5GActivitiesCybersecurityInternet Of ThingsNews

2025 RSTI Research Output: A Year of Publications

SONIA SOLERA COTANILLA

The RSTI research group has published several scientific articles throughout 2025, reflecting its ongoing commitment to advancing knowledge and contributing to the research community. Highlights include:

  • “Dynamic characterisation of cyberattacks based on the MITRE ATT&CK framework applied to the optimisation of a mitigation selection process”

The article addresses current cybersecurity challenges, emphasizing the need to characterize cyberattacks and dynamically adapt risk responses to identified techniques. Authors propose a machine learning–based model that identifies attack techniques from traffic logs and recommends appropriate mitigations through decision-support systems.

  • “Measuring the Impact of Post Quantum Cryptography in Industrial IoT scenarios” 

In this article we discuss the need for security systems to advance and incorporate new PQC (Post Quantum Cryptography) proposals. The threat of Store Now and Dercypt Later is motivating the introduction of this crptography where confidentiality is required. We show it can be introduced in Industrial IoT (Internet of Things) scenarios, with limited nodes. This is among the first articles where power consumption of these algorithms is documented using different devices, and we offer the data in public access to allow other researchers to validate our experiments.

In this work, we design and implement a new framework to carry out an extensive set of experiments to measure the performance of different families of PQC algorithms in terms of execution time and power consumption. The data are available on Zenodo at https://doi.org/10.5281/zenodo.17316405Zenodo and in the open data initiative or the Polytechnical University of Madrid https://doi.org/10.21950/4EYMI0.

  • “Energy-Aware Edge Infrastructure Traffic Management Using Programmable Data Planes in 5G and Beyond”

The article proposes a traffic management scheme for 5G and beyond edge infrastructures that aims for energy proportionality, meaning that the network’s energy consumption scales with the actual traffic load. To this end, it combines programmable data planes using P4 with an SDN controller. The programmable switches monitor the traffic volume directly in the data plane and perform dynamic load balancing through ECMP, continuously adjusting how many switches are needed to carry the traffic. The controller, using P4Runtime, initializes registers (traffic thresholds, measurement window, switch type, etc.) and runs a dynamic energy management module that turns switch interfaces on or off according to the information reported by the data plane, thus avoiding overloading the control plane.

The proposal is validated in an emulated environment with Mininet and BMv2 switches, following a spine–leaf topology that represents an edge network around a 5G AGF function. Real urban traffic traces (residential, public transport, business, and leisure), scaled in time, are used, and it is observed that the scheme correctly adapts the number of active switches even under subtle traffic variations. Based on these patterns and the typical power consumption of a commercial switch built on the Intel Tofino ASIC (Wedge100BF-32Q), the article estimates daily energy savings on the order of 3.6–6.1 kWh, which translates into hundreds of kWh per month and more than 1 MWh per year per deployment. The work concludes that moving load balancing and monitoring into the data plane, together with a dynamic power on/off policy, is a promising approach for building more sustainable 5G/6G edge networks.

  • “Proposal for a security and privacy enhancement system for private smart environments”

The article proposes an adaptive system to improve the security and privacy of Internet of Things devices in private environments, addressing the growing sophistication of attacks and the lack of consolidated security frameworks in IoT ecosystems. To this end, it introduces a router-integrated solution that manages connected devices through monitoring and data acquisition, information storage, data analysis, event processing, and data visualization. The system is designed to adapt to the specific requirements of the environment and incorporates mechanisms that automate the secure integration and continuous supervision of devices.

The proposal enables real-time management of connected devices and timely alert notifications when potential threats are detected in the home network. By supporting early responses under uncertain conditions and reducing manual intervention, the system enhances both security and operational efficiency, helping to protect sensitive data and maintain a secure private environment against possible attacks.

  • “Design and Generation of a Dataset for Training Insider Threat Prevention and Detection Models: The SPEDIA Dataset”

In this article, we present SPEDIA, a novel insider threat dataset generated through a hybrid methodology that combines real user behaviour from a controlled cyber exercise, simulated role-based activity, and selected synthetic data. The dataset addresses key limitations of existing benchmarks by providing realistic, well-labeled, and more balanced malicious and benign events mapped to MITRE ATT&CK, enabling more robust training and evaluation of insider threat detection models.

  • “A Digital Twin Threat Survey”

This article offers a comprehensive overview of cybersecurity threats affecting digital twin technologies, particularly in industrial and critical infrastructure environments. As digital twins increasingly depend on real-time data from sensor networks, advanced AI models, and continuous synchronisation between physical and digital systems, their attack surface expands significantly. The paper analyses threats across the main layers of digital twin architecture, including hardware-level attacks on sensors and devices, vulnerabilities in AI and machine learning components, and risks throughout the data life cycle, such as data poisoning, desynchronisation, and network-based attacks.

In addition to surveying existing threats, the article proposes a structured framework for classifying and prioritising digital twin risks by combining cybersecurity and AI risk management methodologies. This framework supports the assessment of potential operational, economic, and societal impacts of different attacks, enabling more informed security decisions. The work highlights the need for end-to-end trust, robust attestation mechanisms, and preparedness for emerging challenges such as post-quantum threats, positioning security as a key enabler for the reliable and sustainable adoption of digital twins.

Redes y Servicios de Telecomunicación e Internet
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.