Analysis of the alignment of Spanish Master’s programs to US National Cybersecurity Workforce Framework

II Jornadas Nacionales de Investigación en Ciberseguridad, Granada, 15-17 de junio de 2016Building an adequate cybersecurity workforce is an strategic goal of main international stakeholders. Addressing this task passes through adapting graduate and undergraduate curricula so they are aligned to professional and research needs. In this work we present the preliminary results of analyzing the alignment of 25 Spanish cybersecurity Master’s programs to the cyber roles specified in the US National Cybersecurity Workforce Framework. Our results suggest that there is no significant alignment between both data sets.This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity: data, information and risk)

An Architecture for User-managed Location Sharing in the Future Internet of Services

Paper of: The 4th International Workshop on Trustworthy Internet of People, Things & Services, co-located with the Internet of Things 2010 Conference, November 29 to December 1, 2010, Tokyo, JapanIn this paper we analyse the problem of providing an user-managed system for sharing the user’s location information in the Future Internet of Services, and propose some architectural mechanisms to support this kind of system. Our approach is based on the work done within Kantara’s UMA WG. Furthermore, we highlight open issues that still need to be addressed in location information sharing scenarios.Enviad

How to distinguish between a block cipher and a random permutation by lowering the input entropy

IEEE 35th International Carnahan Conference on Security Technology. Londres, 16-19 October 2001A novel cryptanalysis technique is presented, and its suitability for distinguishing a block cipher algorithm or a hash function from a random permutation is explained. Additionally, we propose a genetic algorithm based implementation and show some preliminary results of these ideas on reduced rounds versions of the block cipher TEA

Arquitectura y mecanismos para la provisión de servicios de acreditación y sellado espacio-temporal

Esta tesis se centra en unos servicios de seguridad de reciente aparición: los servicios de acreditación y sellado espacio-temporal (SASET). Estos servicios tienen como objetivo generar, recoger, mantener, proporcionar y validar evidencias digitales acerca de las condiciones espacio-temporales de una entidad o un documento. Dichas evidencias deben permitir que, con posterioridad, terceras entidades se convenzan de las condiciones espacio-temporales que se acreditan en ellas. Según esta definición, los SASET se enmarcan dentro del conjunto de servicios de seguridad denominados como servicios de confianza, que son aquellos servicios que tienen como objetivo establecer y gestionar la confianza en diversas actividades llevadas a cabo utilizando comunicaciones electrónicas en redes abiertas (e.g., actividades comerciales, administrativas, financieras, legales, etc.).The focus of this thesis is a new kind of security services that have recently been proposed. These services are known as spatial-temporal attestation services (STAS). Their goal is to generate, collect, store, provide and validate digital evidences about the spatial temporal conditions of an entity or a document. These evidences should allow to convince third parties about the spatial-temporal conditions they attest. According to this definition, the STAS can be considered trust services, whose goal is to establish and manage trust in different activities that take place using electronic communications in open networks (e.g., business, financial, legal, commercial, administrative, etc.)

Towards a comparable evaluation for VANET protocols: NS-2 experiments builder assistant and extensible test bed

Proceedings of: 9th Embedded Security in Cars Conference (ESCAR 2011), November 9 to 10, 2011, Dresden, GermanyIn order to validate an Intelligent Transportation System (ITS) application or service, simulation techniques are usually employed. Nowadays, there are two problems associated to this kind of validation: the relative complexity of existing simulators and the lack of common criteria in the creation of simulation experiments. The first one makes it hard for users not familiar with a simulation tool to create and execute comprehensive experiments. The second one leads to a situation in which different proposals are validated in different scenarios, thus making it difficult to compare their performance. This work contributes on addressing both problems by proposing VanSimFM, an open-source assistant tool for creating NS-2 simulation experiments, and by defining an extensible test bed which contains a set of simulation scenarios. The test bed is intended to represent the different situations that may be found in a real vehicular environment.This work is partially supported by Ministerio de Ciencia e Innovacion of Spain, project E-SAVE, under grant TIN2009-13461.No publicad

Guaranteeing the authenticity of location information

A comprehensive definition of location authentication and a review of its threats and possible solutions help provide a better understanding of this young security requirement.Publicad

Spatial-temporal certification framework and extension of X.509 attribute certificate framework and SAML standard to support spatial-temporal certificates

Proceeding of: 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, Palma de Mallorca, Spain, June 28-30, 2007The recent development of location-based services has originated a set of new security services that address their particular security problems. Spatial-temporal certification services are among these new services. They have as main goal the generation of evidences about an entity’s spatial-temporal information and, in general, their life-cycle support. Currently there is still a lack of a general framework for spatial-temporal certification services. In this work it is presented such a framework and an extension of the X.509 attribute certificate framework and the SAML standard to represent spatial-temporal certificates

"Crypto Go": criptografía simétrica en tapete verde

IV Jornadas Nacionales de Investigación en Ciberseguridad (JNIC 2018), Donostia-San Sebastián, 13, 14 y 15 de junio de 2018, pp. 53-55En este documento describimos el diseño preliminar de un juego de mesa, “Crypto Go” cuyo planteamiento mimetiza el del conocido juego de cartas “Sushi Go”. El fin de nuestra propuesta es familiarizar al alumno de una manera lúdica con las principales herramientas de clave simétrica. Así, el objetivo de cada partida es llegar a construcciones robustas para conseguir los objetivos de confidencialidad, integridad y autenticación en la transmisión de mensajes. En esta aproximación inicial obviamos numerosos aspectos que pueden incorporarse para completar nuestra propuesta, como la consideración de tamaños de clave o la generación pseudoaleatoria de calidad. Nuestro diseño inicial, sin embargo, es suficiente para conseguir que el alumno afiance los conceptos básicos más relevantes adquiridos en un curso elemental de criptografía simétrica, conozca un gran número de herramientas de amplio uso en la actualidad y sepa identificar errores de planteamiento en construcciones reales

Criptografía en el mundo real para futuros ingenieros informáticos UC3M : respuesta coral a la pregunta “¿en serio es importante la criptografía en la vida real de un ingeniero informático?”

Ponencia presentada en la Jornada de Innovación Docente 2018: nuevos modelos, nuevas competencias, celebrada el 11 de junio de 2018 en la Universidad Carlos III de Madrid

Overview of security issues in Vehicular ad-hoc networks

Vehicular ad-hoc networks (VANETs) are a promising communication scenario. Several new applications are envisioned, which will improve traffic management and safety. Nevertheless, those applications have stringent security requirements, as they affect road traffic safety. Moreover, VANETs face several security threats. As VANETs present some unique features (e.g. high mobility of nodes, geographic extension, etc.) traditional security mechanisms are not always suitable. Because of that, a plethora of research contributions have been presented so far. This chapter aims to describe and analyze the most representative VANET security developments