Emmanouil (Manos) Panaousis,
PhD, MSc, BSc, PGCert, MIEEE
Department of Computer Science
Faculty of Engineering and Physical Sciences
University of Surrey
Guildford, Surrey, GU2 7XH, UK
email: e.panaousis (at) surrey.ac.uk
Security and Privacy Games.
Game theory can answer the question regarding how the defender will react to the attacker, and vice versa, in cyber security and privacy. The strategic interaction between them is captured by a two-player game in which each player attempts to maximize his or her own interests. The attacker’s strategy depends heavily on the defender’s actions and vice versa. Thus, the effectiveness of a defense mechanism relies on both of the defender’s and attacker’s strategic behaviors. Using a game-theoretic approach, tactical analysis is performed to investigate the attack from a single node or multiple nodes. Hence, game theory is useful to investigate the strategic decision-making situations of the defender and/or to analyze the incentives of the attackers. Besides Shannon’s maxim states "One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them."
Internet-of-Things Security and Privacy.
Recent advances in information and communication technologies and embedded systems are the major reasons for the proliferation of the Internet of Things (IoT). However, security and privacy issues are a growing concern for consumers and manufacturers of IoT technologies. I am investigating novel methodologies and models that will guarantee the highest possible levels of protection of users' data and devices in presence of different security and privacy threats.
Cyber Security Decision Making.
One of the single largest concerns facing organisations today is how to protect themselves from cyber attacks whose prominence impose the need for organisations to prioritize their cyber security concerns with respect to their perceived threats. We are investigating: How do we make better security decisions? Specifically we are developing new approaches to decision support based on game theory. Our work supports professionals who design secure systems and also those charged with determining if systems have an appropriate level of security – in particular, systems administrators and CISOs.
Cyber Security Investments.
When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge and this is considered as part of the Economics of Security field. Our work has investigated how to support optimal cyber security investments against commodity attacks developing a decision support tool. We have shown that our decision support tool provides the same advice with the one advocated by the UK government with regard to the requirements for basic technical protection from cyber attacks in SMEs.
Secure Routing for Device-to-Device Communications.
Networking based on Device-to-Device (D2D) communication not only facilitates wireless and mobile peer-to-peer services but also provides energy efficient communications, locally offloading computation, offloading connectivity and high throughput. We are developing protocols that support smartphones to securely deliver a message in a multihop D2D network in presence of an adversary who can inject mobile malware into the network. Moreover, we are investigating mobile malware detection techniques that use machine learning.
It is well acknowledged that one of the key enabling factors for the realisation of future 5G networks will be the small cell (SC) technology. Furthermore, recent advances in the fields of network functions virtualisation (NFV) and software-defined networking (SDN) open up the possibility of deploying advanced services at the network edge. In the context of mobile/cellular networks this is referred to as mobile edge computing (MEC). Within the scope of the EU-funded research project SESAME we perform a comprehensive security modelling of MEC-assisted quality-of-experience (QoE) enhancement of fast moving users in a virtualised SC wireless network, and demonstrate it through a representative scenario toward 5G. Our modelling and analysis is based on a formal security requirements engineering methodology called Secure Tropos which has been extended to support MEC-based SC networks. In the proposed model, critical resources which need protection, and potential security threats are identified. Furthermore, we identify appropriate security constraints and select suitable security mechanisms for 5G networks. Thus, we reveal that existing security mechanisms need adaptation to face emerging security threats in 5G networks.