Dimitrios Lekkas

Addressing cloud computing security issues

The recent emergence of cloud computing has drastically altered everyones perception of infrastructure architectures, software delivery and development models. Projecting as an evolutionary step, following the transition from mainframe computers to client/server deployment models, cloud computing encompasses elements from grid computing, utility computing and autonomic computing, into an innovative deployment architecture. This rapid transition towards the clouds, has fuelled concerns on a critical issue for the success of information systems, communication and information security. From a security perspective, a number of unchartered risks and challenges have been introduced from this relocation to the clouds, deteriorating much of the effectiveness of traditional protection mechanisms. As a result the aim of this paper is twofold; firstly to evaluate cloud security by identifying unique security requirements and secondly to attempt to present a viable solution that eliminates these potential threats. This paper proposes introducing a Trusted Third Party, tasked with assuring specific security characteristics within a cloud environment. The proposed solution calls upon cryptography, specifically Public Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrity and confidentiality of involved data and communications. The solution, presents a horizontal level of service, available to all implicated entities, that realizes a security mesh, within which essential trust is maintained.

Securing e-Government and e-Voting with an open cloud computing architecture

Abstract The idea, the concept, and the term, that is cloud computing, has recently passed into common currency and the academic lexicon in an ambiguous manner, as cloud dust is being sprinkled on an excess of emerging products. Exorcising complexity and protecting against the caprice of the moment, this paper explores the notion behind the hype of cloud computing and evaluates its relevance to electronic government and electronic voting information systems. This paper explores increasing participation and sophistication of electronic government services, through implementing a cloud computing architecture. From an Information and Communication Security perspective, a structured analysis is adopted to identify vulnerabilities, involved in the digitalization of government transactions and the electoral process, exploring the notion of trust and transparency within this context. In turn, adopting a cloud computing approach for electronic government and electronic voting solutions is investigated, reviewing the architecture within the previously described context. Taking a step further, this paper proposes a high level electronic governance and electronic voting solution, supported by cloud computing architecture and cryptographic technologies, additionally identifying issues that require further research.

Long-term verifiability of the electronic healthcare records’ authenticity

PURPOSE To investigate whether the long-term preservation of the authenticity of electronic healthcare records (EHR) is possible. To propose a mechanism that enables the secure validation of an EHR for long periods, far beyond the lifespan of a digital signature and at least as long as the lifetime of a patient. APPROACH The study is based on the fact that although the attributes of data authenticity, i.e. integrity and origin verifiability, can be preserved by digital signatures, the necessary period for the retention of EHRs is far beyond the lifespan of a simple digital signature. It is identified that the lifespan of signed data is restricted by the validity period of the relevant keys and the digital certificates, by the future unavailability of signature-verification data, and by suppression of trust relationships. In this paper, the notarization paradigm is exploited, and a mechanism for cumulative notarization of signed EHR is proposed. RESULTS The proposed mechanism implements a successive trust transition towards new entities, modern technologies, and refreshed data, eliminating any dependency of the relying party on ceased entities, obsolete data, or weak old technologies. The mechanism also exhibits strength against various threat scenarios. CONCLUSIONS A future relying party will have to trust only the fresh technology and information provided by the last notary, in order to verify the authenticity of an old signed EHR. A Cumulatively Notarized Signature is strong even in the case of the compromise of a notary in the chain.

Establishing and managing trust within the public key infrastructure

The capabilities afforded by the Public Key Infrastructure certainly facilitate the growth of secure internet-based transactions. However, the provision of acceptable and effective certification services will only be achieved when an enhanced level of trust is established between the entities involved. Trust in the information society is built on various different grounds, based on calculus, on knowledge or on social reasons. The notion of trust against a Trusted Third Party expresses the customers faith in specific operational, ethical and quality characteristics, while it also includes the acknowledgement of a minimum risk factor by the relying party. Trust has the properties of selectivity and transitivity and therefore it must be properly delimited and restricted. The trust relationships have to be effectively managed at the client side, where a trust database shall be maintained in three abstract levels, containing all the necessary information to enumerate, distinguish and evaluate the relationships with other entities. The major factors that affect trust are reflected in the requirements for quality of the services provided and in the terms and conditions of qualified policies.

E-passports as a means towards the first world-wide public key infrastructure

Millions of citizens around the world have already acquired their new electronic passport. The e-passport is equipped with contactless communication capability, as well as with a smart card processor enabling cryptographic functionality. Countries are required to build a Public Key Infrastructure to support digital signatures, as this is considered the basic tool to prove the authenticity and integrity of the Machine Readable Travel Documents. The first large-scale world wide PKI is currently under construction, by means of bilateral trust relationships between Countries. In this paper, we investigate the good practices, which are essential for the establishment of a global identification scheme based on e-passports, together with the security and privacy issues that may arise. We argue that an e-passport may also be exploited in other applications as a globally interoperable PKI-enabled tamperproof device. The preconditions, the benefits, and the drawbacks of using e-passports in everyday electronic activities are further analyzed and assessed.

A cloud based architecture capable of perceiving and predicting multiple vessel behaviour

We train an Artificial Neural Network (ANN) to predict future vessels behavior.We study if an ANN is capable of inferring the unique behaviour of a vessel.We design, train and implement a proof of concept ANN as a cloud based web app.The derived ANN has the ability to predict short and long term vessel behaviour. Progressively huge amounts of data, tracking vessels during their voyages across the seas, are becoming available, mostly due to the automatic identification system (AIS) that vessels of specific categories are required to carry. These datasets provide detailed insights into the patterns vessels follow, while safely navigating across the globe, under various conditions. In this paper, we develop an Artificial Neural Network (ANN) capable of predicting a vessels future behaviour (position, speed and course), based on events that occur in a predictable pattern, across large map areas. The main concept of this study is to determine if an ANN is capable of inferring the unique behavioural patterns that each vessel follows and successively use this as a means for predicting multiple vessel behaviour into a future point in time. We design, train and implement a proof of concept ANN, as a cloud based web application, with the ability of overlaying predicted short and long term vessel behaviour on an interactive map. Our proposed approach could potentially assist in busy port scheduling, vessel route planning, anomaly detection and increasing overall Maritime Domain Awareness.

Quality assured trusted third parties for deploying secure internet-based healthcare applications

In this paper we present a complete reference framework for the provision of quality assured Trusted Third Party (TTP) services within a medical environment. The main objective is to provide all the basic guidelines towards the development of a quality system for a TTP as an organisation, which could be mapped directly to the requirements of ISO-9000 standards. The important results of the implementation of a quality system, are the enhanced trustworthiness of the TTP and the confidence of the medical society in the provided services. Furthermore, the value added certification services conform to customer requirements and are characterised by efficiency, reliability, security, credibility and trust. The internal organisation acquires a clear and strict structure and maximises its effectiveness by establishing quality management, committed to control, assure and improve quality. The TTP requirements for quality are identified and the various elements of the quality system are described illustratively.

Securing The Electronic Market: The KEYSTONE Public Key Infrastructure Architecture

In this paper, the unified, abstract KEYSTONE Public Key Infrastructure is presented. This architecture consists of a reference model, a functional architecture specification, and a set of technologies that can be used for implementing the functional units, along with all relevant standards. It was derived within the course of the KEYSTONE project, which was funded by the European Commission under the Electronic Trust Services II Programme. The proposed PKI architecture guarantees openness, scalability, flexibility, extensibility, integration with existing TTP and information infrastructure, transparency and, above all, security. Thus, it enjoys all the desirable characteristics and fulfils all those criteria that are essential for a PKI to constitute a successful framework for the development of inter-domain and international Trusted Services.

Real-time vessel behavior prediction

Abstract Vessel traffic management systems (VTMS) and vessel traffic monitoring information systems (VTMIS) have been available for a number of years now. These systems have significantly contributed to increasing the efficiency and safety of operations at sea. However, nowadays, risks at sea are once again on the rise, thus demanding an evolution in VTMS and VTMIS, such that they can support a human operator’s better understanding of the complex reality at sea and enhance his or her decision-making in light of danger. A critical requirement of such systems, is that they exhibit the ability to for-see unfolding cautious and potentially hazardous situations, so as to propose measures of danger avoidance. In this study, we employ machine learning, and specifically artificial neural networks, as a tool to add predictive capacity to VTMIS. The main objective of this study is to implement a publicly accessible, web-based system capable of real time learning and accurately predicting any vessels future behavior in low computational time. This work describes our approach, design choices, implementation and evaluation details, while we present a proof of concept prototype system. Our proposal can potentially be used as the predictive foundation for various intelligent systems, including vessel collision prevention, vessel route planning, operation efficiency estimation and even anomaly detection systems.

Implementing regular cash with blind fixed-value electronic coins

We propose a generic framework for the development of an off-line peer-to-peer electronic payment system with fixed-value electronic coins. The proposed scheme simulates the issuance, circulation and characteristics of conventional cash and satisfies important security, privacy and usability requirements, offering a comparative advantage over other existing solutions. We exploit the strong security characteristics of a typical tamperproof device such as a smart card, and the trust services provided by a Public Key Infrastructure. The electronic coins are fixed, signed data structures that may be distributed, stored and processed by external applications only in their blind (encrypted) form. Non-divisibility is counterbalanced by the low complexity of the proposed solution, which enables the efficient exchange of multiple coins per transaction.