Vasilios A. Siris

Vasilios A. Siris, Adamantia Stamou, George D. Stamoulis et al.

The widespread use of AI services has raised concerns for its environmental sustainability, towards which recent studies have identified carbon emissions of AI inference as the major contributor. This paper introduces a framework for designing AI inference incentives based on the users' valuation for inference quality and latency, together with their environmental consciousness, while accounting for the tradeoff between carbon emissions and the two QoE parameters. Our approach can accommodate different tradeoffs, that depend on the size and complexity of the AI models and the allocation of resources to serve inference requests. The incentives can be offered through a practical two-tier service subscription that offers users a discount in exchange for reduced carbon emissions. The discounted service option gives the AI provider the flexibility to serve some percentage of inference requests at a lower quality and higher latency during periods of high carbon intensity.

Vasilios A. Siris, Adamantia Stamou, George D. Stamoulis et al.

We investigate incentives for reducing the carbon emissions of video streaming that depend on the energy consumption of segments in the end-to-end video delivery path, the carbon intensity, and the user type, i.e., quality-sensitive and green or environmentally conscious users. The incentives can be offered through a practical 2-tier subscription model with a discount and carbon rewards, which gives providers the flexibility to reduce the quality for up to a maximum percentage of videos within a time period, such as one month. The key features of our approach are i) it is preferable to offer subscriptions where the reduced-quality tier is set one resolution level below the resolution required for maximum user satisfaction; ii) when a video is streamed from a local data center, the maximum percentage of videos streamed at a lower quality depends solely on the carbon intensity and the average intensity cap, whereas the incentives also depend on the users' level of environmental consciousness; iii) when a video can be streamed from a local or a remote data center with different carbon intensities, the maximum percentage of videos streamed at lower quality and the incentives depend on the relative carbon intensity and energy consumption at the data centers, and the additional network energy costs from the remote data center.

Nikos Fotiou, Vasilios A. Siris, George C. Polyzos

In IPFS content identifiers are constructed based on the item's data therefore the binding between an item's identifier and its data can be deterministically verified. Nevertheless, once an item is modified, its identifier also changes. Therefore when it comes to mutable content there is a need for keeping track of the "latest" IPFS identifier. This is achieved using naming protocols on top of IPFS, such as IPNS and DNSlink, that map a constant name to an IPFS identifier, allowing at the same time content owners to update these mappings. Nevertheless, IPNS relies on a cryptographic key pair that cannot be rotated, and DNSlink does not provide content authenticity protection. In this paper, we propose a naming protocol that combines DNSlink and decentralized identifiers to enable self-verifiable content items. Our protocol provides content authenticity without imposing any security requirement to DNSlink. Furthermore, our protocol prevent fake content even if attackers have access to the DNS server of the content owner or have access to the content owner secret keys. Our proof of concept implementation shows that our protocol is feasible and can be used with existing IPFS tools.

Nikos Fotiou, Vasilios A. Siris, George C. Polyzos

We propose a capability-based access control technique for sharing Web resources, based on Verifiable Credentials (VCs) and OAuth 2.0. VCs are a secure means for expressing claims about a subject. Although VCs are ideal for encoding capabilities, the lack of standards for exchanging and using VCs impedes their adoption and limits their interoperability. We mitigate this problem by integrating VCs into the OAuth 2.0 authorization flow. To this end, we propose a new form of OAuth 2.0 access token based on VCs. Our approach leverages JSON Web Tokens (JWT) to encode VCs and takes advantage of JWT-based mechanisms for proving VC possession. Our solution not only requires minimum changes to existing OAuth 2.0 code bases, but it also removes some of the complexity of verifying VC claims by relying on JSON Web Signatures: a simple, standardized, and well supported signature format. Additionally, we fill the gap of VC generation processes by defining a new protocol that leverages the OAuth 2.0 "client credentials" grant.

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris et al.

OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are used. Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange by leveraging smart contracts. We realized a proof-of-concept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris et al.

In this work, we leverage advances in decentralized identifiers and permissioned blockchains to build a flexible user authentication and authorization mechanism that offers enhanced privacy, achieves fast revocation, and supports distributed "policy decision points" executed in mutually untrusted entities. The proposed solution can be applied in multi-tenant "IoT hubs" that interconnect diverse IoT silos and enable authorization of "guest" users, i.e., opportunistic users that have no trust relationship with the system, which has not encountered or known them before.

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris et al.

Blockchains and smart contracts are an emerging, promising technology, that has received considerable attention. We use the blockchain technology, and in particular Ethereum, to implement a large-scale event-based Internet of Things (IoT) control system. We argue that the distributed nature of the "ledger," as well as, Ethereum's capability of parallel execution of replicated "smart contracts", provide the sought after automation, generality, flexibility, resilience, and high availability. We design a realistic blockchain-based IoT architecture, using existing technologies while by taking into consideration the characteristics and limitations of IoT devices and applications. Furthermore, we leverage blockchain's immutability and Ethereum's support for custom tokens to build a robust and efficient token-based access control mechanism. Our evaluation shows that our solution is viable and offers significant security and usability advantages.

Vasilios A. Siris, Dimitrios Dimopoulos, Nikos Fotiou et al.

We present models that utilize smart contracts and interledger mechanisms to provide decentralized authorization for constrained IoT devices. The models involve different tradeoffs in terms of cost, delay, complexity, and privacy, while exploiting key advantages of smart contracts and multiple blockchains that communicate with interledger mechanisms. These include immutably recording hashes of authorization information and policies in smart contracts, resilience through the execution of smart contract code on all blockchain nodes, and cryptographically linking transactions and IoT events recorded on different blockchains using hash and time-lock mechanisms. The proposed models are evaluated on the public Ethereum testnets Rinkeby and Ropsten, in terms of execution cost (gas), delay, and reduction of data that needs to be sent to the constrained IoT devices.

Vasilios A. Siris, Dimitrios Dimopoulos, Nikos Fotiou et al.

We present models for utilizing blockchain and smart contract technology with the widely used OAuth 2.0 open authorization framework to provide delegated authorization for constrained IoT devices. The models involve different tradeoffs in terms of privacy, delay, and cost, while exploiting key advantages of blockchains and smart contracts. These include linking payments to authorization grants, immutably recording authorization information and policies in smart contracts, and offering resilience through the execution of smart contract code on all blockchain nodes.

Nikos Fotiou, Vasilios A. Siris, George C. Polyzos

Despite technological advances, most smart objects in the Internet of Things (IoT) cannot be accessed using technologies designed and developed for interacting with powerful Internet servers. IoT use cases involve devices that not only have limited resources, but also they are not always connected to the Internet and are physically exposed to tampering. In this paper, we describe the design, development, and evaluation of a smart contract-based solution that allows end-users to securely interact with smart devices. Our approach enables access control, Thing authentication, and payments in a fully decentralized setting, taking at the same time into consideration the limitations and constraints imposed by both blockchain technologies and the IoT paradigm. Our prototype implementation is based on existing technologies, i.e., Ethereum smart contracts, which makes it realistic and fundamentally secure.

Vasilios A. Siris, Maria Anagnostopoulou, Dimitris Dimopoulos

We present and evaluate a procedure that utilizes mobility and throughput prediction to prefetch video streaming data in integrated cellular and WiFi networks. The effective integration of such heterogeneous wireless technologies will be significant for supporting high performance and energy efficient video streaming in ubiquitous networking environments. Our evaluation is based on trace-driven simulation considering empirical measurements and shows how various system parameters influence the performance, in terms of the number of paused video frames and the energy consumption; these parameters include the number of video streams, the mobile, WiFi, and ADSL backhaul throughput, and the number of WiFi hotspots. Also, we assess the procedure's robustness to time and throughput variability. Finally, we present our initial prototype that implements the proposed approach.