Dimitris Gritzalis

Delegate the smartphone user? Security awareness in smartphone platforms

Smartphone users increasingly download and install third-party applications from official application repositories. Attackers may use this centralized application delivery architecture as a security and privacy attack vector. This risk increases since application vetting mechanisms are often not in place and the user is delegated to authorize which functionality and protected resources are accessible by third-party applications. In this paper, we mount a survey to explore the security awareness of smartphone users who download applications from official application repositories (e.g. Google Play, Apples App Store, etc.). The survey findings suggest a security complacency, as the majority of users trust the app repository, security controls are not enabled or not added, and users disregard security during application selection and installation. As a response to this security complacency we built a prediction model to identify users who trust the app repository. The model is assessed, evaluated and proved to be statistically significant and efficient.

An insider threat prediction model

Information systems face several security threats, some of which originate by insiders. This paper presents a novel, interdisciplinary insider threat prediction model. It combines approaches, techniques, and tools from computer science and psychology. It utilizes real time monitoring, capturing the users technological trait in an information system and analyzing it for misbehavior. In parallel, the model is using data from psychometric tests, so as to assess for each user the predisposition to malicious acts and the stress level, which is an enabler for the user to overcome his moral inhibitions, under the condition that the collection of such data complies with the legal framework. The model combines the above mentioned information, categorizes users, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system and the organization.

The Sphinx enigma in critical VoIP infrastructures: Human or botnet?

Sphinx was a monster in Greek mythology devouring those who could not solve her riddle. In VoIP, a new service in the role of Sphinx provides protection against SPIT (Spam over Internet Telephony) by discriminating human callers from botnets. The VoIP Sphinx tool uses audio CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) that are controlled by an anti-SPIT policy mechanism. The design of the Sphinx service has been formally verified for the absence of side-effects in the VoIP services (robustness), as well as for its DoS-resistance. We describe the principles and innovations of Sphinx, together with experimental results from pilot use cases.

Towards an Ontology-based Security Management

The paramount complexity of enterprise in formation leads to hard-to-deal security management issues and system configurations. We present a security management framework of an arbitrary information system (IS) which builds upon knowledge-based resources, such as security ontology (SO) providing reusable security knowledge interoperability, aggregation and reasoning exploiting security knowledge from diverse sources; in addition, the separation of security requirements from their technical implementations facilitates the security management. We provide a feasible framework which links the high-level policy statements and deployable security controls and facilitates the security experts work

The Big Four - What We Did Wrong in Advanced Persistent Threat Detection?

As both the number and the complexity of cyber-attacks continuously increase, it is becoming evident that current security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame and Red October have troubled the security community due to their severe complexity and their ability to evade detection - in some cases for several years. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques. We also focus on the issues that enabled the malware authors to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats.

Principles and requirements for a secure e-voting system

Electronic voting (e-voting) is considered a means to further enhance and strengthen the democratic processes in modern information societies. E-voting should first comply with the existing legal and regulatory framework. Moreover, e-voting should be technically implemented in such a way that ensures adequate user requirements. As a result, the aim of this paper is twofold. Firstly, to identify the set of generic constitutional requirements, which should be met when designing an e-voting system for general elections. This set will lead to the specific (design) principles of a legally acceptable e-voting system. Second, to identify, using the Rational Unified Process, the requirements of an adequately secure e-voting system. These requirements stem from the design principles identified previously. The paper concludes that an e-voting capability should, for the time being, be considered only as a complementary means to the traditional election processes. This is mainly due to the digital divide, to the inherent distrust in the e-voting procedure, as well as to the inadequacy of the existing technological means to meet certain requirements.Electronic voting (e-voting) is considered a means to further enhance and strengthen the democratic processes in modern information societies. E-voting should first comply with the existing legal and regulatory framework. Moreover, e-voting should be technically implemented in such a way that ensures adequate user requirements. As a result, the aim of this paper is twofold. Firstly, to identify the set of generic constitutional requirements, which should be met when designing an e-voting system for general elections. This set will lead to the specific (design) principles of a legally acceptable e-voting system. Second, to identify, using the Rational Unified Process, the requirements of an adequately secure e-voting system. These requirements stem from the design principles identified previously. The paper concludes that an e-voting capability should, for the time being, be considered only as a complementary means to the traditional election processes. This is mainly due to the digital divide, to the inherent distrust in the e-voting procedure, as well as to the inadequacy of the existing technological means to meet certain requirements.

The Insider Threat in Cloud Computing

Cloud computing is an emerging technology paradigm, enabling and facilitating the dynamic and versatile provision of computational resources and services. Even though the advantages offered by cloud computing are several, there still exist second thoughts on the security and privacy of the cloud services. Use of cloud services affects the security posture of organizations and critical infrastructures, therefore it is necessary that new threats and risks introduced by this new paradigm are clearly understood and mitigated. In this paper we focus on the insider threat in cloud computing, a topic which has not received research focus, as of now. We address the problem in a holistic way, differentiating between the two possible scenarios: a) defending against a malicious insider working for the cloud provider, and b) defending against an insider working for an organization which chooses to outsource parts or the whole IT infrastructure into the cloud. We identify the potential problems for each scenario and propose the appropriate countermeasures, in an effort to mitigate the problem.

A Risk Assessment Method for Smartphones

Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform.

Trusted Computing vs. Advanced Persistent Threats: Can a Defender Win This Game?

As both the number and the complexity of cyber attacks continuously increase, it is becoming evident that traditional security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame, Red October and, more recently, Miniduke, have troubled the security community due to their severe complexity and their ability to evade detection in some cases for several years, while exfiltrating gigabytes of data or sabotaging critical infrastructures. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In this paper we perform a technical analysis of these advanced persistent threats, highlighting particular characteristics and identifying common patterns and techniques. We also focus on the issues that enabled the malware to evade detection from a wide range of security solutions and propose technical countermeasures for strengthening our defenses against similar threats.

Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony

SPam over Internet Telephony (SPIT) is a potential source of future annoyance in Voice over IP (VoIP) systems. A typical way to launch a SPIT attack is the use of an automated procedure (i.e., bot), which generates calls and produces unsolicited audio messages. A known way to protect against SPAM is a Reverse Turing Test, called CAPTCHA (Completely Automated Public Turing Test to Tell Computer and Humans Apart). In this paper, we evaluate existing audio CAPTCHA, as this type of format is more suitable for VoIP systems, to help them fight bots. To do so, we first suggest specific attributes-requirements that an audio CAPTCHA should meet in order to be effective. Then, we evaluate this set of popular audio CAPTCHA, and demonstrate that there is no existing implementation suitable enough for VoIP environments. Next, we develop and implement a new audio CAPTCHA, which is suitable for SIP-based VoIP telephony. Finally, the new CAPTCHA is tested against users and bots and demonstrated to be efficient.