Dimitris Kavallieros

Kyriakos Christou, Maria Michalopoulou, Stefano Taggi et al.

Cyber Defence (CD) training requires interoperable cyber-range environments capable of supporting complex, multidomain exercises across distributed infrastructures. This paper presents three main contributions addressing this challenge. First, we introduce the Exercise Description Language - First Generation (EDL-FG), a structured language for formally describing cyber-range training services and exercises. EDL-FG captures both the technical infrastructure required to emulate ICT/OT environments and the scenario logic governing cyber events, injects, and participant interactions, enabling interoperable and automated scenario deployment across federated Cyber Ranges (CRs). Second, the ACTING platform introduces automated PE and scoring mechanisms that assess trainee actions during exercises through coordinated data collection and analysis across participating CRs. Third, the platform enables multi-domain cyber training scenarios that combine civilian and military operational contexts. Building upon federation capabilities established under the H2020 ECHO project, ACTING demonstrates how interoperable scenario description and automated evaluation support scalable and realistic CD training.

Georgios Germanos, Dimitris Kavallieros, Nicholas Kolokotronis et al.

Voice assistants have become quite popular lately while in parallel they are an important part of smarthome systems. Through their voice assistants, users can perform various tasks, control other devices and enjoy third party services. The assistants are part of a wider ecosystem. Their function relies on the users voice commands, received through original voice assistant devices or companion applications for smartphones and tablets, which are then sent through the internet to the vendor cloud services and are translated into commands. These commands are then transferred to other applications and services. As this huge volume of data, and mainly personal data of the user, moves around the voice assistant ecosystem, there are several places where personal data is temporarily or permanently stored and thus it is easy for a cyber attacker to tamper with this data, bringing forward major privacy issues. In our work we present the types and location of such personal data artifacts within the ecosystems of three popular voice assistants, after having set up our own testbed, and using IoT forensic procedures. Our privacy evaluation includes the companion apps of the assistants, as we also compare the permissions they require before their installation on an Android device.

Christos-Minas Mathas, Konstantinos-Panagiotis Grammatikakis, Costas Vassilakis et al.

Smart Grids are energy delivery networks, constituting an evolution of power grids, in which a bidirectional flow between power providers and consumers is established. These flows support the transfer of electricity and information, in order to support automation actions in the context of the energy delivery network. Insofar, many smart grid implementations and implementation proposals have emerged, with varying degrees of feature delivery and sophistication. While smart grids offer many advantages, their distributed nature and information flow streams between energy producers and consumers enable the launching of a number of attacks against the smart grid infrastructure, where the related consequences may range from economic loss to complete failure of the smart grid. In this paper, we survey the threat landscape of smart grids, identifying threats that are specific to this infrastructure, providing an assessment of the severity of the consequences of each attack type, discerning features that can be utilized to detect attacks and listing methods that can be used to mitigate them.

Elochukwu Ukwandu, Mohamed Amine Ben Farah, Hanan Hindy et al.

Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs different dimensions, as well as, highlighting a diminishing differentiation between application areas.

Olga Gkotsopoulou, Elisavet Charalambous, Konstantinos Limniotis et al.

The present paper deals with the elucidation and implementation of the Data Protection by Design (DPbD) principle as recently introduced in the European Union data protection law, specifically with regards to cybersecurity systems in a Smart Home environment, both from a legal and a technical perspective. Starting point constitutes the research conducted in the Cyber-Trust project, which endeavours the development of an innovative and customisable cybersecurity platform for cyber-threat intelligence gathering, detection and mitigation within the Internet of Things ecosystem. During the course of the paper, the requirements of DPbD with regards to the conceptualisation, design and actual development of the system are presented as prescribed in law. These requirements are then translated into technical solutions, as envisaged in the Cyber-Trust system. For trade-offs are not foreign to the DPbD context, technical limitations and legal challenges are also discussed in this interdisciplinary dialogue.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks emerge as a areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.