Alexandros Papanikolaou

IPv6 security for low power and lossy networks

Low-power and lossy networks (LLNs) are continually gaining popularity, due to their wide range of applications. Such networks mainly comprise of resource-constrained devices that feature Internet connectivity. This raises many security concerns that cannot be easily resolved, since the inherent limitations of LLN nodes do not allow the direct applicability of existing solutions. This paper proposes an IPsec header compression format for the 6LoWPAN adaptation layer that runs over IEEE802.15.4. The proposed scheme utilises AES-CCM* (CCM-Star), a cryptographic functionality supported by the underlying IEEE802.15.4 protocol, features low packet overhead, and provides both message authentication and confidentiality.

Secure policy-based management solutions in heterogeneous embedded systems networks

Managing a large number of heterogeneous nodes in a network of embedded systems is a challenging task, mainly due to differences in requirements and resources. Nano nodes with very limited capabilities, such as the nodes of a Wireless Sensor Network (WSN), may not be suitable for adopting solutions designed for power nodes that have no such constraints. Using these devices in dynamic, ad-hoc infrastructures that feature a plethora of characteristics, has brought up the need for appropriate management of participating nodes to satisfy the corresponding policy restrictions. Many schemes have been proposed for various types of devices in terms of resources, ranging from the well-studied policy-based management in computer networks to the more challenging management in sensor networks. This paper identifies these schemes and proposes a framework for the secure and interoperable policy-based management of heterogeneous, resource-constrained, embedded systems networks.

Spam goes mobile: Filtering unsolicited SMS traffic

The wide proliferation of mobile devices has attracted the attention of cyber-criminals, who exploit their functionality for malevolent purposes. One of the most popular approaches is the exploitation of sms for generating unsolicited electronic messages, also known as spam. The paper describes the peculiarities of the mobile unsolicited message traffic and proposes an sms spam detection algorithm for mobile devices. The developed prototype can be quite an effective method for fighting SMS spam.

Real-time network data analysis using time series models

Abstract With the expansion of computer networks, there is a strong need for monitoring their properties in order to diagnose any problems and manage them in the best possible way. This monitoring is particularly useful if performed in real-time, however, such an approach is rather difficult (if not impossible) to implement in networks with increased traffic, using a passive monitoring scheme. One way to overcome this problem is to selectively sample network data, which in turn opens new issues such as how frequently this sampling should be performed, so as to obtain useful and exploitable data. In this work it is shown that it is possible to accurately represent high-speed network traffic using suitable time series models and then determine the size of the sampling window, so as to detect packet loss. The resulting scheme is scalable, protocol-independent and able to raise alerts in real time.

Measuring the Internet's threat level: A global-local approach

The Internet is a highly distributed and complex system consisting of billion devices and has become the field of various kinds of conflicts during the last two decades. As a matter of fact, various actors utilise the Internet for illicit purposes, such as for performing Distributed Denial of Service Attacks (DDoS) and for spreading various types of aggressive malware. Despite the fact that numerous services provide information regarding the threat level of the Internet, they are mostly based on information acquired by their sensors or on offline statistical sampling of various security applications (antivirus software, intrusion detection systems etc.). This paper presents PROTOS (PROactive Threat Observatory System), an early warning system which is capable of estimating the threat level across the Internet, using both a global and a local approach. The proposed system is therefore able to determine whether a specific host is under an imminent threat, as well as to provide an estimation of the malicious activity across the Internet.

A Global-Local Approach for Estimating the Internet's Threat Level

The Internet is a highly distributed and complex system consisting of billion devices and has become the field of various kinds of conflicts during the last two decades. As a matter of fact, various actors utilise the Internet for illicit purposes, such as for performing distributed denial of service attacks (DDoS) and for spreading various types of aggressive malware. Despite the fact that numerous services provide information regarding the threat level of the Internet, they are mostly based on information acquired by their sensors or on offline statistical sampling of various security applications (antivirus software, intrusion detection systems, etc.). This paper introduces proactive threat observatory system (PROTOS), an open-source early warning system that does not require a commercial license and is capable of estimating the threat level across the Internet. The proposed system utilises both a global and a local approach, and is thus able to determine whether a specific host is under an imminent threat, as well as to provide an estimation of the malicious activity across the Internet. Apart from these obvious advantages, PROTOS supports a large-scale installation and can be extended even further to improve the effectiveness by incorporating prediction and forecasting techniques.

Cyber crime in Greece: How bad is it?

During the past years, the Internet has evolved into the so-called “Web 2.0”. Nevertheless, the wide use of the offered Internet services has rendered individual users a potential target to cyber-criminals. The paper presents a review and analysis of various cyber crimes and compares these findings to those of our previous work. The presented results cover all the cases that were reported to the Cyber Crime and Computer Crime Unit of the Greek Police Force.

On the Evolution of Malware Species

Computer viruses have evolved from funny artifacts which were crafted mostly to annoy inexperienced users to sophisticated tools for industrial espionage, unsolicited bulk email (ube), piracy and other illicit acts. Despite the steadily increasing number of new malware species, we observe the formation of monophyletic clusters. In this paper, using public available data, we demonstrate the departure of the democratic virus writing model in which even moderate programmers managed to create successful virus strains to an entirely aristocratic ecosystem of highly evolved malcode.

Proxied IBE-based key establishment for LLNs

Embedded systems devices have a wide application range, an instance of which is their use in Low-power and Lossy Networks (LLNs), which are anticipated to become one of the fundamental building blocks for the realisation of the Internet of Things (IoT). The security issues emerging from the requirement for Web accessibility can be fulfilled by appropriate cryptographic techniques, so as to secure the communicated information, supported by appropriate key exchange protocols, able to cope with the particular nature of such networks. The properties of Identity-Based Encryption (IBE) seem to match well the nature of such networks, thus an IBE-based key establishment protocol would be a good choice to be used in an LLN. However, severe limitations on those devices resources render deployment of expensive key establishment protocols inappropriate. Alternatives are therefore proposed such as offloading some of the computationally-intensive tasks to other, more powerful devices. Our IBE-based key establishment protocol enables a constrained node to exchange a shared secret with a remote party, that typically operates outside the nodes network through an also non-constrained proxy node that undertakes the task of performing some of the expensive computations. The proposed key establishment scheme facilitates secure communications among embedded systems devices providing information and services to remote parties, towards the realisation of the Internet of Things.

Legal and Social Aspects of Cyber Crime in Greece

The increased use of personal computers and other personal devices with the ability to connect to the Internet, as well as the availability of public WiFi hotspots, enabled people to make extensive use of the offered Internet services, thus rendering them a tempting target for cyber criminals. Furthermore, cyber crime has a transnational character and can simultaneously affect individuals at different geographical locations, thus requiring international co-operation in order to be fought effectively. This paper presents the various international efforts against cyber crime that involve Greece, along with the relevant legal framework and some planned developments for the future.