ODIO

Use and abuse of digital identities in a connected world

Duration: July 2020 - May 2023

Researchers

Abstract

One of the main challenges in todays Internet is the individual and societal privacy and security threats of the data-driven digital industry. Most existing online platforms heavily rely on the indiscriminate collection and processing of personal data from end-users, often without sufficient awareness, to deliver advertisements and customize services that match their preferences and interests. This situation is rapidly escaping control by users and regulators alike, and personal data and identity in the Internet has led to many privacy abuses and security issues. Digital data brokers buy and sell datasets containing thousands of personal attributes and behavioral profiles belonging to hundreds of millions of citizens worldwide. Unfortunately, the collection and trading of personal profiles has already led to severe abuses beyond their original purpose. Risks include not only privacy loss but also identity theft, discrimination, fraud, extortion, and manipulation, as demonstrated by the Cambridge Analytica scandal.

In this coordinated project, we propose a timely and ambitious research program to address what is arguably one of todays most pressing challenges: to acquire a better understanding of what is our digital footprint and identity, how it is abused, and what can be done to mitigate its societal impact and enhance transparency. Specifically, we propose a 36-month research agenda that revolves around 6 main challenges:

The two research groups that lead this proposal have a consolidated record of internationally recognized research in various security and privacy topics closely related to this problem. The COSEC Lab at UC3M brings to the project research expertise in a number of key technologies related to the security of IoT and mobile systems, and the cybercriminal underground. The group has also a unique know- how of methodologies and tools for the static and dynamic analysis of software for mobile platforms. The group at the IMDEA Networks Institute possess an ample background in the area of network measurements and transparency, with emphasis on security and privacy implications, and economics of networks and information.

Publications

Moreno, José Miguel; Matic, Srdjan; Vallina-Rodriguez, Narseo; Tapiador, Juan. Your Code is 0000: An Analysis of the Disposable Phone Numbers Ecosystem. Proceedings of the 2023 Network Traffic Measurement and Analysis Conference (TMA). IEEE Computer Society.

Moreno, José Miguel; Vallina-Rodriguez, Narseo; Tapiador, Juan. Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API. Proceedings of the 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P). IEEE Computer Society.

Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena. Malicious uses of blockchains by malware: from the analysis to Smart-Zephyrus. International Journal of Information Security. Springer.

González-Manzano, Lorena; de Fuentes, José María; Lombardi, Flavio; Ramos, Cristina. A technical characterization of APTs by leveraging public resources. International Journal of Information Security. Springer.

Ibanez-Lissen, Luis; González-Manzano, Lorena; de Fuentes, José María; Goyanes, Manuel. On the feasibility of predicting volumes of fake news – the Spanish case. Transactions on Computational Social Systems. IEEE.

Hernández-Álvarez, Luis; Barbierato, L; Caputo, Stefano; de Fuentes, José María; González-Manzano, Lorena. KeyEncoder: A secure and usable EEG-based cryptographic key generation mechanism. Pattern Recognition Letters. Springer.

González-Manzano, Lorena; de Fuentes, José María; Ramos, C.; Sánchez, Ángel; Quispe, Florabel. Identifying Key Relationships between Nation-State Cyberattacks and Geopolitical and Economic Factors: A Model. Security and Communication Networks. Hindawi.

Hernández-Álvarez, Luis; González-Manzano, Lorena; de Fuentes, José María; Hernández-Encinas, Luis. Biometrics and Artificial Intelligence: Attacks and Challenges. Breakthroughs in digital biometrics and forensics. Springer.

Hernández-Álvarez, Luis; de Fuentes, José María; González-Manzano, Lorena; Hernández-Encinas, Luis. Privacy-Preserving Sensor-Based Continuous Authentication and User Profiling: A Review. Sensors. MDPI.

Hernández-Álvarez, Luis; de Fuentes, José María; González-Manzano, Lorena; Hernández-Encinas, Luis. SmartCAMPP - Smartphone-based Continuous Authentication leveraging Motion sensors with Privacy Preservation. Pattern Recognition Letters. Elsevier.

Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena; Arroyo, David. Achieving cybersecurity in blockchain-based systems: a survey. Future Generation Computer Systems. Elsevier.

Fernández-González, Fernando; de Fuentes, Carlos; González-Manzano, Lorena; de Fuentes, José María. Revisión sistemática de la jurisprudencia española sobre ciberseguridad y privacidad (1995-2020). Revista española de Derecho y privacidad.

Giménez-Aguilar, Mar; de Fuentes, José María; González-Manzano, Lorena; Cámara, Carmen. Zephyrus: An Information Hiding Mechanism Leveraging Ethereum Data Fields. Access. IEEE.

Cámara, Carmen; Peris-López, Pedro; de Fuentes, José María; Marchal, Samuel. Access Control for Implantable Medical Devices. IEEE Transactions on Emerging Topics in Computing. IEEE.

González-Manzano, Lorena; Mahbub, Upal; de Fuentes, José María; Chellappa, Rama. Impact of injection attacks on sensor-based continuous authentication for smartphones. Computer Communications. Elsevier.

This project has received funding from Agencia Estatal de Investigación under the project PID2019-111429RB-C21 and Ministerio de Ciencia e Innovación.
Published on Thursday, Jan 20, 2022 Last Modified on Monday, Jun 12, 2023