Christos K. Dimitriadis

Improving Mobile Core Network Security with Honeynets

Despite improved security, core network vulnerabilities continue to threaten third-generation (3G) mobile systems. This article offers a security assessment conducted in the packet-switched domain of a mobile operators infrastructure. A honeynet architecture could help address 3G security.

Application of Multi-criteria Analysis for the Creation of a Risk Assessment Knowledgebase for Biometric Systems

This paper, presents an enhanced version of a knowledgebase of vulnerabilities, risks and countermeasures for biometric systems. The knowledgebase was created by the application of the Multi-criteria Analysis methodology to the results of desk research, laboratory testing and interviews. The knowledgebase aims to improve risk assessment procedures, by adding the capability of analyzing the risk of the biometric component of an information system. The application of the knowledgebase is demonstrated for clarifying its functions.

An identity management protocol for Internet applications over 3G mobile networks

This paper, proposes a protocol (IDM3G) for implementing identity management for Internet applications over 3G mobile networks. IDM3G combines the identity management principles of the Liberty Alliance specifications, elements of the OASISs SAML and the 3GPP UMTS security specifications, targeting to a more effective and lightweight identity management solution than the existing ones. IDM3G instead of establishing new authentication and authorization mechanisms, utilizes the latest security features of 3G mobile networks in order to implement trust relationships, focusing on mutual authentication and authorization, avoiding at the same time the submission of the user identity itself.

A Secure and Privacy Friendly 2D+3D Face Authentication System Robust Under Pose and Illumation Variation

An end-to-end face authentication system integrating 2D color images and depth data is presented in this paper, based on a low-cost sensor capable of real-time acquisition of 3D images and associated color images. Depth data is used for robust face detection, localization and 3D pose estimation, as well as for compensating pose and illumination variations of facial images prior to classification. The performance of the proposed system is tested on an extended face database recorded in real-world conditions, while a complete security and privacy analysis is conducted in order to ensure that all necessary countermeasures are built into the system.

A Biometric Authentication Protocol for 3G Mobile Systems: Modelled and Validated Using CSP and Rank Functions

This paper describes a protocol, called BIO3G, for establishing secure and privacy friendly biometric authentication in 3G mobile environments. BIO3G provides real end-to-end strong user authentication to the mobile operator, requiring no storing or transferring of biometric data and eliminating the need for biometric enrolment and administration procedures, which are time-consuming for the user and expensive for the mobile operator. BIO3G was modelled and evaluated using the formal process algebra CSP.

My fingers are all mine: Five reasons why using biometrics may not be a good idea

Biometric technology has undoubtedly become the bedrock of national and commercial identity management infrastructures, and will become more so in the future. While the technology promises great benefits, its use raises a variety of serious ethical, social and technical concerns. The processing and storage of human biological data for this purpose is not entirely foolproof. Moreover, when it comes to deployment in large-scale infrastructures, the accuracy and reliability issues become more serious. Characteristic human data such as facial images and fingerprints is very personal and permanent to humans, the misuse or abuse of which could be disastrous for the privacy of individuals. The purpose of this paper is to delve deeper into these issues, and highlight some of these concerns.

Analysing a biometric authentication protocol for 3g mobile systems using CSP and rank functions

We study a protocol, called BIO3G, which provides biometric-based user authentication and key establishment in Third Generation (3G) mobile environments. BIO3G provides end-to-end user authentication to the mobile operator, requiring no storing or transferring of biometric data and, eliminating the need for biometric enrolment and administration, which is time-consuming for the user and expensive for the mobile operator. We model BIO3G using process algebra Communicating Sequential Processes (CSP) and verify it using Schneiders rank functions.

Security for Mobile Operators in Practice

Mobile operators are organizations that have to manage a great amount of critical information, including legal sensitive subscriber data. A number of assessment projects on the infrastructures of major mobile operators, revealed a number of vulnerabilities that if exploited may lead to important business impact. The scope of this paper is to publish these vulnerabilities towards the enhancement of security and privacy of mobile operators. A threat model was created, according to which countermeasures tailored to the specific environment of a mobile operator are proposed.

Biometric access control and crisis management for athletic events

This paper, proposes a system called Athlos that implements strong access control and crisis management, enhancing the safety of event spectators. Athlos is an integrated system for managing crisis situations during the course of large-scale athletic events. The system integrates intelligent biometric access control systems, smart cards, emergency mobile units and wireless links for authenticating participants, preventing unwanted incidents, providing first-aid and effectively activating all response teams needed in emergency situations

Biometric access control for athletic events

The confidence level of citizens, as far as the ability of the organizers to provide security is concerned, is a factor directly impacting their attendance in athletic events. This paper, proposes a system called BioAthletics that implements strong access control, enhancing the safety feeling of event spectators. BioAthletics integrates intelligent biometric access control systems and smart cards for authenticating participants. A pilot version of BioAthletics was deployed and tested in terms of acceptability, information security and performance.