Tecnologías de la Información y de Redes

Information and Network Security and Privacy
Propuesta de tesis Investigadores/as Grupo de investigación

Digital media security, privacy and forensics (steganography, watermarking, fingerprinting and steganalysis)

The security and privacy of digital media content has been attracting the attention of academia and industry for the past two decades. Since copies of digital content can be made without any loss and with no cost, content vendors and producers are trying to design mechanisms either to avoid or to detect unauthorized copies. Steganography, watermarking and fingerprinting, for images, audio and video content are being investigated by different groups worldwide in order to produce practical solutions to these kinds of problems while at the same time satisfying requirements such as security, privacy, capacity, robustness and transparency.

Steganography is also used to send concealed messages in an apparently innocent cover object. Steganalysis techniques are being developed in order to detect whether a multimedia object contains secret information which may be used for malicious purposes.

In general, these topics belong to computer forensic techniques that can be used to provide legal evidence of illegal or criminal actions. This line of research is related to all these issues, with a special focus on networked distribution systems such as online social networks or peer-to-peer applications.

Dr David Megías

Mail:dmegias@uoc.edu

KISON 

Security and Privacy in the Internet of Things (SP@IoT)

The Internet of things (IoT) refers to the internetworking of devices (including smartphones), vehicles, embedded systems, sensors, actuators, and other hardware and software components, which enable these objects to collect and exchange data. These data can be used later on (or in real time) for a wide variety of applications. For example, samples on the mobility patterns of a group of people can be used for designing new and more efficient public transportation systems.

Despite the advantages that this information can provide –for example, to advise individuals for specific routes to avoid traffic jams–, it is clear that the collection and storage of such data raises important ethical issues, such as those concerned with the information security and users’ privacy. It is essential that the storage and processing of this information is carried out in a way that ensures the privacy of individuals whose data are collected or who want to enjoy the benefits of this technology.

The project involves designing systems that allow data collection with the required degree of privacy through the use of specific cryptographic protocols, combined with data mining and managing large amounts of data (big data).

Dr David Megías

Mail:dmegias@uoc.edu

KISON 

Blockchain 

Blockchain, and more broadly Distributed Ledger Technology (DLT), extends far beyond cryptocurrencies, revolutionizing various industries and enabling innovative business models based on decentralized services. Blockchain enhances security, privacy and transparency, eliminates intermediaries, empowers end-users, and facilitates new use cases previously deemed unfeasible. Current blockchain projects span numerous domains, including cryptocurrencies, payment systems, supply chains, e-health, e-voting, decentralized identity, and the collaborative economy.
 
Key Research Focus Areas:
- Enhancing Current Blockchain Technology: Improving security, privacy, scalability, interoperability and overall efficiency.
- Exploring Second Layer Protocols: Investigating advanced protocols to augment blockchain performance.
- Innovative Decentralized Services: Proposing new services or protocols where blockchain is a fundamental enabler.
- Blockchain and Artificial Intelligence Integration: Exploring the synergy between blockchain technology and AI.
- Blockchain Techniques for IoT security: Researching and evaluating efficient techniques/architectures for decentralization of IoT security.
 
This research line is not confined to the topics listed above. We actively welcome and encourage other related research proposals that align with our overarching goals of advancing blockchain technology and its applications.
 

Dr Víctor García Font

Mail: vgarciafo@uoc.edu
 

 
Mail: fsanchezcas@uoc.edu
KISON
Digital Chain of Custody in computer forensics
 
The thesis is focused on the proposal to create a "Digital Chain of Custody" to ensure that the digital evidence (information or data, stored or trans-mitted in binary form which has been determined, through the process of analysis, to be relevant to the investigation) will be accepted in international court proceedings, so in it will be guaranteed the principles of identification, preservation, securing and posterior analysis.
 
After to establish a clear procedure, it will proceed with the second part: to create an artifice which it is able to comply with the procedure and it should take into account a set of items as: digital evidence acquisition and metadata associated (video, audio, photographs or files in general), probe localization, timestamp and secure communication capabilities. This device will be the starting point of the "Chain".
 

Dr Jordi Serra

Mail: jserrai@uoc.edu

KISON

Tampering detection in multimedia content

A new study of methods and applications in order to detect tampered multimedia content. Using Machine Learning and Artificial Intelligence techniques, the final method and application will be detect all modification media content, sound, video or images. Using techniques of steganography and steganalysis.

 

Dr Jordi Serra

Mail: jserrai@uoc.edu

KISON
User-centered privacy-enhancing technologies
 
Data mining technologies have been constantly improving from last 20 years, the increasing computational power and storage capacity have allowed impressive accomplishments on the Artificial Intelligence and Machine Learning algorithms. 
This progress has been powered by the data collection through pervasive sensing by the Internet of Things and of smart-devices (such as smart-watches, smart-meters, etc.). As users’ data is collected in real-time, this must be carried out in a privacy-preserving manner not only to fulfill legal and ethical requirements but also individuals’ expectations. A user-centered (or local) approach for privacy protection may increase users’ confidence, through transparency and control. 
 
The aim of this proposal is to develop user-centered technologies for privacy protection of time-series obtained from sensors (such as location, health, behavioral or relational data).
 
We will study the guarantees provided by aggregation and randomized response methods to attain Local Differential Privacy. We will apply them to protect data that may be used for recommender systems, sequential pattern mining, complex networks analysis, predictions and decision making. 
 
The main contributions of this project will be to provide local algorithms for data protection and to analyze and develop strong guarantees of privacy for dynamic data.
 
Some relevant of differentialy private technologies, are google’s RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) [1] or the US Census Bureau product called OnTheMap [2].
 
REFERENCES
[1] U. Erlingsson, V. Pihur, and A. Korolova. Rappor: Randomized aggregatable privacy-preserving ordinal response. In CCS, 2014.
[2] A. Machanavajjhala, D. Kifer, J. Abowd, J. Gehrke, and L. Vilhuber. Privacy: Theory meets practice on the map. In ICDE, 2008.
 
Mail: dmegias@uoc.edu
 
KISON
Malware Detection Using Machine Learning Algorithms
 
This research thesis proposes a novel framework leveraging Artificial Intelligence (AI) techniques, specifically machine learning (ML) and deep learning (DL) algorithms, to effectively distinguish between malware-infected files and clean files. The primary aim is to develop a proactive method for detecting intrusions, malware, and ransomware before attackers gain control over information systems. This approach addresses the limitations of traditional signature-based detection methods by providing a more adaptable and accurate solution to evolving cyber threats.
 
The framework builds upon existing research in the field, such as the works of Hussain et al. (2022) and Gavriluţ et al. (2009), which explored the application of ML algorithms for malware detection. By enhancing these methodologies, the proposed research will incorporate advanced techniques, such as neural networks and ensemble learning, to improve detection rates and reduce false positives and negatives. The adaptability of these AI models is crucial for identifying zero-day attacks and polymorphic malware, which often evade conventional detection systems.
 
Related work:
* Hussain, A., Asif, M., Ahmad, M.B., Mahmood, T., Raza, M.A. (2022). Malware Detection Using Machine Learning Algorithms for Windows Platform. In: Ullah, A., Anwar, S., Rocha, Á., Gill, S. (eds) Proceedings of International Conference on Information Technology and Applications. Lecture Notes in Networks and Systems, vol 350. Springer, Singapore. doi.org/10.1007/978-981-16-7618-5_53
* D. Gavriluţ, M. Cimpoeşu, D. Anton and L. Ciortuz, ""Malware detection using machine learning,"" 2009 International Multiconference on Computer Science and Information Technology, 2009, pp. 735-741,  doi: 10.1109/IMCSIT.2009.5352759.

Dr Jordi Serra Ruiz

Mail: jserrai@uoc.edu

KISON
Cybersecurity in Edge Computing

Edge computing decentralizes data processing, bringing computing resources closer to where data is generated, which significantly reduces latency, enhances privacy, and increases efficiency. However, the proximity of edge nodes to devices, combined with their widespread distribution, creates a larger and more complex attack surface that traditional cybersecurity measures often struggle to protect. This demands innovative, robust security solutions that can adapt to the unique requirements of edge-based environments.
 
This research line will explore technologies like federated learning (FL), which enables collaborative model training across distributed devices without sharing raw data, preserving privacy and reducing network strain. Additionally, graph neural networks (GNNs) will be leveraged for their ability to model relationships and dependencies within complex, interconnected edge networks, aiding in anomaly detection and efficient resource allocation. Another key area of focus is zero-trust architectures, which verify each transaction or connection independently, enhancing security at each node. Together, these technologies aim to create a resilient cybersecurity framework for edge computing environments.
 
Key application areas for this research line include cyber-physical systems (CPS) and 6G networks. CPSs integrate cyber and physical components, enabled by modern sensor, computing, and network technologies. These systems capture data from physical objects and transmit it through networks to a central control system. Architectures incorporating edge, fog, and cloud computing then process this data, enabling real-time decisions that drive actions in the physical environment. In 6G networks, edge computing supports ultra-low latency and advanced applications like augmented reality, but the distributed nature of nodes increases vulnerabilities. This research line focuses on creating security solutions that protect both data and device integrity in these critical edge environments.

Dr Helena Rifà Pous

Mail: hrifa@uoc.edu

KISON 
Cybersecurity and Privacy Threats of AI Models

AI models, widely used in domains such as finance, healthcare, autonomous systems, and smart infrastructure, face growing cybersecurity and privacy risks. These models are vulnerable to adversarial attacks, data poisoning, model inversion, and membership inference attacks, each of which can expose sensitive data or compromise model integrity. Such threats can distort model predictions, breach user privacy, and undermine trust in AI applications.
 
This research line focuses on identifying and mitigating the cybersecurity and privacy threats unique to AI models. Areas of exploration include developing robust defenses against adversarial attacks, implementing privacy-preserving techniques like differential privacy and federated learning, and establishing secure model lifecycle practices. Additionally, the use of multi-party computation and homomorphic encryption will be explored as methods to enhance privacy, allowing multiple parties to perform computations on encrypted data without revealing the underlying information. By addressing these challenges, this research aims to enhance the security, privacy, and reliability of AI models across critical applications.

Dr Helena Rifà Pous

Mail: hrifa@uoc.edu

KISON 
Statistical Disclosure Control (SDC)

As data collection and sharing have become central to research, policy-making, and business practices, the ability to protect sensitive information while still providing useful insights is crucial. 
 
Data privacy is not just an ethical obligation but a practical necessity. Earning the trust of data subjects, for instance, enables us to gather more accurate information. Moreover, data protection regulations, such as the GDPR, place data privacy at the forefront of any personal data processing activity, particularly when sensitive data or data about vulnerable individuals is being processed.
 
Statistical Disclosure Control (SDC) is a set of techniques that aim to minimize the risk of disclosing sensitive information while preserving, as much as possible, the statistical value of the data.
 
Traditionally, SDC techniques alter the data in specific ways to prevent situations that are known to be disclosive. For instance, by generalizing or suppressing sets of attributes that could lead to the re-identification of records. While still very relevant, traditional techniques lack formal privacy guarantees. This has led to the development of novel approaches by the computer science community. The most prominent of these is differential privacy, which offers privacy regardless of the external information available but, on the other hand, has a significant impact on data utility.
 
The popularity of differential privacy, together with its impact on data utility, has led to applications where achieving strong privacy guarantees may be challenging.
 
While formal privacy models may be considered a central topic in the SDC community, context is critical in SDC, and there is no one-size-fits-all solution. Therefore, this line of research remains open to both traditional and formal privacy approaches.
Mail: dmegias@uoc.edu

Dr Jordi Soria Comas
Mail: jordi_sc@uoc.edu
KISON