Juan Tapiador

Juan Tapiador
University Carlos III de Madrid | UC3M · Department of Computer Science and Engineering

PhD Computer Science

About

187
Publications
81,169
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
5,583
Citations
Additional affiliations
May 2009 - August 2011
University of York
Position
  • Research Associate
October 2000 - September 2004
University of Granada
Position
  • PhD Student
September 2011 - present
University Carlos III de Madrid
Position
  • Associate Professor of Computer Science

Publications

Publications (187)
Conference Paper
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware since the early 1980s to date from a software engineer...
Conference Paper
Full-text available
Malware for current smartphone platforms is becoming increasingly sophisticated. The presence of advanced networking and sensing functions in the device is giving rise to a new generation of targeted malware characterized by a more situational awareness, in which decisions are made on the basis of factors such as the device location, the user profi...
Article
Full-text available
Detecting malware in mobile applications has become increasingly complex as malware developers turn to advanced techniques to hide or obfuscate malicious components. Alterdroid is a dynamic-analysis tool that compares the behavioral differences between an original app and numerous automatically generated versions of it containing carefully injected...
Article
Full-text available
Smart devices equipped with powerful sensing, computing and networking capabilities have proliferated lately, ranging from popular smartphones and tablets to Internet appliances, smart TVs, and others that will soon appear (e.g., watches, glasses, and clothes). One key feature of such devices is their ability to incorporate third-party apps from a...
Article
The rapid proliferation of smartphones over the last few years has come hand in hand with and impressive growth in the number and sophistication of malicious apps targetting smartphone users. The availability of reuse-oriented develop-ment methodologies and automated malware production tools makes exceed-ingly easy to produce new specimens. As a re...
Chapter
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided...
Preprint
Full-text available
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided...
Article
Full-text available
In March 2020, the World Health Organization declared the Corona Virus 2019 (COVID-19) outbreak a global pandemic. As a result, billions of people were either encouraged or forced by their governments to stay home to reduce the spread of the virus. This caused many to turn to the Internet for work, education, social interaction, and entertainment....
Article
Blocklists constitute a widely-used Internet security mechanism to filter undesired network traffic based on IP/domain reputation and behavior. Many blocklists are distributed in open source form by threat intelligence providers who aggregate and process input from their own sensors, but also from third-party feeds or providers. Despite their wide...
Chapter
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and Artificial Intelligence. It is one of the results of the thirteenth annual International Conference on Computers, Privacy and Data Protection (CPDP) held in Brussels in January 2020. The...
Article
Full-text available
Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome’s official extension repository has more than 63,000 extensions, with some of them having more t...
Conference Paper
eWhoring is the term used by offenders to refer to a type of online fraud in which cybersexual encounters are simulated for financial gain. Perpetrators use social engineering techniques to impersonate young women in online communities, e.g., chat or social networking sites. They engage potential customers in conversation with the aim of selling mi...
Preprint
Full-text available
Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome's official extension repository has more than 63,000 extensions, with some of them having more t...
Conference Paper
Full-text available
Assigning family labels to malicious apps is a common practice for grouping together malware with identical behavior. However, recent studies show that apps labeled as belonging to the same family do not necessarily behave similarly: one app may lack or have extra capabilities compared to others in the same family, and, conversely, two apps labeled...
Preprint
Full-text available
The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior...
Article
In this paper we address the problem of how two devices that are sensing the same heart signal can generate the same cryptographic token by extracting them from the Inter-Pulse Intervals (IPIs) of each cardiac signal. Our analysis is based on the use of a run-time monitor, which is extracted from a formal model and verified against predefined prope...
Article
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware from 1975 to date from a software engineering perspect...
Preprint
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today's cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware from 1975 to date from a software engineering perspect...
Conference Paper
Full-text available
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are...
Preprint
Full-text available
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are...
Article
Full-text available
Machine learning classification algorithms are widely applied to different malware analysis problems because of their proven abilities to learn from examples and perform relatively well with little human input. Use cases include the labelling of malicious samples according to families during triage of suspected mal-ware. However, automated algorith...
Article
Full-text available
The proliferation of wearable and implantable medical devices has given rise to an interest in developing security schemes suitable for these systems and the environment in which they operate. One area that has received much attention lately is the use of (human) biological signals as the basis for biometric authentication, identification and the g...
Poster
Full-text available
Signal synchronizing of two (or more) biometric signals acquired from different sensors has been proven to be challenging. For instance, two similar sensors placed in different parts of the human body measuring the same biological signal, might have delays, data misdetection, noise in the signals or sensors issues among others. However, once the sy...
Article
Full-text available
Security issues are becoming critical in modern smart systems. Particularly, ensuring that only legitimate users get access to them is essential. New access control systems must rely on Continuous Authentication (CA) to provide higher security level. To achive this, recent research has shown how biological signals, such as Electroencephalograms (EE...
Article
Full-text available
In this article we discuss the hardware implementation of a lightweight hash function, named Tav-128 [1], which was purposely designed for constrained devices such as low-cost RFID tags. In the original paper, the authors only provide an estimation of the hardware complexity. Motivated for this, we describe both an ASIC and an FPGA-based implementa...
Conference Paper
Full-text available
Information flows in Android can be effectively used to give an informative summary of an application's behavior, showing how and for what purpose apps use specific pieces of information. This has been shown to be extremely useful to characterize risky behaviors and, ultimately, to identify unwanted or malicious applications in Android. However, id...
Article
Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is c...
Conference Paper
Full-text available
Android malware detection represents a current and complex problem, where black hats use different methods to infect users' devices. One of these methods consists in directly upload malicious applications to app stores, whose filters are not always successful at detecting malware, entrusting the final user the decision of whether installing or not...
Article
The growing popularity of wearable devices is leading to new ways to interact with the environment, with other smart devices, and with other people. Wearables equipped with an array of sensors are able to capture the owner's physiological and behavioural traits, thus are well suited for biometric authentication to control other devices or access di...
Conference Paper
Code reuse attacks are advanced exploitation techniques that constitute a serious threat for modern systems. They profit from a control flow hijacking vulnerability to maliciously execute one or more pieces of code from the targeted application. ASLR and Control Flow Integrity are two mechanisms commonly used to deter automated attacks based on cod...
Article
Full-text available
We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structur...
Article
Full-text available
A huge amount of data can be collected through a wide variety of sensor technologies. Data mining techniques are often useful for the analysis of gathered data. This paper studies the use of three wearable sensors that monitor the electrocardiogram, airflow, and galvanic skin response of a subject with the purpose of designing an efficient multi-mo...
Conference Paper
Full-text available
Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosu...
Article
Full-text available
As a result of the increased demand for improved life styles and the increment of senior citizens over the age of 65, new home care services are demanded. Simultaneously, the medical sector is increasingly becoming the new target of cybercriminals due the potential value of users' medical information. The use of biometrics seems an effective tool a...
Article
Yoking (or grouping) proofs were introduced in 2004 as a security construction for RFID applications in which it is needed to build an evidence that several objects have been scanned simultaneously or, at least, within a short time. Such protocols were designed for scenarios where only a few tags (typically just two) are involved, so issues such as...
Article
In this paper, we introduce a novel methodology to automatically generate HTTP intrusion signatures for Network Intrusion Detection Systems (NIDS). Our approach relies on the use of a service-specific, semantic-aware anomaly detection scheme that combines stochastic learning with a model structure based on the protocol specification. Each incoming...
Conference Paper
Full-text available
Inter-Pulse Intervals (IPIs) have been proposed as a source of entropy for key generation and establishment algorithms in Implantable Medical Devices (IMDs) and Body Area Networks (BANs). Most of the proposed protocols built on top of this biometric feature assume that reliable measures of the IPIs are only available to devices maintaining physical...
Article
Full-text available
Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have...
Article
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must eventually make contact with the system where the information resides and extract it. In this work, we propose a scheme that...
Article
Intrusion Detection Networks (IDN) are distributed cyberdefense systems composed of different nodes performing local detection and filtering functions, as well as sharing information with other nodes in the IDN. The security and resilience of such cyberdefense systems are paramount, since an attacker will try to evade them or render them unusable b...
Article
Full-text available
Malware for smartphones has rocketed over the last years. Market operators face the challenge of keeping their stores free from malicious apps, a task that has become increasingly complex as malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware sample...
Article
Full-text available
Random numbers play a key role in applications such as industrial simulations, laboratory experimentation, computer games, and engineering problem solving. The design of new true random generators (TRNGs) has attracted the attention of the research community for many years. Designs with little hardware requirements and high throughput are demanded...
Conference Paper
Full-text available
We discuss a class of smartphone malware that uses stegano-graphic techniques to hide malicious executable components within their assets, such as documents, databases, or multimedia files. In contrast with existing obfuscation techniques, many existing information hiding algorithms are demonstrably secure, which would make such stegomal-ware virtu...
Article
Full-text available
Security and privacy issues in medical wireless body area networks (WBANs) constitute a major unsolved concern because of the challenges posed by the scarcity of resources in WBAN devices and the usability restrictions imposed by the healthcare domain. In this paper, we describe a WBAN architecture based on the well-known publish-subscribe paradigm...
Article
Many security problems in smartphones and other smart devices are ap-proached from an anomaly detection perspective in which the main goal reduces to identifying anomalous activity patterns. Since machine learning algorithms are generally used to build such detectors, one major challenge is adapting these techniques to battery-powered devices. Many...
Conference Paper
Full-text available
The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a...
Article
Tian et al. proposed a novel ultralightweight RFID mutual authentication protocol [1] that has recently been analyzed in several articles. In this letter, we first propose a desynchronization attack that succeeds with probability almost 1, which improves upon the 0.25 given in a previous analysis by Ahmadian et al. We also show that the bad propert...
Article
Full-text available
In resource-constrained devices such as RFID tags or implantable medical devices, algorithm designers need to make careful choices to ensure that their proposals are sufficiently efficient for the target platform. A common way of expressing such restrictions is in terms of an upper bound for the maximum available footprint area in gate equivalents...
Article
When compared to signature-based Intrusion Detection Systems (IDS), anomaly detectors present the potential advantage of detecting previously unseen attacks, which makes them an attractive solution against zero-day exploits and other attacks for which a signature is unavailable. Most anomaly detectors rely on machine learning algorithms to derive a...
Article
Full-text available
Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug admi...
Article
Full-text available
In distributed and collaborative attack detection systems decisions are made on the basis of the events reported by many sensors, e.g., Intrusion Detection Systems placed across various network locations. In some cases such events originate at locations over which we have little control, for example because they belong to an organisation that share...
Article
Full-text available
Most anomaly detection systems rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Some works conducted over the last years have pointed out that such algorithms are generally susceptible to deception, notably in the form of attacks carefully constructed to evade detection. Various lear...
Article
Full-text available
The Internet of Things (IoT) refers to the use of services provided by networked objects ("things") equipped with computational capabilities. A wide range of devices can be at-tached to objects to provide them with computing and networking functions, from RFID tags for identification purposes to a variety of wireless sensors. In the case of RFID te...
Article
The deployment and configuration of a distributed network intrusion detection system (NIDS) in a large Wireless Sensor Network (WSN) is an enormous challenge. A reduced number of devices equipped with detection capabilities have to be placed on strategic network locations and then appropriately configured in order to maximise the detection rate and...