Proposta de tesi Investigadors/es Grup de recerca

Digital media security, privacy and forensics (steganography, watermarking, fingerprinting and steganalysis)

The security and privacy of digital media content has been attracting the attention of academia and industry for the past two decades. Since copies of digital content can be made without any loss and with no cost, content vendors and producers are trying to design mechanisms either to avoid or to detect unauthorized copies. Steganography, watermarking and fingerprinting, for images, audio and video content are being investigated by different groups worldwide in order to produce practical solutions to these kinds of problems while at the same time satisfying requirements such as security, privacy, capacity, robustness and transparency.

Steganography is also used to send concealed messages in an apparently innocent cover object. Steganalysis techniques are being developed in order to detect whether a multimedia object contains secret information which may be used for malicious purposes.

In general, these topics belong to computer forensic techniques that can be used to provide legal evidence of illegal or criminal actions. This line of research is related to all these issues, with a special focus on networked distribution systems such as online social networks or peer-to-peer applications.

Dr. David Megías KISON Research Group

Security and Privacy in the Internet of Things (SP@IoT)

The Internet of things (IoT) refers to the internetworking of devices (including smartphones), vehicles, embedded systems, sensors, actuators, and other hardware and software components, which enable these objects to collect and exchange data. These data can be used later on (or in real time) for a wide variety of applications. For example, samples on the mobility patterns of a group of people can be used for designing new and more efficient public transportation systems.

Despite the advantages that this information can provide –for example, to advise individuals for specific routes to avoid traffic jams–, it is clear that the collection and storage of such data raises important ethical issues, such as those concerned with the information security and users’ privacy. It is essential that the storage and processing of this information is carried out in a way that ensures the privacy of individuals whose data are collected or who want to enjoy the benefits of this technology.

The project involves designing systems that allow data collection with the required degree of privacy through the use of specific cryptographic protocols, combined with data mining and managing large amounts of data (big data).

Dr. David Megías

KISON Research Group

Privacy-preserving data publishing (PPDP)

In recent years, an explosive increase of data has been made publicly available. Embedded within this data there is private information about users and, therefore, data owners must respect users’ privacy when releasing datasets to third parties. In this scenario, anonymization processes become an important concern. Privacy may be breached in various ways, depending on data types. For instance, medical datasets are published as database tables, so linking this information with publicly available datasets may disclose the identity of some individuals; social network data is usually published as graphs and there are adversaries that can infer the identity of the users by solving a set of restricted graph isomorphism problems; location privacy concerns the data from phone call networks or applications like Foursquare; and so on.

The simple technique of anonymizing networks by removing identifiers before publishing the actual data does not guarantee privacy. Therefore, various approaches and methods have been developed to deal with each data type and each breach of privacy. The aim of this research is to develop privacy-preserving methods and algorithms that guarantee the users' privacy while keeping data utility as close as possible to the original data. These methods have to achieve a trade-off between data privacy and data utility. Consequently, several data mining tasks must be considered in order to quantify the information loss produced on anonymous data. Due to its nature, PPDM involves some very relevant and interesting topics, such as security and privacy issues to ensure anonymity, data mining and machine learning to evaluate data utility and information loss, and also aspects related to big data.

Dr. Jordi Casas KISON Research Group

Security in cognitive radio networks

Spectrum is an essential resource for the provision of mobile services. In order to control and delimit its use, governmental agencies set up regulatory policies. Unfortunately, such policies have led to a deficiency of spectrum as few frequency bands are left unlicensed, and these are used for the majority of new emerging wireless applications.

Cognitive radio networks try to alleviate the spectrum scarcity problem by designing a system in which the licensed spectrum can be used opportunistically. Cognitive radio terminals form self-organizing cooperative networks with the ability to sense their electromagnetic environment, find the spectrum holes, and adjust their operating parameters to access these free bands.

Within the realm of cognitive radio networks security is a crucial requirement to avoid harmful interference to licensed users. Although this is an active research area that has successfully progressed in recent years, there are still challenges to be addressed such as efficient authentication and encryption of data, robust cooperation between users, the trading of the spectrum, or detection and identification of malicious nodes.

Therefore, we are looking for researchers interested in security aspects applied to cooperative wireless networks.

Dr. Carles Garrigues

Dra. Helena Rifà
 

KISON Research Group

Security and privacy in smart cities

The research around smart cities aims to improve the welfare and quality of life of citizens while stimulating the economic progress of cities. To make this possible, the first challenge is to have an integrated communications network that provides high capacity and capillarity, thus allowing the interconnection of all city services that generate information (street lighting, water services, waste management, transport, etc.).

The management of data and information in a smart city involves the integration of several information systems with very different functions: storage of data through non-relational databases, processing and analysis of data using distributed computing, urban mining, social computing, natural language processing and semantic reasoning, support for decision making, and modelling of urban behaviour.

The enormous quantity of information and communication systems involved in a smart city logically generates important security challenges. The systems involved all have their inherent vulnerabilities, and their integration gives way to new potential security attacks. These new challenges are mainly related to the fields of privacy, confidentiality and availability of services. The research will focus on finding solutions to these problems on the basis of the current state of the art in cryptography, privacy, anonymity, authenticity, etc.

The research will also work on mitigating the consequences of outsourcing many of the WSN-based services deployed in the smart city. Even though public administrations include security clauses in their SLA with the external providers, security mechanisms are kept in the hands of the providers. Generally, the providers embed countermeasures based on cryptography, obfuscation, frequency hopping and so on in the sensor nodes. However, these security measures are only effective if they are properly applied and maintained and, in the case of severe attacks, they are totally futile. Thus, in this scenario, smart city administrators must have mechanisms to verify operation of their WSNs. The research will work on the necessary anomaly detection mechanisms needed to monitor and control the state of the smart city networks.

Dr. Carles Garrigues

Dra. Helena Rifà

KISON Research Group

Privacy in community networks

Many online communities exist nowadays: social networks, open source development, Wikipedia, Wikileaks etc. These communities generate and share a lot of data which is commonly hosted in resources belonging to entities not directly related with participants in the community. This poses a privacy risk for the users, whose profile (friends, beliefs, political tendencies, hobbies), as well as their routines can be publicly exposed and inappropriately used.

The aim of this research is the design of a system that allows for powerful community networks while protecting end-users from surveillance and censorship. The system must allow a free data interchange between the trusted community members, but must guarantee that users can keep a desired degree of anonymity and unlinkability within the community members and external users, and that no sensible information can be inferred by means of data mining or traffic analysis.

 

Dr. Joan Manuel Marquès

Dra. Helena Rifà

ICSO Research Group

 

 

KISON Research Group

Cybersecurity in intelligent or autonomous cars

Modern cars are equipped with the latest information technologies: Wi-Fi, autonomous control systems, USB, etc.

In recent months, some researchers have demonstrated that the communications and the software used in some intelligent cars are vulnerable. The embedded software that controls the whole system can be attacked and modified. The security of this software is not generally a default consideration.

There are papers, videos and PoCs that show how to change the behaviour of the control system; changing the speed, the direction, communications, etc.

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

http://www.securityweek.com/symantec-wants-protect-your-car-zero-day-attacks

http://www.nytimes.com/2011/03/10/business/10hack.html?_r=1

Using a new motor research lab, the security of this software and the communications systems will be considered in collaboration with the major automobile manufacturers.

Dr. Jordi Serra

 

KISON Research Group

Malware research lab, malware detection

Every day, the detection of new malware becomes more complicated, developers of such software are using advanced techniques, making its detection more difficult.

Based on current techniques and using specific hardware donated by companies dedicated to specific computer security techniques, some new methods will be implemented for the real-time detection of malware traffic through the internal network of an organization. These will operate by sniffing the network traffic to determine whether it is legitimate or not. The research will be carried out in collaboration with companies and experts specialized in malware detection.

Dr. Jordi Serra KISON Research Group