Lilian Mitrou

Insiders Trapped in the Mirror Reveal Themselves in Social Media

Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.

Smartphone sensor data as digital evidence

The proliferation of smartphones introduces new opportunities in digital forensics. One of the reasons is that smartphones are usually equipped with sensors (e.g. accelerometer, proximity sensor, etc.), hardware which can be used to infer the users context. This context may be useful in a digital investigation, as it can aid in the rejection or acceptance of an alibi, or even reveal a suspects actions or activities. Nonetheless, sensor data are volatile, thus are not available in post-mortem analysis. Thus, the only way to timely acquire them, in case such a need arises during a digital investigation, is by software that collects them when they are generated by the suspects actions. In this paper we examine the feasibility of ad-hoc data acquisition from smartphone sensors by implementing a device agent for their collection in Android, as well as a protocol for their transfer. Then, we discuss our experience regarding the data collection of smartphone sensors, as well as legal and ethical issues that arise from their collection. Finally, we describe scenarios regarding the agents preparation and use in a digital investigation.

Can We Trust This User? Predicting Insider's Attitude via YouTube Usage Profiling

Addressing the insider threat is a major issue in cyber and corporate security in order to enhance trusted computing in critical infrastructures. In this paper we study the psychosocial perspective and the implications of insider threat prediction via social media, Open Source Intelligence and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding negative attitude towards authorities. For doing so, we facilitate a brief analysis of the medium (YouTube), machine learning techniques and a dictionary-based approach, in order to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the users attitude and improve the scalability of our method. Furthermore, we compare the results of each method and highlight the common behavior and characteristics manifested by the users. As privacy violations may well-rise when using such methods, their use should be restricted only on exceptional cases, e.g. when appointing security officers or decision-making staff in critical infrastructures.

Internet Forensics: Legal and Technical Issues

This paper provides a combined approach on the major issues pertaining to the investigation of cyber crimes and the deployment of Internet forensics techniques. It discusses major issues from a technical and legal perspective and provides general directions on how these issues can be tackled. The paper also discusses the implications of data mining techniques and the issue of privacy protection with regard to the use of forensics methods.

Electronic Voting: Constitutional and Legal Requirements, and Their Technical Implications

This paper provides a systematic overview of the major constitutional and legalaspects of e-voting, together with their technical implications. All democracy-oriented legal and constitutional requirements of an Internet-based voting system are identified. Such a voting system has to comply with these, in order to encourage and promote the participation of citizens, without violating any of their fundamental rights (privacy, anonymity, equality, etc.).

Revisiting Legal and Regulatory Requirements for Secure E-Voting

This paper addresses the democracy-oriented legal and constitutional requirements that an electronic voting system has to comply with. Its scope covers every election or decision-making process, which takes place through voting. Due mainly to the digital divide and to current technological limitation, electronic voting cannot be proposed as a universal means of voting but rather as an alternative option, supplemental to traditional voting means. An electronic voting process must be designed in such a way as to guarantee the general, free, equal and secret character of elections. In a democratic context an electronic voting system should respect and ensure attributes and properties such as transparency, verifiability, accountability, security and accuracy. Only then can it foster and promote the participation of the citizens, the legitimacy and the democratic transaction of the election process.

Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition

Smartphones constantly interweave into everyday life, as they accompany individuals in different contexts. Smartphones include a combination of heterogeneous data sources, which can prove essential when combating crime. In this paper we examine potential evidence that may be collected from smartphones. We also examine the available connection channels for evidence transfer during a forensic investigation. We propose a Proactive Smartphone Investigation Scheme that focuses on ad hoc acquisition of smartphone evidence. We also, take into consideration the legal implications of the proposed scheme, as it is essential that the scheme includes prevention mechanisms, so as to protect individuals from misuse by investigators or malicious entities.

Privacy Preservation by k-Anonymization of Weighted Social Networks

Privacy preserving analysis of a social network aims at a better understanding of the network and its behavior, while at the same time protecting the privacy of its individuals. We propose an anonymization method for weighted graphs, i.e., for social networks where the strengths of links are important. This is in contrast with many previous studies which only consider unweighted graphs. Weights can be essential for social network analysis, but they pose new challenges to privacy preserving network analysis. In this paper, we mainly consider prevention of identity disclosure, but we also touch on edge and edge weight disclosure in weighted graphs. We propose a method that provides k-anonymity of nodes against attacks where the adversary has information about the structure of the network, including its edge weights. The method is efficient, and it has been evaluated in terms of privacy and utility on real word datasets.

A new strategy for improving cyber-attacks evaluation in the context of Tallinn Manual

In this paper a systematic modeling methodology for evaluating the effects of cyber-attacks on States Critical Information Infrastructure (CII) is introduced. The analysis is focused on the United Nations Charters normative scheme of the use of force, in order to define whether these attacks constitute a wrongful use of force under the principles of international law. By using the qualitative criteria for recognising the impact of cyber-attacks as proposed by the International Group of Experts in the Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) and by applying Multiple Attribute Decision Making (MADM) methods, cyber operations evaluation results are presented. For the analysis a case study of kinetic and cyber-attacks on Supervisory Control and Data Acquisition (SCADA) system is employed. Pros and cons of the Simple Additive Weighting (SAW) method and the Weighted Product Method (WPM) are evaluated. The weaknesses of applying the SAW method in cyber-attacks modelling, as well as the difficulty in defining an appropriate quantitative scale for the classification of such attacks when using WPM (due to the nonlinear relationship between attributes and overall score in WPM), lead us to present a new evaluation strategy. This new strategy combines the use of the above mentioned decision making algorithms and introduces a new grouping of Schmitts criteria based on their properties for achieving an improved cyber-attacks modelling assessment. Different quantitative scales are applied in the distinct Schmitts criteria groups in order to quantify them based on their characteristics. The correlation of the qualitative and quantitative methods of analysis leads to more accurate cyber-attack evaluation and classification.

Time synchronization: pivotal element in cloud forensics

Cloud computing CC is the new trend in computing and resource management. This architectural shift toward thin clients and the centralized on-demand provision of computing resources aspires to offer significant economical benefits to its users. However, the adaption of the CC model has forced many times the IT industry and the academia to revisit most of the traditional tools and technologies. The last few years, it has been identified that one of the computer branches that has been most affected by the CC model is Digital Forensics, one of the main law enforcement tools in the cyberspace. In this context, a new security area was born, the so-called cloud forensics CF. In this paper, we investigate the impact that the CC model has on the trustworthiness of one of the main CF sources of information, the log-files. More precisely, we bring forth a crucial but rather underestimated problem, the problem of accurate log-records timestamping. The synchronization of time stamps is of major importance for the investigation logs to be used as source of evidence. We show that this requirement is not easy in the cloud context. We demonstrate that the main features of CC render existing time synchronization techniques inadequate, and we provide a list of guidelines toward a CF aware timekeeping system. Copyright