CYNAMON
Cybersecurity, Network Analysis and Monitoring for the Next Generation Internet
Researchers
- Tapiador, Juan (PI)
Abstract
Cyberspace plays nowadays a key role in modern societies and economies, and its protection is a pivotal challenge in national security strategies. Over the last decade, various technological developments have contributed to make our dependency on cyberspace even greater, including the generation and processing of massive amounts of data, the influence of social networks over all activities of our daily lives, or the trend to connect to Internet virtually every real world device.
The scientific program proposed in this project aims at contributing to a more secure cyberspace in our current and future technological context. Our approach identifies three paradigms, each with a varying degree of maturity, that will reshape cybersecurity in the coming years. These are: the processing of massive amounts of information (big data), including those generated by citizens and devices; the embedding of computers in essentially all real life objects (cyberphysical systems) and their connection to the Internet (IoT, Internet of Things); and the challenges and opportunities associated with the rise of quantum computing. To address these challenges we propose an interdisciplinary work program involving five research groups with proven expertise in the areas of system and application security, data analysis, next generation communication systems, and cryptography.
The project establishes three general objectives closely linked to the three challenges discussed above. First, we will develop advanced data analysis techniques to deal with massive amount of data, with a focus on two key application domains: social networks and new generation networks. Second, we will propose security mechanisms and tools for connected IoT devices and the network services they access. Finally, we will explore cryptographic techniques providing information security services and protecting users privacy. This will be done by leveraging new techniques such as the applications of the blockchain technology, as well as the threat posed by quantum computers.
Expected results include a significant advance in the research lines sketched above. In addition, harmonization between research and innovation tasks is ensured by the presence in the consortium of relevant industry partners (BBVA, Vicomtech y Unisys) with a keen interest in developing market fitting technologies, together with various extraordinarily relevant institutional partners (INCIBE, Jefatura de Información de la Guardia Civil y Centro Criptológico Nacional). Thus, it is expected that this project’s results will be transferred and exploited as soon as they develop, contributing to an improved national cybersecurity at all levels. Consequently, our expected results have a very high technological relevance since they will provide tools for a more trustworthy cyberspace for citizens, companies, and Public Administrations.
The project goals are perfectly aligned with the Spanish and European priorities for the development of secure environments, which aim at strengthening citizen’s rights and improving the competitiveness of our industries and our defense capabilities.
Publications
de Paz, Alfonso; Suarez-Roman, Manuel; Palmero, Santiago; Degli-Esposti, Sara; Arroyo, David. Following Negationists on Twitter and Telegram: Application of NCD to the Analysis of Multiplatform Misinformation Dynamics. Lecture Notes in Networks and Systems. Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI). Springer.
Moreno, José Miguel; Vallina-Rodriguez, Narseo; Tapiador, Juan. Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API. Proceedings of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society.
Moreno, José Miguel; Matic, Srdjan; Vallina-Rodriguez, Narseo; Tapiador, Juan. Your Code is 0000: An Analysis of the Disposable Phone Numbers Ecosystem. Proceedings of the 2023 Network Traffic Measurement and Analysis Conference (TMA). IEEE Computer Society.
Ibanez-Lissen, Luis; González-Manzano, Lorena; de Fuentes, José María; Goyanes, Manuel. On the feasibility of predicting volumes of fake news – the Spanish case. Transactions on Computational Social Systems. IEEE.
Hernández-Álvarez, Luis; Barbierato, L; Caputo, Stefano; de Fuentes, José María; González-Manzano, Lorena. KeyEncoder: A secure and usable EEG-based cryptographic key generation mechanism. Pattern Recognition Letters. Springer.
González-Manzano, Lorena; de Fuentes, José María; Lombardi, Flavio; Ramos, Cristina. A technical characterization of APTs by leveraging public resources. International Journal of Information Security. Springer.
Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena. Malicious uses of blockchains by malware: from the analysis to Smart-Zephyrus. International Journal of Information Security. Springer.
González-Manzano, Lorena; de Fuentes, José María; Ramos, C.; Sánchez, Ángel; Quispe, Florabel. Identifying Key Relationships between Nation-State Cyberattacks and Geopolitical and Economic Factors: A Model. Security and Communication Networks. Hindawi.
Hernández-Álvarez, Luis; González-Manzano, Lorena; de Fuentes, José María; Hernández-Encinas, Luis. Biometrics and Artificial Intelligence: Attacks and Challenges. Breakthroughs in digital biometrics and forensics. Springer.
Hernández-Álvarez, Luis; de Fuentes, José María; González-Manzano, Lorena; Hernández-Encinas, Luis. Privacy-Preserving Sensor-Based Continuous Authentication and User Profiling: A Review. Sensors. MDPI.
Hernández-Álvarez, Luis; de Fuentes, José María; González-Manzano, Lorena; Hernández-Encinas, Luis. SmartCAMPP - Smartphone-based Continuous Authentication leveraging Motion sensors with Privacy Preservation. Pattern Recognition Letters. Elsevier.
Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena; Arroyo, David. Achieving cybersecurity in blockchain-based systems: a survey. Future Generation Computer Systems. Elsevier.
Fernández-González, Fernando; de Fuentes, Carlos; González-Manzano, Lorena; de Fuentes, José María. Revisión sistemática de la jurisprudencia española sobre ciberseguridad y privacidad (1995-2020). Revista española de Derecho y privacidad.
Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena; Cámara, Carmen. Zephyrus: An Information Hiding Mechanism Leveraging Ethereum Data Fields. Access. IEEE.
Blázquez, Eduardo; Pastrana, Sergio; Feal, Álvaro; Gamba, Julien; Kotzias, Platon; Vallina-Rodriguez, Narseo; Tapiador, Juan. Trouble Over-the-Air: An Analysis of FOTA Apps in the Android Ecosystem. IEEE Computer Society.
Cámara, Carmen; Peris-López, Pedro; de Fuentes, José María; Marchal, Samuel. Access Control for Implantable Medical Devices. IEEE Transactions on Emerging Topics in Computing. IEEE.
González-Manzano, Lorena; Mahbub, Upal; de Fuentes, José María; Chellappa, Rama. Impact of injection attacks on sensor-based continuous authentication for smartphones. Computer Communications. Elsevier.
Picazo-Sanchez, Pablo; Tapiador, Juan; Schneider, Gerardo. After You, Please: Browser Extensions Order Attacks and Countermeasures.
Mirzaei, Omid; Suarez-Tangil, Guillermo; de Fuentes, José María; Tapiador, Juan; Stringhini, Gianluca. AndrEnsemble: Leveraging API Ensembles to Characterize Android Malware Families.