Tecnologías de la Información y de Redes

Information and Network Security and Privacy
Propuesta de tesis Investigadores/as Grupo de Investigación

Digital media security, privacy and forensics (steganography, watermarking, fingerprinting and steganalysis)

The security and privacy of digital media content has been attracting the attention of academia and industry for the past two decades. Since copies of digital content can be made without any loss and with no cost, content vendors and producers are trying to design mechanisms either to avoid or to detect unauthorized copies. Steganography, watermarking and fingerprinting, for images, audio and video content are being investigated by different groups worldwide in order to produce practical solutions to these kinds of problems while at the same time satisfying requirements such as security, privacy, capacity, robustness and transparency.

Steganography is also used to send concealed messages in an apparently innocent cover object. Steganalysis techniques are being developed in order to detect whether a multimedia object contains secret information which may be used for malicious purposes.

In general, these topics belong to computer forensic techniques that can be used to provide legal evidence of illegal or criminal actions. This line of research is related to all these issues, with a special focus on networked distribution systems such as online social networks or peer-to-peer applications.

Dr David Megías

Mail:dmegias@uoc.edu

KISON 

Security and Privacy in the Internet of Things (SP@IoT)

The Internet of things (IoT) refers to the internetworking of devices (including smartphones), vehicles, embedded systems, sensors, actuators, and other hardware and software components, which enable these objects to collect and exchange data. These data can be used later on (or in real time) for a wide variety of applications. For example, samples on the mobility patterns of a group of people can be used for designing new and more efficient public transportation systems.

Despite the advantages that this information can provide –for example, to advise individuals for specific routes to avoid traffic jams–, it is clear that the collection and storage of such data raises important ethical issues, such as those concerned with the information security and users’ privacy. It is essential that the storage and processing of this information is carried out in a way that ensures the privacy of individuals whose data are collected or who want to enjoy the benefits of this technology.

The project involves designing systems that allow data collection with the required degree of privacy through the use of specific cryptographic protocols, combined with data mining and managing large amounts of data (big data).

Dr David Megías

Mail:dmegias@uoc.edu

KISON 

Blockchain 

Blockchain, and more broadly Distributed Ledger Technology (DLT), has proven to go far beyond cryptocurrencies and it is transforming certain industries, enabling new business models based on decentralized services. Blockchain can contribute to security and privacy and helps removing intermediaries, empowering final users, and making possible new use cases that were not feasible until then. Currently, blockchain projects include proposals in many areas, such as cryptocurrencies, payment systems, supply chains, e-health,  e-voting, decentralized identity, collaborative economy, etc.
 
Within this area of research, we seek not only to improve current blockchain technology, researching on ways to enhance security, privacy, scalability, efficiency and other properties of current systems, but also to propose innovative decentralized services, where blockchain is a key component.
 
Moreover, blockchains are no longer only used to transact within the chain, but are also used as a base for building second layer protocols, that benefit from the security properties the blockchain offers while overcoming some of their limitations. Enforcing the security and privacy properties of these layer-two protocols while being deployed on real settings is a topic of huge interest, that currently captures the enthusiasm of an important part of the cryptocurrency research community. Projects related to security and privacy of existing second layer protocols as well as designing new layer two protocols are also covered by this research line.
 

Dr Víctor García Font

Mail: vgarciafo@uoc.edu

KISON
Security in Cyber-physical Systems
 
In recent years, there has been an exponential growth in the development and deployment of cyber-physical systems (CPSs), which are systems that can effectively integrate cyber and physical components using the modern sensor, computing and network technologies. Data captured from physical objects is transferred through networks to a control system. Architectures composed of edge, fog and cloud computing handle the data, process it and resulting decisions are issued as actions to the physical objects.
 
Various vulnerabilities, threats, attacks, and controls have been introduced in CPS.
 
One of the main characteristics of cyber threats is that they are scalable, i.e. they are easily automated and replicated, and even they can be distributed freely through unreliable domains. Example of threats are:
- Creation of botnets to perform DDoS attacks
- Eavesdropping communication channels between the sensors and the controller, and between the controller and the actuator
- Perverting data provenance, which deals with the recording, management and retrieval of information about the origin and history of data etc.
 
This research line focuses on developing methodologies and protocols that can meet the security properties (data authentication, confidentiality, integrity, reliability, non-repudiation, accountability and availability) of a sensor-edge-fog-cloud architecture. 
 
References:
[1] Humayed, Abdulmalik, et al. "Cyber-physical systems security—A survey." IEEE Internet of Things Journal 4.6 (2017): 1802-1831.
[2] Ashibani, Yosef, and Qusay H. Mahmoud. "Cyber physical systems security: Analysis, challenges and solutions." Computers & Security 68 (2017): 81-97.
[3] Zhang, PeiYun, MengChu Zhou, and Giancarlo Fortino. "Security and trust issues in Fog computing: A survey." Future Generation Computer Systems 88 (2018): 16-27.
 
 

 

Dr. Carles Garrigues

Mail: cgarrigueso@uoc.edu

 

Dr Helena Rifà

Mail: hrifa@uoc.edu

KISON
Digital Chain of Custody in computer forensics
 
The thesis is focused on the proposal to create a "Digital Chain of Custody" to ensure that the digital evidence (information or data, stored or trans-mitted in binary form which has been determined, through the process of analysis, to be relevant to the investigation) will be accepted in international court proceedings, so in it will be guaranteed the principles of identification, preservation, securing and posterior analysis.
 
After to establish a clear procedure, it will proceed with the second part: to create an artifice which it is able to comply with the procedure and it should take into account a set of items as: digital evidence acquisition and metadata associated (video, audio, photographs or files in general), probe localization, timestamp and secure communication capabilities. This device will be the starting point of the "Chain".
 

Dr Jordi Serra

Mail: jserrai@uoc.edu

KISON

Tampering detection in multimedia content

A new study of methods and applications in order to detect tampered multimedia content. Using Machine Learning and Artificial Intelligence techniques, the final method and application will be detect all modification media content, sound, video or images. Using techniques of steganography and steganalysis.

 

Dr Jordi Serra

Mail: jserrai@uoc.edu

KISON
User-centered privacy-enhancing technologies
 
Data mining technologies have been constantly improving from last 20 years, the increasing computational power and storage capacity have allowed impressive accomplishments on the Artificial Intelligence and Machine Learning algorithms. 
This progress has been powered by the data collection through pervasive sensing by the Internet of Things and of smart-devices (such as smart-watches, smart-meters, etc.). As users’ data is collected in real-time, this must be carried out in a privacy-preserving manner not only to fulfill legal and ethical requirements but also individuals’ expectations. A user-centered (or local) approach for privacy protection may increase users’ confidence, through transparency and control. 
 
The aim of this proposal is to develop user-centered technologies for privacy protection of time-series obtained from sensors (such as location, health, behavioral or relational data).
 
We will study the guarantees provided by aggregation and randomized response methods to attain Local Differential Privacy. We will apply them to protect data that may be used for recommender systems, sequential pattern mining, complex networks analysis, predictions and decision making. 
 
The main contributions of this project will be to provide local algorithms for data protection and to analyze and develop strong guarantees of privacy for dynamic data.
 
Some relevant of differentialy private technologies, are google’s RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) [1] or the US Census Bureau product called OnTheMap [2].
 
REFERENCES
[1] U. Erlingsson, V. Pihur, and A. Korolova. Rappor: Randomized aggregatable privacy-preserving ordinal response. In CCS, 2014.
[2] A. Machanavajjhala, D. Kifer, J. Abowd, J. Gehrke, and L. Vilhuber. Privacy: Theory meets practice on the map. In ICDE, 2008.
 
Mail: dmegias@uoc.edu
 
Mail: jsalaspi@uoc.edu
 
KISON
Malware Detection Using Machine Learning Algorithms
 
The research line of this thesis is to propose a new framework in which one can use some different machine learning and deep learning algorithms in order to distinguish between malware files and clean files. To propose a new method to detect intrusions, malware files or ransomware, before the attackers obtain the control of the information systems.
 
Related work:
 
  1. Hussain, A., Asif, M., Ahmad, M.B., Mahmood, T., Raza, M.A. (2022). Malware Detection Using Machine Learning Algorithms for Windows Platform. In: Ullah, A., Anwar, S., Rocha, Á., Gill, S. (eds) Proceedings of International Conference on Information Technology and Applications. Lecture Notes in Networks and Systems, vol 350. Springer, Singapore. doi.org/10.1007/978-981-16-7618-5_53
  2. D. Gavriluţ, M. Cimpoeşu, D. Anton and L. Ciortuz, "Malware detection using machine learning," 2009 International Multiconference on Computer Science and Information Technology, 2009, pp. 735-741,  doi: 10.1109/IMCSIT.2009.5352759.
 

Dr Jordi Serra Ruiz

Mail: jserrai@uoc.edu

KISON

Cybersecurity in 5G/6G networks

The transition to 6G networks represents a revolutionary advancement in communication capabilities, marked by the seamless integration of virtual realms with connected intelligence, enabling applications like multisensory extended reality and wireless brain-computer interactions. This technological leap, offering blazing-fast data rates, ultra-low latency, and unparalleled reliability, is underpinned by the pervasive role of artificial intelligence (AI). However, amid this transformative potential, it also unveils an intricate and expansive threat surface, demanding innovative security solutions. This evolving security landscape must address the challenges of a highly interconnected, heterogeneous network enriched by cloudification.

 
This research line aims to develop innovative security solutions to protect against emerging threats within the highly interconnected and heterogeneous 6G network landscape. Areas of exploration include AI-driven threat detection, robust and light encryption protocols, and trust models.
 
Related work:
[1] You, Xiaohu, et al. ""Towards 6G wireless communication networks: Vision, enabling technologies, and new paradigm shifts."" Science China Information Sciences 64 (2021): 1-74.
[2] Porambage, Pawani, et al. ""The roadmap to 6G security and privacy."" IEEE Open Journal of the Communications Society 2 (2021): 1094-1122.
[3] Nguyen, Van-Linh, et al. ""Security and privacy for 6G: A survey on prospective technologies and challenges."" IEEE Communications Surveys & Tutorials 23.4 (2021): 2384-2428."

Dr Helena Rifà

Mail: hrifa@uoc.edu

KISON