Publications - Pervasive Computing Laboratory

 Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT magos Pervasive computing privacy Protocols Qursa raudo2 Security servicioseguridad Smart Card Trust management Ubisec VANETs 
Show all
2020
 Marín-López, Andrés;  Chica-Manjarrez, Sergio;  Arroyo, David;  Almenares-Mendoza, Florina;  Díaz-Sánchez, Daniel
Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain Journal Article 
In: Electronics, vol. 9, pp. 1865, 2020, ISSN: 2079-9292.
Abstract | Links | BibTeX | Tags: cynamon, inteligenciafuentesabiertas, permissioned blockchain, scalability, security auditing, smart grid security
@article{marin002,

title = {Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain},

author = {Andrés Marín-López and Sergio Chica-Manjarrez and David Arroyo and Florina Almenares-Mendoza and Daniel Díaz-Sánchez },

url = {https://www.mdpi.com/2079-9292/9/11/1865

},

doi = {https://doi.org/10.3390/electronics9111865},

issn = {2079-9292},

year  = {2020},

date = {2020-11-06},

urldate = {2020-11-06},

journal = {Electronics},

volume = {9},

pages = {1865},

abstract = {With the transformation in smart grids, power grid companies are becoming increasingly

dependent on data networks. Data networks are used to transport information and commands for

optimizing power grid operations: Planning, generation, transportation, and distribution. Performing

periodic security audits is one of the required tasks for securing networks, and we proposed in a

previous work AUTOAUDITOR, a system to achieve automatic auditing. It was designed according

to the specific requirements of power grid companies, such as scaling with the huge number of

heterogeneous equipment in power grid companies. Though pentesting and security audits are

required for continuous monitoring, collaboration is of utmost importance to fight cyber threats.

In this paper we work on the accountability of audit results and explore how the list of audit result

records can be included in a blockchain, since blockchains are by design resistant to data modification.

Moreover, blockchains endowed with smart contracts functionality boost the automation of both

digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such

system exists. We perform throughput evaluation to assess the feasibility of the system and show

that the system is viable for adaptation to the inventory systems of electrical companies.},

keywords = {cynamon, inteligenciafuentesabiertas, permissioned blockchain, scalability, security auditing, smart grid security},

pubstate = {published},

tppubtype = {article}

}

Close
With the transformation in smart grids, power grid companies are becoming increasingly

dependent on data networks. Data networks are used to transport information and commands for

optimizing power grid operations: Planning, generation, transportation, and distribution. Performing

periodic security audits is one of the required tasks for securing networks, and we proposed in a

previous work AUTOAUDITOR, a system to achieve automatic auditing. It was designed according

to the specific requirements of power grid companies, such as scaling with the huge number of

heterogeneous equipment in power grid companies. Though pentesting and security audits are

required for continuous monitoring, collaboration is of utmost importance to fight cyber threats.

In this paper we work on the accountability of audit results and explore how the list of audit result

records can be included in a blockchain, since blockchains are by design resistant to data modification.

Moreover, blockchains endowed with smart contracts functionality boost the automation of both

digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such

system exists. We perform throughput evaluation to assess the feasibility of the system and show

that the system is viable for adaptation to the inventory systems of electrical companies.
Close
https://www.mdpi.com/2079-9292/9/11/1865
doi:https://doi.org/10.3390/electronics9111865
Close
 Chica-Manjarrez, Sergio;  Marín-López, Andrés;  Díaz-Sánchez, Daniel;  Almenares-Mendoza, Florina
On the Automation of Auditing in Power Grid Companies Proceedings Article 
In: Actas de congreso internacional, Citas Google 2, CORE C, pp. 331 - 340, 2020, ISBN: ISSN/ISBN) 978-1-4503-5988-7.
Abstract | Links | BibTeX | Tags: auditing, containers, cynamon, inteligenciafuentesabiertas, privacy, scalability, Security
@inproceedings{pa054,

title = {On the Automation of Auditing in Power Grid Companies},

author = {Sergio Chica-Manjarrez and Andrés Marín-López and Daniel Díaz-Sánchez and Florina Almenares-Mendoza},

doi = {10.3233/AISE200057},

isbn = {ISSN/ISBN) 978-1-4503-5988-7},

year  = {2020},

date = {2020-07-23},

urldate = {2020-07-23},

booktitle = {Actas de congreso internacional, Citas Google 2, CORE C},

pages = {331 - 340},

abstract = {Auditing is a common task required to secure networks. This becomes of utter importance in power grid companies, the authorities of electricity supply. An increasing number of connected devices makes the use of semi automatic or fully automated auditing imperative. The inventory system has to incorporate the auditing results and subsequently integrate them in the security assessment of the company. The risk metrics incorporate the severity of exposures and facilitate the selection of vulnerabilities that have to be mitigated, according to the risk appetite of the company. This automatic approach has to address scale and privacy issues of large companies. In addition, connections from foreign domains that carry out the auditing involve additional risks that must be considered to effectively test the likelihood and depth of the found vulnerabilities.



In this paper we discuss the requirements of an automatic auditing system and present AUTOAUDITOR, a highly configurable module which allow companies to automatically perform pentesting in specific assets.},

keywords = {auditing, containers, cynamon, inteligenciafuentesabiertas, privacy, scalability, Security},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
Auditing is a common task required to secure networks. This becomes of utter importance in power grid companies, the authorities of electricity supply. An increasing number of connected devices makes the use of semi automatic or fully automated auditing imperative. The inventory system has to incorporate the auditing results and subsequently integrate them in the security assessment of the company. The risk metrics incorporate the severity of exposures and facilitate the selection of vulnerabilities that have to be mitigated, according to the risk appetite of the company. This automatic approach has to address scale and privacy issues of large companies. In addition, connections from foreign domains that carry out the auditing involve additional risks that must be considered to effectively test the likelihood and depth of the found vulnerabilities.



In this paper we discuss the requirements of an automatic auditing system and present AUTOAUDITOR, a highly configurable module which allow companies to automatically perform pentesting in specific assets.
Close
doi:10.3233/AISE200057
Close
 Rubio-Drosdov, Eugenio;  Díaz-Sánchez, Daniel;  Marín-López, Andrés;  Almenares-Mendoza, Florina
A Framework for Microservice Migration and Performance Assessment Proceedings Article 
In: pp. 291 - 299, 2020, ISBN: 978-1-4503-5988-7.
Abstract | Links | BibTeX | Tags: cynamon, inteligenciafuentesabiertas, IoT, microservices, smart grids, testing
@inproceedings{pa059,

title = {A Framework for Microservice Migration and Performance Assessment},

author = {Eugenio Rubio-Drosdov and Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenares-Mendoza},

doi = {doi:10.3233/AISE200053},

isbn = {978-1-4503-5988-7},

year  = {2020},

date = {2020-06-25},

urldate = {2020-06-25},

pages = {291 - 299},

abstract = {In a large Smart Grid, smart meters produce tremendous amount of data that are hard to process, analyze and store. Fog computing is an environment that offers a place for collecting, computing and storing smart meter data before transmitting them to the cloud. Due to the distributed, heterogeneous and resource constrained nature of the fog computing nodes, fog applications need to be developed as a collection of interdependent, lightweight modules. Since this concept aligns with the goals of microservices architecture (MSA), efficient placement of microservices-based Smart Grid applications within fog environments has the potential to fully leverage capabilities of fog devices. Microservice architecture is an emerging software architectural style. It is based on microservices to provide several advantages over a monolithic solution, such as autonomy, composability, scalability, and fault-tolerance. However, optimizing the migration of microservices from one fog environment to other while assuring certain quality is still a big issue that needs to be addressed. In this paper, we propose an approach for assisting the migration of microservices in MSA-based Smart Grid systems, based on the analysis of their performance within the possible candidate destinations. Developers create microservices that will be eventually deployed at a given infrastructure. Either the developer, cosidering the design, or the entity deploying the service have a good knowledge of the quality required by the microservice. Due to that, they can create tests that determine if a destination meets the requirements of a given microservice and embed these tests as part of the microservice. Our goal is to automate the execution of performance tests by attaching a specification that contains the test parameters to each microservice.},

keywords = {cynamon, inteligenciafuentesabiertas, IoT, microservices, smart grids, testing},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
In a large Smart Grid, smart meters produce tremendous amount of data that are hard to process, analyze and store. Fog computing is an environment that offers a place for collecting, computing and storing smart meter data before transmitting them to the cloud. Due to the distributed, heterogeneous and resource constrained nature of the fog computing nodes, fog applications need to be developed as a collection of interdependent, lightweight modules. Since this concept aligns with the goals of microservices architecture (MSA), efficient placement of microservices-based Smart Grid applications within fog environments has the potential to fully leverage capabilities of fog devices. Microservice architecture is an emerging software architectural style. It is based on microservices to provide several advantages over a monolithic solution, such as autonomy, composability, scalability, and fault-tolerance. However, optimizing the migration of microservices from one fog environment to other while assuring certain quality is still a big issue that needs to be addressed. In this paper, we propose an approach for assisting the migration of microservices in MSA-based Smart Grid systems, based on the analysis of their performance within the possible candidate destinations. Developers create microservices that will be eventually deployed at a given infrastructure. Either the developer, cosidering the design, or the entity deploying the service have a good knowledge of the quality required by the microservice. Due to that, they can create tests that determine if a destination meets the requirements of a given microservice and embed these tests as part of the microservice. Our goal is to automate the execution of performance tests by attaching a specification that contains the test parameters to each microservice.
Close
doi:doi:10.3233/AISE200053
Close
2018
 Almenarez, Florina;  Alonso, Lucía;  Marín, Andrés;  Díaz-Sánchez, Daniel;  Arias, Patricia
Assessment of fitness tracker security: a case of study Proceedings Article 
In: 2018, ISSN: 2504-3900.
Abstract | Links | BibTeX | Tags: fitness tracker, inteligenciafuentesabiertas, security vulnerabilities, wereable devices
@inproceedings{pa058,

title = {Assessment of fitness tracker security: a case of study},

author = {Florina Almenarez and Lucía Alonso and Andrés Marín and Daniel Díaz-Sánchez and Patricia Arias},

url = {https://www.mdpi.com/2504-3900/2/19/1235},

doi = {https://doi.org/10.3390/proceedings2191235},

issn = {2504-3900},

year  = {2018},

date = {2018-10-26},

abstract = {The wearable industry has experienced a notable growth over the last decade, especially in fitness or e-health trackers. These trackers bring new functionalities that require collecting a great amount of sensitive information about the user. This fact has made fitness trackers the target of deliberate attacks, e.g., eavesdropping, unauthorized account access, fake firmware update, and so on. For this reason, this paper describes a vulnerability study on one of the most popular fitness trackers in 2017, together with the mobile application associated to the tracker. The study results show what vulnerabilities of the communications among agents (i.e., wearable device, mobile application and server) could put at risk users sensitive information and privacy.},

keywords = {fitness tracker, inteligenciafuentesabiertas, security vulnerabilities, wereable devices},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
The wearable industry has experienced a notable growth over the last decade, especially in fitness or e-health trackers. These trackers bring new functionalities that require collecting a great amount of sensitive information about the user. This fact has made fitness trackers the target of deliberate attacks, e.g., eavesdropping, unauthorized account access, fake firmware update, and so on. For this reason, this paper describes a vulnerability study on one of the most popular fitness trackers in 2017, together with the mobile application associated to the tracker. The study results show what vulnerabilities of the communications among agents (i.e., wearable device, mobile application and server) could put at risk users sensitive information and privacy.
Close
https://www.mdpi.com/2504-3900/2/19/1235
doi:https://doi.org/10.3390/proceedings2191235
Close
 Díaz-Sánchez, Daniel;  Marín-López, Andrés;  Almenares-Mendoza, Florina;  Arias-Cabarcos, Patricia
DNS-Based Dynamic Authentication for Microservices in IoT Proceedings Article 
In: pp. 1-11, 2018, ISSN: 2504-3900.
Abstract | Links | BibTeX | Tags: chameleon signatures, DANE, DNSSEC, inteligenciafuentesabiertas, IoT, microservices
@inproceedings{pa055,

title = {DNS-Based Dynamic Authentication for Microservices in IoT},

author = {Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenares-Mendoza and Patricia Arias-Cabarcos},

url = {https://www.mdpi.com/2504-3900/2/19/1233},

doi = {https://doi.org/10.3390/proceedings2191233},

issn = {2504-3900},

year  = {2018},

date = {2018-10-25},

pages = {1-11},

abstract = {IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.},

keywords = {chameleon signatures, DANE, DNSSEC, inteligenciafuentesabiertas, IoT, microservices},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.
Close
https://www.mdpi.com/2504-3900/2/19/1233
doi:https://doi.org/10.3390/proceedings2191233
Close