Information and Network Security and Privacy

Propuesta de tesis Investigadores/as Grupo de investigación

Digital media security, privacy and forensics (steganography, watermarking, fingerprinting and steganalysis)

The security and privacy of digital media content has been attracting the attention of academia and industry for the past two decades. Since copies of digital content can be made without any loss and with no cost, content vendors and producers are trying to design mechanisms either to avoid or to detect unauthorized copies. Steganography, watermarking and fingerprinting, for images, audio and video content are being investigated by different groups worldwide in order to produce practical solutions to these kinds of problems while at the same time satisfying requirements such as security, privacy, capacity, robustness and transparency.

Steganography is also used to send concealed messages in an apparently innocent cover object. Steganalysis techniques are being developed in order to detect whether a multimedia object contains secret information which may be used for malicious purposes.

In general, these topics belong to computer forensic techniques that can be used to provide legal evidence of illegal or criminal actions. This line of research is related to all these issues, with a special focus on networked distribution systems such as online social networks or peer-to-peer applications.

Dr David Megías KISON 

Security and Privacy in the Internet of Things (SP@IoT)

The Internet of things (IoT) refers to the internetworking of devices (including smartphones), vehicles, embedded systems, sensors, actuators, and other hardware and software components, which enable these objects to collect and exchange data. These data can be used later on (or in real time) for a wide variety of applications. For example, samples on the mobility patterns of a group of people can be used for designing new and more efficient public transportation systems.

Despite the advantages that this information can provide –for example, to advise individuals for specific routes to avoid traffic jams–, it is clear that the collection and storage of such data raises important ethical issues, such as those concerned with the information security and users’ privacy. It is essential that the storage and processing of this information is carried out in a way that ensures the privacy of individuals whose data are collected or who want to enjoy the benefits of this technology.

The project involves designing systems that allow data collection with the required degree of privacy through the use of specific cryptographic protocols, combined with data mining and managing large amounts of data (big data).

Dr David Megías

KISON 

Privacy-preserving in Data Mining

In recent years, an explosive increase of data has been made publicly available. Embedded within this data there is private information about users and, therefore, data owners must respect users’ privacy when releasing datasets to third parties. In this scenario, anonymization processes become an important concern. Privacy may be breached in various ways, depending on data types. For instance, medical datasets are published as database tables, so linking this information with publicly available datasets may disclose the identity of some individuals; social network data is usually published as graphs and there are adversaries that can infer the identity of the users by solving a set of restricted graph isomorphism problems; location privacy concerns the data from phone call networks or applications like Foursquare; and so on.

The simple technique of anonymizing networks by removing identifiers before publishing the actual data does not guarantee privacy. Therefore, various approaches and methods have been developed to deal with each data type and each breach of privacy. The aim of this research is to develop privacy-preserving methods and algorithms that guarantee the users' privacy while keeping data utility as close as possible to the original data. These methods have to achieve a trade-off between data privacy and data utility. Consequently, several data mining tasks must be considered in order to quantify the information loss produced on anonymous data. Due to its nature, PPDM involves some very relevant and interesting topics, such as security and privacy issues to ensure anonymity, data mining and machine learning to evaluate data utility and information loss, and also aspects related to big data.

Dr Jordi Casas KISON 
Privacy in community networks

Many online communities exist nowadays: social networks, open source development, Wikipedia, Wikileaks etc. These communities generate and share a lot of data which is commonly hosted in resources belonging to entities not directly related with participants in the community. This poses a privacy risk for the users, whose profile (friends, beliefs, political tendencies, hobbies), as well as their routines can be publicly exposed and inappropriately used.

The aim of this research is the design of a system that allows for powerful community networks while protecting end-users from surveillance and censorship. The system must allow a free data interchange between the trusted community members, but must guarantee that users can keep a desired degree of anonymity and unlinkability within the community members and external users, and that no sensible information can be inferred by means of data mining or traffic analysis.

 

Dr Joan Manuel Marquès

Dr Helena Rifà

ICSO 

 

 

KISON

Privacy-aware Trajectory Data Mining

Geolocated data is generated in almost every application of ICTs Information and Communication Technologies. A vast amount of information can be obtained to generate spatio-temporal trajectory datasets that can be further mined and analyzed to extract knowledge, such as locations of interest or mobility maps around a city.

Several electronic devices, such as smartphones can be used as sensors, and the location information obtained from them may have a great utility for city planning, thus helping to improve traffic management, tourism, health-related research and commerce, just to mention a few examples.

By continuously sharing our location, we may benefit from location-based services, such as recommendations of places near us that may be of our interest. However, by sharing our location in real time, we may indirectly reveal private information such as our home location, our preferences, activities and habits. If such knowledge is linked to publicly identified data, an association between our real identities and private information can be carried out.

Hence, while as a society we may benefit from location data, the need for protecting the association of such data with our real identities as individuals is evident. This private information may not be shared with others or could be even harmful if it is not properly anonymized and falls on the wrong hands.

Privacy has to be considered in the mining algorithms, and should preferably be considered by design, that is, it should be inscribed in the algorithm from scratch.

Therefore, the aim of this research topic is to develop privacy-aware trajectory mining algorithms to provide privacy guarantees to data subjects, while, at the same time, obtaining useful knowledge from the anonymized data.

Dr David Megías

 

Dr Julián Salas

KISON

Blockchain 

Blockchain, and more broadly Distributed Ledger Technology (DLT), has proven to go far beyond cryptocurrencies and it is transforming certain industries, enabling new business models based on decentralized services. Blockchain can contribute to security and privacy and helps removing intermediaries, empowering final users, and making possible new use cases that were not feasible until then. Currently, blockchain projects include proposals in many areas, such as cryptocurrencies, payment systems, supply chains, e-health,  e-voting, decentralized identity, collaborative economy, etc.

Within this area of research, we seek not only to improve current blockchain technology, researching on ways to enhance security, privacy, scalability, efficiency and other properties of current systems, but also to propose innovative decentralized services, where blockchain is a key component.

Moreover, blockchains are no longer only used to transact within the chain, but are also used as a base for building second layer protocols, that benefit from the security properties the blockchain offers while overcoming some of their limitations. The Lightning Network is one of the best well-known second layer protocols, allowing fast payments over Bitcoin. Enforcing the security and privacy properties of these layer-two protocols while being deployed on real settings is a topic of huge interest, that currently captures the enthusiasm of an important part of the cryptocurrency research community. Projects related to security and privacy of existing second layer protocols as well as designing new layer two protocols are also covered by this research line.

Dr Víctor García Font

 

Dr Cristina Pérez Solà

KISON 

Cibersecurity in smart homes

The number of Internet incidents related to smart devices is increasing every year. According to the Gartner's estimation in 2017, in 2020 there will be over 20 billion IoT devices on the planet. Malicious hackers are interested in home IoT devices because of the massive number of devices and the lack of security measures or poorly configured ones, which turn them into an easy target of cyberattacks. Criminal organizations use the compromised objects to perform illegal activities to external entities (like DDoS attacks), to use computational capacity for its own benefit (e.g. cryptojacking attacks that use the devices to mine cryptocurrencies) or to get confidential and private information about IoT owners.

In order to provide security and trust in smart home environments, we offer two topics of research in this area:

Topic 1: Anomaly detection

This project involves designing anomaly detection techniques to prevent cybersecurity attacks. The challenges of anomaly detection in smart homes are to design a scalable model that can support big data, that works in real time, and that achieves high detection accuracy. The solution will use artificial intelligence approaches based on machine learning and will use distributed technologies to gather data from different homes and have a broader vision of the situation. The solution must also be privacy-preserving.

Topic 2: Authentication and trust

Authenticating objects and data is a key aspect to build trust in IoT. First, data from motes (very constrained devices) must be authenticated using lightweight protocols. On the other hand, authentication credentials from smart objects must be very easy to configure since they will be managed by people without technical background. In this sense, new and smarter authentication protocols need to be developed that can provide authenticity services with the minimum computational and transmission overhead. One of the technologies that will be explored is continuous authentication

 

 

Dr. Carles Garrigues

 

Dr Helena Rifà

KISON 

Digital Chain of Custody in computer forensics

Initially, the idea is focused on the proposal to create a "Digital Chain of Custody" to ensure that the digital evidence (information or data, stored or trans-mitted in binary form which has been determined, through the process of analysis, to be relevant to the investigation) will be accepted in international court proceedings, so in it will be guaranteed the principles of identification, preservation, securing and posterior analysis.

After to establish a clear procedure, it will proceeds with the second part: to create an artifice which it is able to comply with the procedure and it should take into account a set of items as: digital evidence acquisition and metadata associated (video, audio, photographs or files in general), probe localization, timestamp and secure communication capabilities. This device will be the starting point of the "Chain".

 
Dr Jordi Serra KISON

Cybersecurity in Connected and Autonomous Vehicles

The new cars have been equipped with the new information technologies. WiFi, autonomous control systems, USB, Ethernet, etc.

Last months, some researchers have demonstrated that the communications and the software used in some Smart cars are vulnerable. The embedded software that controls all the system can be attacked and modified. The security of this software is not considered by default.

There are papers, videos and POCs that show how to change the behavior of the control system; changing the speed, the direction, communications, etc.

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

http://www.securityweek.com/symantec-wants-protect-your-car-zero-day-attacks

http://www.nytimes.com/2011/03/10/business/10hack.html?_r=1

In a new lab of motor research, the security of this software and the communications will be considered with the collaboration of the major automakers.

 
Dr Jordi Serra KISON

Tampering detection in multimedia content

A new method and application will be designed in order to detect tampered multimedia content. Using Machine Learning and Artificial Intelligence techniques, the final method and application will be detect all modification in video and image.

 
Dr Jordi Serra KISON

Security preservation over a real smart building testbed

A smart building is characterized by a set of communication technologies that can enable independently working functions such as temperature control, video surveillance, etc. to communicate and interact  with each other via IoT connectivity, and also to be managed, controlled and automated in a remote way. Today's smart buildings are equipped with a steadily increasing number of features to facilitate and improve occupant comfort, reduce energy consumption, while providing rather limited security features. Various reasons make it difficult for the designers to increase the security of smart buildings. For instance, the sheer range of device types, conflicting and incompatible standards, and proprietary solutions make securing the smart building system a daunting task. Similarly, the integration of state-of-the-art security features based on traditional cryptographic primitives into an IoT environment is difficult due to limited computing power and memory of IoT devices. Another major issue is related to network latency in time-critical applications which require immediate decisions and/or actions based on gathered data. The collected data is sent to the cloud for further analytics that may cause delays in taking appropriate decisions at right time. Moreover, the cloud resources are usually located far-flung from the IoT devices and do not have direct access to contextual data such as users' accurate position, local network status, etc. To address the above-mentioned problems, the paradigm of fog computing can be used as a viable solution to enhance the security and provide low latency within smart building systems.

The aim of this research topic is to design and implement a security framework for smart buildings using real hardware and open source solutions, that can provide device authenticity, access control, data integrity, secure data transmission and storage, and resilience against known security IoT attacks, through a combination of different network technologies, middleware transport protocols, light-weight security protocols and anomaly detection algorithms. In this work, a real testbed comprising of different sensors, actuators and fog nodes will be connected through wired as well as wireless technologies. The established network would be connected to the cloud (Internet) through a gateway and different levels of security in a layered architecture would be implemented and evaluated. This layered architecture would enable critical decisions to be made at the fog level (close to the IoT devices) and non-critical decisions at the cloud level.

This work would help towards implementing security by design and can be applicable to other smart city use cases.

Dr Amna Qureshi

 

Dr Muhammad Shahwaiz Afaqui

KISON

 

 

WINE