George C. Oikonomou

A pilot study on the security of pattern screen-lock methods and soft side channel attacks

Graphical passwords that allow a user to unlock a smartphones screen are one of the Android operating systems features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our surveys results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

A Distributed Consensus Algorithm for Decision Making in Service-Oriented Internet of Things

In a service-oriented Internet of things (IoT) deployment, it is difficult to make consensus decisions for services at different IoT edge nodes where available information might be insufficient or overloaded. Existing statistical methods attempt to resolve the inconsistency, which requires adequate information to make decisions. Distributed consensus decision making (CDM) methods can provide an efficient and reliable means of synthesizing information by using a wider range of information than existing statistical methods. In this paper, we first discuss service composition for the IoT by minimizing the multi-parameter dependent matching value. Subsequently, a cluster-based distributed algorithm is proposed, whereby consensuses are first calculated locally and subsequently combined in an iterative fashion to reach global consensus. The distributed consensus method improves the robustness and trustiness of the decision process.

RERUM: Building a reliable IoT upon privacy- and security- enabled smart objects

The Internet of Things (IoT) provides a platform for the interconnection of a plethora of smart objects. It has been widely accepted for providing Information and Communication Technologies (ICT) applications in many “smart” environments, such as cities, buildings, metering, and even agriculture. For several reasons though such applications have yet to achieve wide adoption; a major hurdle is the lack of user trust in the IoT and its role in everyday activities. RERUM, a recently started FP7 European Union project. aims to develop a framework which will allow IoT applications to consider security and privacy mechanisms early in their design phase, ensuring a configurable balance between reliability (requiring secure, trustworthy and precise data) and privacy (requiring data minimization for private information, like location). The RERUM framework will comprise an architecture, built upon novel network protocols and interfaces as well as the design of smart objects hardware. To highlight the challenges and evaluate the framework, RERUM will employ several Smart City application scenarios, which will be deployed and evaluated in real-world testbeds in two Smart Cities participating in the project. Here we detail the key technologies RERUM will investigate over the coming three years to reach its vision for IoT security, privacy and trust.

Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanisms design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock.

Enabling reliable and secure IoT-based smart city applications

Smart Cities are considered recently as a promising solution for providing efficient services to citizens with the use of Information and Communication Technologies. With the latest advances on the Internet of Things, a new era has emerged in the Smart City domain, opening new opportunities for the development of efficient and low-cost applications that aim to improve the Quality of Life in cities. Although there is much research in this area, which has resulted in the development of many commercial products, significant parameters like reliability, security and privacy have not been considered as very important up until now. The newly launched FP7-SmartCities-2013 project RERUM aims to build upon the advances in the area of Internet of Things in Smart Cities and develop a framework to enhance reliability and security of smart city applications, with the citizen at the center of attention. This work presents four applications that will be developed within RERUM, gives a general description of the open reliability and security issues that have to be taken into account and gives an overall view of the solutions that RERUM will develop to address these issues.

Adaptive and Context-Aware Service Discovery for the Internet of Things

The Internet of Things (IoT) vision foresees a future Internet encompassing the realm of smart physical objects, which offer hosted functionality as services. The role of service discovery is crucial when providing application-level, end-to-end integration. In this paper, we propose trendy: a RESTful web services based Service Discovery protocol to tackle the challenges posed by constrained domains while offering the required interoperability. It provides a service selection technique to offer the appropriate service to the user application depending on the available context information of user and services. Furthermore, it employs a demand-based adaptive timer and caching mechanism to reduce the communication overhead and to decrease the service invocation delay. trendy’s grouping technique creates location-based teams of nodes to offer service composition. Our simulation results show that the employed techniques reduce the control packet overhead, service invocation delay and energy consumption. In addition, the grouping technique provides the foundation for group-based service mash-ups and localises control traffic to improve scalability.

SPHERE: A Sensor Platform for Healthcare in a Residential Environment

It can be tempting to think about smart homes like one thinks about smart cities. On the surface, smart homes and smart cities comprise coherent systems enabled by similar sensing and interactive technologies. It can also be argued that both are broadly underpinned by shared goals of sustainable development, inclusive user engagement and improved service delivery. However, the home possesses unique characteristics that must be considered in order to develop effective smart home systems that are adopted in the real world [37].

Classification and suitability of sensing technologies for activity recognition

Wider availability of sensors and sensing systems has pushed research in the direction of automatic activity recognition (AR) either for medical or other personal benefits e.g. wellness or fitness monitoring. Researchers apply different AR techniques/algorithms and use a wide range of sensors to discover home activities. However, it seems that the AR algorithms are purely technology-driven rather than informing studies on the type and quality of input required. There is an expectation to over-instrument the environment or the subjects and then develop AR algorithms, where instead the problem should be approached from a different angle i.e. what sensors (type, quality and quantity) a given algorithm requires to infer particular activities with a certain confidence? This paper introduces the concept of activity recognition, its taxonomy and familiarises the reader with sub-classes of sensor-based AR. Furthermore, it presents an overview of existing health services Telecare and Telehealth solutions, and introduces the hierarchical taxonomy of human behaviour analysis tasks. This work is a result of a systematic literature review and it presents the reader with a comprehensive set of home-based activities of daily living (ADL) and sensors proven to recognise these activities. Apart from reviewing usefulness of various sensing technologies for home-based AR algorithms, it highlights the problem of technology-driven cycle of development in this area.

Application of a Game Theoretic Approach in Smart Sensor Data Trustworthiness Problems

In this work we present an Intrusion Detection (ID) and an Intrusion Prevention (IP) model for Wireless Sensor Networks (WSNs). The attacker’s goal is to compromise the deployment by causing nodes to report faulty sensory information. The defender, who is the WSN’s operator, aims to detect the presence of faulty sensor measurements (ID) and to subsequently recover compromised nodes (IP). In order to address the conflicting interests involved, we adopt a Game Theoretic approach that takes into consideration the strategies of both players and we attempt to identify the presence of Nash Equilibria in the two games. The results are then verified in two simulation contexts: Firstly, we evaluate the model in a middleware-based WSN which uses clustering over a bespoke network stack. Subsequently, we test the model in a simulated IPv6-based sensor deployment. According to the findings, the results of both simulation models confirm the results of the theoretic one.

Multilevel Visualization Using Enhanced Social Network Analysis with Smartphone Data

While technology matures and becomes more productive, mobile devices can be affordable and, consequently, fully integrated in peoples lives. After their unexpected bloom and acceptance, Online Social Networks are now sources of valuable information. The authors therefore use them for tasks varying from direct marketing to forensic analysis. The authors have already seen Social Network Forensics techniques focused on particular networks implementing methods that collect data from user accounts. During the forensic analysis it is common to aggregate information from different sources but, usually, this procedure causes correlation problems. Here, the authors present their method to correlate data gathered from various social networks in combination with smartphones creating a new form of social map of the user under investigation. In addition, the authors introduce a multi level graph that utilises the correlated information from the smartphone and the social networks and demonstrates in three dimensions the relevance of each contact with the suspect.