is a important penetration of DLNA certified devices, and it offers link protection. We identify problems on DLNA's link protection, DTCP-IP, and we propose to improve the authentication and key derivation mechanism. DLNA sharing can be extended to include pre and post acquisition protection content at the price of inexpensive descrambler.},
keywords = {cryptography, Protection, Protocols},
pubstate = {published},
tppubtype = {inproceedings}
}
2008
@inproceedings{pa044,
title = {DVB-H Key Management System for UMTS Capable Devices},
author = {Daniel Diaz-Sánchez and Andrés Marín and Florina Almenárez and Alberto Cortes},
url = {https://ieeexplore.ieee.org/document/4588098},
doi = {https://doi.org/10.1109/ICCE.2008.4588098},
issn = {2158-3994},
year = {2008},
date = {2008-08-05},
urldate = {2008-08-05},
booktitle = {2008 Digest of Technical Papers - International Conference on Consumer Electronics},
publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
abstract = {In this paper we present a system to enable pay-per- view services in mobile handhelds which takes benefits of both DVB-H and UMTS networks. DVB-H infrastructure provides a more appropriate content delivery framework that UMTS. Despite this fact, UMTS can play an important role for charging and key distribution for pay-per-view applications by means of the provider SIM smart card.},
keywords = {3G, cryptography, Digital video broadcasting, Protection, visualizacioncontenidosTDT},
pubstate = {published},
tppubtype = {inproceedings}
}
Publications
AI Versus IoT Security: Fingerprinting and Defenses Against TLS Handshake-Based IoT Device Classification Journal Article In: IEEE Access, vol. 13, pp. 165607 - 165622, 2025, ISSN: 2169-3536. Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols Conference 2024 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2024, ISBN: 979-8-3503-5424-9. A H.264 SVC distributed content protection system with flexible key stream generation Proceedings Article In: 2012 IEEE Second International Conference on Consumer Electronics - Berlin (ICCE-Berlin), IEEE, 2022, ISSN: 2166-6814. Introducing Infocards in NGN to Enable User-Centric Identity Management Proceedings Article In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, Institute of Electrical and Electronics Engineers (IEEE), 2011, ISSN: 1930-529X. Extended DLNA protocol: Sharing protected pay TV contents Proceedings Article In: 2010 Digest of Technical Papers International Conference on Consumer Electronics (ICCE), Institute of Electrical and Electronics Engineers (IEEE), 2010, ISSN: 2158-3994. DVB-H Key Management System for UMTS Capable Devices Proceedings Article In: 2008 Digest of Technical Papers - International Conference on Consumer Electronics, Institute of Electrical and Electronics Engineers (IEEE), 2008, ISSN: 2158-3994.2025
2024
2022
2011
2010
2008