| 1. |
- Alexiou, Nikolaos, 1985-, et al.
(författare)
-
Towards a secure and privacy-preserving multi-service vehicular architecture
- 2013
-
Ingår i: 2013 IEEE 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2013. - : IEEE. - 9781467358279 ; , s. 6583472-
-
Konferensbidrag (refereegranskat)abstract
- Intensive efforts in industry, academia and standardization bodies have brought vehicular communications (VC) one step before commercial deployment. In fact, future vehicles will become significant mobile platforms, extending the digital life of individuals with an ecosystem of applications and services. To secure these services and to protect the privacy of individuals, it is necessary to revisit and extend the vehicular Public Key Infrastructure (PKI)-based approach towards a multi-service security architecture. This is exactly what this work does, providing a design and a proof-of-concept implementation. Our approach, inspired by long-standing standards, is instantiated for a specific service, the provision of short-term credentials (pseudonyms). Moreover, we elaborate on its operation across multiple VC system domains, and craft a roadmap for further developments and extensions that leverage Web-based approaches. Our current results already indicate our architecture is efficient and can scale, and thus can meet the needs of the foreseen broad gamut of applications and services, including the transportation and safety ones.
|
|
| 2. |
- Alexiou, Nikolaos, 1985-, et al.
(författare)
-
VeSPA : Vehicular security and privacy-preserving architecture
- 2013
-
Ingår i: HotWiSec 2013. - New York, NY, USA : ACM. - 9781450320030 ; , s. 19-23
-
Konferensbidrag (refereegranskat)abstract
- Vehicular Communications (VC) are reaching a near deploment phase and will play an important role in improving road safety, driving efficiency and comfort. The industry and the academia have reached a consensus for the need of a Public Key Infrastructure (PKI), in order to achieve security, identity management, vehicle authentication, as well as preserve vehicle privacy. Moreover, a gamut of proprietary and safety applications, such as location-based services and pay-as-you-drive systems, are going to be offered to the vehicles. The emerging applications are posing new challenges for the existing Vehicular Public Key Infrastructure (VPKI) architectures to support Authentication, Authorization and Accountability (AAA), without exposing vehicle privacy. In this work we present an implementation of a VPKI that is compatible with the VC standards. We propose the use of tickets as cryptographic tokens to provide AAA and also preserve vehicle privacy against adversaries and the VPKI. Finally, we present the efficiency results of our implementation to prove its applicability.
|
|
| 3. |
- Giannetsos, Thanassis, et al.
(författare)
-
Trustworthy People-Centric Sensing : Privacy, Security and User Incentives Road-Map
- 2014
-
Ingår i: 2014 13th Annual Mediterranean Ad Hoc Networking Workshop, MED-HOC-NET 2014. - : IEEE Computer Society. - 9781479952588 ; , s. 39-46
-
Konferensbidrag (refereegranskat)abstract
- The broad capabilities of widespread mobile devices have paved the way for People-Centric Sensing (PCS). This emerging paradigm enables direct user involvement in possibly large-scale and diverse data collection and sharing. Unavoidably, this raises significant privacy concerns, as participants may inadvertently reveal a great deal of sensitive information. However, ensuring user privacy, e.g., by anonymizing data they contribute, may cloak faulty (possibly malicious) actions. Thus, PCS systems must not only be privacy-preserving but also accountable and reliable. As an increasing number of applications (e.g., assistive healthcare and public safety systems) can significantly benefit from people-centric sensing, it becomes imperative to meet these seemingly contradicting requirements. In this work, we discuss security, user privacy and incentivization for this sensing paradigm, exploring how to address all aspects of this multifaceted problem. We critically survey the security and privacy properties of state-of-the-art research efforts in the area. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security and privacy do not hinder the deployment of PCS systems.
|
|
| 4. |
- Gisdakis, Stylianos, 1986-, et al.
(författare)
-
Allocating adversarial resources in wireless networks
- 2013
-
Ingår i: 2013 Proceedings of the 21st European Signal Processing Conference (EUSIPCO). - : IEEE. - 9780992862602 ; , s. 6811603-
-
Konferensbidrag (refereegranskat)abstract
- A plethora of security schemes for wireless sensor networks (WSNs) has been proposed and their resilience to various attacks analyzed; including situations the adversary compromises a subset of the WSN nodes and/or deploys own misbehaving devices. The higher the degree of such intrusion is, the more effective an attack will be. Consider, however, an adversary that is far from omnipotent: How should she attack, how should she deploy her resources to maximally affect the attacked WSN operation? This basic question has received little attention, with one approach considering genetic algorithms for devising an attack strategy [5]. In this work, we recast the problem towards a more systematic treatment and more computationally efficient solutions: a combination of a genetic algorithm with a convex relaxation, and an l(1)-constraint formulation. The devising of near-optimal attack strategies efficiently strengthens the adversary, allowing her to adapt and mount effective and thus harmful attacks even in complex and dynamically changing settings.
|
|
| 5. |
- Gisdakis, Stylianos, 1986-, et al.
(författare)
-
Android Privacy C(R)ache : Reading your External Storageand Sensors for Fun and Profit
- 2015
-
Rapport (populärvet., debatt m.m.)abstract
- Android's permission system empowers informed privacy decisions when installing third-party applications. However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ_EXTERNAL_STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a ``curious'' application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, ``curious'' applications.
|
|
| 6. |
- Gisdakis, Stylianos, 1986-, et al.
(författare)
-
Data Verification andPrivacy-respecting User Remuneration in Mobile Crowd Sensing
- 2015
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The broad capabilities of current mobile devices have paved the way forMobile Crowd Sensing (MCS) applications. The success of this emergingparadigm strongly depends on the quality of received data which, in turn, iscontingent to mass user participation; the broader the participation, the moreuseful these systems become. This can be achieved if users are gratified fortheir contributions while being provided with strong guarantees for the securityand the privacy of their sensitive information. But this very openness is adouble-edge sword: any of the participants can be adversarial and pollute thecollected data in an attempt to degrade the MCS system output and, overall,its usefulness. Filtering out faulty reports is challenging, with practically noprior knowledge on the participants trustworthiness, dynamically changingphenomena, and possibly large numbers of compromised devices. This workpresents a holistic framework that can assess user-submitted data and siftmalicious contributions while offering adequate incentives to motivate usersto submit better quality data. With a rigorous assessment of our systemâAZssecurity and privacy protection complemented by a detailed experimentalevaluation, we demonstrate its accuracy, practicality and scalability. Overall,our framework is a comprehensive solution that significantly extends thestate-of-the-art and can catalyze the deployment of MCS applications.
|
|
| 7. |
- Gisdakis, Stylianos, et al.
(författare)
-
Secure and Privacy-Preserving Smartphone based Traffic Information Systems
- 2015
-
Ingår i: IEEE transactions on intelligent transportation systems (Print). - : IEEE Press. - 1524-9050 .- 1558-0016. ; 16:3
-
Tidskriftsartikel (refereegranskat)abstract
- Increasing smartphone penetration, combined with the wide coverage of cellular infrastructures, renders smartphone-based traffic information systems (TISs) an attractive option. The main purpose of such systems is to alleviate traffic congestion that exists in every major city. Nevertheless, to reap the benefits of smartphone-based TISs, we need to ensure their security and privacy and their effectiveness (e.g., accuracy). This is the motivation of this paper: We leverage state-of-the-art cryptographic schemes and readily available telecommunication infrastructure. We present a comprehensive solution for smartphone-based traffic estimation that is proven to be secure and privacy preserving. We provide a full-blown implementation on actual smartphones, along with an extensive assessment of its accuracy and efficiency. Our results confirm that smartphone-based TISs can offer accurate traffic state estimation while being secure and privacy preserving.
|
|
| 8. |
- Gisdakis, Stylianos, 1986-
(författare)
-
Secure and Privacy Preserving Urban Sensing Systems
- 2016
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The emergence of resource-rich mobile devices and smart vehicles has paved the way for Urban Sensing. In this new paradigm, users, leveraging their sensing-capable devices, sense their environment and become part of an unprecedented large-scale network of sensors, with extensive spatial and temporal coverage, that enables the collection and dissemination of real-time information, potentially, from anywhere, about anything and at anytime. Urban sensing will facilitate the deployment of innovative applications aiming to address the ever-growing concerns for citizens' well-being by offering a better understanding of our activities and environment.Nevertheless, the openness of such systems (ideally anyone can participate) and the richness of the data users contribute unavoidably raise significant concerns both about the security of urban sensing applications and the privacy of the participating users. More specifically, users participating in urban sensing applications are expected to contribute sensed data tagged, in many cases, with spatio-temporal information. Misusing such information could reveal sensitive user-specific attributes including their whereabouts, health condition, and habits and lead to extensive and unsolicited user profiling. At the same time, the participation of large numbers of users possessing sensing- capable devices is a double-edged sword: devices can be compromised or faulty or users can be adversarial seeking to manipulate urban sensing systems by submitting intelligently crafted faulty information.This thesis considers security, resilience and privacy for urban sensing notably in two application domains: intelligent transportation systems and generic smartphone based crowd-sourced sensing applications. For these domains, we design, implement and evaluate provably secure and privacy-preserving solutions capable of protecting the users from the system (i.e., ensuring their privacy in the presence of untrustworthy infrastructure) and the system from malicious users (i.e., holding them accountable for possible system-offending actions)
|
|
| 9. |
- Gisdakis, Stylianos
(författare)
-
Secure and Privacy Preserving Urban Sensing Systems
- 2014
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The emergence of resource-rich mobile devices and smart vehicles has paved the way for Urban Sensing. In this new paradigm, users sense their environment and become part of an unprecedented large-scale network of sensors, with extensive spatial and temporal coverage, that enables the collection and dissemination of real-time information, practically, from anywhere. Urban sensing can facilitate the deployment of innovative applications that can address the ever-growing concerns for citizens’ well-being. Nevertheless, the openness of such systems (ideally anyone can participate) and the richness of the data users contribute unavoidably raise significant concerns for both the security of urban sensing applications and the privacy of the participating users. In this thesis we consider different urban sensing application domains: vehicular communication networks, intelligent transportation systems and environmental monitoring applications. We begin with a detailed analysis of the security and privacy requirements of these applications domains. Our objective is to protect users from the system (by ensuring their anonymity and privacy) and urban sensing systems from malicious users (by holding malicious users accountable of their actions). This is not straight-forward; anonymity may tempt malicious user behavior, compromising the reliability of the entire urban sensing system.Towards that, we design and implement secure and privacy-preserving identity management systems that can accommodate these requirements. We demonstrate their efficiency, practicality, and scalability through extensive experimental evaluations. Furthermore, we formally evaluate formally their security and privacy preserving properties.
|
|
| 10. |
- Gisdakis, Stylianos, et al.
(författare)
-
Security, Privacy, and Incentive Provision for Mobile Crowd Sensing Systems
- 2016
-
Ingår i: IEEE Internet of Things Journal. - : Institute of Electrical and Electronics Engineers (IEEE). - 2327-4662. ; 3:5, s. 839-853
-
Tidskriftsartikel (refereegranskat)abstract
- Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of mobile crowd sensing (MCS). The openness of such systems and the richness of data MCS users are expected to contribute to them raise significant concerns for their security, privacy-preservation and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a holistic solution. That is, a secure and accountable MCS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after an MCS architecture that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving and intelligent MCS entities (servers). In this paper, we meet these challenges and propose a comprehensive security and privacy-preserving architecture. With a full blown implementation, on real mobile devices, and experimental evaluation we demonstrate our system's efficiency, practicality, and scalability. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system offers strong security and privacy-preservation guarantees, thus, facilitating the deployment of trustworthy MCS applications.
|
|
