Prospectiva de seguridad de las redes de sensores inalámbricos

En las Redes de Sensores Inalámbricos (WSN), los nodos son vulnerables a los ataques de seguridad porque están instalados en un entorno difícil, con energía y memoria limitadas, baja capacidad de procesamiento y transmisión de difusión media; por lo tanto, identificar las amenazas, los retos y las soluciones de seguridad y privacidad es un tema candente hoy en día. En este artículo se analizan los trabajos de investigación que se han realizado sobre los mecanismos de seguridad para la protección de las WSN frente a amenazas y ataques, así como las tendencias que surgen en otros países junto con futuras líneas de investigación. Desde el punto de vista metodológico, este análisis se muestra a través de la visualización y estudio de trabajos indexados en bases de datos como IEEE, ACM, Scopus y Springer, con un rango de 7 años como ventana de observación, desde 2013 hasta 2019. Se obtuvieron un total de 4.728 publicaciones, con un alto índice de colaboración entre China e India. La investigación planteó desarrollos, como avances en los principios de seguridad y mecanismos de defensa, que han llevado al diseño de contramedidas en la detección de intrusiones. Por último, los resultados muestran el interés de la comunidad científica y empresarial por el uso de la inteligencia artificial y el aprendizaje automático (ML) para optimizar las medidas de rendimiento.In Wireless Sensor Networks (WSN), nodes are vulnerable to security attacks because they are installed in a harsh environment with limited power and memory, low processing power, and medium broadcast transmission. Therefore, identifying threats, challenges, and solutions of security and privacy is a talking topic today. This article analyzes the research work that has been carried out on the security mechanisms for the protection of WSN against threats and attacks, as well as the trends that emerge in other countries combined with future research lines. From the methodological point of view, this analysis is shown through the visualization and study of works indexed in databases such as IEEE, ACM, Scopus, and Springer, with a range of 7 years as an observation window, from 2013 to 2019. A total of 4,728 publications were obtained, with a high rate of collaboration between China and India. The research raised developments, such as advances in security principles and defense mechanisms, which have led to the design of countermeasures in intrusion detection. Finally, the results show the interest of the scientific and business community in the use of artificial intelligence and machine learning (ML) to optimize performance measurements

Enabling SAML for dynamic identity federation management

Proceedings of: The Second IFIP WG 6.8 Joint Conference, WMNC 2009, Gdansk, Poland, September 9-11, 2009Federation in identity management has emerged as a key concept for reducing complexity in the companies and offering an improved user experience when accessing services. In this sense, the process of trust establishment is fundamental to allow rapid and seamless interaction between different trust domains. However, the problem of establishing identity federations in dynamic and open environments that form part of Next Generation Networks (NGNs), where it is desirable to speed up the processes of service provisioning and deprovisioning, has not been fully addressed. This paper analyzes the underlying trust mechanisms of the existing frameworks for federated identity management and its suitability to be applied in the mentioned environments. This analysis is mainly focused on the Single Sign On (SSO) profile. We propose a generic extension for the SAML standard in order to facilitate the creation of federation relationships in a dynamic way between prior unknown parties. Finally, we give some details of implementation and compatibility issues

Analysis of secure TCP/IP profile in 61850 based substation automation system for smart grids

Smart grid is the term used to describe modern power grids. It aims at achieving efficient, sustainable, economic, and secure delivery of electricity supplies. In order to achieve these goals, communication between different components within the grid and control centers is required. In a rapidly growing world, the demands for substation automation are increasing. Recently, two trends have been changing Substation Automation Systems: IEC 61850 and the need for cybersecurity. IEC 61850 specifies very strict performance requirements for message transfer time. The security for the smart grid must be designed to satisfy both performance and reliability requirements. In this paper, we address a study about secure communication in the substation real-time environment, complying with the IEC 61850 specifications. We mainly focus on analyzing the proposed Secure TCP/IP profile for MMS, testing different cipher suite combinations and examining whether by applying TLS we can still achieve the strict performance requirements of IEC 61850 or not. As a result of the study, we propose a list of cipher suite combinations that should be used. The importance of this study lies mainly on future scenarios, because IEC 61850 is thought to support smart metering communications.This work has been funded by the Spanish Ministry of Science and Innovation (MINECO) through the Project Incident Monitoring in Smart Communities (INRlSCO), TEC2014-54335-C4-2-R

Performance evaluation of CoAP and MQTT with security support for IoT environments

World is living an overwhelming explosion of smart devices: electronic gadgets, appliances, meters, cars, sensors, camera and even traffic lights, that are connected to the Internet to extend their capabilities, constituting what is known as Internet of Things (IoT). In these environments, the application layer is decisive for the quality of the connection, which has dependencies to the transport layer, mainly when secure communications are used. This paper analyses the performance offered by these two most popular protocols for the application layer: Constrained Application Protocol (CoAP) and Message Queue Telemetry Transport (MQTT). This analysis aims to examine the features and capabilities of the two protocols and to determine their feasibility to operate under constrained devices taking into account security support and diverse network conditions, unlike the previous works. Since IoT devices typically show battery constraints, the analysis is focused on bandwidth and CPU use, using realistic network scenarios, since this use translates to power consumption.This work was supported in part by the Ministry of Economy and Competitiveness (Spain) under the project MAGOS (TEC2017-84197-C4-1-R) and by the Comunidad de Madrid (Spain) under the projects: CYNAMON (P2018/TCS-4566), co-financed by European Structural Funds (ESF and FEDER), and the Multiannual Agreement with UC3M in the line of Excellence of University Professors (EPUC3M21), in the context of the V PRICIT (Regional Programme of Research and Technological Innovation)

Security Information Sharing in Smart Grids: Persisting Security Audits to the Blockchain

This article belongs to the Special Issue Advanced Cybersecurity Services DesignWith the transformation in smart grids, power grid companies are becoming increasingly dependent on data networks. Data networks are used to transport information and commands for optimizing power grid operations: Planning, generation, transportation, and distribution. Performing periodic security audits is one of the required tasks for securing networks, and we proposed in a previous work autoauditor, a system to achieve automatic auditing. It was designed according to the specific requirements of power grid companies, such as scaling with the huge number of heterogeneous equipment in power grid companies. Though pentesting and security audits are required for continuous monitoring, collaboration is of utmost importance to fight cyber threats. In this paper we work on the accountability of audit results and explore how the list of audit result records can be included in a blockchain, since blockchains are by design resistant to data modification. Moreover, blockchains endowed with smart contracts functionality boost the automation of both digital evidence gathering, audit, and controlled information exchange. To our knowledge, no such system exists. We perform throughput evaluation to assess the feasibility of the system and show that the system is viable for adaptation to the inventory systems of electrical companies.This work has been supported by National R&D Projects TEC2017-84197-C4-1-R, TIN2017-84844-C2-1-R, by the Comunidad de Madrid project CYNAMON P2018/TCS-4566 and co-financed by European Structural Funds (ESF and FEDER), and by the Consejo Superior de Investigaciones Científicas (CSIC) under the project LINKA20216 ("Advancing in cybersecurity technologies", i-LINK+ program)

FamTV : an architecture for presence-aware personalized television

Since the advent of the digital era, the traditional TV scenario has rapidly evolved towards an ecosystem comprised of a myriad of services, applications, channels, and contents. As a direct consequence, the amount of available information and configuration options targeted at today's end consumers have become unmanageable. Thus, personalization and usability emerge as indispensable elements to improve our content-overloaded digital homes. With these requirements in mind, we present a way to combine content adaptation paradigms together with presence detection in order to allow a seamless and personalized entertainment experience when watching TV.This work has been partially supported by the Community of Madrid (CAM), Spain under the contract number S2009/TIC-1650.Publicad

Improving privacy in identity management systems for health care scenarios

Privacy is a very complex and subjective concept with different meaning to different people. The meaning depends on the context. Moreover, privacy is close to the user information and thus, present in any ubiquitous computing scenario. In the context of identity management (IdM), privacy is gaining more importance since IdM systems deal with services that requires sharing attributes belonging to users’ identity with different entities across domains. Consequently, privacy is a fundamental aspect to be addressed by IdM to protect the exchange of user attributes between services and identity providers across different networks and security domains in pervasive computing. However, problems such as the effective revocation consent, have not been fully addressed. Furthermore, privacy depends heavily on users and applications requiring some degree of flexibility. This paper analyzes the main current identity models, as well as the privacy support presented by the identity management frameworks. After the main limitations are identified, we propose a delegation protocol for the SAML standard in order to enhance the revocation consent within healthcare scenarios.Proyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madri

To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management

Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes

SuSSo: seamless and ubiquitous single sign-on for cloud service continuity across devices

The great variety of consumer electronic devices with support of wireless communications combined with the emerging Cloud Computing paradigm is paving the way to real anytime/anywhere computing. In this context, many services, such as music or video streaming, are delivered to the clients using Cloud-based providers. However, service continuity when moving across different terminals is still a major challenge. This paper proposes SuSSo, a novel middleware architecture that allows sessions initiated from one device to be seamlessly transferred to a second one, as might be desirable in the enjoyment of long running media.Publicad

A metric-based approach to assess risk for "on cloud" federated identity management

The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidencebased trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.This work was supported in part by the Spanish Ministry of Science and Innovation under the project CONSEQUENCE (TEC2010-20572-C02-01).Publicad