Nicholas Kolokotronis

Stylianos Monogios, Konstantinos Limniotis, Nicholas Kolokotronis et al.

The Android unrestricted application market, being of open source nature, has made it a popular platform for third-party applications reaching millions of smart devices in the world. This tremendous increase in applications with an extensive API that includes access to phone hardware, settings, and user data raises concerns regarding users privacy, as the information collected from the apps could be used for profiling purposes. In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services without providing adequate or precise information to the users. Moreover, as they are using third-party libraries, they suffer from the intra-library collusion issue, that could be exploited from advertising and analytics companies through apps and gather large amount of personal information without the explicit consent of the user.

Faisal Alsakran, Gueltoum Bendiab, Stavros Shiaeles et al.

Smart homes are one of the most promising applications of the emerging Internet of Things (IoT) technology. With the growing number of IoT related devices such as smart thermostats, smart fridges, smart speaker, smart light bulbs and smart locks, smart homes promise to make our lives easier and more comfortable. However, the increased deployment of such smart devices brings an increase in potential security risks and home privacy breaches. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. These systems monitor the network activities of the smart home-connected de-vices and focus on alerting suspicious or malicious activity. They also can deal with detected abnormal activities by hindering the impostors in accessing the victim devices. However, the employment of such systems in the context of a smart home can be challenging due to the devices hardware limitations, which may restrict their ability to counter the existing and emerging attack vectors. Therefore, this paper proposes an experimental comparison between the widely used open-source NIDSs namely Snort, Suricata and Bro IDS to find the most appropriate one for smart homes in term of detection accuracy and resources consumption including CP and memory utilization. Experimental Results show that Suricata is the best performing NIDS for smart homes

Christos Constantinides, Stavros Shiaeles, Bogdan Ghita et al.

Attack vectors are continuously evolving in order to evade Intrusion Detection systems. Internet of Things (IoT) environments, while beneficial for the IT ecosystem, suffer from inherent hardware limitations, which restrict their ability to implement comprehensive security measures and increase their exposure to vulnerability attacks. This paper proposes a novel Network Intrusion Prevention System that utilises a SelfOrganizing Incremental Neural Network along with a Support Vector Machine. Due to its structure, the proposed system provides a security solution that does not rely on signatures or rules and is capable to mitigate known and unknown attacks in real-time with high accuracy. Based on our experimental results with the NSL KDD dataset, the proposed framework can achieve on-line updated incremental learning, making it suitable for efficient and scalable industrial applications.

Stavros Shiaeles, Nicholas Kolokotronis, Emanuele Bellini

Internet of Things (IoT) is a whole new ecosystem comprised of heterogeneous connected devices -i.e. computers, laptops, smart-phones and tablets as well as embedded devices and sensors-that communicate to deliver capabilities making our living, cities, transport, energy, and many other areas more intelligent. The main concerns raised from the IoT ecosystem are the devices poor support for patching/updating and the poor on-board computational power. A number of issues stem from this: inherent vulnerabilities and the inability to detect and defend against external attacks. Also, due to the nature of their operation, the devices tend to be rather open to communication, which makes attacks easy to spread once reaching a network. The aim of this research is to investigate if it is possible to extract useful results regarding attacks' trends and be able to predict them, before it is too late, by crawling Deep/Dark and Surface web. The results of this work show that is possible to find the trend and be able to act proactively in order to protect the IoT ecosystem.

Georgios Kermezis, Konstantinos Limniotis, Nicholas Kolokotronis

A pseudonymisation technique based on Merkle trees is described in this paper. More precisely, by exploiting inherent properties of the Merkle trees as cryptographic accumulators, we illustrate how user-generated pseudonyms can be constructed, without the need of a third party. Each such pseudonym, which depends on several user's identifiers, suffices to hide these original identifiers, whilst the unlinkability property between any two different pseudonyms for the same user is retained; at the same time, this pseudonymisation scheme allows the pseudonym owner to easily prove that she owns a pseudonym within a specific context, without revealing information on her original identifiers. Compared to other user-generated pseudonymisation techniques which utilize public key encryption algorithms, the new approach inherits the security properties of a Merkle tree, thus achieving post-quantum security.

Nicholas Kolokotronis, Sotirios Brotsis, Georgios Germanos et al.

This paper considers the use of novel technologies for mitigating attacks that aim at compromising intrusion detection systems (IDSs). Solutions based on collaborative intrusion detection networks (CIDNs) could increase the resilience against such attacks as they allow IDS nodes to gain knowledge from each other by sharing information. However, despite the vast research in this area, trust management issues still pose significant challenges and recent works investigate whether these could be addressed by relying on blockchain and related distributed ledger technologies. Towards that direction, the paper proposes the use of a trust-based blockchain in CIDNs, referred to as trust-chain, to protect the integrity of the information shared among the CIDN peers, enhance their accountability, and secure their collaboration by thwarting insider attacks. A consensus protocol is proposed for CIDNs, which is a combination of a proof-of-stake and proof-of-work protocols, to enable collaborative IDS nodes to maintain a reliable and tampered-resistant trust-chain.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

The blockchain has found numerous applications in many areas with the expectation to significantly enhance their security. The Internet of things (IoT) constitutes a prominent application domain of blockchain, with a number of architectures having been proposed for improving not only security but also properties like transparency and auditability. However, many blockchain solutions suffer from inherent constraints associated with the consensus protocol used. These constraints are mostly inherited by the permissionless setting, e.g. computational power in proof-of-work, and become serious obstacles in a resource-constrained IoT environment. Moreover, consensus protocols with low throughput or high latency are not suitable for IoT networks where massive volumes of data are generated. Thus, in this paper we focus on permissioned blockchain platforms and investigate the consensus protocols used, aiming at evaluating their performance and fault tolerance as the main selection criteria for (in principle highly insecure) IoT ecosystem. The results of the paper provide new insights on the essential differences of various consensus protocols and their capacity to meet IoT needs.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

In the last few years, a countless number of permissioned blockchain solutions have been proposed, with each one to claim that it revolutionizes the way of the transaction processing along with the security and privacy preserving mechanisms that it provides. Hyperledger Fabric is one of the most popular permissioned blockchain architectures that has made a significant impact on the market. However, there are only few papers of finding architectural risks regarding the security and the privacy preserving mechanisms of Hyperledger Fabric. This paper separates the attack surface of the blockchain platform into four components, namely, consensus, chaincode, network and privacy preserving mechanisms, in all of which an attacker (from inside or outside the network) can exploit the platform's design and gain access to or misuse the network. In addition, we highlight the appropriate counter-measures that can be taken in each component to address the corresponding risks and provide a significantly secure and enhanced privacy preserving Fabric network. We hope that by bringing this paper into light, we can aid developers to avoid security flaws and implementations that can be exploited by attackers but also to motivate further research to harden the platform's security and the client's privacy.

Robert Shire, Stavros Shiaeles, Keltoum Bendiab et al.

Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of resources, it is becoming increasingly harder to protect against security threats such as malware due to its evolving faster than the defence mechanisms can handle with. The traditional security systems are not able to detect unknown malware as they use signature-based methods. In this paper, we aim to address this issue by introducing a novel IoT malware traffic analysis approach using neural network and binary visualisation. The prime motivation of the proposed approach is to faster detect and classify new malware (zero-day malware). The experiment results show that our method can satisfy the accuracy requirement of practical application.

Efthimios Pantelidis, Gueltoum Bendiab, Stavros Shiaeles et al.

Insider attacks are one of the most challenging cybersecurity issues for companies, businesses and critical infrastructures. Despite the implemented perimeter defences, the risk of this kind of attack is still very high. In fact, the detection of insider attacks is a very complicated security task and presents a serious challenge to the research community. In this paper, we aim to address this issue by using deep learning algorithms Autoencoder and Variational Autoencoder deep. We will especially investigate the usefulness of applying these algorithms to automatically defend against potential internal threats, without human intervention. The effectiveness of these two models is evaluated on the public dataset CERT dataset (CERT r4.2). This version of the CERT Insider Threat Test dataset includes both benign and malicious activities generated from 1000 simulated users. The comparison results with other models show that the Variational Autoencoder neural network provides the best overall performance with a greater detection accuracy and a reasonable false positive rate

Joseph Rose, Matthew Swann, Gueltoum Bendiab et al.

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.

Sotirios Brotsis, Konstantinos Limniotis, Gueltoum Bendiab et al.

Blockchain and distributed ledger technologies have received significant interest in various areas beyond the financial sector, with profound applications in the Internet of Things (IoT), providing the means for creating truly trustless and secure solutions for IoT applications. Taking into account the weak security defences that the majority of IoT devices have, it is critical that a blockchain-based solution targeting the IoT is not only capable of addressing the many challenges IoT is facing, but also does not introduce other defects, in terms of performance, making its adoption hard to achieve. This paper aims at addressing the above needs by providing a comprehensive and coherent review of the available blockchain solutions to determine their ability to meet the requirements and tackle the challenges of the IoT, using the smart home as the reference domain. Key architectural aspects of blockchain solutions are examined in terms of their ability to withstand various types of common IoT and blockchain attacks, deliver enhanced privacy features, and assure adequate performance levels while processing large amounts of transactions being generated in an IoT environment. The analysis carried out identified that the defences currently provided by blockchain platforms are not sufficient to thwart all the prominent attacks against blockchains, with blockchain 1.0 and 2.0 platforms being susceptible to the majority of them. On the other side, privacy related mechanisms are being supported, to varying degrees, by all platforms investigated; however, each of the them tackles specific only privacy aspects, thus rendering the overall privacy evaluation a challenging task which needs to be considered in an ad-hoc basis. If the underlying consensus protocols performance and fault tolerance is also considered, then only a small number of platforms meet the requirements of our reference IoT domain.

Konstantinos Panagiotis Grammatikakis, Ioannis Koufos, Nicholas Kolokotronis et al.

Banking Trojans came a long way in the past decade, and the recent case of Emotet showed their enduring relevance. The evolution of the modern computing landscape can be traced through Emotet and Zeus, both representative examples from the end of the past decade. As an example of earlier malware, Zeus only needed to employ simple anti-analysis techniques to stay undetected, while the more recent Emotet had to constantly evolve to stay a step ahead. Current host-based antimalware solutions face an increasing number of obstacles to perform their function. A multi-layer approach to network security is necessary for network-based intrusion response systems to secure modern networks of heterogeneous devices. A system based on a combination of a graphical network security model and a game theoretic model of cyber attacks was tested on a testbed with Windows machines infected with Trojans, experimental results showed that the proposed system effectively blocked Trojans network communications effectively preventing data leakage and yielding encouraging results for future work.

Georgios Germanos, Dimitris Kavallieros, Nicholas Kolokotronis et al.

Voice assistants have become quite popular lately while in parallel they are an important part of smarthome systems. Through their voice assistants, users can perform various tasks, control other devices and enjoy third party services. The assistants are part of a wider ecosystem. Their function relies on the users voice commands, received through original voice assistant devices or companion applications for smartphones and tablets, which are then sent through the internet to the vendor cloud services and are translated into commands. These commands are then transferred to other applications and services. As this huge volume of data, and mainly personal data of the user, moves around the voice assistant ecosystem, there are several places where personal data is temporarily or permanently stored and thus it is easy for a cyber attacker to tamper with this data, bringing forward major privacy issues. In our work we present the types and location of such personal data artifacts within the ecosystems of three popular voice assistants, after having set up our own testbed, and using IoT forensic procedures. Our privacy evaluation includes the companion apps of the assistants, as we also compare the permissions they require before their installation on an Android device.

Christos-Minas Mathas, Costas Vassilakis, Nicholas Kolokotronis

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

David Buckley, Gueltoum Bendiab, Stavros Shiaeles et al.

The rise of the subscription-based business model has led to a corresponding increase in the number of subscriptions where a customer needs to manage their payments. This management of payments for multiple subscriptions has become a very complicated and insecure task for customers, especially when it comes to renewing payment details when the card is lost, stolen, or expires. In addition, this, mostly manual, process is vulnerable to human error, digital frauds, and data breaches, according to security reports. Thus, in this paper, we propose a novel approach to automate, manage and simplify the Financial Supply Chain involved in the process of updating and managing payments to user subscriptions. This is done by utilising the Hyperledger Sawtooth blockchain framework, that allows a consumer to enter their payment card details in a central digital wallet and link their subscriptions to their cards. The card being updated triggers an event on the blockchain, which allow for the payment details to be updated on subscription systems automatically. The verification tests performed on the prototype of the proposed system shows that its current implementation has been securely achieved.

Gueltoum Bendiab, Konstantinos-Panagiotis Grammatikakis, Ioannis Koufos et al.

Energy providers are moving to the smart meter era, encouraging consumers to install, free of charge, these devices in their homes, automating consumption readings submission and making consumers life easier. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. In this context, this paper is exploring the problems of Advanced Metering Infrastructures (AMI) and proposing a novel Machine Learning (ML) Intrusion Prevention System (IPS) to get optimal decisions based on a variety of factors and graphical security models able to tackle zero-day attacks.

Christos-Minas Mathas, Konstantinos-Panagiotis Grammatikakis, Costas Vassilakis et al.

Smart Grids are energy delivery networks, constituting an evolution of power grids, in which a bidirectional flow between power providers and consumers is established. These flows support the transfer of electricity and information, in order to support automation actions in the context of the energy delivery network. Insofar, many smart grid implementations and implementation proposals have emerged, with varying degrees of feature delivery and sophistication. While smart grids offer many advantages, their distributed nature and information flow streams between energy producers and consumers enable the launching of a number of attacks against the smart grid infrastructure, where the related consequences may range from economic loss to complete failure of the smart grid. In this paper, we survey the threat landscape of smart grids, identifying threats that are specific to this infrastructure, providing an assessment of the severity of the consequences of each attack type, discerning features that can be utilized to detect attacks and listing methods that can be used to mitigate them.

Gueltoum Bendiab, Stavros Shiaeles, Abdulrahman Alruban et al.

With the increase of IoT devices and technologies coming into service, Malware has risen as a challenging threat with increased infection rates and levels of sophistication. Without strong security mechanisms, a huge amount of sensitive data is exposed to vulnerabilities, and therefore, easily abused by cybercriminals to perform several illegal activities. Thus, advanced network security mechanisms that are able of performing a real-time traffic analysis and mitigation of malicious traffic are required. To address this challenge, we are proposing a novel IoT malware traffic analysis approach using deep learning and visual representation for faster detection and classification of new malware (zero-day malware). The detection of malicious network traffic in the proposed approach works at the package level, significantly reducing the time of detection with promising results due to the deep learning technologies used. To evaluate our proposed method performance, a dataset is constructed which consists of 1000 pcap files of normal and malware traffic that are collected from different network traffic sources. The experimental results of Residual Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate for detection of malware traffic.

Irina Baptista, Stavros Shiaeles, Nicholas Kolokotronis

The continued evolution and diversity of malware constitutes a major threat in modern systems. It is well proven that security defenses currently available are ineffective to mitigate the skills and imagination of cyber-criminals necessitating the development of novel solutions. Deep learning algorithms and artificial intelligence (AI) are rapidly evolving with remarkable results in many application areas. Following the advances of AI and recognizing the need for efficient malware detection methods, this paper presents a new approach for malware detection based on binary visualization and self-organizing incremental neural networks. The proposed method's performance in detecting malicious payloads in various file types was investigated and the experimental results showed that a detection accuracy of 91.7% and 94.1% was achieved for ransomware in .pdf and .doc files respectively. With respect to other formats of malicious code and other file types, including binaries, the proposed method behaved well with an incremental detection rate that allows efficiently detecting unknown malware at real-time.

Olga Gkotsopoulou, Elisavet Charalambous, Konstantinos Limniotis et al.

The present paper deals with the elucidation and implementation of the Data Protection by Design (DPbD) principle as recently introduced in the European Union data protection law, specifically with regards to cybersecurity systems in a Smart Home environment, both from a legal and a technical perspective. Starting point constitutes the research conducted in the Cyber-Trust project, which endeavours the development of an innovative and customisable cybersecurity platform for cyber-threat intelligence gathering, detection and mitigation within the Internet of Things ecosystem. During the course of the paper, the requirements of DPbD with regards to the conceptualisation, design and actual development of the system are presented as prescribed in law. These requirements are then translated into technical solutions, as envisaged in the Cyber-Trust system. For trade-offs are not foreign to the DPbD context, technical limitations and legal challenges are also discussed in this interdisciplinary dialogue.

Sotirios Brotsis, Nicholas Kolokotronis, Konstantinos Limniotis et al.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks emerge as a areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.

Nicholas Kolokotronis, Konstantinos Limniotis, Stavros Shiaeles et al.

Blockchain is a disruptive technology that has been characterised to be the next big thing and has already gained a broad recognition by experts in diverse fields. In this paper, we consider possible use cases and applications of the blockchain for the consumer electronics (CE) industry and its interplay with the Internet of things. Instead of discussing how the blockchain can revolutionise the supply chain, we focus on how it could be employed for enhancing the security of networked CE devices. This work is motivated by the large number of recent attacks that use easily hackable devices as a weaponry. Towards this direction, privacy and data protection aspects of blockchain solutions are also presented and are linked to regulatory framework provisions. Information on existing blockchain solutions is also provided.

Konstantinos-Panagiotis Grammatikakis, Angela Ioannou, Stavros Shiaeles et al.

Android is among the popular platforms running on millions of smart devices, like smartphones and tablets, whose widespread adoption is seen as an opportunity for spreading malware. Adding malicious payloads to cracked applications, often popular ones, downloaded from untrusted third markets is a prevalent way for achieving the aforementioned goal. In this paper, we compare 25 applications from the official and third-party application stores delivering cracked applications. The behavioral analysis of applications is carried out on three real devices equipped with different Android versions by using five indicators: requested permissions, CPU usage, RAM usage and the number of opened ports for TCP and HTTP. Based on these indicators, we compute an application intention score and classify cracked applications as malicious or benign. The experimental results show that cracked applications utilize on average more resources and request access to more (dangerous) permissions than their official counterparts.

Keltoum Bendiab, Nicholas Kolokotronis, Stavros Shiaeles et al.

Secure and reliable management of identities has become one of the greatest challenges facing cloud computing today, mainly due to the huge number of new cloud-based applications generated by this model, which means more user accounts, passwords, and personal information to provision, monitor, and secure. Currently, identity federation is the most useful solution to overcome the aforementioned issues and simplify the user experience by allowing efficient authentication mechanisms and use of identity information from data distributed across multiple domains. However, this approach creates considerable complexity in managing trust relationships for both the cloud service providers and their clients. Poor management of trust in federated identity management systems brings with it many security, privacy and interoperability issues, which contributes to the reluctance of organizations to move their critical identity data to the cloud. In this paper, we aim to address these issues by introducing a novel trust and identity management model based on the Blockchain for cloud identity management with security and privacy improvements.