Blanco-Romero, Javier; Otero-Garcia, Pedro; Sobral-Blanco, Daniel; Almenares-Mendoza, Florina; Fernandez-Vilas, Ana; Diaz-Redondo, Rebeca QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers Conference 2025. Abstract | Links | BibTeX | Tags: I-Shaper, OpenSSL, Post-Quantum Cryptography, PQC, QKD, Qursa, TLS Blanco-Romero, Javier; Lorenzo, Vicente; Almenares-Mendoza, Florina; Díaz-Sánchez, Daniel Machine Learning Predictors for Min-Entropy Estimation Journal Article In: Entropy 2025, vol. 27, iss. 2, no. 156, pp. 1-31, 2025. Abstract | Links | BibTeX | Tags: autoregressive processes, compromise, I-Shaper, machine learning predictors, min-entropy estimation, Qursa, random number generators Gutiérrez-Portela, Fernando; Almenares-Mendoza, Florina; Calderón-Benavides, Liliana Evaluation of the performance of unsupervised learning algorithms for intrusion detection in unbalanced data environments Proceedings Article In: IEEE, 2024, ISSN: 2169-3536. Abstract | Links | BibTeX | Tags: anomaly detection, compromise, intrusion detection system, machine learning, metrics, Qursa, unsupervised models Pérez-Díaz, Jaime; Almenares-Mendoza, Florina Authorisation models for IoT environments: A survey Journal Article In: www.elsevier.com/locate/iot, 2024, ISSN: 2542-6605. Abstract | Links | BibTeX | Tags: ABAC, compromise, DAC, I-Shaper, IoT, MAC, Models, Platforms, Qursa, RBAC, Security Blanco-Romero, Javier; Lorenzo, Vicente; Almenares, Florina; Díaz-Sánchez, Daniel; and Celeste Campo,; García-Rubio, Carlos Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols Conference 2024 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2024, ISBN: 979-8-3503-5424-9. Abstract | Links | BibTeX | Tags: coap, compromise, cryptography, I-Shaper, IoT, MQTT-SN, Post-Quantum Cryptography, PQC, Protocols, Qursa Blanco-Romero, Javier; Lorenzo, Vicente; Almenares, Florina; Díaz-Sánchez, Daniel; García-Rubio, Carlos; Campo, Celeste; Marín, Andrés Evaluating integration methods of a quantum random number generator in OpenSSL for TLS Journal Article In: vol. 255, 2024, ISBN: 1389-1286. Abstract | Links | BibTeX | Tags: compromise, I-Shaper, Linux, OpenSSL, QRNGs, Quantum random number generators, Qursa, TLS Lorenzo, Vicente; Blanco-Romero, Javier; Almenares, Florina; Díaz-Sánchez, Daniel; García-Rubio, Carlos; Campo, Celeste; Marín, Andrés Comparing Pseudo, Classical True and Quantum Random Number Generators Using Standard Quality Assessments Conference XVIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2024), León, 23 al 25 de Octubre, 2024., 2024. BibTeX | Tags: compromise, Qursa Pérez-Díaz, J.; Almenares, Florina Integración de un sistema de autenticación optimizado basado en PUF en OSCORE Conference XVIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2024), León, 23 al 25 de Octubre, 2024., 2024. BibTeX | Tags: compromise, Qursa Moure-Garrido, Marta; Das, Sajal; Campo, Celeste; García-Rubio, Carlos Real-Time Analysis of Encrypted DNS Traffic for Threat Detection Conference ICC 2024 - IEEE International Conference on Communications, IEEE, 2024, ISSN: 1550-3607. Abstract | Links | BibTeX | Tags: APT, compromise, dns tunnels, doh traffic, encrypted traffic, intrusion detection system, Qursa Campo-Vázquez, Celeste; García-Rubio, Carlos; Jimenez-Berenguel, Andrea; Moure-Garrido, Marta; Almenares-Mendoza, Florina; Díaz-Sánchez, Daniel Inferring mobile applications usage from DNS traffic Proceedings Article In: Ad Hoc Networks, Elsevier B.V., 2024. Abstract | Links | BibTeX | Tags: compromise, dns traffic, I-Shaper, mobile applications identification, Qursa, user privacy Jimenez-Berenguel, Andrea; Moure-Garrido, Marta; García-Rubio, Carlos; Campo-Vázquez, Celeste Caracterización de aplicaciones móviles mediante el análisis del tráfico DNS Proceedings Article In: IX Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2024, pp. 506-507, Universidad de Sevilla, 2024, ISBN: 978-84-09-62140-8. Abstract | Links | BibTeX | Tags: aplicaciones moviles, compromise, privacidad, Qursa, trafico dns Blanco-Romero, Javier; Lorenzo, Vicente; Almenares-Mendoza, Florina; Díaz-Sánchez, Daniel; Serrano-Navarro, Adrián PQSec-DDS: Integrating Post-Quantum Cryptography into DDS Security for Robotic Applications Proceedings Article In: IX Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2024, pp. 396-403, Universidad de Sevilla , 2024, ISBN: 978-84-09-62140-8. Abstract | Links | BibTeX | Tags: compromise, DDS, I-Shaper, IIoT, PQ, qurs, Qursa, Robotic Systems, ROS2 Moure-Garrido, Marta; García-Rubio, Carlos; Campo, Celeste Reducing DNS Traffic to Enhance Home IoT Device Privacy Journal Article In: Sensors , vol. 24, iss. 9, 2024. Abstract | Links | BibTeX | Tags: compromise, DNS, I-Shaper, IoT privacy, network traffic, Qursa Lorenzo, Vicente; Blanco, Francisco Javier Comparative Analysis of Quantum, Pseudo, and Hybrid Random Number Generation Conference XVII Jornadas CCN-STIC CCN-CERT / V Jornadas de Ciberdefensa ESPDEF-CERT, 2023. BibTeX | Tags: QRNGs, Qursa, rngs Jimenez-Berenguel, Andrea; Moure-Garrido, Marta; Campo-Vázquez, Carlos García-Rubio Celeste Characterizing Mobile Applications Through Analysis of DNS Traffic Conference PE-WASUN '23: Proceedings of the Int'l ACM Symposium on Performance Evaluation of Wireless Ad Hoc, Sensor & Ubiquitous Networks., ACM, 2023, ISBN: N 979-8-4007-0370-6. Abstract | Links | BibTeX | Tags: android apps, compromise, dns traffic, encrypted dns, mobile apps characterization, Qursa, user privacy Moure-Garrido, Marta; Campo-Vázquez, Celeste; García-Rubio, Carlos Real time detection of malicious DoH traffic using statistical analysis Journal Article In: COMPUTER NETWORKS, vol. 234, iss. 109910, pp. 1-10, 2023, ISSN: 1389-1286. Abstract | Links | BibTeX | Tags: classification, compromise, computer science, cynamon, dns tunnels, doh traffic, intrusion detection system, malicious doh, Qursa, statistical analysis2025
@conference{javierblanco005,
title = {QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers},
author = {Javier Blanco-Romero and Pedro Otero-Garcia and Daniel Sobral-Blanco and Florina Almenares-Mendoza and Ana Fernandez-Vilas and Rebeca Diaz-Redondo},
doi = { https://doi.org/10.48550/arXiv.2503.07196},
year = {2025},
date = {2025-03-10},
urldate = {2025-03-10},
abstract = {Quantum Key Distribution (QKD) promises information-theoretic security, yet integrating QKD into existing protocols like TLS remains challenging due to its fundamentally different operational model. In this paper, we propose a hybrid QKD-KEM protocol with two distinct integration approaches: a client-initiated flow compatible with both ETSI 004 and 014 specifications, and a server-initiated flow similar to existing work but limited to stateless ETSI 014 APIs. Unlike previous implementations, our work specifically addresses the integration of stateful QKD key exchange protocols (ETSI 004) which is essential for production QKD networks but has remained largely unexplored. By adapting OpenSSL’s provider infrastructure to accommodate QKD’s pre-distributed key model, we maintain compatibility with current TLS implementations while offering dual layers of security. Performance evaluations demonstrate the feasibility of our hybrid scheme with acceptable overhead, showing that robust security against quantum threats is achievable while addressing the unique requirements of different QKD API specifications.},
keywords = {I-Shaper, OpenSSL, Post-Quantum Cryptography, PQC, QKD, Qursa, TLS},
pubstate = {published},
tppubtype = {conference}
}
@article{javierblanco004,
title = {Machine Learning Predictors for Min-Entropy Estimation},
author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares-Mendoza and Daniel Díaz-Sánchez},
url = {https://www.mdpi.com/1099-4300/27/2/156},
doi = {https://doi.org/10.3390/e27020156},
year = {2025},
date = {2025-02-02},
urldate = {2025-02-02},
journal = {Entropy 2025},
volume = {27},
number = {156},
issue = {2},
pages = {1-31},
abstract = {This study investigates the application of machine learning predictors for the estimation of min-entropy in random number generators (RNGs), a key component in cryptographic applications where accurate entropy assessment is essential for cybersecurity. Our research indicates that these predictors, and indeed any predictor that leverages sequence correlations, primarily estimate average min-entropy, a metric not extensively studied in this context. We explore the relationship between average min-entropy and the traditional min-entropy, focusing on their dependence on the number of target bits being predicted. Using data from generalized binary autoregressive models, a subset of Markov processes, we demonstrate that machine learning models (including a hybrid of convolutional and recurrent long short-term memory layers and the transformer-based GPT-2 model) outperform traditional NIST SP 800-90B predictors in certain scenarios. Our findings underscore the importance of considering the number of target bits in min-entropy assessment for RNGs and highlight the potential of machine learning approaches in enhancing entropy estimation techniques for improved cryptographic security.},
keywords = {autoregressive processes, compromise, I-Shaper, machine learning predictors, min-entropy estimation, Qursa, random number generators},
pubstate = {published},
tppubtype = {article}
}
2024
@inproceedings{almenarez019,
title = {Evaluation of the performance of unsupervised learning algorithms for intrusion detection in unbalanced data environments},
author = {Fernando Gutiérrez-Portela and Florina Almenares-Mendoza and Liliana Calderón-Benavides},
url = {https://ieeexplore.ieee.org/document/10794744},
doi = {10.1109/ACCESS.2024.3516615},
issn = {2169-3536},
year = {2024},
date = {2024-12-12},
urldate = {2024-12-12},
publisher = {IEEE},
abstract = {In this study, the performance of different unsupervised machine learning algorithms used for intrusion detection within unbalanced data environments were analyzed; these algorithms included the K-means++ algorithm, density-based spatial clustering of applications with noise (DBSCAN), local outlier factor (LOF), and isolation forest (I-forest) using the BoT–IoT dataset. Performance metrics such as purity, homogeneity_score, completeness_score, v_measure_score, and adjusted_mutual_info_score were used to evaluate the effectiveness of algorithms in detecting various types of attacks such as distributed denial of service (DDoS), denial of service (DoS), and reconnaissance. Similarly, different methods were used for the automatic selection of the optimal number of clusters such as the elbow method, silhouette coefficient, Calinski–Harabasz index, and Davies–Bouldin index. Moreover, principal component analysis (PCA) was used to explain data variance and the influence of variables on intrusion detection. Results revealed that the K-means algorithm achieved 95% purity as well as 95% and 99% prediction accuracies for normal and abnormal data, respectively. The I-forest algorithm achieved 95% purity as well as 99% and 90% prediction accuracies for normal and abnormal data in a balanced dataset, respectively. These findings indicated that I-forest exhibited a low central processing unit (CPU) consumption rate of 10% on balanced data, outperforming DBSCAN, K-Means++, and LOF, with 16% consumption rates.},
keywords = {anomaly detection, compromise, intrusion detection system, machine learning, metrics, Qursa, unsupervised models},
pubstate = {published},
tppubtype = {inproceedings}
}
@article{almenarez018,
title = {Authorisation models for IoT environments: A survey},
author = {Jaime Pérez-Díaz and Florina Almenares-Mendoza},
url = {https://www.sciencedirect.com/science/article/pii/S2542660524003718?via%3Dihub#d1e3887},
doi = {https://doi.org/10.1016/j.iot.2024.101430},
issn = {2542-6605},
year = {2024},
date = {2024-11-23},
urldate = {2024-11-23},
journal = { www.elsevier.com/locate/iot},
abstract = {Authorization models are pivotal in the Internet of Things (IoT) ecosystem, ensuring secure management of data access and communication. These models function after authentication, determining the specific actions that a device is allowed to perform. This paper aims to provide a comprehensive and comparative analysis of authorization solutions within IoT contexts, based on the requirements identified from the existing literature. We critically assess the functionalities and capabilities of various authorization solutions, particularly those designed for IoT cloud platforms and distributed architectures. Our findings highlight the urgent need for further development of authorization models optimized for the unique demands of IoT environments. Consequently, we address both the persistent challenges and the gaps within this domain. As IoT continues to reshape the technological landscape, the refinement and adaptation of authorization models remain imperative ongoing pursuits.},
keywords = {ABAC, compromise, DAC, I-Shaper, IoT, MAC, Models, Platforms, Qursa, RBAC, Security},
pubstate = {published},
tppubtype = {article}
}
@conference{javierblanco002,
title = {Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols},
author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares and Daniel Díaz-Sánchez and and Celeste Campo and Carlos García-Rubio},
url = {https://ieeexplore.ieee.org/abstract/document/10733716/figures#figures},
doi = {https://doi.org/10.1109/ISCC61673.2024.10733716},
isbn = {979-8-3503-5424-9},
year = {2024},
date = {2024-10-31},
urldate = {2024-10-31},
booktitle = {2024 IEEE Symposium on Computers and Communications (ISCC)},
publisher = {IEEE},
abstract = {Post-Quantum Cryptography (PQC) is a practical and cost-effective solution to defend against emerging quantum computing threats. So, leading worldwide security agencies and standardization bodies strongly advocate for the proactive integration of PQ cryptography into underlying frameworks to support applications, protocols, and services. The current research predominantly addresses the incorporation of PQC in Internet communication protocols such as HTTP and DNS; nevertheless, the focus on embedded devices has been limited to evaluating PQC’s integration within TLS/DTLS in isolation. Hence, there is a notable gap in understanding how PQC impacts IoT-specific communication protocols. This paper presents the integration of PQC into two communication protocols specifically tailored for IoT devices, the Constrained Application Protocol (CoAP) and MQTT for Sensor Networks (MQTT-SN), via the wolfSSL library. These two integrations contribute to the understanding of PQC’s implications for IoT communication protocols.},
keywords = {coap, compromise, cryptography, I-Shaper, IoT, MQTT-SN, Post-Quantum Cryptography, PQC, Protocols, Qursa},
pubstate = {published},
tppubtype = {conference}
}
@article{javierblanco003,
title = {Evaluating integration methods of a quantum random number generator in OpenSSL for TLS},
author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares and Daniel Díaz-Sánchez and Carlos García-Rubio and Celeste Campo and Andrés Marín},
url = {https://www.sciencedirect.com/science/article/pii/S1389128624007096?via%3Dihub},
doi = {https://doi.org/10.1016/j.comnet.2024.110877},
isbn = {1389-1286},
year = {2024},
date = {2024-10-25},
urldate = {2024-10-25},
volume = {255},
publisher = {Computer Networks},
abstract = {The rapid advancement of quantum computing poses a significant threat to conventional cryptography. Whilst post-quantum cryptography (PQC) stands as the prevailing trend for fortifying the security of cryptographic systems, the coexistence of quantum and classical computing paradigms presents an opportunity to leverage the strengths of both technologies, for instance, nowadays the use of Quantum Random Number Generators (QRNGs) – considered as True Random Number Generators (TRNGs) – opens up the possibility of discussing hybrid systems. In this paper, we evaluate both aspects, on the one hand, we use hybrid TLS (Transport Layer Security) protocol that leverages the widely used secure protocol on the Internet and integrates PQC algorithms, and, on the other hand, we evaluate two approaches to integrate a QRNG, i.e., Quantis PCIe-240M, in OpenSSL 3.0 to be used by TLS. Both approaches are compared through a Nginx Web server, that uses OpenSSL’s implementation of TLS 1.3 for secure web communication. Our findings highlight the importance of optimizing such integration method, because while direct integration can lead to performance penalties specific to the method and hardware used, alternative methods demonstrate the potential for efficient QRNG deployment in cryptographic systems.},
keywords = {compromise, I-Shaper, Linux, OpenSSL, QRNGs, Quantum random number generators, Qursa, TLS},
pubstate = {published},
tppubtype = {article}
}
@conference{nokey,
title = {Comparing Pseudo, Classical True and Quantum Random Number Generators Using Standard Quality Assessments},
author = {Vicente Lorenzo and Javier Blanco-Romero and Florina Almenares and Daniel Díaz-Sánchez and Carlos García-Rubio and Celeste Campo and Andrés Marín},
year = {2024},
date = {2024-10-25},
urldate = {2024-10-25},
booktitle = {XVIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2024), León, 23 al 25 de Octubre, 2024.},
keywords = {compromise, Qursa},
pubstate = {published},
tppubtype = {conference}
}
@conference{nokey,
title = { Integración de un sistema de autenticación optimizado basado en PUF en OSCORE},
author = {J. Pérez-Díaz and Florina Almenares },
year = {2024},
date = {2024-10-25},
urldate = {2024-10-25},
booktitle = {XVIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2024), León, 23 al 25 de Octubre, 2024.},
keywords = {compromise, Qursa},
pubstate = {published},
tppubtype = {conference}
}
@conference{marta003,
title = {Real-Time Analysis of Encrypted DNS Traffic for Threat Detection},
author = {Marta Moure-Garrido and Sajal Das and Celeste Campo and Carlos García-Rubio},
url = {https://ieeexplore.ieee.org/document/10622347},
doi = {https://doi.org/10.1109/ICC51166.2024.10622347},
issn = {1550-3607},
year = {2024},
date = {2024-08-20},
booktitle = {ICC 2024 - IEEE International Conference on Communications},
pages = {3292-3297},
publisher = {IEEE},
abstract = {Domain Name System (DNS) tunneling is a well-known cyber-attack that allows data exfiltration - the attackers exploit this tunnel to extract sensitive information from the system. Advanced Persistent Threat (APT) attackers encapsulate malicious traffic in a DNS connection to elude security mechanisms such as Intrusion Detection System (IDS). Although different techniques have been implemented to detect these targeted attacks, their rise induces a threat to Cyber-Physical Systems (CPS). The DNS over HTTPS (DoH) tunnel detection is a challenge because the encrypted data prevents an analysis of DNS traffic content. In this paper, we present a novel detection system that identifies malicious DoH tunnels in real time. We study the normal traffic pattern and based on that, we define a profile. The objective of this system is to detect malicious activity on the system as early as possible through a lightweight packet by packet analysis based on a real-time IDS classifier. This system is evaluated on three available data sets and the results obtained are compared with a machine learning technique. We demonstrate that the identification of anomalous activity, in particular DoH tunnels, is possible by analyzing different traffic features.},
keywords = {APT, compromise, dns tunnels, doh traffic, encrypted traffic, intrusion detection system, Qursa},
pubstate = {published},
tppubtype = {conference}
}
@inproceedings{campo012,
title = {Inferring mobile applications usage from DNS traffic},
author = {Celeste Campo-Vázquez and Carlos García-Rubio and Andrea Jimenez-Berenguel and Marta Moure-Garrido and Florina Almenares-Mendoza and Daniel Díaz-Sánchez },
url = {https://www.sciencedirect.com/science/article/pii/S1570870524002129#d1e710},
doi = {https://doi.org/10.1016/j.adhoc.2024.103601},
year = {2024},
date = {2024-07-19},
urldate = {2024-07-19},
booktitle = {Ad Hoc Networks},
publisher = {Elsevier B.V.},
abstract = {In the digital era, our lives are intrinsically linked to the daily use of mobile applications. As a consequence, we generate and transmit a large amount of personal data that puts our privacy in danger. Despite having encrypted communications, the DNS traffic is usually not encrypted, and it is possible to extract valuable information from the traffic generated by mobile applications. This study focuses on the analysis of the DNS traffic behavior found in mobile application traces, developing a methodology capable of identifying mobile applications based on the domains they query. With this methodology, we were able to identify apps with 98% accuracy. Furthermore, we have validated the effectiveness of the characterization obtained with one dataset by identifying traces from other independent datasets. The evaluation showed that the methodology provides successful results in identifying mobile applications.},
keywords = {compromise, dns traffic, I-Shaper, mobile applications identification, Qursa, user privacy},
pubstate = {published},
tppubtype = {inproceedings}
}
@inproceedings{andrea001,
title = {Caracterización de aplicaciones móviles mediante el análisis del tráfico DNS},
author = {Andrea Jimenez-Berenguel and Marta Moure-Garrido and Carlos García-Rubio and Celeste Campo-Vázquez},
url = {https://idus.us.es/handle/11441/159179
https://dialnet.unirioja.es/servlet/articulo?codigo=9633499
https://idus.us.es/bitstream/handle/11441/159179/ActasJNIC24%20%282%20ed%29.pdf?sequence=4&isAllowed=y},
isbn = {978-84-09-62140-8},
year = {2024},
date = {2024-05-28},
urldate = {2024-05-28},
booktitle = {IX Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2024},
pages = {506-507},
publisher = {Universidad de Sevilla},
abstract = {La privacidad del usuario sigue siendo vulnerable cuando se utilizan protocolos de comunicación cifrados, como HTTPS, cuando las consultas DNS se envían en texto claro a través del puerto UDP 53 (Do53). En este estudio, demostramos la posibilidad de caracterizar una aplicación móvil que utiliza un usuario basándonos en su tráfico Do53. Mediante el análisis de un conjunto de datos de tráfico, formado por 80 aplicaciones móviles Android, podemos identificar la aplicación que se está utilizando basándonos en sus consultas DNS con una precisión del 88,75 %. Aunque los sistemas operativos modernos, incluido Android desde la versión 9.0, admiten el tráfico DNS cifrado, esta función no está activada por defecto y depende del soporte del proveedor de DNS. Además, incluso cuando el tráfico DNS está cifrado, el proveedor de servicios DNS sigue teniendo acceso a nuestras consultas y podría extraer información de ellas.},
keywords = {aplicaciones moviles, compromise, privacidad, Qursa, trafico dns},
pubstate = {published},
tppubtype = {inproceedings}
}
@inproceedings{javierblanco001,
title = {PQSec-DDS: Integrating Post-Quantum Cryptography into DDS Security for Robotic Applications},
author = {Javier Blanco-Romero and Vicente Lorenzo and Florina Almenares-Mendoza and Daniel Díaz-Sánchez and Adrián Serrano-Navarro},
url = {https://hdl.handle.net/11441/159179
https://idus.us.es/handle/11441/159179
https://idus.us.es/bitstream/handle/11441/159179/ActasJNIC24%20%282%20ed%29.pdf?sequence=4&isAllowed=y},
isbn = {978-84-09-62140-8},
year = {2024},
date = {2024-05-28},
urldate = {2024-05-28},
booktitle = {IX Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2024},
pages = {396-403},
publisher = {Universidad de Sevilla },
abstract = {Leading cybersecurity agencies and standardization bodies have globally emphasized the critical need to transition towards Post-Quantum Cryptography (PQC) to defend against
emerging quantum computing threats. They advocate PQC as a practical and cost-effective solution for security systems nowadays. Nevertheless, emerging technologies such as industrial systems, e.g., autonomous vehicles, air traffic management, diagnostic imaging machines, etc., and robotics systems, e.g., ROS2 (Robotic Operating System), have not started their evolution to enhance crypto-agility and security robustness. Some of these emerging technologies use the Data Distribution Service (DDS)
standard as the underlying communication middleware protocol. DDS is a distributed publish-subscribe system that allows sending and receiving data by publishing and subscribing to topics across a network of connected nodes. However, DDS’s security is based on traditional symmetric and asymmetric cryptography, which is vulnerable to quantum computing attacks. To address this issue, we propose the integration of PQC into DDS, through the development of a C/C++ library, called pqsec-dds, which can be integrated across different DDS implementations such as CycloneDDS or OpenDDS. A proof-of-concept demonstrates the viability of our approach in enhancing the security and cryptoagility of DDS-based systems.},
keywords = {compromise, DDS, I-Shaper, IIoT, PQ, qurs, Qursa, Robotic Systems, ROS2},
pubstate = {published},
tppubtype = {inproceedings}
}
emerging quantum computing threats. They advocate PQC as a practical and cost-effective solution for security systems nowadays. Nevertheless, emerging technologies such as industrial systems, e.g., autonomous vehicles, air traffic management, diagnostic imaging machines, etc., and robotics systems, e.g., ROS2 (Robotic Operating System), have not started their evolution to enhance crypto-agility and security robustness. Some of these emerging technologies use the Data Distribution Service (DDS)
standard as the underlying communication middleware protocol. DDS is a distributed publish-subscribe system that allows sending and receiving data by publishing and subscribing to topics across a network of connected nodes. However, DDS’s security is based on traditional symmetric and asymmetric cryptography, which is vulnerable to quantum computing attacks. To address this issue, we propose the integration of PQC into DDS, through the development of a C/C++ library, called pqsec-dds, which can be integrated across different DDS implementations such as CycloneDDS or OpenDDS. A proof-of-concept demonstrates the viability of our approach in enhancing the security and cryptoagility of DDS-based systems.@article{marta001,
title = {Reducing DNS Traffic to Enhance Home IoT Device Privacy},
author = {Marta Moure-Garrido and Carlos García-Rubio and Celeste Campo},
url = {https://www.mdpi.com/1424-8220/24/9/2690/pdf?version=1713941333},
doi = {https://doi.org/10.3390/s24092690},
year = {2024},
date = {2024-04-24},
urldate = {2024-04-24},
journal = {Sensors },
volume = {24},
issue = {9},
publisher = {Sensors 2024},
abstract = {The deployment of Internet of Things (IoT) devices is widespread in different environments, including homes. Although security is incorporated, homes can become targets for cyberattacks because of their vulnerabilities. IoT devices generate Domain Name Server (DNS) traffic primarily for communication with Internet servers. In this paper, we present a detailed analysis of DNS traffic from IoT devices. The queried domains are highly distinctive, enabling attackers to easily identify the IoT device. In addition, we observed an unexpectedly high volume of queries. The analysis reveals that the same domains are repeatedly queried, DNS queries are transmitted in plain text over User Datagram Protocol (UDP) port 53 (Do53), and the excessive generation of traffic poses a security risk by amplifying an attacker’s ability to identify IoT devices and execute more precise, targeted attacks, consequently escalating the potential compromise of the entire IoT ecosystem. We propose a simple measure that can be taken to reduce DNS traffic generated by IoT devices, thus preventing it from being used as a vector to identify the types of devices present in the network. This measure is based on the implementation of the DNS cache in the devices; caching few resources increases privacy considerably.},
keywords = {compromise, DNS, I-Shaper, IoT privacy, network traffic, Qursa},
pubstate = {published},
tppubtype = {article}
}
2023
@conference{vicente001,
title = {Comparative Analysis of Quantum, Pseudo, and Hybrid Random Number Generation},
author = {Vicente Lorenzo and Francisco Javier Blanco},
year = {2023},
date = {2023-11-29},
urldate = {2023-11-29},
booktitle = {XVII Jornadas CCN-STIC CCN-CERT / V Jornadas de Ciberdefensa ESPDEF-CERT},
keywords = {QRNGs, Qursa, rngs},
pubstate = {published},
tppubtype = {conference}
}
@conference{campo013,
title = {Characterizing Mobile Applications Through Analysis of DNS Traffic},
author = {Andrea Jimenez-Berenguel and Marta Moure-Garrido and Carlos García-Rubio Celeste Campo-Vázquez},
doi = {https://doi.org/10.1145/3616394.3618268},
isbn = {N 979-8-4007-0370-6},
year = {2023},
date = {2023-10-30},
urldate = {2023-10-30},
booktitle = {PE-WASUN '23: Proceedings of the Int'l ACM Symposium on Performance Evaluation of Wireless Ad Hoc, Sensor & Ubiquitous Networks.},
pages = {69-76},
publisher = {ACM},
abstract = {User privacy may remain vulnerable when using encrypted communication protocols, such as HTTPS, if DNS queries are sent in cleartext over UDP port 53 (Do53). In this study, we demonstrate the possibility of characterizing the mobile application a user is using based on its Do53 traffic. By analyzing a dataset of traffic captured from 80 Android mobile apps, we can identify the app being used based on its DNS queries with an accuracy of 88.75%. While modern operating systems, including Android since version 9.0, support encrypted DNS traffic, this feature is not enabled by default and relies on the DNS provider's support. Moreover, even when DNS traffic is encrypted, the DNS service provider still has access to our queries and could potentially extract information from them.},
keywords = {android apps, compromise, dns traffic, encrypted dns, mobile apps characterization, Qursa, user privacy},
pubstate = {published},
tppubtype = {conference}
}
@article{campo002,
title = {Real time detection of malicious DoH traffic using statistical analysis },
author = {Marta Moure-Garrido and Celeste Campo-Vázquez and Carlos García-Rubio},
url = {http://hdl.handle.net/10016/38151},
doi = {https://doi.org/10.1016/j.comnet.2023.109910},
issn = {1389-1286},
year = {2023},
date = {2023-10-09},
urldate = {2023-10-09},
journal = {COMPUTER NETWORKS},
volume = {234},
issue = {109910},
pages = {1-10},
abstract = {The DNS protocol plays a fundamental role in the operation of ubiquitous networks. All devices connected to these networks need DNS to work, both for traditional domain name to IP address translation, and for more advanced services such as resource discovery. DNS over HTTPS (DoH) solves certain security problems present in the DNS protocol. However, malicious DNS tunnels, a covert way of encapsulating malicious traffic in a DNS connection, are difficult to detect because the encrypted data prevents performing an analysis of the content of the DNS traffic.
In this study, we introduce a real-time system for detecting malicious DoH tunnels, which is based on analyzing DoH traffic using statistical methods. Our research demonstrates that it is feasible to identify in real-time malicious traffic by analyzing specific parameters extracted from DoH traffic. In addition, we conducted statistical analysis to identify the most significant features that distinguish malicious traffic from benign traffic. Using the selected features, we achieved satisfactory results in classifying DoH traffic as either benign or malicious.},
keywords = {classification, compromise, computer science, cynamon, dns tunnels, doh traffic, intrusion detection system, malicious doh, Qursa, statistical analysis},
pubstate = {published},
tppubtype = {article}
}
In this study, we introduce a real-time system for detecting malicious DoH tunnels, which is based on analyzing DoH traffic using statistical methods. Our research demonstrates that it is feasible to identify in real-time malicious traffic by analyzing specific parameters extracted from DoH traffic. In addition, we conducted statistical analysis to identify the most significant features that distinguish malicious traffic from benign traffic. Using the selected features, we achieved satisfactory results in classifying DoH traffic as either benign or malicious.
Publications
QKD-KEM: Hybrid QKD Integration into TLS with OpenSSL Providers Conference 2025. Machine Learning Predictors for Min-Entropy Estimation Journal Article In: Entropy 2025, vol. 27, iss. 2, no. 156, pp. 1-31, 2025. Evaluation of the performance of unsupervised learning algorithms for intrusion detection in unbalanced data environments Proceedings Article In: IEEE, 2024, ISSN: 2169-3536. Authorisation models for IoT environments: A survey Journal Article In: www.elsevier.com/locate/iot, 2024, ISSN: 2542-6605. Integrating Post-Quantum Cryptography into CoAP and MQTT-SN Protocols Conference 2024 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2024, ISBN: 979-8-3503-5424-9. Evaluating integration methods of a quantum random number generator in OpenSSL for TLS Journal Article In: vol. 255, 2024, ISBN: 1389-1286. Comparing Pseudo, Classical True and Quantum Random Number Generators Using Standard Quality Assessments Conference XVIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2024), León, 23 al 25 de Octubre, 2024., 2024. Integración de un sistema de autenticación optimizado basado en PUF en OSCORE Conference XVIII Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2024), León, 23 al 25 de Octubre, 2024., 2024. Real-Time Analysis of Encrypted DNS Traffic for Threat Detection Conference ICC 2024 - IEEE International Conference on Communications, IEEE, 2024, ISSN: 1550-3607. Inferring mobile applications usage from DNS traffic Proceedings Article In: Ad Hoc Networks, Elsevier B.V., 2024. Caracterización de aplicaciones móviles mediante el análisis del tráfico DNS Proceedings Article In: IX Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2024, pp. 506-507, Universidad de Sevilla, 2024, ISBN: 978-84-09-62140-8. PQSec-DDS: Integrating Post-Quantum Cryptography into DDS Security for Robotic Applications Proceedings Article In: IX Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2024, pp. 396-403, Universidad de Sevilla , 2024, ISBN: 978-84-09-62140-8. Reducing DNS Traffic to Enhance Home IoT Device Privacy Journal Article In: Sensors , vol. 24, iss. 9, 2024. Comparative Analysis of Quantum, Pseudo, and Hybrid Random Number Generation Conference XVII Jornadas CCN-STIC CCN-CERT / V Jornadas de Ciberdefensa ESPDEF-CERT, 2023. Characterizing Mobile Applications Through Analysis of DNS Traffic Conference PE-WASUN '23: Proceedings of the Int'l ACM Symposium on Performance Evaluation of Wireless Ad Hoc, Sensor & Ubiquitous Networks., ACM, 2023, ISBN: N 979-8-4007-0370-6. Real time detection of malicious DoH traffic using statistical analysis Journal Article In: COMPUTER NETWORKS, vol. 234, iss. 109910, pp. 1-10, 2023, ISSN: 1389-1286.2025
2024
2023