Seiler-Hwang, Sunyoung; Arias-Cabarcos, Patricia; Marín, Andrés; Almenares, Florina; Díaz-Sánchez, Daniel; Becker, Christian I Don'T See Why I Would Ever Want to Use It: Analyzing the Usability of Popular Smartphone Password Managers Inproceedings Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1937–1953, The 26th ACM Conference on Computer and Communications Security ACM, London, United Kingdom, 2019, ISBN: 978-1-4503-6747-9. Abstract | Links | BibTeX | Tags: authentication, password managers, usable security, user study Díaz-Sánchez, D; Marín-Lopez, A; Mendoza, F A; Cabarcos, P A; Sherratt, R S TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications Journal Article IEEE Communications Surveys Tutorials, 21 (4), pp. 3502-3531, 2019, ISSN: 2373-745X. Abstract | Links | BibTeX | Tags: certificate pinning, cynamon, inrisco, Internet of Things, Machine to Machine, magos, PKI, Protocols;Authentication;Tutorials;Machine-to-machine communications;Software;Hardware;Transport layer security;DTLS;public key infrastructure;trusted third party;certificate pinning;Internet of Things;machine to machine, TLS Díaz-Sánchez, D; Sherratt, R S; Almenarez, F; Arias, P; Marín, A Secure store and forward proxy for dynamic IoT applications over M2M networks Journal Article IEEE Transactions on Consumer Electronics, 62 (4), pp. 389-397, 2016, ISSN: 1558-4127. Abstract | Links | BibTeX | Tags: encryption, inrisco, Internet of Things, Machine to Machine, privacy Arias-Cabarcos, P; Marín, A; Palacios, D; Almenárez, F; Díaz-Sánchez, D Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication Journal Article IT Professional, 18 (5), pp. 34-40, 2016, ISSN: 1941-045X. Abstract | Links | BibTeX | Tags: Almenarez, Florina; Díaz, Daniel; Marín, Andrés Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security Journal Article Lecture Notes In Computer Sciences, 3184 , pp. 90–99, 2004, ISSN: 0302-9743. Abstract | Links | BibTeX | Tags: EasyWireless, Mutual Authentication, Smart Card, Trust Degree, Trust Relationship, Trusted Third Party, Ubisec
2019
title = {I Don'T See Why I Would Ever Want to Use It: Analyzing the Usability of Popular Smartphone Password Managers},
author = {Sunyoung Seiler-Hwang and Patricia Arias-Cabarcos and Andrés Marín and Florina Almenares and Daniel Díaz-Sánchez and Christian Becker},
url = {http://doi.acm.org/10.1145/3319535.3354192},
doi = {10.1145/3319535.3354192},
isbn = {978-1-4503-6747-9},
year = {2019},
date = {2019-01-01},
booktitle = {Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security},
pages = {1937--1953},
publisher = {ACM},
address = {London, United Kingdom},
organization = {The 26th ACM Conference on Computer and Communications Security},
series = {CCS '19},
abstract = {Passwords are an often unavoidable authentication mechanism, despite the availability of additional alternative means. In the case of smartphones, usability problems are aggravated because interaction happens through small screens and multilayer keyboards. While password managers (PMs) can improve this situation and contribute to hardening security, their adoption is far from widespread. To understand the underlying reasons, we conducted the first empirical usability study of mobile PMs, covering both quantitative and qualitative evaluations. Our findings show that popular PMs are barely acceptable according to the standard System Usability Scale, and that there are three key areas for improvement: integration with external applications, security, and user guidance and interaction. We build on the collected evidence to suggest recommendations that can fill this gap.},
keywords = {authentication, password managers, usable security, user study},
pubstate = {published},
tppubtype = {inproceedings}
}
title = {TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications},
author = {D Díaz-Sánchez and A Marín-Lopez and F A Mendoza and P A Cabarcos and R S Sherratt},
url = {https://doi.org/10.1109/COMST.2019.2914453
https://ieeexplore.ieee.org/document/8704893
https://phpmyadmin.pervasive.it.uc3m.es/download/TLC-PKI-challenges-certificate-pinning.pdf},
doi = {10.1109/COMST.2019.2914453},
issn = {2373-745X},
year = {2019},
date = {2019-00-01},
journal = {IEEE Communications Surveys Tutorials},
volume = {21},
number = {4},
pages = {3502-3531},
abstract = {Transport layer security (TLS) is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential problems that should be addressed.},
keywords = {certificate pinning, cynamon, inrisco, Internet of Things, Machine to Machine, magos, PKI, Protocols;Authentication;Tutorials;Machine-to-machine communications;Software;Hardware;Transport layer security;DTLS;public key infrastructure;trusted third party;certificate pinning;Internet of Things;machine to machine, TLS},
pubstate = {published},
tppubtype = {article}
}
2016
title = {Secure store and forward proxy for dynamic IoT applications over M2M networks},
author = {D Díaz-Sánchez and R S Sherratt and F Almenarez and P Arias and A Marín},
url = {https://ieeexplore.ieee.org/document/7838091
https://phpmyadmin.pervasive.it.uc3m.es/download/Secure__Store_and_Forward_Proxy_for_Dynamic_IoT_Applications_over_M2M_Networks.pdf},
doi = {10.1109/TCE.2016.7838091},
issn = {1558-4127},
year = {2016},
date = {2016-11-01},
journal = {IEEE Transactions on Consumer Electronics},
volume = {62},
number = {4},
pages = {389-397},
abstract = {Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality.},
keywords = {encryption, inrisco, Internet of Things, Machine to Machine, privacy},
pubstate = {published},
tppubtype = {article}
}
title = {Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication},
author = {P Arias-Cabarcos and A Marín and D Palacios and F Almenárez and D Díaz-Sánchez},
url = {https://ieeexplore.ieee.org/document/7579116
https://doi.org/10.1109/MITP.2016.81
/download/ComparingPasswordManagementSoftware.pdf},
doi = {10.1109/MITP.2016.81},
issn = {1941-045X},
year = {2016},
date = {2016-09-01},
journal = {IT Professional},
volume = {18},
number = {5},
pages = {34-40},
abstract = {In today's corporate IT systems, employees routinely repeat an undeniable pattern: accessing a huge number of password-protected services. In this regard, although deploying a strong enterprise password policy can increase security against online breaches and data leaks, it also imposes a significant usability burden on users. To alleviate this problem, password managers (PMs) are considered user-friendly tools that automate password generation and login processes. But how secure and usable are these tools? The authors analyze the four most popular PMs with free versions from both security and usability perspectives. The comparison leads to recommendations on enterprise PM selection, as well as to the identification of new lines of research and development on usable authentication.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
2004
title = {Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security},
author = {Florina Almenarez and Daniel Díaz and Andrés Marín},
editor = {Sokratis Katsikas and Javier Lopez and Günther Pernul},
doi = {10.1007/978-3-540-30079-3_10},
issn = {0302-9743},
year = {2004},
date = {2004-01-01},
journal = {Lecture Notes In Computer Sciences},
volume = {3184},
pages = {90--99},
publisher = {Springer Berlin Heidelberg},
address = {Berlin, Heidelberg},
abstract = {Nowadays we can perform business transactions with remote servers interconnected to Internet using our personal devices. These transactions can also be possible without any infrastructure in pure ad-hoc networks. In both cases, interacting parts are often unknown, therefore, they require some mechanism to establish ad-hoc trust relationships and perform secure transactions. Operating systems for mobile platforms support secure communication and authentication, but this support is based on hierarchical PKI. For wireless communications, they use the (in)secure protocol WEP. This paper presents a WCE security enhanced architecture allowing secure transactions, mutual authentication, and access control based on dynamic management of the trusted certificate list. We have successfully implemented our own CSP to support the new certificate management and data ciphering.},
keywords = {EasyWireless, Mutual Authentication, Smart Card, Trust Degree, Trust Relationship, Trusted Third Party, Ubisec},
pubstate = {published},
tppubtype = {article}
}
Publications
I Don'T See Why I Would Ever Want to Use It: Analyzing the Usability of Popular Smartphone Password Managers Inproceedings Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1937–1953, The 26th ACM Conference on Computer and Communications Security ACM, London, United Kingdom, 2019, ISBN: 978-1-4503-6747-9. TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications Journal Article IEEE Communications Surveys Tutorials, 21 (4), pp. 3502-3531, 2019, ISSN: 2373-745X. Secure store and forward proxy for dynamic IoT applications over M2M networks Journal Article IEEE Transactions on Consumer Electronics, 62 (4), pp. 389-397, 2016, ISSN: 1558-4127. Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication Journal Article IT Professional, 18 (5), pp. 34-40, 2016, ISSN: 1941-045X. Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security Journal Article Lecture Notes In Computer Sciences, 3184 , pp. 90–99, 2004, ISSN: 0302-9743.
2019
2016
2004