ODIO
Use and abuse of digital identities in a connected world
Researchers
- Tapiador, Juan (PI)
- Peris-López, Pedro (PI)
- de Fuentes, José María
- Pastrana, Sergio
- González-Manzano, Lorena
Abstract
One of the main challenges in todays Internet is the individual and societal privacy and security threats of the data-driven digital industry. Most existing online platforms heavily rely on the indiscriminate collection and processing of personal data from end-users, often without sufficient awareness, to deliver advertisements and customize services that match their preferences and interests. This situation is rapidly escaping control by users and regulators alike, and personal data and identity in the Internet has led to many privacy abuses and security issues. Digital data brokers buy and sell datasets containing thousands of personal attributes and behavioral profiles belonging to hundreds of millions of citizens worldwide. Unfortunately, the collection and trading of personal profiles has already led to severe abuses beyond their original purpose. Risks include not only privacy loss but also identity theft, discrimination, fraud, extortion, and manipulation, as demonstrated by the Cambridge Analytica scandal.
In this coordinated project, we propose a timely and ambitious research program to address what is arguably one of todays most pressing challenges: to acquire a better understanding of what is our digital footprint and identity, how it is abused, and what can be done to mitigate its societal impact and enhance transparency. Specifically, we propose a 36-month research agenda that revolves around 6 main challenges:
- Developing interdisciplinary analysis methodologies to audit and contextualize software behavior in the context of privacy regulations and best-practices for software development.
- Developing cross-platform and scalable privacy auditing tools to attribute observations and behaviors to organizations, including natural language processing methods to extract relevant information from their privacy policies.
- To gain a better understanding of the role of digital identities in the ecosystem of existing and emerging services, including the main industry agents and their relationships.
- Developing transparency assessment tools to empower users, developers and regulators.
- Exploring privacy-friendly business models that rely on data-minimization principles.
- Designing privacy-enhancing solutions for key applications and scenarios, such as zero-knowledge analytics methods, blockchain-based solutions and smart contracts to enable traceability of personal data across services, and privacy-preserving authentication and authorization mechanisms.
The two research groups that lead this proposal have a consolidated record of internationally recognized research in various security and privacy topics closely related to this problem. The COSEC Lab at UC3M brings to the project research expertise in a number of key technologies related to the security of IoT and mobile systems, and the cybercriminal underground. The group has also a unique know- how of methodologies and tools for the static and dynamic analysis of software for mobile platforms. The group at the IMDEA Networks Institute possess an ample background in the area of network measurements and transparency, with emphasis on security and privacy implications, and economics of networks and information.
Publications
Moreno, José Miguel;
Vallina-Rodriguez, Narseo;
Tapiador, Juan.
Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API.
Proceedings of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).
IEEE Computer Society.
Moreno, José Miguel;
Matic, Srdjan;
Vallina-Rodriguez, Narseo;
Tapiador, Juan.
Your Code is 0000: An Analysis of the Disposable Phone Numbers Ecosystem.
Proceedings of the 2023 Network Traffic Measurement and Analysis Conference (TMA).
IEEE Computer Society.
Ibanez-Lissen, Luis; González-Manzano, Lorena; de Fuentes, José María; Goyanes, Manuel. On the feasibility of predicting volumes of fake news – the Spanish case. Transactions on Computational Social Systems. IEEE.
Hernández-Álvarez, Luis; Barbierato, L; Caputo, Stefano; de Fuentes, José María; González-Manzano, Lorena. KeyEncoder: A secure and usable EEG-based cryptographic key generation mechanism. Pattern Recognition Letters. Springer.
González-Manzano, Lorena; de Fuentes, José María; Lombardi, Flavio; Ramos, Cristina. A technical characterization of APTs by leveraging public resources. International Journal of Information Security. Springer.
Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena. Malicious uses of blockchains by malware: from the analysis to Smart-Zephyrus. International Journal of Information Security. Springer.
González-Manzano, Lorena; de Fuentes, José María; Ramos, C.; Sánchez, Ángel; Quispe, Florabel. Identifying Key Relationships between Nation-State Cyberattacks and Geopolitical and Economic Factors: A Model. Security and Communication Networks. Hindawi.
Hernández-Álvarez, Luis; González-Manzano, Lorena; de Fuentes, José María; Hernández-Encinas, Luis. Biometrics and Artificial Intelligence: Attacks and Challenges. Breakthroughs in digital biometrics and forensics. Springer.
Hernández-Álvarez, Luis; de Fuentes, José María; González-Manzano, Lorena; Hernández-Encinas, Luis. Privacy-Preserving Sensor-Based Continuous Authentication and User Profiling: A Review. Sensors. MDPI.
Hernández-Álvarez, Luis; de Fuentes, José María; González-Manzano, Lorena; Hernández-Encinas, Luis. SmartCAMPP - Smartphone-based Continuous Authentication leveraging Motion sensors with Privacy Preservation. Pattern Recognition Letters. Elsevier.
Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena; Arroyo, David. Achieving cybersecurity in blockchain-based systems: a survey. Future Generation Computer Systems. Elsevier.
Fernández-González, Fernando; de Fuentes, Carlos; González-Manzano, Lorena; de Fuentes, José María. Revisión sistemática de la jurisprudencia española sobre ciberseguridad y privacidad (1995-2020). Revista española de Derecho y privacidad.
Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena; Cámara, Carmen. Zephyrus: An Information Hiding Mechanism Leveraging Ethereum Data Fields. Access. IEEE.
Cámara, Carmen; Peris-López, Pedro; de Fuentes, José María; Marchal, Samuel. Access Control for Implantable Medical Devices. IEEE Transactions on Emerging Topics in Computing. IEEE.
González-Manzano, Lorena; Mahbub, Upal; de Fuentes, José María; Chellappa, Rama. Impact of injection attacks on sensor-based continuous authentication for smartphones. Computer Communications. Elsevier.
