Stelios Dritsas

Protecting privacy and anonymity in pervasive computing: trends and perspectives

Pervasive computing is expected to enter our everyday life in the foreseeable future. The capabilities of the devices, which operate in such an environment, as well as the range of services offered to the end-users are expected to be significantly increased. However, this new era is expected to have a serious effect on privacy. In this paper, we first refer to the privacy threats identified in a pervasive environment; then, we present a set of principles for ensuring privacy in this context. In the sequel, we examine a number of privacy protection mechanisms for pervasive systems, with a focus on the level of anonymity offered to the end-users. We identify flaws, these mechanisms suffer by, in terms of the limited anonymity level they offer. We conclude by presenting a set of essential actions one should take into account, in order to ensure users anonymity in a pervasive computing environment.

An ontology-based approach to information systems security management

Complexity of modern information systems (IS), impose novel security requirements. On the other hand, the ontology paradigm aims to support knowledge sharing and reuse in an explicit and mutually agreed manner. Therefore, in this paper we set the foundations for establishing a knowledge-based, ontology-centric framework with respect to the security management of an arbitrary IS. We demonstrate that the linking between high-level policy statements and deployable security controls is possible and the implementation is achievable. This framework may support critical security expert activities with respect to security requirements identification and selection of certain controls and countermeasures. In addition, we present a structured approach for establishing a security management framework and identify its critical parts. Our security ontology is being represented in a neutral manner, based on well-known security standards, extending widely used information systems modeling approaches.

SIP Vulnerabilities and Anti-SPIT Mechanisms Assessment

Although VoIP provides new ways of communication, at the same time it offers new possibilities for transmitting bulk unsolicited messages and calls, enabling spam over internet telephony (SPIT). The VoIP prevailing protocol is SIP, which it is vulnerable to threats that allow SPIT to be deployed. In this paper we assess the risk of identified threats and vulnerabilities of the SIP protocol. Then, we conduct an analytical survey of already proposed anti-SPIT techniques and we evaluate their effectiveness, in terms of how they deal with the threats and vulnerabilities. Finally, we complete our evaluation by presenting a theoretical evaluation framework, based on additional qualitative and quantitative criteria.

Threat Analysis of the Session Initiation Protocol Regarding Spam

Voice over Internet protocol (VoIP) is becoming increasingly popular due to its significant advantages regarding cost and support of enhanced multimedia services. Despite of the substantial advantages of using the Internet as the transmission medium for voice calls, we can foresee many undesirable uses, especially in terms of spam. VoIP technology may provide new means for the transmission of bulk unsolicited messages and calls (spam over Internet telephony - SPIT), mainly due to the reduced cost compared to traditional telephony. Therefore, mechanisms are essential to address the SPIT problem, while maintaining the advantages of VoIP technology. In this paper we conduct a comprehensive threat analysis that addresses the ascendant VoIP protocol, the session initiation protocol, in terms of its vulnerability regarding SPIT deliverance. Our analysis introduces the requirements that the mechanisms dealing with the SPIT phenomenon should take into account, in order to be feasible and efficient.

OntoSPIT: SPIT management through ontologies

VoIP enables new ways for communication. At the same time, it provides new means, in terms of transmitting bulk unsolicited messages and calls, namely SPam over Internet telephony (SPIT). In this paper, we propose a conceptual model, based on an underlying ontology, which describes the SPIT domain. The ontology provides capabilities, such as modeling the SPIT phenomenon in a SIP-based VoIP environment, a common understanding of SPIT domain, as well as reusable SPIT-related knowledge interoperability, aggregation and reasoning. We demonstrate that the proposed ontology, combined with a set of SPIT identification criteria, as its underlying axioms and rules, could enhance the correlation and management of SPIT incidents. It could also support SPIT detection, thus facilitating the better protection of VoIP environments in a holistic, cooperative, and effective way.

An Adaptive Policy-Based Approach to SPIT Management

Voice over IP (VoIP) is a key enabling technology, which provides new ways of communication. VoIP technologies take advantage of existing data networks to provide inexpensive voice communications world-wide as a promising alternative to the traditional telephone service. At the same time, VoIP provides the means for transmitting bulk unsolicited calls, namely SPam over Internet Telephony (SPIT). SPIT is, up to a given extend, similar to email spam. However, it is expected to be more frustrating because of the real-time processing requirements of voice calls. In this paper we set the foundations of an adaptive approach that handles SPIT through a policy-based management approach (aSPM). aSPM incorporates a set of rules for SPIT attacks detections, together with appropriate actions and controls that should be enforced so as to counter these attacks. Furthermore, the policy is formally described through an XML schema, which refers to both, the attack detection rules, and the corresponding defense actions.

On the Feasibility of Malware Attacks in Smartphone Platforms

Smartphones are multipurpose devices that host multiple and heterogeneous data. Their user base is constantly increasing and as a result they have become an attractive target for conducting privacy and security attacks. The attacks’ impact increases, when smartphone users tend to use their devices both for personal and business purposes. Moreover, application development in smartphone platforms has been simplified, in the platforms developers’ effort to attract more developers and increase its popularity by offering more attractive applications. In this paper we provide a comparative evaluation of the security level of well-known smartphone platforms, regarding their protection against simple malicious applications. We then study the feasibility and easiness of smartphone malware development by average programmers via an implementation case study. Our study proved that, under certain circumstances, all examined platforms could be used by average developers as privacy attack vector, harvesting data from the device without the users knowledge and consent.

GRID Security Review

A Computational GRID is a collection of heterogeneous computing resources spread across multiple administrative domains, serving the task of providing users with an easy access to these resources. Taking into account the advances in the area of high-speed networking, but also the increased computational power of current micro-processors, Computational GRIDs or meta-systems have gradually become more popular. However, together with the advantages that they exhibit they are also contributing to several problems associated with the design and implementation of a secure environment. The conventional approach to security, that of enforcing a single, system-wide policy, cannot be applied to large-scale distributed systems. This paper analyzes the security requirements of GRID Computing and reviews a number of security architectures that have been proposed. Furthermore, these architectures are evaluated in terms of addressing the major GRID security requirements that have been identified.

A Secure Smartphone Applications Roll-out Scheme

The adoption of smartphones, devices transforming from simple communication devices to smart and multipurpose devices, is constantly increasing. Amongst the main reasons for their vast pervasiveness are their small size, their enhanced functionality, as well as their ability to host many useful and attractive applications. Furthermore, recent studies estimate that application installation in smartphones acquired from official application repositories, such as the Apple Store, will continue to increase. In this context, the official application repositories might become attractive to attackers trying to distribute malware via these repositories. The paper examines the security inefficiencies related to application distribution via application repositories. Our contribution focuses on surveying the application management procedures enforced during application distribution in the popular smartphone platforms (i.e. Android, Black-Berry, Apple iOS, Symbian, Windows Phone), as well as on proposing a scheme for an application management system suited for secure application distribution via application repositories.

Secure cloud storage: available infrastructures and architectures review and evaluation

Cloud Computing is an emerging technology paradigm, enabling and facilitating the dynamic and versatile provision of computational resources and services. Even though the advantages offered by cloud computing are several, there still exists thoughts as per the thus offered security and privacy services. Transferring and storing data to a cloud computing infrastructure, provided by Storage-as-a-Service (STaS) tenants, changes an organizations security posture, as it is challenging to control or audit the cloud providers infrastructure in terms of the way the underlying risks are controlled and mitigated. Therefore, it is necessary that the organizations understand the new threats and risks introduced by the cloud technology. On the other hand we need to adopt, develop, and deploy mechanisms that can effectively and efficiently preserve the confidentiality and integrity of the data. In this paper we examine available cloud computing architectures, focusing on their security capabilities regarding the storage of the data. We then define a set of comparative criteria, so as to evaluate these architectures. Finally, we evaluate current commercial secure storage services, in order to demonstrate their strengths and weaknesses as well as their supported features and usability.