
Juan TapiadorUniversity Carlos III de Madrid | UC3M · Department of Computer Science and Engineering
Juan Tapiador
PhD Computer Science
About
187
Publications
81,169
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
5,583
Citations
Introduction
Additional affiliations
May 2009 - August 2011
October 2000 - September 2004
September 2011 - present
Publications
Publications (187)
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware since the early 1980s to date from a software engineer...
Malware for current smartphone platforms is becoming increasingly sophisticated. The presence of advanced networking and sensing functions in the device is giving rise to a new generation of targeted malware characterized by a more situational awareness, in which decisions are made on the basis of factors such as the device location, the user profi...
Detecting malware in mobile applications has become increasingly complex as malware developers turn to advanced techniques to hide or obfuscate malicious components. Alterdroid is a dynamic-analysis tool that compares the behavioral differences between an original app and numerous automatically generated versions of it containing carefully injected...
Smart devices equipped with powerful sensing, computing and networking capabilities have proliferated lately, ranging from popular smartphones and tablets to Internet appliances, smart TVs, and others that will soon appear (e.g., watches, glasses, and clothes). One key feature of such devices is their ability to incorporate third-party apps from a...
The rapid proliferation of smartphones over the last few years has come hand in hand with and impressive growth in the number and sophistication of malicious apps targetting smartphone users. The availability of reuse-oriented develop-ment methodologies and automated malware production tools makes exceed-ingly easy to produce new specimens. As a re...
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided...
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided...
In March 2020, the World Health Organization declared the Corona Virus 2019 (COVID-19) outbreak a global pandemic. As a result, billions of people were either encouraged or forced by their governments to stay home to reduce the spread of the virus. This caused many to turn to the Internet for work, education, social interaction, and entertainment....
Blocklists constitute a widely-used Internet security mechanism to filter undesired network traffic based on IP/domain reputation and behavior. Many blocklists are distributed in open source form by threat intelligence providers who aggregate and process input from their own sensors, but also from third-party feeds or providers. Despite their wide...
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and Artificial Intelligence. It is one of the results of the thirteenth annual International Conference on Computers, Privacy and Data Protection (CPDP) held in Brussels in January 2020.
The...
Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome’s official extension repository has more than 63,000 extensions, with some of them having more t...
eWhoring is the term used by offenders to refer to a type of online fraud in which cybersexual encounters are simulated for financial gain. Perpetrators use social engineering techniques to impersonate young women in online communities, e.g., chat or social networking sites. They engage potential customers in conversation with the aim of selling mi...
Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome's official extension repository has more than 63,000 extensions, with some of them having more t...
Assigning family labels to malicious apps is a common practice for grouping together malware with identical behavior. However, recent studies show that apps labeled as belonging to the same family do not necessarily behave similarly: one app may lack or have extra capabilities compared to others in the same family, and, conversely, two apps labeled...
The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior...
In this paper we address the problem of how two devices that are sensing the same heart signal can generate the same cryptographic token by extracting them from the Inter-Pulse Intervals (IPIs) of each cardiac signal. Our analysis is based on the use of a run-time monitor, which is extracted from a formal model and verified against predefined prope...
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware from 1975 to date from a software engineering perspect...
During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today's cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware from 1975 to date from a software engineering perspect...
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are...
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are...
Machine learning classification algorithms are widely applied to different malware analysis problems because of their proven abilities to learn from examples and perform relatively well with little human input. Use cases include the labelling of malicious samples according to families during triage of suspected mal-ware. However, automated algorith...
The proliferation of wearable and implantable medical devices has given rise to an interest in developing security schemes suitable for these systems and the environment in which they operate. One area that has received much attention lately is the use of (human) biological signals as the basis for biometric authentication, identification and the g...
Signal synchronizing of two (or more) biometric signals acquired from different sensors has been proven to be challenging. For instance, two similar sensors placed in different parts of the human body measuring the same biological signal, might have delays, data misdetection, noise in the signals or sensors issues among others. However, once the sy...
Security issues are becoming critical in modern smart systems. Particularly, ensuring that only legitimate users get access to them is essential. New access control systems must rely on Continuous Authentication (CA) to provide higher security level. To achive this, recent research has shown how biological signals, such as Electroencephalograms (EE...
In this article we discuss the hardware implementation of a lightweight hash function, named Tav-128 [1], which was purposely designed for constrained devices such as low-cost RFID tags. In the original paper, the authors only provide an estimation of the hardware complexity. Motivated for this, we describe both an ASIC and an FPGA-based implementa...
Information flows in Android can be effectively used to give an informative summary of an application's behavior, showing how and for what purpose apps use specific pieces of information. This has been shown to be extremely useful to characterize risky behaviors and, ultimately, to identify unwanted or malicious applications in Android. However, id...
Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is c...
Android malware detection represents a current and complex problem, where black hats use different methods to infect users' devices. One of these methods consists in directly upload malicious applications to app stores, whose filters are not always successful at detecting malware, entrusting the final user the decision of whether installing or not...
The growing popularity of wearable devices is leading to new ways to interact with the environment, with other smart devices, and with other people. Wearables equipped with an array of sensors are able to capture the owner's physiological and behavioural traits, thus are well suited for biometric authentication to control other devices or access di...
Code reuse attacks are advanced exploitation techniques that constitute a serious threat for modern systems. They profit from a control flow hijacking vulnerability to maliciously execute one or more pieces of code from the targeted application. ASLR and Control Flow Integrity are two mechanisms commonly used to deter automated attacks based on cod...
We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structur...
A huge amount of data can be collected through a wide variety of sensor technologies. Data mining techniques are often useful for the analysis of gathered data. This paper studies the use of three wearable sensors that monitor the electrocardiogram, airflow, and galvanic skin response of a subject with the purpose of designing an efficient multi-mo...
Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosu...
As a result of the increased demand for improved life styles and the increment of senior citizens over the age of 65, new home care services are demanded. Simultaneously, the medical sector is increasingly becoming the new target of cybercriminals due the potential value of users' medical information. The use of biometrics seems an effective tool a...
Yoking (or grouping) proofs were introduced in 2004 as a security construction for RFID applications in which it is needed to build an evidence that several objects have been scanned simultaneously or, at least, within a short time. Such protocols were designed for scenarios where only a few tags (typically just two) are involved, so issues such as...
In this paper, we introduce a novel methodology to automatically generate HTTP intrusion signatures for Network Intrusion Detection Systems (NIDS). Our approach relies on the use of a service-specific, semantic-aware anomaly detection scheme that combines stochastic learning with a model structure based on the protocol specification. Each incoming...
Inter-Pulse Intervals (IPIs) have been proposed as a source of entropy for key generation and establishment algorithms in Implantable Medical Devices (IMDs) and Body Area Networks (BANs). Most of the proposed protocols built on top of this biometric feature assume that reliable measures of the IPIs are only available to devices maintaining physical...
Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have...
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must eventually make contact with the system where the information resides and extract it. In this work, we propose a scheme that...
Intrusion Detection Networks (IDN) are distributed cyberdefense systems composed of different nodes performing local detection and filtering functions, as well as sharing information with other nodes in the IDN. The security and resilience of such cyberdefense systems are paramount, since an attacker will try to evade them or render them unusable b...
Malware for smartphones has rocketed over the last years. Market operators face the challenge of keeping their stores free from malicious apps, a task that has become increasingly complex as malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware sample...
Random numbers play a key role in applications such as industrial simulations, laboratory experimentation, computer games, and engineering problem solving. The design of new true random generators (TRNGs) has attracted the attention of the research community for many years. Designs with little hardware requirements and high throughput are demanded...
We discuss a class of smartphone malware that uses stegano-graphic techniques to hide malicious executable components within their assets, such as documents, databases, or multimedia files. In contrast with existing obfuscation techniques, many existing information hiding algorithms are demonstrably secure, which would make such stegomal-ware virtu...
Security and privacy issues in medical wireless body area networks (WBANs) constitute a major unsolved concern because of the challenges posed by the scarcity of resources in WBAN devices and the usability restrictions imposed by the healthcare domain. In this paper, we describe a WBAN architecture based on the well-known publish-subscribe paradigm...
Many security problems in smartphones and other smart devices are ap-proached from an anomaly detection perspective in which the main goal reduces to identifying anomalous activity patterns. Since machine learning algorithms are generally used to build such detectors, one major challenge is adapting these techniques to battery-powered devices. Many...
The rapid rate of change in technology and the increasing sophistication of cyber attacks require any organization to have a continuous preparation. However, the resource and time intensive nature of cybersecurity education and training renders traditional approaches highly inefficient. Simulators have attracted the attention in the last years as a...
Tian et al. proposed a novel ultralightweight RFID mutual authentication protocol [1] that has recently been analyzed in several articles. In this letter, we first propose a desynchronization attack that succeeds with probability almost 1, which improves upon the 0.25 given in a previous analysis by Ahmadian et al. We also show that the bad propert...
In resource-constrained devices such as RFID tags or implantable medical devices, algorithm designers need to make careful choices to ensure that their proposals are sufficiently efficient for the target platform. A common way of expressing such restrictions is in terms of an upper bound for the maximum available footprint area in gate equivalents...
When compared to signature-based Intrusion Detection Systems (IDS), anomaly detectors present the potential advantage of detecting previously unseen attacks, which makes them an attractive solution against zero-day exploits and other attacks for which a signature is unavailable. Most anomaly detectors rely on machine learning algorithms to derive a...
Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug admi...
In distributed and collaborative attack detection systems decisions are made on the basis of the events reported by many sensors, e.g., Intrusion Detection Systems placed across various network locations. In some cases such events originate at locations over which we have little control, for example because they belong to an organisation that share...
Most anomaly detection systems rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Some works conducted over the last years have pointed out that such algorithms are generally susceptible to deception, notably in the form of attacks carefully constructed to evade detection. Various lear...
The Internet of Things (IoT) refers to the use of services provided by networked objects ("things") equipped with computational capabilities. A wide range of devices can be at-tached to objects to provide them with computing and networking functions, from RFID tags for identification purposes to a variety of wireless sensors. In the case of RFID te...
The deployment and configuration of a distributed network intrusion detection system (NIDS) in a large Wireless Sensor Network (WSN) is an enormous challenge. A reduced number of devices equipped with detection capabilities have to be placed on strategic network locations and then appropriately configured in order to maximise the detection rate and...