Information and Network Security and Privacy

Proposta de tesi Investigadors/es Grup de recerca

Digital media security, privacy and forensics (steganography, watermarking, fingerprinting and steganalysis)

The security and privacy of digital media content has been attracting the attention of academia and industry for the past two decades. Since copies of digital content can be made without any loss and with no cost, content vendors and producers are trying to design mechanisms either to avoid or to detect unauthorized copies. Steganography, watermarking and fingerprinting, for images, audio and video content are being investigated by different groups worldwide in order to produce practical solutions to these kinds of problems while at the same time satisfying requirements such as security, privacy, capacity, robustness and transparency.

Steganography is also used to send concealed messages in an apparently innocent cover object. Steganalysis techniques are being developed in order to detect whether a multimedia object contains secret information which may be used for malicious purposes.

In general, these topics belong to computer forensic techniques that can be used to provide legal evidence of illegal or criminal actions. This line of research is related to all these issues, with a special focus on networked distribution systems such as online social networks or peer-to-peer applications.

Dr. David Megías KISON Research Group

Security and Privacy in the Internet of Things (SP@IoT)

The Internet of things (IoT) refers to the internetworking of devices (including smartphones), vehicles, embedded systems, sensors, actuators, and other hardware and software components, which enable these objects to collect and exchange data. These data can be used later on (or in real time) for a wide variety of applications. For example, samples on the mobility patterns of a group of people can be used for designing new and more efficient public transportation systems.

Despite the advantages that this information can provide –for example, to advise individuals for specific routes to avoid traffic jams–, it is clear that the collection and storage of such data raises important ethical issues, such as those concerned with the information security and users’ privacy. It is essential that the storage and processing of this information is carried out in a way that ensures the privacy of individuals whose data are collected or who want to enjoy the benefits of this technology.

The project involves designing systems that allow data collection with the required degree of privacy through the use of specific cryptographic protocols, combined with data mining and managing large amounts of data (big data).

Dr. David Megías

KISON Research Group

Privacy-preserving in Data Mining

In recent years, an explosive increase of data has been made publicly available. Embedded within this data there is private information about users and, therefore, data owners must respect users’ privacy when releasing datasets to third parties. In this scenario, anonymization processes become an important concern. Privacy may be breached in various ways, depending on data types. For instance, medical datasets are published as database tables, so linking this information with publicly available datasets may disclose the identity of some individuals; social network data is usually published as graphs and there are adversaries that can infer the identity of the users by solving a set of restricted graph isomorphism problems; location privacy concerns the data from phone call networks or applications like Foursquare; and so on.

The simple technique of anonymizing networks by removing identifiers before publishing the actual data does not guarantee privacy. Therefore, various approaches and methods have been developed to deal with each data type and each breach of privacy. The aim of this research is to develop privacy-preserving methods and algorithms that guarantee the users' privacy while keeping data utility as close as possible to the original data. These methods have to achieve a trade-off between data privacy and data utility. Consequently, several data mining tasks must be considered in order to quantify the information loss produced on anonymous data. Due to its nature, PPDM involves some very relevant and interesting topics, such as security and privacy issues to ensure anonymity, data mining and machine learning to evaluate data utility and information loss, and also aspects related to big data.

Dr. Jordi Casas KISON Research Group

Security and privacy in smart cities

The research around smart cities aims to improve the welfare and quality of life of citizens while stimulating the economic progress of cities. To make this possible, the first challenge is to have an integrated communications network that provides high capacity and capillarity, thus allowing the interconnection of all city services that generate information (street lighting, water services, waste management, transport, etc.).

The management of data and information in a smart city involves the integration of several information systems with very different functions: storage of data through non-relational databases, processing and analysis of data using distributed computing, urban mining, social computing, natural language processing and semantic reasoning, support for decision making, and modelling of urban behaviour.

The enormous quantity of information and communication systems involved in a smart city logically generates important security challenges. The systems involved all have their inherent vulnerabilities, and their integration gives way to new potential security attacks. These new challenges are mainly related to the fields of privacy, confidentiality and availability of services. The research will focus on finding solutions to these problems on the basis of the current state of the art in cryptography, privacy, anonymity, authenticity, etc.

The research will also work on mitigating the consequences of outsourcing many of the WSN-based services deployed in the smart city. Even though public administrations include security clauses in their SLA with the external providers, security mechanisms are kept in the hands of the providers. Generally, the providers embed countermeasures based on cryptography, obfuscation, frequency hopping and so on in the sensor nodes. However, these security measures are only effective if they are properly applied and maintained and, in the case of severe attacks, they are totally futile. Thus, in this scenario, smart city administrators must have mechanisms to verify operation of their WSNs. The research will work on the necessary anomaly detection mechanisms needed to monitor and control the state of the smart city networks.

Dr. Carles Garrigues

Dra. Helena Rifà

KISON Research Group

Privacy in community networks

Many online communities exist nowadays: social networks, open source development, Wikipedia, Wikileaks etc. These communities generate and share a lot of data which is commonly hosted in resources belonging to entities not directly related with participants in the community. This poses a privacy risk for the users, whose profile (friends, beliefs, political tendencies, hobbies), as well as their routines can be publicly exposed and inappropriately used.

The aim of this research is the design of a system that allows for powerful community networks while protecting end-users from surveillance and censorship. The system must allow a free data interchange between the trusted community members, but must guarantee that users can keep a desired degree of anonymity and unlinkability within the community members and external users, and that no sensible information can be inferred by means of data mining or traffic analysis.


Dr. Joan Manuel Marquès

Dra. Helena Rifà

ICSO Research Group



KISON Research Group

Cybersecurity in intelligent or autonomous cars

Modern cars are equipped with the latest information technologies: Wi-Fi, autonomous control systems, USB, etc.

In recent months, some researchers have demonstrated that the communications and the software used in some intelligent cars are vulnerable. The embedded software that controls the whole system can be attacked and modified. The security of this software is not generally a default consideration.

There are papers, videos and PoCs that show how to change the behaviour of the control system; changing the speed, the direction, communications, etc.

Using a new motor research lab, the security of this software and the communications systems will be considered in collaboration with the major automobile manufacturers.

Dr. Jordi Serra


KISON Research Group

Malware research lab, malware detection

Every day, the detection of new malware becomes more complicated, developers of such software are using advanced techniques, making its detection more difficult.

Based on current techniques and using specific hardware donated by companies dedicated to specific computer security techniques, some new methods will be implemented for the real-time detection of malware traffic through the internal network of an organization. These will operate by sniffing the network traffic to determine whether it is legitimate or not. The research will be carried out in collaboration with companies and experts specialized in malware detection.

Dr. Jordi Serra KISON Research Group

Privacy-aware Trajectory Data Mining

Geolocated data is generated in almost every application of ICTs Information and Communication Technologies. A vast amount of information can be obtained to generate spatio-temporal trajectory datasets that can be further mined and analyzed to extract knowledge, such as locations of interest or mobility maps around a city.

Several electronic devices, such as smartphones can be used as sensors, and the location information obtained from them may have a great utility for city planning, thus helping to improve traffic management, tourism, health-related research and commerce, just to mention a few examples.

By continuously sharing our location, we may benefit from location-based services, such as recommendations of places near us that may be of our interest. However, by sharing our location in real time, we may indirectly reveal private information such as our home location, our preferences, activities and habits. If such knowledge is linked to publicly identified data, an association between our real identities and private information can be carried out.

Hence, while as a society we may benefit from location data, the need for protecting the association of such data with our real identities as individuals is evident. This private information may not be shared with others or could be even harmful if it is not properly anonymized and falls on the wrong hands.

Privacy has to be considered in the mining algorithms, and should preferably be considered by design, that is, it should be inscribed in the algorithm from scratch.

Therefore, the aim of this research topic is to develop privacy-aware trajectory mining algorithms to provide privacy guarantees to data subjects, while, at the same time, obtaining useful knowledge from the anonymized data.

Dr. David Megías


Dr. Julián Salas

KISON Research Group

Security and privacy with blockchain technologies and smart contracts

Blockchain, and more broadly Distributed Ledger Technologies (DTL), is used to implement distributed systems that ensure that untrusted parties aggree on a certain state of the system as the true state. Additionally, smart contracts enhance DTL with computer protocols capable of automatically executing clauses in case that certain conditions are fulfilled. In this way, blockchain technologies are leding to decentralization of services and removing the need of trusted third parties to control digital assets. These technologies contribute to creating new business models and transforming certain industries. Current blockchain projects include proposals to: create criptocurrencies, speed up global payments, deploy trusted supply chains involving multiple parties,  descentralize identity systems, organize transparent trade markets, etc. 

Within this area of research, we seek not only to propose innovative systems based on blockchain technology and smart contracts, but also to research on improving existing systems to enhance their security, privacy, scalability, efficiency, and so on.

Dra. Helena Rifà KISON Research Group