105-107 Forsyth Street
132D Nightingale Hall
Boston, MA 02115
ATTN: Jose Sierra, 202 WVH
360 Huntington Avenue
Boston, MA 02115
- Attribute based access control
- IoT communications protection
- Technology innovations in cyber threats and cyber defenses
- PhD in computer science, Carlos III University of Madrid, Spain
- MSc in computer science, Málaga University, Spain
- MSc in business administration, Rey Juan Carlos University, Spain
- Applied cybersecurity, MIT Professional Education – Massachusetts Institute of Technology
Jose Sierra is an associate teaching professor and the associate director of the information assurance and cybersecurity program at the Khoury College of Computer Sciences. He earned his PhD at Carlos III University in 2000. His research areas include authentication and access control protocols, mobile payments protection, lightweight cryptographic protocols, and IoT security. He has a very active publication record, with an important number of conference proceedings and journal papers. During his academic career, he has had the opportunity to research and work at several universities, from the British Bradford and Westminster to well-established U.S. institutions such as the University of California, Berkeley and MIT.
What are the specifics of your educational background?
My education has been focused on computer science. I achieved my MSc degree in 1997, joining the Pontificia de Comillas University in Madrid after that as a research assistant. At the same time, I began my PhD on internet security protocols at the Carlos III University. In 2000, I obtained my doctoral thesis with honors.
In 2003, in order to complement my technical background, I took a MSc in Business Administration at the Rey Juan Carlos University, completing it in 2005.
More recently, for personal interests, I was granted two professional certifications in cybersecurity: Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM)
What are your research interests?
My research interests have been centered on the design, implementation and management of security services for interconnected systems. Initially, my research was based on the foundations of some cryptographic algorithms and later focused on their use for the implementation of security protocols. In recent years, my research has evolved to cybersecurity management and how organizations can take strategic decisions, which will help them to counteract cyberthreats. This is the case of remote authentication protocols, where I developed new protocols and schemes applicable to electronic payment. Other areas with remarkable results were Vehicular Ad-Hoc Networks (VANETs) protection, P2PSIP security architecture and low-performance computing devices used in Wireless Sensor Networks.
My research work in the validation and evaluation of security protocols triggered the creation of my research group, the EVALUES IT Security Laboratory (evalues.es). On this subject, my work evolved from formal validation logics for security protocols to assessment methodologies for commercial implementations of IPSEC architecture. In 2007, I led a team of researchers in creating the IPSEC Evaluation Methodology, which is used to determine conformance and security levels for IPSEC VPN implementations.
Where did you spend your most defining years?
During my doctoral thesis, besides my home university, I developed some of my research at two British universities: at Bradford University I studied my thesis’ cryptographic aspects and at Westminster my work was mainly centered on the analysis of the interconnected information systems emerging threats.
In 2000, the International Computer Science Institute awarded me a fellowship grant at the University of California Berkeley, which I consider the most relevant research stay in my career. The work carried out at Berkeley was motivated by the analysis and design of authentication, authorization and accountability protocols (AAA).
In 2010, after 10 years as an associate professor, I attained a postdoctoral research stay at the Computer Science and Artificial Intelligence Laboratory at MIT. My role at MIT involved the design of security protocols for implantable medical devices.
What are the specifics of your industry experience?
Throughout my career, I have enjoyed a tight relationship with the several industries. I have had the opportunity of participating and leading several R&D projects for different sectors in the last five years. In the aero spatial defense sector, I participated in the following projects:
- Innovative AAA System for Interoperable Distributed Architectures.
- Design and implementation of a Security Compliance Accreditation plan for Defense Simulation Laboratory.
- Design and implementation of a Secure Communication library for ground systems data synchronization.
- Development of Smartcard based Identification and Authentication System for multiplatform ground systems.
In the realm of national and European-funded research, I participated in two major projects:
- Advances for the city of the future: sustainable, smart and efficient. WP1 Security Architecture (Ciudad 2020)
- Smart Robot Security. WP6 Access control and Authorization for Internet of the Things. (Smoty)
I also participated in three projects with HiTec and telecom providers:
- Security Architecture for a Supply Chain Management System based on Block-Chain
- CLOUD-PKI: Cloud Certification services based on HSM cryptography module.
- Android Software Security Evaluation