Esther Palomar

Anonymous authentication for privacy-preserving IoT target-driven applications

The Internet of Things (IoT) will be formed by smart objects and services interacting autonomously and in real-time. As an application scenario, household smart meters will provide real-time neighborhood information which enables a smart community to cooperatively identify patterns, adapt consumption and improve overall quality of life, making the shared environment more sustainable. There is, in these types of settings, a major need toward securing all communications, placing equal effort on guaranteeing privacy properties (e.g., participant anonymity, unlinkability) as on assuring security properties (e.g., content authenticity). In this article, we present a fully decentralized anonymous authentication protocol aimed at encouraging the implementation of privacy-preserving IoT target-driven applications. The system is set up by an ad-hoc community of decentralized founding nodes. From then on, nodes can interact, being participants of cyber-physical systems, preserving full anonymity. We also present a performance and security analysis of the proposed system.

Cryptographic puzzles and distance-bounding protocols: Practical tools for RFID security

Widespread adoption of RFID technology is being slowed down because of increasing public concerns about associated security threats. This paper shows that it is possible to enhance the security of RFID systems by requiring readers to perform a computational effort test. Readers must solve a cryptographic puzzle - one of the components of the Weakly Secret Bit Commitment (WSBC) sent by tags - to obtain the static identifier of the interrogated tag. The method we present is based on a simple concept already used in security applications such as anti-spam or TCP SYN flooding protection, yet original in the RFID context until now. The scheme provides privacy protection while being an effective countermeasure against the indiscriminate disclosure of the whole contents of a large number of tags. Then, we scrutinize the combined use of cryptographic puzzles and distance-bounding protocols. First, a classical and relatively straight-forward solution is presented. Secondly, we introduce a protocol named Noent, that follows a new approach that reduces drawbacks associated with WSBC such as key delegation, whilst gaining all the advantages of employing distance-bounding protocols such as the certainty on the distance between a tag and reader.

A sinkhole resilient protocol for wireless sensor networks: Performance and security analysis

This work focuses on: (1) understanding the impact of selective forwarding attacks on tree-based routing topologies in wireless sensor networks (WSNs), and (2) investigating cryptography-based strategies to limit network degradation caused by sinkhole attacks. The main motivation of our research stems from the following observations. First, WSN protocols that construct a fixed routing topology may be significantly affected by malicious attacks. Second, considering networks deployed in a difficult to access geographical region, building up resilience against such attacks rather than detection is expected to be more beneficial. We thus first provide a simulation study on the impact of malicious attacks based on a diverse set of parameters, such as the network scale and the position and number of malicious nodes. Based on this study, we propose a single but very representative metric for describing this impact. Second, we present the novel design and evaluation of two simple and resilient topology-based reconfiguration protocols that broadcast cryptographic values. The results of our simulation study together with a detailed analysis of the cryptographic overhead (communication, memory, and computational costs) show that our reconfiguration protocols are practical and effective in improving resilience against sinkhole attacks, even in the presence of collusion.

Secure content access and replication in pure P2P networks

Despite the advantages offered by pure Peer-to-Peer (P2P) networks (e.g. robustness and fault tolerance), a crucial requirement is to guarantee basic security properties, such as content authenticity and integrity, as well as to enforce appropriate access control policies. These mechanisms would pave the way for new models in which content providers can exert some control over the replication and file sharing process. However, the extremely decentralized nature of these environments makes impossible to apply classic solutions that rely on some kind of fixed infrastructure, typically in the form of on-line trusted third parties (TTP). In this paper, we introduce a suite of protocols for content authentication and access control in pure P2P networks based on attribute certificates that does not rely on the existence of a public key infrastructure (PKI), privilege management infrastructure (PMI), or any other form of centralized authority. We provide an analysis concerning the efficiency (computational effort and communication overhead) and the security of our proposal.

Certificate-based Access Control in Pure P2P Networks

Pure peer-to-peer (P2P) networks are characterized as being extremely decentralized and self-organized, properties which are essential in a number of environments, including teamwork, collaborative, and ad-hoc systems. One of the features offered by P2P networks is the possibility of having several replicas of the same content distributed among multiple nodes. Despite its advantages (e.g. robustness and fault tolerance), it is crucial to guarantee content authenticity, as well as to enforce appropriate access control policies. However, the extremely decentralized nature of these environments makes impossible to apply classic solutions that rely on some kind of fixed infrastructure, typically in the form of on-line trusted third parties. In a previous work, we presented a protocol for content authentication based on public key certificates that does not rely on the existence of a public key infrastructure. In this paper, we show how these certificates can be extended to provide authorization capabilities. In our scheme, each peer classifies her contents according to several security labels. Peers allowed to access a given content must have a security clearance of at least the same level that the contents. These security clearances, which take the form of attributes in public key certificates, can be discretionally issued by the content provider

Automatic Rule Generation Based on Genetic Programming for Event Correlation

The widespread adoption of autonomous intrusion detection technology is overwhelming current frameworks for network security management. Modern intrusion detection systems (IDSs) and intelligent agents are the most mentioned in literature and news, although other risks such as broad attacks (e.g. very widely spread in a distributed fashion like botnets), and their consequences on incident response management cannot be overlooked. Event correlation becomes then essential. Basically, security event correlation pulls together detection, prevention and reaction tasks by means of consolidating huge amounts of event data. Providing adaptation to unknown distributed attacks is a major requirement as well as their automatic identification. This positioning paper poses an optimization challenge in the design of such correlation engine and a number of directions for research. We present a novel approach for automatic generation of security event correlation rules based on Genetic Programming which has been already used at sensor level.

The Peer's Dilemma: A general framework to examine cooperation in pure peer-to-peer systems

The exploration of social dilemmas is being considered a major foundation for encountering the enforced necessities of cooperation in self-organizing environments. Such environments are characterized by self-interested parties and the absence of trusted third parties. Recent approaches apply evolutionary socio-inspired games to formally prove the existence and further prolongation of cooperation patterns within communities. For instance, the Prisoners Dilemma game has thus provided a rich opportunity to examine self-interested behaviors in pure peer-to-peer networks. However, assuming a total absence of coalitions, incentives and punishment mechanisms, several works argue against a durable maintenance of cooperation neither at single-shot nor repeated-scenarios. In this article, we formally and experimentally demonstrate a counterexample for the latter by applying evolutionary game theory and a particular instance of the Rock-Scissors-Paper game. Our framework proves that the cyclic dominance of certain type of nodes within a P2P system has an impact and introduces a strategic aspect to the evolution of the overall community.

Providing SIEM systems with self-adaptation

Security information and event management (SIEM) is considered to be a promising paradigm to reconcile traditional intrusion detection processes along with most recent advances on artificial intelligence techniques in providing automatic and self-adaptive systems. However, classic management-related flaws still persist, e.g. the fusion of large amounts of security events reported from many heterogeneous systems, whilst novel intriguing challenges arise specially when dealing with the adaptation to newly encountered and multi-step attacks. In this article, we provide SIEM correlation with self-adaptation capabilities to optimize and significantly reduce the intervention of operators. In particular, our enhanced correlation engine automatically learns and produces correlation rules based on the context for different types of multi-step attacks using genetic programming. The context is considered as the knowledge and reasoning, not only acquired by a human expert but also inferred by our system, which assist in the identification and fusion of events. In this regard, a number of artificial neural networks are trained to classify events according to the corresponding context established for the attack. Experimentation is conducted on a real deployment within OSSIM to validate our proposal.

Coalitional games for the management of anonymous access in online social networks

We propose a novel anonymous access control protocol which is formulated as a series of coalitional games, where the players are the owners of shared private resources (big volumes of data) in online social networks (OSNs). Basically, co-owners cooperate to generate by themselves an attribute-based boolean formula to control access to their shared resource. By means of this boolean formula, co-owners are able to secretly express their privacy preferences over a common shared resource and requesters can anonymously access the secured private resource. In this paper, we formally analyze our protocols fairness from a cooperative game theory point of view, and how OSN users, which are mostly cooperative, evaluate their expected gains and costs to adopt such cooperative privacy management scheme in many different settings.

A secure distance-based RFID identification protocol with an off-line back-end database

The design of a secure RFID identification scheme is a thought-provoking challenge, and this paper deals with this problem adopting a groundbreaking approach. The proposed protocol, called Noent, is based on cryptographic puzzles to avoid the indiscriminate disclose of the confidential information stored on tags and on an innovative role reversal distance-bounding protocol to distinguish between honest and rogue readers. The protocol provides moderate privacy protection (data and location) to single tags but its effectiveness increases hugely when it is used to protect a large population of tags (e.g., protection against inventory disclosure). Moreover, in comparison with classical approaches, Noent does not require an on-line database, which facilitates key updating and mitigates desynchronization attacks.