Stylianos (Stelios) Gisdakis

The openness of PS systems renders them vulnerable to malicious users that can pollute the measurement collection process, in an attempt to degrade the PS system data and, overall, its usefulness. Mitigating such adversarial behavior is hard. Cryptographic protection, authentication, authorization, and access control can help but they do not fully address the problem. Reports from faulty insiders (participants with credentials) can target the process intelligently, forcing the PS system to… Visa mer

The openness of PS systems renders them vulnerable to malicious users that can pollute the measurement collection process, in an attempt to degrade the PS system data and, overall, its usefulness. Mitigating such adversarial behavior is hard. Cryptographic protection, authentication, authorization, and access control can help but they do not fully address the problem. Reports from faulty insiders (participants with credentials) can target the process intelligently, forcing the PS system to deviate from the actual sensed phenomenon. Filtering out those faulty reports is challenging, with practically no prior knowledge on the participants'​ trustworthiness, dynamically changing phenomena, and possibly large numbers of compromised devices. This paper proposes SHIELD, a novel data verification framework for PS systems that can complement any security architecture. SHIELD handles available, contradicting evidence, classifies efficiently incoming reports, and effectively separates and rejects those that are faulty. As a result, the deemed correct data can accurately represent the sensed phenomena, even when 45% of the reports are faulty, intelligently selected by coordinated adversaries and targeted optimally across the system's coverage area. Visa mindre

The broad capabilities of widespread mobile devices have paved the way for People-Centric Sensing (PCS). This emerging paradigm enables direct user involvement in possibly large-scale and diverse data collection and sharing. Unavoidably, this raises significant privacy concerns, as participants may inadvertently reveal a great deal of sensitive information. In this work, we discuss security, user privacy and incentivization for this sensing paradigm, exploring how to address all aspects of this… Visa mer

The broad capabilities of widespread mobile devices have paved the way for People-Centric Sensing (PCS). This emerging paradigm enables direct user involvement in possibly large-scale and diverse data collection and sharing. Unavoidably, this raises significant privacy concerns, as participants may inadvertently reveal a great deal of sensitive information. In this work, we discuss security, user privacy and incentivization for this sensing paradigm, exploring how to address all aspects of this multifaceted problem. We critically survey the security and privacy properties of state-of- the-art research efforts in the area. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security and privacy do not hinder the deployment of PCS systems. Visa mindre

Modern vehicles are no longer mere mechanical devices; they comprise dozens of digital computing platforms, coordinated by an in-vehicle network, and have the potential to significantly enhance the digital life of individuals on the road. While this transformation has driven major advancements in road safety and transportation efficiency, significant work remains to be done to support the security and privacy requirements of the envisioned ecosystem of commercial services and applications… Visa mer

Modern vehicles are no longer mere mechanical devices; they comprise dozens of digital computing platforms, coordinated by an in-vehicle network, and have the potential to significantly enhance the digital life of individuals on the road. While this transformation has driven major advancements in road safety and transportation efficiency, significant work remains to be done to support the security and privacy requirements of the envisioned ecosystem of commercial services and applications (i.e., Internet access, video streaming, etc.). In the era when “service is everything and everything is a service”, Vehicular Communication (VC) systems cannot escape from this ongoing trend towards multi-service environments accessible from anywhere. To meet the diverse requirements of vehicle operators and Service Providers (SPs), we present SEROSA, a service-oriented security and privacy-preserving architecture for VC. By synthesizing existing VC standards and Web Services (WS), our architecture provides comprehensive identity and service management while ensuring interoperability with existing SPs. We fully implement our system and extensively assess its efficiency, practicality, and dependability. Overall, SEROSA significantly extends the state of the art and serves as a catalyst for the integration of vehicles into the vast domain of Internet-based services. Visa mindre

So far, a plethora of security set-ups for wireless sensor networks (WSNs) has been analyzed and resilience to sophisticated attacks has been investigated. Nevertheless, the critical aspect of how the adversary can deploy her resources to maximally affect the attacked system should be further studied. The basic problem statement in this case is: Given a number of compromised entities (nodes) and cryptographic keys, how can the adversary devise a close-to-optimal attack tactic? Considering an… Visa mer

So far, a plethora of security set-ups for wireless sensor networks (WSNs) has been analyzed and resilience to sophisticated attacks has been investigated. Nevertheless, the critical aspect of how the adversary can deploy her resources to maximally affect the attacked system should be further studied. The basic problem statement in this case is: Given a number of compromised entities (nodes) and cryptographic keys, how can the adversary devise a close-to-optimal attack tactic? Considering an abstract model for a mission-critical WSN and the adversary, it has been recently shown that an optimal attack is computationally hard. The heuristic approaches have been proposed to address this problem introduce a significant amount of computational overhead. In this paper, we try to address this problem more efficiently and we show that the problem can be relaxed either by combining a genetic algorithm with a convex relaxation (CR) stage or by formulating it in a compressed sensing (CS) framework. This way, near-optimal resource allocation strategies can be efficiently computed even in the case of dynamically changing networks.
Visa mindre

To secure vehicular services and to protect the privacy of individuals, it is necessary to revisit
and extend the vehicular Public Key Infrastructure (VPKI) approach towards a multi-service security architecture. This is exactly what this work does, providing a design and a proof-of-concept
implementation that supports anonymous Authentication, Authorization and Accountability according to the long-standing standards. Moreover, we elaborate on the VPKI operation
across multiple VC… Visa mer

To secure vehicular services and to protect the privacy of individuals, it is necessary to revisit
and extend the vehicular Public Key Infrastructure (VPKI) approach towards a multi-service security architecture. This is exactly what this work does, providing a design and a proof-of-concept
implementation that supports anonymous Authentication, Authorization and Accountability according to the long-standing standards. Moreover, we elaborate on the VPKI operation
across multiple VC system domains, and craft a roadmap for further developments and extensions
that leverage Web-based approaches. Visa mindre

Vehicular Communications (VC) are reaching a near deployment phase and will play an important role in improving road safety, driving efficiency and comfort. The industry and the academia have reached a consensus for the need of a Public Key Infrastructure (PKI), in order to achieve security, identity management, vehicle authentication, as well as preserve vehicle privacy. Moreover, a gamut of proprietary and safety applications, such as location-based services and pay-as-you-drive systems, are… Visa mer

Vehicular Communications (VC) are reaching a near deployment phase and will play an important role in improving road safety, driving efficiency and comfort. The industry and the academia have reached a consensus for the need of a Public Key Infrastructure (PKI), in order to achieve security, identity management, vehicle authentication, as well as preserve vehicle privacy. Moreover, a gamut of proprietary and safety applications, such as location-based services and pay-as-you-drive systems, are going to be offered to the vehicles. The emerging applications are posing new challenges for the existing Vehicular Public Key Infrastructure (VPKI) architectures to support Authentication, Authorization and Accountability (AAA), without exposing vehicle privacy. In this work we present an implementation of a VPKI that is
compatible with the VC standards. We propose the use of tickets as cryptographic tokens to provide AAA and also preserve vehicle privacy against adversaries and the VPKI. Finally, we present the efficiency results of our implementation
to prove its applicability. Visa mindre

The emerging vehicle applications are posing new challenges for
the existing Public Key Infrastructures (PKI) to support Authentication,
Authorization and Accountability (AAA) in the Vehicular Communications context. In this work an implementation of a Vehicular-PKI that is compatible with the VC standards is presented. Tickets are proposed as cryptographic tokens to provide AAA for vehicles and preserve privacy and security against adversaries.

Security is important for mission-critical wireless sensor networks (WSNs). This is especially so because powerful adversaries could compromise and control a signi?cant fraction of the network nodes. A plethora of schemes has been developed to secure wireless sensor networks and resilience to sophisticated attacks has been analyzed. However, the question of how the adversary could deploy her resources to maximally a?ect the attacked system has remained largely unaddressed. This is the problem… Visa mer

Security is important for mission-critical wireless sensor networks (WSNs). This is especially so because powerful adversaries could compromise and control a signi?cant fraction of the network nodes. A plethora of schemes has been developed to secure wireless sensor networks and resilience to sophisticated attacks has been analyzed. However, the question of how the adversary could deploy her resources to maximally a?ect the attacked system has remained largely unaddressed. This is the problem this paper is concerned with: Given a number of compromised entities (nodes) and cryptographic keys, how can the adversary devise a close-to-optimal attack tactic? To the best of our knowledge, this is the ?rst investigation of its kind: while the basic adversarial behavior is well-known, the problem of how the adversary can optimally deploy her resources to maximize the attack impact has not been considered for WSNs. We consider an abstract model of the mission-critical WSN and the adversary, and we ?nd that the determination of an optimal attack is computationally hard, thus, we devise an effcient heuristic approach. An intelligent adversarial resource allocation indeed yields disproportional gains for the attacker. Our analysis is the ?rst necessary step to comprehend how to best address vulnerabilities Visa mindre

Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of participatory sensing (PS). The openness of such systems and the richness of user data they entail raise significant concerns for their security, privacy and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a comprehensive solution. That is, a secure and accountable PS system that preserves user privacy… Visa mer

Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of participatory sensing (PS). The openness of such systems and the richness of user data they entail raise significant concerns for their security, privacy and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a comprehensive solution. That is, a secure and accountable PS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after a PS system that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving PS entities (servers). We address these seemingly contradicting requirements with our SPPEAR architecture. Our full blown implementation and experimental evaluation demonstrate that SPPEAR is efficient, practical, and scalable. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system is a comprehensive solution that significantly extends the state-of-the-art and can catalyze the deployment of PS applications. Visa mindre