[UC3M Security Lab]

Home | People | Research | Projects | Publications | Activities | Seminars | Teaching | BSCW | On media


Research Topics

Research topics

    Cyberdefense
    RFID security
    VANET and LBS security
    Data leakage prevention
    Applied cryptography
    Smartphone security


Other research issues

    Patents & Software


Cyberdefense

The digital society has a strong dependence on information and communication systems, which are constantly changing and exposed to an enormous variety of threats coming from diverse and heterogeneous sources. This situation demands new solutions to effectively prevent, detect and manage in real-time cyber-attacks across multiple domains and jurisdictions. Current state-of-the-art and recent security incidents demonstrate that cyber defense cannot be achieved by prevention alone. New approaches that cover the whole life cycle of a security incident (prevent, detect, protect, react and recover) have to be researched. Our vision to cyber defense follows the general decision making concept of the OODA loop (Observe, Orient, Decide, Act), originally defined by Boyd in 1995 for traditional military contests.

We have worked on ...

Related projects:

    SACO, EVADIR, SEGUR@, SEGURIDAD2020

Relevant publications:
  • TBD.



RFID security

TBD.

Related projects:

    SEGUR@, SEGURIDAD2020

Relevant publications:
  • TBD.



VANET and location-based services (LBS) security

The widespread use of ICT in everyday life is starting to transform several aspects of the human activity in developed countries. Particularly, in the recent years the term Intelligent Transport Systems (ITS) refers to the use of these technologies in vehicular environments. A specialized form of ad-hoc network, VANETs, is receiving increasing attention from the research community. The focus of our Group in this area is the application of cryptography to secure VANET communications. We have addressed different issues such as data authentication or privacy preservation. Moreover, as location information is also managed in this context, we have worked on spatio-temporal attestation mechanisms.

Related projects:

    E-SAVE, PRECIOUS, CERTILOC

Relevant publications:
  • A.I. González-Tablas; A. Alcaide ; J.M de Fuentes; J. Montero. Privacy-preserving and Accountable On-the-road Prosecution of Invalid Vehicular Mandatory Authorizations , Elsevier Ad-hoc Networks (JCR Impact factor (2013): 1.943 / Q1 Comp. Sci. Info Systems), 2013

  • E. Palomar; J.M. de Fuentes; A.I. González-Tablas; A. Alcaide. Hindering false event dissemination in VANETs with proof-of-work mechanisms , Transportation Research Part C: Emerging Technologies (JCR Impact Factor (2012): 2.006 / Q1 Transp. Sci. and Tech.), vol. 23, pp. 85-97, aug. 2012

  • J.M. de Fuentes; A.I. González-Tablas; A. Ribagorda. Overview of security issues in Vehicular Ad-hoc Networks.Handbook of Research on Mobility and Computing: Evolving Technologies and Ubiquitous Impacts IGI Global, 2011.

  • A.I. González-Tablas, B. Ramos, A. Ribagorda. Guaranteeing the Authenticity of Location Information. IEEE Pervasive Computing 7(3): pp. 72-80, 2008.

  • A.I. González-Tablas, B. Ramos, A. Ribagorda. Spatial-Temporal Certification Framework and Extension of X.509 Attribute Certificate Framework and SAML Standard to Support Spatial-Temporal Certificates. EuroPKI 2007: pp. 321-329.




Data leakage prevention (DLP)

The leakage of confidential information is one of the biggest threats faced by organizations in nearly every sector, including the government, military, manufacturing, financial, medical, and education. The number of such incidents has been steadily increasing (see, for example, the DataLossDB maintained by the Open Security Foundation). While in some cases such leakages are due to negligency or a consequence of an external attack, a significant fraction are caused by disgruntled employees and other malicious insiders.

In the last years we have worked on defensive mechanisms to prevent information leakage, particularly by malicious insiders. Our work includes dynamic and flexible access control schemes, novel algorithms to detect covert channels, and techniques to disrupt steganographic communication through content monitoring and normalization. We have also assessed the security of some current DLP solutions and shown how a resourceful adversary can easily bypass many of them. Much of our work in this area has focused on designing and analyzing covert and steganographic channels in a variety of media, data structures and processes, including images, video, games, permutations, executable files and source code.

Relevant publications:
  • J. Blasco, J.C. Hernandez-Castro, J.E. Tapiador, A. Ribagorda. Bypassing information leakage protection with trusted applications. Computers & Security. In press. [doi] [pdf]

  • J. Blasco, J. C. Hernandez-Castro, J. M. de Fuentes, B. Ramos. A framework for avoiding steganography usage over HTTP. Journal of Network and Computer Applications 35(1):491-501, 2012. [doi] [pdf]

  • J.C. Hernandez-Castro, J.E. Tapiador, E. Palomar, A. Romero. Blind Steganalysis of MP3Stego. Journal of Information Science and Engineering 26(5):1787-1799 (2010). [doi] [pdf]

  • J.A. Clark, J.E. Tapiador, J. McDermid, P.-C. Cheng, D. Agrawal, N. Ivanic, D. Sloggett. Risk Based Access Control with Uncertain and Time-dependent Sensitivity. SECRYPT 2010, pp. 5-13. [doi] [pdf]

  • J. Blasco, J.C. Hernandez-Castro, J.M.E. Tapiador, A. Ribagorda, M.A. Orellana. Steganalysis of Hydan. SEC 2009. IFIP 297:132-142. [doi] [pdf]

  • J.E. Tapiador, J.C. Hernandez-Castro, A. Alcaide, A. Ribagorda. On the Distinguishability of Distance-bounded Permutations in Ordered Channels. IEEE Transactions on Information Forensics and Security 3(2):166-172 (2008) [doi] [pdf]

  • J. Blasco, J.C. Hernandez-Castro, J.M.E. Tapiador, A. Ribagorda. CSteg: Talking in C Code. SECRYPT 2008, pp. 399-406. [pdf]

  • J.C. Hernandez-Castro, I. Blasco-Lopez, J.M.E. Tapiador, A. Ribagorda. Steganography in Games: A General Methodology and its Application to the Game of Go. Computers & Security 25(1):64-71 (2006). [doi] [pdf]




Applied cryptography

TBD.

Related projects:

    iMAE, SEGUR@, SEGURIDAD2020, CERTILOC

Relevant publications:
  • TBD.



Smartphone security

TBD.

Relevant publications:
  • TBD.



Patents and Software Registration

  1. Answer2Pass Pro - e-learning software platform integrated in Facebook based on quizzes. H. Cornejo, J.M. de Fuentes, L. Gonzalez-Manzano. Ref.: M-004894/2015.
  2. SETiChat - A secure Android chat. Jorge Blasco, Guillermo Suarez-Tangil, Juan E. Tapiador, Pedro Peris-López. Ref.: M-003681/2014.
  3. Alterdroid - Tool for analyzing obfuscated software in Android. Guillermo Suarez-Tangil, D. Juan E. Tapiador, Pedro Peris-López, Sergio Pastrana. Ref.: M-003190/2014. [doc].
  4. Targetdroid - Tool for analyzing targeted malware in Android. Guillermo Suarez-Tangil, D. Juan E. Tapiador, Pedro Peris-López. Ref.: M-008457/2014. [doc].
  5. E-RETO: e-mail usage pattern analyzer.. E. Muñoz, J.M. de Fuentes, L. Gonzalez-Manzano.Ref.:M-007044/2014
  6. Software of interactive learning PAB. Bridge learning system.. A. Castells, J.M. de Fuentes, L. Gonzalez-Manzano.Ref.:M-008729/2012
  7. eStorePasss: Password manager that works with chip cards. It is currently tailored for the Spanish National Identity Card (DNI-e). J.M. de Fuentes, L. Gonzalez-Manzano.Ref.:M-003999/2012
  8. iPhone Shopping Assistant : iOS software that helps on creating the shopping list, based on user's preferences and data obtained from different shops. J.M. de Fuentes, M.A. Zurdo. [doc]





UNIVERSIDAD CARLOS III DE MADRID
DEPARTMENT OF COMPUTER SCIENCE