A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.








Optimizing the channel load reporting process in IEEE 802.11 k-enabled WLANs


IEEE 802.11 k is an extension of the IEEE 802.11 specification for radio resource measurements. In an IEEE 802.11 k-enabled wireless LAN, an access point or other network element may request from a client or another access point to monitor and report the load of a channel. We call the latter a channel monitoring station. In this paper we propose a mechanism for a channel monitoring station to efficiently derive accurate values of channel load.We especially focus on optimizing the duration of channel monitoring and thus minimize the impact on applications. Note that such mechanisms are critical for the success of new sharing regimes such as cognitive radio and open spectrum access.

Emmanouil Panaousis, Pantelis Frangoudis, Christopher Ververidis, George Polyzos (2008). "Optimizing the channel load reporting process in IEEE 802.11 k-enabled WLANs." IEEE Workshop on Local and Metropolitan Area Networks (IEEE LANMAN 2008), 124, 102951.

An efficient power control algorithm for supporting cognitive communications in shared spectrum areas


The concept of Cognitive Radio (CR) is meant to be utilised by both licensed and license-exempt users that coexist in a shared spectrum area whenever they need to avoid causing unaffordable interference to each other by following some rules. In fact, primary users should be protected by any license-exempt transmission. To this end, power control is a pivotal mechanism to be used for interference management in these scenarios. Especially, transmit power control is a vehicle to mitigate interference, in presence of CR technology, when primary receivers are attempting to reach a desired Signal-to Interference Noise Ratio (SINR) level. In this work we assume that a CR network relies on the same spectrum area with a primary network. Our scope is to measure the introduced interference level caused by the CR transmitter and to properly modify its power to allow a legacy user to reach a required SINR according to location of the primary user in presence of interference. A series of results are presented to prove the efficiency of our proposed scheme.

Mahdi Pirmoradian, Christos Politis, Emmanouil A. Panaousis (2009). "An efficient power control algorithm for supporting cognitive communications in shared spectrum areas." 2010 International Conference on Mobile Lightweight Wireless Systems (Mobilight 2010).

Securing AODV against wormhole attacks in emergency MANET multimedia communications


The nature of Mobile Ad hoc NETworks (MANETs) makes them suitable to be utilized in the context of an extreme emergency for all rescue teams. We use the term emergency MANETs (eMANETs) in order to describe Next Generation Networks (NGNs) which are deployed in emergency cases such as forest fires and terrorist attacks. Secure routing in MANETs is critical. Due to the absence of a central authority, intermediate nodes act as routers forwarding packets across a multihop path. A well known attack against the conventional operation of routing protocols such as the Ad hoc On-demand Distance Vector (AODV) routing protocol, is the wormhole attack. Secure routing in eMANETs is critical due to the fact that secure multimedia communications should be established among the devices of the recovery workers. In this paper we propose a novel routing mechanism called AODV-Wormhole Attack Detection Reaction AODV-WADR to defend eMANETs against wormhole attacks. Our simulations are carried out using the network simulator ns-2 and they show that AODV-WADR does not introduce high overhead, reducing significantly the amount of packet loss caused by malicious wormhole nodes. These are critical requirements for eMANETs where lightweight security mechanisms should be applied and malicious activities should be circumvented.

Emmanouil Panaousis, Levon Nazaryan, Christos Politis (2009). "Securing AODV against wormhole attacks in emergency MANET multimedia communications."International Mobile Multimedia Communications Conference (Mobimedia 2009).

A framework supporting extreme emergency services


In many extreme emergency scenarios, such as natural or manmade disasters, the rescuers may face difficulty using traditional legacy networks due to destruction or collapse of infrastructure in such events or in case of remote disaster locations. The nature of mobile ad hoc networks (MANETs) makes them suitable to be utilized in the context of an emergency for various rescue teams. However, the security and reliability of the mobile ad hoc based communications can be decisive in the effectiveness and efficiency of rescue missions in extreme emergency cases. Furthermore, these stringent requirements propagate through to upper layers that include transport and application layer. In this paper we propose a framework for handling the P2P overlay serves different purposes and combines different technologies. The general functionalities of the framework are structured and unstructured overlays in MANETs. In addition, we propose a new suite of protocols called PEACE Security Platform (PSP) that can address the key research challenges surrounding fast, reliable and secure MANETs for supporting emergency services in extreme catastrophic events.

Emmanouil Panaousis, Arvind Ramrekha, Konstantinos Birkos, Christos Papageorgiou, Vahid Talooki, George Matthew, Cong Thien Nguyen, Corrine Sieux, Christos Politis, Tasos Dagiuklas (2009). "A framework supporting extreme emergency services." ICT Mobile and Wireless Communications Summit.

Maximizing network throughput


In this article, we investigated, using game theory, the competition in a shared open spectrum between two operators. We proposed a new way of maximization of the network throughput, and we provided new ways toward the provision of fairness. We computed an NE and NBS of an NPG and CPG, respectively. Regarding strategies and the best game to be played, there is no single answer. The best solution depends on the perspective. However, the CPG is more effective in terms of clients' experienced quality of service. Our future work involves experimenting with more than two APs in the shared area and evaluating various quality of service metrics.

Emmanouil Panaousis, Christos Politis, George C. Polyzos (2009). "Maximizing network throughput." IEEE Vehicular Technology Magazine, 4(3), 33-39.

End-to-end security protection


The IEEE 802.16 standard (mobile broadband wireless access system), which is also known as worldwide interoperability for microwave access (WiMAX), is one of the latest technologies in the wireless world. The main goal of WiMAX is to deliver wireless communications with quality of service (QoS) guarantees, security, and mobility. In this article, we have evaluated the performance of the Internet Protocol security (IPSec) over WiMAX networks. We have also illustrated the results of the simulations. We have also depicted the processing time and the throughput introduced when IPSec is applied over WiMAX technology (IEEE 802.16).

Levon Nazaryan, Emmanouil Panaousis, Christos Politis (2010). ""End-to-end security protection." IEEE Vehicular Technology Magazine 5(1), pp. 85-90.

Adaptive and secure routing protocol for emergency mobile ad hoc networks


The nature of Mobile Ad hoc NETworks (MANETs) makes them suitable to be utilized in the context of an extreme emergency for all involved rescue teams. We use the term emergency MANETs (eMANETs) in order to describe next generation IP-based networks, which are deployed in emergency cases such as forest fires and terrorist attacks. The main goal within the realm of eMANETs is to provide emergency workers with intelligent devices such as smart phones and PDAs. This technology allows communication "islets" to be established between the members of the same or different emergency teams (policemen, firemen, paramedics). In this article, we discuss an adaptive and secure routing protocol developed for the purposes of eMANETs. We evaluate the performance of the protocol by comparing it with other widely used routing protocols for MANETs. We finally show that the overhead introduced due to security considerations is affordable to support secure ad-hoc communications among lightweight devices.

Emmanouil Panaousis, Tipu A Ramrekha, Grant Millar, Christos Politis (2010). "Adaptive and secure routing protocol for emergency mobile ad hoc networks." International Journal of Wireless and Mobile Computing.

ROBUST: Reliable overlay based utilisation of services and topology for emergency MANETs


Emergency services and networks are an emerging area of scientific research. During an emergency scenario such as forest fires, earthquakes, tsunamis and terrorist attacks rescuers need to establish communication to coordinate their actions by using smart and lightweight mobile devices. To this end, autonomous networks should be utilised to support the afore communications. Mobile Ad-hoc Networks (MANETs) are a characteristic paradigm of IP-based autonomous networks that can be deployed during critical emergency missions. We propose utilising a peer-to-peer (P2P) paradigm when designing application layer communication and data sharing technologies between participants of the MANET. The architecture therefore must allow nodes to send and retrieve data without knowledge of the complexities of the network. To this end we propose a Distributed Hash Table (DHT) architecture which we optimise for use in these situations and prove our theorem to be more efficient in such cases than its current counterpart.

Grant Millar, Emmanouil Panaousis, Christos Politis (2010). "ROBUST: Reliable overlay based utilisation of services and topology for emergency MANETs." 2010 Future Network & Mobile Summit.

Secure routing for supporting ad-hoc extreme emergency infrastructures


The importance of emergency services has lead to an indispensable need for lightweight technologies that will support emergency rescue missions. Due to their nature and the non-infrastructure characteristics Mobile Ad-hoc Networks (MANETs) are characterised as autonomous networks that have the potential to be exploited when wireless communications should be established in an ad-hoc manner in cases that traditional telecommunications infrastructures such as 3G have failed. A critical issue within the context of MANETs is the routing protocol that has to be followed by the nodes in order to set up communication “bridges” among each other. On the other hand, malicious entities may try to disrupt the conventional functionality of any routing protocol by (i) modifying routing information, (ii) fabricating false routing information and (iii) impersonating other nodes. In this paper we apply the IPSec protocol over well known routing protocols for MANETs and we evaluate their performance along with the lines of choosing an appropriate secure routing mechanism that can be applicable in emergency MANETs (eMANETs). These are MANETs that are established during an emergency scenario to provide communication links among the rescuers. To simulate the mobility of the rescuers during an emergency mission an appropriate mobility model has been utilised and acknowledged.

Emmanouil Panaousis, Tipu Arvind Ramrekha, Christos Politis (2010). "Secure routing for supporting ad-hoc extreme emergency infrastructures." Future Network & Mobile Summit.

ChaMeLeon (CML): A hybrid and adaptive routing protocol for emergency situations


This document describes the ChaMeLeon (CML) routing protocol designed for Mobile Ad hoc NETworks (MANETs) supporting emergency communications. CML is a hybrid and adaptive routing protocol operating within a defined disaster area denoted as the Critical Area (CA). The main concept behind CML is the adaptability of its routing mechanisms towards changes in the physical and logical state of a MANET. For autonomous emergency communications, there is a likelihood that the network size will vary whenever more rescuers join or leave the network. In addition, battery exhaustion of lightweight mobile communication devices used by rescuers could stipulate another reason for changes in the network size. Hence, this version of CML adapts its routing behavior according to changes in the network size within a pre-defined CA. For small networks, CML routes data proactively using the Optimized Link State Routing (OLSR) protocol whereas for larger networks it utilizes the reactive Ad hoc On-Demand Distance Vector (AODV) Routing protocol so that overall routing performance is improved. These transitions occur via the CML oscillation phase. This document focuses on the description of the processes involved in the CML Cognitive and Adaptive Module (CAM), CML Oscillation phase and transition between phases.

Tipu Arvind Ramrekha, Emmanouil Panaousis, Christos Politis (2010). "ChaMeLeon (CML): A hybrid and adaptive routing protocol for emergency situations." IETF MANET Working Group.

A testbed implementation for securing olsr in mobile ad hoc networks


Contemporary personal computing devices are increasingly required to be portable and mobile enabling user’s wireless access, to wired network infrastructures and services. This approach to mobile computing and communication is only appropriate in situations where a coherent infrastructure is available. There are many situations where these requirements are not fulfilled such as; developing nations, rural areas, natural disasters, and military conflicts to name but a few. A practical solution is to use mobile devices interconnected via a wireless medium to form a network, known as a Mobile Ad-hoc Network (MANET), and provide the services normally found in wired networks. Security in MANETs is an issue of paramount importance due to the wireless nature of the communication links. Additionally due to the lack of central administration security issues are different from conventional networks. For the purposes of this article we have used the WMN testbed to enable secure routing in MANETs.The use of cryptography is an efficient proven way of securing data in communications, but some cryptographic algorithms are not as efficient as others and require more processing power, which is detrimental to MANETs. In this article we have assessed different cryptographic approaches to securing the OLSR (Optimised Link State Routing) protocol to provide a basis for research. We conclude the paper with a series of performance evaluation results regarding different cryptographic and hashing schemes. Our findings clearly show that the most efficient combination of algorithms used for authentication and encryption are SHA-1 (Secure Hash Algorithm-1) and AES (Advanced Encryption Standard) respectively. Using this combination over their counterparts will lead to a considerable reduction in processing time and delay on the network, creating an efficient transaction moving towards satisfying resource constraints and security requirements.

Emmanouil Panaousis, George Drew, Grant Millar, Tipu A Ramrekha, Christos Politis (2010). "A testbed implementation for securing olsr in mobile ad hoc networks." International Journal of Network Security & Its Applications.

Performance evaluation of secure video transmission over WIMAX


WiMAX is a wireless digital communication system based on the IEEE 802.16 standard which provides broadband wireless Internet access at very high rates that is up to 70 Mbps or a data rate of about 3 Mbps within a radius of 30-mile (data rate increases as the distance decreases). With the rapid increase in the wireless broadband use, the need for wireless fixed and mobile metropolitan area networks has ever been increasing. Multimedia communications, including audio and video are highly bandwidth demanding and error sensitive. When the coverage area of the wireless network technology is as high as with WiMAX, security becomes one of the most important issues.WiMAX, both mobile and fixed, has many attractive features such as connection-oriented MAC layer, provision of the Quality-of-Service (QoS) for different applications, efficient mobility and power save mode features. Needless to say, all these attractive features must be protected against malicious activities by security mechanisms.Providing secure multimedia communications by using a broadband wireless technology like WiMAXis likely to be challenging due to time or space overhead that occur. Security mechanisms might increase packet sizes thus delay, jitter and throughput are increased. In this paper, we evaluate the performance of secure video transmission over WiMAX networks under different cryptographic algorithms by using the OPNET simulator. The outcome of the results show negligible overhead introduced by the security extensions giving credence to their application in security sensitive scenarios.

Farrukh Ehtisham, Emmanouil Panaousis, Christos Politis (2011). "Performance evaluation of secure video transmission over WIMAX." International Journal of Computer Networks and Communications.

Recipients’ anonymity in multihop ad-hoc networks


Multihop ad-hoc networks have a dynamic topology. Retrieving a route towards a remote peer requires the execution of a recipient lookup, which can publicly reveal sensitive information about him. Within this context, we propose an efficient, practical and scalable solution to guarantee the anonymity of recipients' nodes in ad-hoc networks.

Helena Rifa-Pous, Emmanouil Panaousis, Christos Politis (2012). "Recipients anonymity in multihop ad-hoc networks." Transactions on Information Systems.

Distributed hash tables for peer-to-peer mobile ad-hoc networks with security extensions


Serverless distributed computing, especially Mobile Ad-hoc NETworks (MANETs) have received significant attention from the research community. Peer-to-peer overlay networks have the potential to accommodate largescale, decentralised applications that can be integrated into a MANET architecture to enable peer-to-peer communication among different mobile peers. These overlay architectures must be very resilient and their utilisation, reliability and availability must satisfy the needs of mobile computing. One must also heed the fact that the wireless nature of the medium introduces security vulnerabilities. The aim of the work described in this paper is twofold. First, we describe our peer-to-peer distributed hash table (DHT) architecture entitled Reliable Overlay Based Utilisation of Services and Topology (ROBUST). This is designed to be efficiently applied to MANETs. We additionally propose security extensions to protect the ROBUST signalling messages against malicious activities. We evaluate the ROBUST performance as well as the security extensions under varying levels of mobility and network sizes by building a custom DHT module for the network simulator ns-2. The outcome of the results show negligible overhead introduced by the extensions giving credence to their application in security sensitive scenarios.

Grant Millar, Emmanouil Panaousis, Christos Politis (2012). "Distributed hash tables for peer-to-peer mobile ad-hoc networks with security extensions." Journal of Networks 7(2): 288-299 (2012).

A case study of internet of things based on wireless sensor networks and smart phones


In the state of the art, Internet of Things (IoT) tends to be touted as a future technology. Based on that concept and the constant development of Wireless Sensor Networks (WSNs), this paper explains and implements a case study of a converged Internet of Things based on a WSN and a smartphone. The implementation integrates the networking capabilities of a WSN, a wireless local area network and a smartphone device, in order to achieve a monitoring service and tracking mobility of objects for the purposes of future Internet of Things services. The scenario is to create a service, or a way that one will be able to understand and monitor an individual’s movement inside a house. At the end new concepts and ideas for future work will be presented. The paper is part of the WMN Research Group ongoing research to implement a futuristic service for monitoring elderly residents under the concept of smart homes.

Alkiviadis Tsitsigkos, Fariborz Entezami, Arvind Ramrekha, Christos Politis, Emmanouil Panaousis (2012). "Security challenges of small cell as a service in virtualized mobile edge computing environments." 28th Wireless World Research Forum Meeting (WWRF).

Security model for emergency real-time communications in autonomous networks


Towards the proliferation of architectures, tools and applications that have the potential to be used during an emergency rescue mission, we present a framework for emergency real-time communication using autonomous networks, called emergency Mobile Ad-hoc Networks (eMANETs). By eMANETs we refer to networks that are deployed in emergency cases where default telecommunications infrastructure has failed. Our goal is to design a security framework that will secure real-time communications during emergency rescue scenarios. The proposed framework consists of a secure routing protocol, intrusion detection provision and security extension for real-time communications using peer-to-peer overlays. We envisage that the results of this work will aid and serve the needs of any society against any event that threatens serious damage to human welfare or to the environment.

Emmanouil Panaousis, Christos Politis, Konstantinos Birkos, Christos P Papageorgiou, Tasos Dagiuklas (2012). "Security model for emergency real-time communications in autonomous networks." The Journal of Supercomputing, 86, 13-23.

Secure decentralised ubiquitous networking for emergency communications


Our modern densely populated cities have created an Achilles heel for public safety services where natural or man-made disasters often result in high casualties. The 2005 London bombings have exposed the inadequacy of current First Responder (FR) communication systems for modern response operations. Additionally, FR organisations presently pay a tariff each time Public Protection and Disaster Relief (PPDR) communication technologies are used, rendering current PPDR communication expensive as compared to emerging license-exempt IP-based technologies. Decentralised ubiquitous networking proposes an alternative way of providing innovative secure wireless systems for IP-based, infrastructure independent PPDR communications. The ad-hoc setup capabilities of ubiquitous systems will reduce the cost for emergency response whilst allowing more flexible ways of communicating. Key characteristics of such systems are their ease of deployment and the interoperability across FR teams for national as well as cross border operations. In this paper we discuss how decentralised ubiquitous networking can assist emergency communications.

Emmanouil Panaousis, Tipu Arvind Ramrekha, Christos Politis, Grant Millar (2010). "Secure decentralised ubiquitous networking for emergency communications." 2012 International Conference on Telecommunications and Multimedia (TEMU 2012).

A probabilistic algorithm for secret matrix share size reduction


Secret sharing is an important tool in cryptography and has many applications for wireless networks. This paper is motivated by the need for space-efficient secret sharing schemes. We first propose a simple probabilistic algorithm which can be used, prior to secret sharing, in order to split a given secret into public and private data. The public data can be made openly available, and any specific secret sharing method can be used in order to share the private data. We then show that, combined with a previously published space-efficient single secret sharing method, this yields a novel probabilistic matrix-based online multi-secret sharing method with small expected share size. In particular, compared with other matrix-based approaches, our scheme is of similar expected computational cost but smaller share size. Finally, we report on an implementation of our method and evaluate its performance. Our algorithm could be useful to design efficient secret sharing applications for wireless networks, in particular mobile ad-hoc networks, in areas such as secure routing, data transmission or key management.

Eckhard Pfluegel, Emmanouil Panaousis, Christos Politis (2013). "A probabilistic algorithm for secret matrix share size reduction." 2013 European Wireless Conference.

Standardisation advancements in the area of routing for mobile ad-hoc networks


Mobile Ad hoc Networks (MANETs) are self-organized and fully distributed networks that rely on the collaboration of participating devices to route data from source to destination. The MANET paradigm is expected to enable ubiquitous mobile communication and thus the proliferation of pervasive applications. The MANET Working Group (WG) of the Internet Engineering Task Force (IETF) is responsible for standardizing an appropriate Internet Protocol (IP) based routing protocol functionality for both static (mesh) and dynamic (mobile) wireless ad hoc network topologies. In this paper, we provide a background on the possibility to use MANETs for enabling future pervasive internet and innovative ubiquitous services. We also describe the work achieved by the MANET WG thus far on the area of secure unicast and multicast routing for MANETs. We also examine non-IETF work on this area, chiefly based on adaptive and hybrid routing. The paper then presents comparative performance evaluations of discussed routing protocols. It is mainly observed that there is a need for adaptive hybrid routing approaches in order to support future innovative and pervasive applications. Consequently, we present our conclusions.

Tipu A Ramrekha, Emmanouil Panaousis, Christos Politis (2013). "Standardisation advancements in the area of routing for mobile ad-hoc networks." The Journal of Supercomputing, 64, 409–434.

Game theory meets information security management


This work addresses the challenge “how do we make better security decisions?” and it develops techniques to support human decision making and algorithms which enable well-founded cyber security decisions to be made. In this paper we propose a game theoretic model which optimally allocates cyber security resources such as administrators’ time across different tasks. We first model the interactions between an omnipresent attacker and a team of system administrators seen as the defender, and we have derived the mixed Nash Equilibria (NE) in such games. We have formulated general-sum games that represent our cyber security environment, and we have proven that the defender’s Nash strategy is also minimax. This result guarantees that independently from the attacker’s strategy the defender’s solution is optimal. We also propose Singular Value Decomposition (SVD) as an efficient technique to compute approximate equilibria in our games. By implementing and evaluating a minimax solver with SVD, we have thoroughly investigated the improvement that Nash defense introduces compared to other strategies chosen by common sense decision algorithms. Our key finding is that a particular NE, which we call weighted NE, provides the most effective defense strategy. In order to validate this model we have used real-life statistics from Hackmageddon, the Verizon 2013 Data Breach Investigation report, and the Ponemon report of 2011. We finally compare the game theoretic defense method with a method which implements a stochastic optimization algorithm.

Andrew Fielder, Emmanouil Panaousis, Pasquale Malacaria, Chris Hankin, and Fabrizio Smeraldi (2014). "Game theory meets information security management." IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC).

Cybersecurity games and investments: A decision support approach


In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly interested in examining cases where the organization suffers from an underinvestment problem or inefficient spending on cybersecurity. To this end, we first model the cybersecurity environment of an organization. We then model non-cooperative cybersecurity control-games between the defender which abstracts all defense mechanisms of the organization and the attacker which can exploit different vulnerabilities at different network locations. To implement our methodology we use the SANS Top 20 Critical Security Controls and the 2011 CWE/SANS top 25 most dangerous software errors. Based on the profile of an organization, which forms its preferences in terms of indirect costs, its concerns about different kinds of threats and the importance of the assets given their associated risks we derive the Nash Equilibria of a series of control-games. These game solutions are then handled by optimization techniques, in particular multi-objective, multiple choice Knapsack to determine the optimal cybersecurity investment. Our methodology provides security effective and cost efficient solutions especially against commodity attacks. We believe our work can be used to advise security managers on how they should spend an available cybersecurity budget given their organization profile.

Emmanouil Panaousis, Andrew Fielder, Pasquale Malacaria, Chris Hankin, and Fabrizio Smeraldi (2014). "Cybersecurity games and investments: A decision support approach." Conference on Decision and Game Theory for Security (GameSec 2014).

Secure message delivery games for device-to-device communications


Device-to-Device (D2D) communication is expected to be a key feature supported by next generation cellular networks. D2D can extend the cellular coverage allowing users to communicate when telecommunications infrastructure are highly congested or absent. In D2D networks, any message delivery from a source to a destination relies exclusively on intermediate devices. Each device can run different kinds of mobile security software, which offer protection against viruses and other harmful programs by using real-time scanning in every file entering the device. In this paper, we investigate the best D2D network path to deliver a potentially malicious message from a source to a destination. Although our primary objective is to increase security, we also investigate the contribution of energy costs and quality-of-service to the path selection. To this end, we propose the Secure Message Delivery (SMD) protocol, whose main functionality is determined by the solution of the Secure Message Delivery Game (SMDG). This game is played between the defender (i.e., the D2D network) which abstracts all legitimate network devices and the attacker which abstracts any adversary that can inject different malicious messages into the D2D network in order, for instance, to infect a device with malware. Simulation results demonstrate the degree of improvement that SMD introduces as opposed to a shortest path routing protocol. This improvement has been measured in terms of the defender’s expected cost as defined in SMDGs. This cost includes security expected damages, energy consumption incurred due to messages inspection, and the quality-of-service of the D2D message communications.

Emmanouil Panaousis, Tansu Alpcan, Hossein Fereidooni, Mauro Conti (2014). "Secure message delivery games for device-to-device communications." International Conference on Decision and Game Theory for Security (GameSec 2014).

A Game-theoretic approach for minimizing security risks in the internet-of-things


In the Internet-of-Things (IoT), users might share part of their data with different IoT prosumers, which offer applications or services. Within this open environment, the existence of an adversary introduces security risks. These can be related, for instance, to the theft of user data, and they vary depending on the security controls that each IoT prosumer has put in place. To minimize such risks, users might seek an “optimal” set of prosumers. However, assuming the adversary has the same information as the users about the existing security measures, he can then devise which prosumers will be preferable (e.g., with the highest security levels) and attack them more intensively. This paper proposes a decision-support approach that minimizes security risks in the above scenario. We propose a non-cooperative, two-player game entitled Prosumers Selection Game (PSG). The Nash Equilibria of PSG determine subsets of prosumers that optimize users’ payoffs. We refer to any game solution as the Nash Prosumers Selection (NPS), which is a vector of probabilities over subsets of prosumers. We show that when using NPS, a user faces the least expected damages. Additionally, we show that according to NPS every prosumer, even the least secure one, is selected with some non-zero probability. We have also performed simulations to compare NPS against two different heuristic selection algorithms. The former is proven to be approximately 38% more effective in terms of security-risk mitigation.

George Rontidis, Emmanouil Panaousis, Aron Laszka, Tasos Dagiuklas, Pasquale Malacaria, Tansu Alpcan (2019). "A Game-theoretic approach for minimizing security risks in the internet-of-things." 1st IEEE International Workshop on Security and Privacy for Internet of Things and Cyber-Physical Systems (IoT/CPS-Security).

Game-theoretic model of incentivizing privacy-aware users to consent to location tracking


Nowadays, mobile users have a vast number of applications and services at their disposal. Each of these might impose some privacy threats on users' "Personally Identifiable Information" (PII). Location privacy is a crucial part of PII, and as such, privacy-aware users wish to maximize it. This privacy can be, for instance, threatened by a company, which collects users' traces and shares them with third parties. To maximize their location privacy, users can decide to get offline so that the company cannot localize their devices. The longer a user stays connected to a network, the more services he might receive, but his location privacy decreases. In this paper, we analyze the trade-off between location privacy, the level of services that a user experiences, and the profit of the company. To this end, we formulate a Stackelberg Bayesian game between the User (follower) and the Company (leader). We present theoretical results characterizing the equilibria of the game. To the best of our knowledge, our work is the first to model the economically rational decision-making of the service provider (i.e., the Company) in conjunction with the rational decision making of users who wish to protect their location privacy. To evaluate the performance of our approach, we have used real-data from a testbed, and we have also shown that the game-theoretic strategy of the Company outperforms non-strategic methods. Finally, we have considered different User privacy types, and have determined the service level that incentivizes the User to stay connected as long as possible.

Emmanouil Panaousis, Aron Laszka, Johannes Pohl, Andreas Noack, Tansu Alpcan (2015). "Game-theoretic model of incentivizing privacy-aware users to consent to location tracking." 2015 IEEE Trustcom/BigDataSE/ISPA.

Decision support approaches for cyber security investment


When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation, and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. As game theory captures the interaction between the endogenous organisation’s and attackers’ decisions, we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a Knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice Knapsack based strategy. To compare these approaches we built a decision support tool and a case study regarding current government guidelines. The endeavour of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security investment. Going a step further in validating our work, we have shown that our decision support tool provides the same advice with the one advocated by the UK government with regard to the requirements for basic technical protection from cyber attacks in SMEs.

Andrew Fielder, Emmanouil Panaousis, Pasquale Malacaria, Chris Hankin, Fabrizio Smeraldi (2016). "Decision support approaches for cyber security investment." Decision Support Systems, 86, 13-23.
(JCR 2016: 3.222, CiteScore 2016: 8.8)

Security challenges of small cell as a service in virtualized mobile edge computing environments


Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users.

Vassilios G. Vassilakis, Emmanouil Panaousis, Haralambos Mouratidis (2016). "Security challenges of small cell as a service in virtualized mobile edge computing environments." 2016 Information Security Theory and Practice (WISTP 2016).

Evaluating case-based reasoning knowledge discovery in fraud detection


The volume of banking transaction has increased considerably in the recent years with advancement in financial transactions payment methods. Consequently, the number of fraud cases has also increased, causing billion of dollar losses each year worldwide, although from Literature, there has been substantial work in the domain of fraud detection by both the industry and academia's. Despite the substantial work, there are few researches in applying case-based reasoning (CBR) approach in the context of detecting Financial Fraud. In this paper we aim at evaluating the performance of CBR in Identifying fraudulent patterns among financial transaction by comparing it with logistic regression (LR) and neural network (NN) which are often used in many related work. To evaluate our approach simulated data, based on a sample of real anonymous transaction provided by a bank was used and the result shows that LR outperformed NN and CBR model, with a steady increase in precision, sensitivity and specificity as the percentage ratio for the training and test data were varied. This was due to the linearity, fuzziness and presence of uncertainty in the sampling dataset. Therefore, we can reach a conclusion that part of the possible reasons why there are few research in applying CBR to the context of detecting financial fraud patterns may be due to incomplete information, fuzziness and uncertainty in the available data sets used for experimentation.

Adeyinka Adedoyin, Stelios Kapetanakis, Miltos Petridis, Emmanouil Panaousis (2016). "Evaluating case-based reasoning knowledge discovery in fraud detection." International Conference on Case-Based Reasoning (ICCBR) Workshops.
(CORE2017 Ranking: B)

Game theoretic path selection to support security in device-to-device communications


Device-to-Device (D2D) communication is expected to be a key feature supported by 5G networks, especially due to the proliferation of Mobile Edge Computing (MEC), which has a prominent role in reducing network stress by shifting computational tasks from the Internet to the mobile edge. Apart from being part of MEC, D2D can extend cellular coverage allowing users to communicate directly when telecommunication infrastructure is highly congested or absent. This significant departure from the typical cellular paradigm imposes the need for decentralised network routing protocols. Moreover, enhanced capabilities of mobile devices and D2D networking will likely result in proliferation of new malware types and epidemics. Although the literature is rich in terms of D2D routing protocols that enhance quality-of-service and energy consumption, they provide only basic security support, e.g., in the form of encryption. Routing decisions can, however, contribute to collaborative detection of mobile malware by leveraging different kinds of anti-malware software installed on mobile devices. Benefiting from the cooperative nature of D2D communications, devices can rely on each others’ contributions to detect malware. The impact of our work is geared towards having more malware-free D2D networks. To achieve this, we designed and implemented a novel routing protocol for D2D communications that optimises routing decisions for explicitly improving malware detection. The protocol identifies optimal network paths, in terms of malware mitigation and energy spent for malware detection, based on a game theoretic model. Diverse capabilities of network devices running different types of anti-malware software and their potential for inspecting messages relayed towards an intended destination device are leveraged using game theoretic tools. An optimality analysis of both Nash and Stackelberg security games is undertaken, including both zero and non-zero sum variants, and the Defender’s equilibrium strategies. By undertaking network simulations, theoretical results obtained are illustrated through randomly generated network scenarios showing how our protocol outperforms conventional routing protocols, in terms of expected payoff, which consists of: security damage inflicted by malware and malware detection cost.

Emmanouil Panaousis, Eirini Karapistoli, Hadeer Elsemary, Tansu Alpcan, MHR Khuzani, Anastasios A. Economides (2017). "Game theoretic path selection to support security in device-to-device communications." Ad Hoc Networks, 56, 28-42.
(JCR 2017: 3.151, CiteScore 2017: 6.8)

Security requirements modelling for virtualized 5G small cell networks


It is well acknowledged that one of the key enabling factors for the realization of future 5G networks will be the small cell (SC) technology. Furthermore, recent advances in the fields of network functions virtualization (NFV) and software-defined networking (SDN) open up the possibility of deploying advanced services at the network edge. In the context of mobile/cellular networks this is referred to as mobile edge computing (MEC). Within the scope of the EU-funded research project SESAME we perform a comprehensive security modelling of MEC-assisted quality-of-experience (QoE) enhancement of fast moving users in a virtualized SC wireless network, and demonstrate it through a representative scenario toward 5G. Our modelling and analysis is based on a formal security requirements engineering methodology called Secure Tropos which has been extended to support MEC-based SC networks. In the proposed model, critical resources which need protection, and potential security threats are identified. Furthermore, we identify appropriate security constraints and suitable security mechanisms for 5G networks. Thus, we reveal that existing security mechanisms need adaptation to face emerging security threats in 5G networks.

Vassilios G. Vassilakis, Haralambos Mouratidis, Emmanouil Panaousis, Ioannis D. Moscholios, Michael D. Logothetis (2017). "Security requirements modelling for virtualized 5G small cell networks." 24th International Conference on Telecommunications (ICT).

The applicability of ambient sensors as proximity evidence for NFC transactions


Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism for NFC contactless-based applications like banking, transport and high-security access controls. We selected 17 sensors available via the Google Android platform. Each sensor, where feasible, was used to record the measurements of 1,000 contactless transactions at four different physical locations. A total of 252 users, a random sample from the university student population, were involved during the field trials. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for proximity detection in NFC-based contactless applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness.

Carlton Shepherd, Iakovos Gurulian, Eibe Frank, Konstantinos Markantonakis, Raja Naeem Akram, Emmanouil Panaousis, Keith Mayes (2017). "The applicability of ambient sensors as proximity evidence for NFC transactions." 2017 IEEE Security and Privacy Workshops (IEEE SPW).

A conceptual model to support security analysis in the internet of things


This paper proposes a conceptual model to support decision makers during security analysis of Internet of Things (IoT) systems. The world is entering an era of ubiquitous computing with IoT being the main driver. Taking into account the scale of IoT, the number of security issues that are arising are unprecedented. Both academia and industry require methodologies that will enable reasoning about security in IoT system in a concise and holistic manner. The proposed conceptual model addresses a number of challenges in modeling IoT to support security analysis. The model is based on an architecture-oriented approach that incorporates sociotechnical concepts into the security analysis of an IoT system. To demonstrate the usage of the proposed conceptual model, we perform a security analysis on a small scale smart home example.

Orestis Mavropoulos, Haralambos Mouratidis, Andrew Fish, Emmanouil Panaousis, Christos Kalloniatis (2017). "A conceptual model to support security analysis in the internet of things." Computer Science and Information Systems.

Apparatus: Reasoning about security requirements in the internet of things


Internet of Things (IoT) can be seen as the main driver towards an era of ubiquitous computing. Taking into account the scale of IoT, the number of security issues that emerge are unprecedented, therefore the need for proposing new methodologies for elaborating about security in IoT systems is undoubtedly crucial and this is recognised by both academia and the industry alike. In this work we present Apparatus, a conceptual model for reasoning about security in IoT systems through the lens of Security Requirements Engineering. Apparatus is architecture-oriented and describes an IoT system as a cluster of nodes that share network connections. The information of the system is documented in a textual manner, using Javascript Notation Object (JSON) format, in order to elicit security requirements. To demonstrate its usage the security requirements of a temperature monitor system are identified and a first application of Apparatus is exhibited.

Orestis Mavropoulos, Haralambos MouratidisAndrew Fish, Emmanouil Panaousis, Christos Kalloniatis (2017). "Apparatus: Reasoning about security requirements in the internet of things." International Conference on Advanced Information Systems Engineering.

ASTo: A tool for security analysis of IoT systems


In this paper, a software tool for security analysis of IoT systems is presented. The tool, named ASTo (Apparatus Software Tool) enables the visualization of IoT systems using a domain-specific modeling language. The modeling language provides constructs to express the hardware, software and social concepts of an IoT system along with security concepts. Security issues of IoT systems are identified based on the attributes of the constructs and their relationships. Security analysis is facilitated using the visualization mechanisms of the tool to recognize the secure posture of an IoT system.

Orestis Mavropoulos, Haralambos Mouratidis, Andrew Fish, Emmanouil Panaousis (2017). "ASTo: A tool for security analysis of IoT systems." IEEE 15th International Conference on Software Engineering Research, Management and Applications.

Selecting security mechanisms in secure tropos


As security is a growing concern for modern information systems, Security Requirements Engineering has been developed as a very active area of research. A large body of work deals with elicitation, modelling, analysis, and reasoning about security requirements. However, there is little evidence of efforts to align security requirements with security mechanisms. This paper extends the Secure Tropos methodology to enable a clear alignment, between security requirements and security mechanisms, and a reasoning technique to optimise the selection of security mechanisms based on these security requirements and a set of other factors. The extending Secure Tropos supports modelling and analysis of security mechanisms; defines mathematically relevant modelling concepts to support a formal analysis; and defines and solves an optimisation problem to derive optimal sets of security mechanisms. We demonstrate the applicability of our work with the aid of a case study from the health care domain.

Michalis Pavlidis, Haralambos Mouratidis, Emmanouil Panaousis, Nikolaos Argyropoulos (2017). "Selecting security mechanisms in secure tropos." International Conference on Trust, Privacy & Security in Digital Business, 10442, 99–114.
(CORE2018 Ranking: B)

COALA: A protocol for the avoidance and alleviation of congestion in wireless sensor networks


The occurrence of congestion has an extremely deleterious impact on the performance of Wireless Sensor Networks (WSNs). This article presents a novel protocol, named COALA (COngestion ALleviation and Avoidance), which aims to act both proactively, in order to avoid the creation of congestion in WSNs, and reactively, so as to mitigate the diffusion of upcoming congestion through alternative path routing. Its operation is based on the utilization of an accumulative cost function, which considers both static and dynamic metrics in order to send data through the paths that are less probable to be congested. COALA is validated through simulation tests, which exhibit its ability to achieve remarkable reduction of loss ratios, transmission delays and energy dissipation. Moreover, the appropriate adjustment of the weighting of the accumulative cost function enables the algorithm to adapt to the performance criteria of individual case scenarios.

Dionisis Kandris, George Tselikis, Eleftherios Anastasiadis, Emmanouil Panaousis, Tasos Dagiuklas (2017). "COALA: A protocol for the avoidance and alleviation of congestion in wireless sensor networks." Sensors, 17(11), 2502. (JCR 2018: 2.677, CiteScore 2018: 4.3)

An options approach to cybersecurity investment


Cybersecurity has become a key factor that determines the success or failure of companies that rely on information systems. Therefore, investment in cybersecurity is an important financial and operational decision. Typical information technology investments aim to create value, whereas cybersecurity investments aim to minimize loss incurred by cyber attacks. Admittedly, cybersecurity investment has become an increasingly complex one, since information systems are typically subject to frequent attacks, whose arrival and impact fluctuate stochastically. Furthermore, cybersecurity measures and improvements, such as patches, become available at random points in time making investment decisions even more challenging. We propose and develop an analytical real options framework that incorporates major components relevant to cybersecurity practice, and analyze how optimal cybersecurity investment decisions perform for a private firm. The novelty of this paper is that it provides analytical solutions that lend themselves to intuitive interpretations regarding the effect of timing and cybersecurity risk on investment behavior using real options theory. Such aspects are frequently not implemented within economic models that support policy initiatives. However, if these are not properly understood, security controls will not be properly set resulting in a dynamic inefficiency reflected in cycles of over or under investment, and, in turn, increased cybersecurity risk following corrective policy actions. Results indicate that greater uncertainty over the cost of cybersecurity attacks raises the value of an embedded option to invest in cybersecurity. This increases the incentive to suspend operations temporarily in order to install a cybersecurity patch that will make the firm more resilient to cybersecurity breaches. Similarly, greater likelihood associated with the availability of a cybersecurity patch increases the value of the option to invest in cybersecurity. However, the absence of an embedded investment option increases the incentive to delay the permanent abandonment of the company's operation due to the irreversible nature of the decision.

Michail Chronopoulos, Emmanouil Panaousis, Jens Grossklags (2017). "An options approach to cybersecurity investment." IEEE Access, 16(4), 12175-12186.
(JCR 2017: 3.557, CiteScore: 2.4)

Risk assessment uncertainties in cybersecurity investments


When undertaking cybersecurity risk assessments, it is important to be able to assign numeric values to metrics to compute the final expected loss that represents the risk that an organization is exposed to due to cyber threats. Even if risk assessment is motivated by real-world observations and data, there is always a high chance of assigning inaccurate values due to different uncertainties involved (e.g., evolving threat landscape, human errors) and the natural difficulty of quantifying risk. Existing models empower organizations to compute optimal cybersecurity strategies given their financial constraints, i.e., available cybersecurity budget. Further, a general game-theoretic model with uncertain payoffs (probability-distribution-valued payoffs) shows that such uncertainty can be incorporated in the game-theoretic model by allowing payoffs to be random. This paper extends previous work in the field to tackle uncertainties in risk assessment that affect cybersecurity investments. The findings from simulated examples indicate that although uncertainties in cybersecurity risk assessment lead, on average, to different cybersecurity strategies, they do not play a significant role in the final expected loss of the organization when utilising a game-theoretic model and methodology to derive these strategies. The model determines robust defending strategies even when knowledge regarding risk assessment values is not accurate. As a result, it is possible to show that the cybersecurity investments’ tool is capable of providing effective decision support.

Andrew Fielder, Sandra König, Emmanouil Panaousis, Stefan Schauer, Stefan Rass (2018). "Risk assessment uncertainties in cybersecurity investments." Games, 9(2), 34.

Unsupervised learning for trustworthy IoT


The advancement of Internet-of-Things (IoT) edge devices with various types of sensors enables us to harness diverse information with Mobile Crowd-Sensing applications (MCS). This highly dynamic setting entails the collection of ubiquitous data traces, originating from sensors carried by people, introducing new information security challenges; one of them being the preservation of data trustworthiness. What is needed in these settings is the timely analysis of these large datasets to produce accurate insights on the correctness of user reports. Existing data mining and other artificial intelligence methods are the most popular to gain hidden insights from IoT data, albeit with many challenges. In this paper, we first model the cyber trustworthiness of MCS reports in the presence of intelligent and colluding adversaries. We then rigorously assess, using real IoT datasets, the effectiveness and accuracy of well-known data mining algorithms when employed towards IoT security and privacy. By taking into account the spatio-temporal changes of the underlying phenomena, we demonstrate how concept drifts can masquerade the existence of attackers and their impact on the accuracy of both the clustering and classification processes. Our initial set of results clearly show that these unsupervised learning algorithms are prone to adversarial infection, thus, magnifying the need for further research in the field by leveraging a mix of advanced machine learning models and mathematical optimization techniques.

Nikhil Banerjee, Thanassis Giannetsos, Emmanouil Panaousis, Clive Cheong Took (2018). "Unsupervised learning for trustworthy IoT. " IEEE International Conference on Fuzzy Systems.
(CORE2017 Ranking: A)

Towards the definition of a security incident response modelling language


This paper presents a cyber-physical systems modelling language for capturing and describing health-based critical infrastructures. Following this practice incident response plan developers are able to model and reason about security and recovery issues in medical cyber-physical systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cyber-physical concepts, relationships and properties in order to carry out analysis of incident response plans based on security requirements. We illustrate our concepts through a case study of a radiological department’s medical cyber-physical systems that have been infected with the WannaCry ransomware. Finally, we discuss how our modelling language enriches security models with incident response concepts, guiding plan developers of health-based critical infrastructures in understanding cyber-physical systems vulnerabilities and support decision making at a tactical and a strategic level, through semi-automated secure recovery analysis

Myrsini Athinaiou, Haralambos Mouratidis, Theo Fotis, Michalis Pavlidis, Emmanouil Panaousis (2018). "Towards the definition of a security incident response modelling language." International Conference on Trust and Privacy in Digital Business (TrustBus).

An enhanced cyber attack attribution framework


Advanced Persistent Threats (APTs) are considered as the threats that are the most challenging to detect and defend against. As APTs use sophisticated attack methods, cyber situational awareness and especially cyber attack attribution are necessary for the preservation of security of cyber infrastructures. Recent challenges faced by organizations in the light of APT proliferation are related to the: collection of APT knowledge; monitoring of APT activities; detection and classification of APTs; and correlation of all these to result in the attribution of the malicious parties that orchestrated an attack. We propose the Enhanced Cyber Attack Attribution (NEON) Framework, which performs attribution of malicious parties behind APT campaigns. NEON is designed to increase societal resiliency to APTs. NEON combines the following functionalities: (i) data collection from APT campaigns; (ii) collection of publicly available data from social media; (iii) honeypots and virtual personas; (iv) network and system behavioural monitoring; (v) incident detection and classification; (vi) network forensics; (vii) dynamic response based on game theory; and (viii) adversarial machine learning; all designed with privacy considerations in mind.

Nikolaos Pitropakis, Emmanouil Panaousis, Alkiviadis Giannakoulias, George Kalpakis, Rodrigo Diaz Rodriguez, Panayiotis Sarigiannidis (2009). "An enhanced cyber attack attribution framework." 2018 International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2018).
(CORE2018 Ranking: B)

Cyber-insurance as a signaling game: self-reporting and external security audits


An insurer has to know the risks faced by a potential client to accurately determine an insurance premium offer. However, while the potential client might have a good understanding of its own security practices, it may also have an incentive not to disclose them honestly since the resulting information asymmetry could work in its favor. This information asymmetry engenders adverse selection, which can result in unfair premiums and reduced adoption of cyber-insurance. To overcome information asymmetry, insurers often require potential clients to self-report their risks. Still, clients do not have any incentive to perform thorough self-audits or to provide comprehensive reports. As a result, insurers have to complement self-reporting with external security audits to verify the clients’ reports. Since these audits can be very expensive, a key problem faced by insurers is to devise an auditing strategy that deters clients from dishonest reporting using a minimal number of audits. To solve this problem, we model the interactions between a potential client and an insurer as a two-player signaling game. One player represents the client, who knows its actual security-investment level, but may report any level to the insurer. The other player represents the insurer, who knows only the random distribution from which the security level was drawn, but may discover the actual level using an expensive audit. We study the players’ equilibrium strategies and provide numerical illustrations.

Aron Laszka, Emmanouil Panaousis, Jens Grossklags (2018). "Cyber-insurance as a signaling game: self-reporting and external security audits." 9th Conference on Decision and Game Theory for Security (GameSec 2018).

Quantum-resistant identity-based signature with message recovery and proxy delegation


Digital signature with proxy delegation, which is a secure ownership enforcement tool, allows an original signer to delegate signature rights to a third party called proxy, so that the proxy can sign messages on behalf of the original signer. Many real-world applications make use of this secure mechanism, e.g., digital property transfer. A traditional digital signature mechanism is required to bind a message and its signature together for verification. This may yield extra cost in bandwidth while the sizes of message and signature are relatively huge. Message recovery signature, enabling to reduce the cost of bandwidth, embeds a message into the corresponding signature; therefore, only the signature will be transmitted to the verifier and the message can further be recovered from the signature. In this paper, we, for the first time, propose a novel digital signature scheme in the identity-based context with proxy delegation and message recovery features and, more importantly, our scheme is quantum resistant, in a particular lattice-based signature. Our scheme achieves delegation information and signature existential unforgeability against adaptive chosen warrant and identity. Compared with the seminal lattice-based message recovery signature, our scheme is independent from public key infrastructure, realizes delegation transfer of signature rights, and compresses signature length ulteriorly. To the best of our knowledge, this paper is the first of its type.

Xiuhua Lu, Qiaoyan Wen, Wei Yin, Kaitai Liang, Zhengping Jin, Emmanouil Panaousis, Jiageng Chen (2019). "Quantum-resistant identity-based signature with message recovery and proxy delegation. " Symmetry, 11(2), 272.
(JCR 2019: 2.645)

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles


With the growing threat of cyber and cyber-physical attacks against automobiles, drones, ships, driverless pods and other vehicles, there is also a growing need for intrusion detection approaches that can facilitate defence against such threats. Vehicles tend to have limited processing resources and are energy-constrained. So, any security provision needs to abide by these limitations. At the same time, attacks against vehicles are very rare, often making knowledge-based intrusion detection systems less practical than behaviour-based ones, which is the reverse of what is seen in conventional computing systems. Furthermore, vehicle design and implementation can differ wildly between different types or different manufacturers, which can lead to intrusion detection designs that are vehicle-specific. Equally importantly, vehicles are practically defined by their ability to move, autonomously or not. Movement, as well as other physical manifestations of their operation may allow cyber security breaches to lead to physical damage, but can also be an opportunity for detection. For example, physical sensing can contribute to more accurate or more rapid intrusion detection through observation and analysis of physical manifestations of a security breach. This paper presents a classification and survey of intrusion detection systems designed and evaluated specifically on vehicles and networks of vehicles. Its aim is to help identify existing techniques that can be adopted in the industry, along with their advantages and disadvantages, as well as to identify gaps in the literature, which are attractive and highly meaningful areas of future research.

George Loukas, Eirini Karapistoli, Emmanouil Panaousis, Panagiotis Sarigiannidis, Anatolij Bezemskij, Tuan Vuong (2019). "A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles. " Ad Hoc Networks, Vol. 84, pp. 124-147.
(JCR 2019: 3.643, CiteScore 2019: 7.8)

TAW: Cost-effective threshold authentication with weights for internet of things


In the Internet of Things, based on the collaboration of sensing nodes, sensing data are collected and transmitted. The collaboration of sensing nodes also plays an important role in the safeguard of the Internet of Things. Owing to the limited ability of the single sensing node, the threshold authentication based on the collaboration of sensing nodes can improve the trust of security authentication of sensing nodes. The current threshold authentication schemes may require high-computational complexity, and more importantly, most of them are instantiated by membership authentication. It's challenging to apply the current state of the arts to the case where sensing nodes with various weights join together to fulfill a relatively lightweight authentication. In this paper, we first design a communication key distribution scheme for sensing networks based on a symmetric operator. Using the permutation function, the scheme is able to generate characteristic sequences to improve the efficiency of key distribution in sensing networks. In addition, we propose a threshold authentication scheme based on weights, in which the higher weight represents the more important role in authentication. Our authentication scheme only requires lightweight operations, so that, it is extremely friendly to the IoT nodes with restricted computation power. The security analysis and the case verification demonstrate that our novel authentication protects IoT nodes without yielding significantly computational burden to the nodes.

Zhenhu Ning, Guangquan Xu, Naixue Xiong, Yongli Yang, Changxiang Shen, Emmanouil Panaousis, Hao Wang, Kaitai Liang (2019). "TAW: Cost-effective threshold authentication with weights for internet of things." IEEE Access, 21(15), 5119.
(JCR 2019: 3.745, CiteScore 2019: 3.9)

A new encrypted data switching protocol: bridging IBE and ABE without loss of data confidentiality


Encryption technologies have become one of the most prevalent solutions to safeguard data confidentiality in many real-world applications, e.g., cloud-based data storage systems. Encryption outputting a relatively “static” format of encrypted data, however, may hinder further data operations. For example, encrypted data may need to be “transformed” into other formats for computation or other purposes. To enable encryption to be used in another device equipped with a different encryption mechanism, the concept of encryption switching was first proposed in CRYPTO 2016 for conversion particularly between Paillier and ElGamal encryptions. This paper considers the conversion between conventional identity-based and attribute-based encryptions and further proposes a concrete construction via the technique of proxy re-encryption. The construction is proved to be CPA secure in the standard model under q-decisional parallel bilinear Diffie-Hellman exponent assumption. The performance comparisons highlight that our bridging mechanism reduces computation and communication cost on the client side, especially when the data of the client is encrypted and outsourced to a remote cloud. The computational costs with respect to re-encryption (on the server side) and decryption (on the client side) are acceptable in practice.

Kai He, Yijun Mao, Jianting Ning, Kaitai Liang, Xinyi Huang, Emmanouil Panaousis, George Loukas (2019). "Automated cyber and privacy risk management toolkit." IEEE Access, 7, 50658-50668.
(JCR 2019: 3.745, CiteScore 2019: 3.9)

Attacking IEC-60870-5-104 SCADA systems


The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.

Panagiotis Radoglou-Grammatikis, Panagiotis Sarigiannidis, Ioannis Giannoulakis, Emmanouil Kafetzakis, Emmanouil Panaousis (2019). "Attacking IEC-60870-5-104 SCADA systems." 2019 1st IEEE Services Workshop On Cyber Security and Resilience in the Internet of Things.

Apparatus: A framework for security analysis in internet of things systems


Internet of Things (IoT) systems are ubiquitous, highly complex and dynamic event-based systems. These characteristics make their security analysis challenging. Security in IoT requires domain-specific methodologies and tools. The proposed methodologies need to be able to capture information from software and hardware constructs to security and social constructs. In this paper, in addition to refining the modeling language of the Apparatus Framework, we propose a class-based notation of the modeling language and a structured approach to transition between different models. Apparatus is a security framework developed to facilitate security analysis in IoT systems. We demonstrate the application of the framework by analyzing the security of smart public transport system. The security analysis and visualization of the system are facilitated by a software application that is developed as part of the Apparatus Framework.

Orestis Mavropoulos, Haralambos Mouratidis, Andrew Fish, Emmanouil Panaousis, Christos Kalloniatis (2019). "Apparatus: A framework for security analysis in internet of things systems." Ad Hoc Networks, Vol. 92, 101743.
(JCR 2019: 3.643, CiteScore 2019: 7.8)

Distributed key management in microgrids


Security for smart industrial systems is prominent due to the proliferation of cyber threats threatening national critical infrastructures. Smart grid comes with intelligent applications that can utilize the bidirectional communication network among its entities. Microgrids are small-scale smart grids that enable machine-to-machine (M2M) communications as they can operate with some degree of independence from the main grid. In addition to protecting critical microgrid applications, an underlying key management scheme is needed to enable secure M2M message transmission and authentication. Existing key management schemes are not adequate due to microgrid special features and requirements. In this article, we propose the Micro sElf-orgaNiSed mAnagement (MENSA), which is the first hybrid key management and authentication scheme that combines public key infrastructure and web-of-trust concepts in microgrids. Our experimental results demonstrate the efficiency of MENSA in terms of scalability and swiftness.

Vaios Bolgouras, Christoforos Ntantogian, Emmanouil Panaousis, Christos Xenakis (2019). "Distributed key management in microgrids." IEEE Transactions on Industrial Informatics, 16(3), 2125-2133.
(JCR 2019: 10.854, CiteScore 2019: 13.9)

Using sparse representation to detect anomalies in complex WSNs


In recent years, wireless sensor networks (WSNs) have become an active area of research for monitoring physical and environmental conditions. Due to the interdependence of sensors, a functional anomaly in one sensor can cause a functional anomaly in another sensor, which can further lead to the malfunctioning of the entire sensor network. Existing research work has analysed faulty sensor anomalies but fails to show the effectiveness throughout the entire interdependent network system. In this article, a dictionary learning algorithm based on a non-negative constraint is developed, and a sparse representation anomaly node detection method for sensor networks is proposed based on the dictionary learning. Through experiment on a specific thermal power plant in China, we verify the robustness of our proposed method in detecting abnormal nodes against four state of the art approaches and proved our method is more robust. Furthermore, the experiments are conducted on the obtained abnormal nodes to prove the interdependence of multi-layer sensor networks and reveal the conditions and causes of a system crash.

Xiao Ming Li, Guangquan Xu, Xi Zheng, Kaitai Liang, Emmanouil Panaousis, Tao Li, Wei Wang, Chao Shen (2019). "Using sparse representation to detect anomalies in complex WSNs. " ACM Transactions on Intelligent Systems and Technology, Vol. 10, No. 6, pp. 1-18.
(JCR 2019: 3.82, CiteScore 2019: 7.5)

CUREX: seCUre and pRivate hEalth data eXchange


The Health sector's increasing dependence on digital information and communication infrastructures renders it vulnerable to privacy and cybersecurity threats, especially as the theft of health data has become lucrative for cyber criminals. CUREX comprehensively addresses the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess cybersecurity and privacy risks that are exposed to and suggest optimal strategies for addressing these risks with safeguards tailored to each business case and application. CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced by a private blockchain infrastructure ensures the integrity of the data and –most importantly- the patient safety. Crucially, CUREX expands beyond technical measures and improves cyber hygiene through training and awareness activities for healthcare personnel. Its validation focuses on highly challenging cases of health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research.

Farnaz Mohammadi, Angeliki Panou, Christoforos Ntantogian, Eirini Karapistoli, Emmanouil Panaousis, Christos Xenakis (2019). ""CUREX: seCUre and pRivate hEalth data eXchange." IEEE/WIC/ACM International Conference on Web Intelligence.

Honeypot type selection games for smart grid networks


In this paper, we define a cyber deception game between the Advanced Metering Infrastructure (AMI) network administrator (henceforth, defender) and attacker. The defender decides to install between a low-interaction honeypot, high-interaction honeypot, and a real system with no honeypot. The attacker decides on whether or not to attack the system given her belief about the type of device she is facing. We model this interaction as a Bayesian game with complete but imperfect information. The choice of honeypot type is private information and characterizes the essence and objective of the defender i.e., the degree of deception and amount of threat intelligence. We study the players’ equilibrium strategies and provide numerical illustrations. The work presented in this paper has been motivated by the H2020 SPEAR project which investigates the implementation of honeypots in smart grid infrastructures to: (i) contribute towards creating attack data sets for training a SIEM (Security Information and Event Management) and (ii) to support post-incident forensics analysis by having recorded a collection of evidence regarding an attacker’s actions.

Nadia Boumkheld, Sakshyam Panda, Stefan Rass, Emmanouil Panaousis (2019). "Honeypot type selection games for smart grid networks." 10th Conference on Decision and Game Theory for Security (Gamesec).

Cut-The-Rope: A Game of stealthy intrusion


A major characteristic of Advanced Persistent Threats (APTs) is their stealthiness over a possibly long period, during which the victim system is being penetrated and prepared for the finishing blow. We model an APT as a game played on an attack graph G, and consider the following interaction pattern: the attacker chooses an attack path in G towards its target $𝑣_0$ , and step-by-step works its way towards the goal by repeated penetrations. In each step, it leaves a backdoor for an easy return to learn how to accomplish the next step. We call this return path the “rope”. The defender’s aim is “cutting” this rope by cleaning the system from (even unknown) backdoors, e.g., by patching systems or changing configurations. While the defender is doing so in fixed intervals governed by working hours/shifts, the attacker is allowed to take any number of moves at any point in time. The game is thus repeated, i.e., in discrete time, only for the defender, while the second player (adversary) moves in continuous time. It also has asymmetric information, since the adversary is stealthy at all times, until the damage causing phase of the APT. The payoff in the game is the attacker’s chance to reach this final stage, while the defender’s goal is minimizing this likelihood (risk). We illustrate the model by a numerical example and open access implementation in R.

Stefan Rass, Sandra Konig, Emmanouil Panaousis (2019). "Cut-The-Rope: A Game of stealthy intrusion." 10th Conference on Decision and Game Theory for Security (Gamesec).

Post-incident audits on cyber insurance discounts


We introduce a game-theoretic model to investigate the strategic interaction between a cyber insurance policyholder whose premium depends on her self-reported security level and an insurer with the power to audit the security level upon receiving an indemnity claim. Audits can reveal fraudulent (or simply careless) policyholders not following reported security procedures, in which case the insurer can refuse to indemnify the policyholder. However, the insurer has to bear an audit cost even when the policyholders have followed the prescribed security procedures. As audits can be expensive, a key problem insurers face is to devise an auditing strategy to deter policyholders from misrepresenting their security levels to gain a premium discount. This decision-making problem was motivated by conducting interviews with underwriters and reviewing regulatory filings in the US; we discovered that premiums are determined by security posture, yet this is often self-reported and insurers are concerned by whether security procedures are practised as reported by the policyholders. To address this problem, we model this interaction as a Bayesian game of incomplete information and devise optimal auditing strategies for the insurers considering the possibility that the policyholder may misrepresent her security level. To the best of our knowledge, this work is the first theoretical consideration of post-incident claims management in cyber security. Our model captures the trade-off between the incentive to exaggerate security posture during the application process and the possibility of punishment for non-compliance with reported security policies. Simulations demonstrate that common sense techniques are not as efficient at providing effective cyber insurance audit decisions as the ones computed using game theory.

Sakshyam Panda, Daniel W. Woods, Aron Laszka, Andrew Fielder, Emmanouil Panaousis (2019). "Post-incident audits on cyber insurance discounts." Computers & Security, 87, 101593.
(JCR 2019: 3.579, CiteScore 2019: 7.5)

A taxonomy and survey of attacks against machine learning


The majority of machine learning methodologies operate with the assumption that their environment is benign. However, this assumption does not always hold, as it is often advantageous to adversaries to maliciously modify the training (poisoning attacks) or test data (evasion attacks). Such attacks can be catastrophic given the growth and the penetration of machine learning applications in society. Therefore, there is a need to secure machine learning enabling the safe adoption of it in adversarial cases, such as spam filtering, malware detection, and biometric recognition. This paper presents a taxonomy and survey of attacks against systems that use machine learning. It organizes the body of knowledge in adversarial machine learning so as to identify the aspects where researchers from different fields can contribute to. The taxonomy identifies attacks which share key characteristics and as such can potentially be addressed by the same defence approaches. Thus, the proposed taxonomy makes it easier to understand the existing attack landscape towards developing defence mechanisms, which are not investigated in this survey. The taxonomy is also leveraged to identify open problems that can lead to new research areas within the field of adversarial machine learning.

Nikolaos Pitropakis, Emmanouil Panaousis, Thanassis Giannetsos, Eleftherios Anastasiadis, George Loukas (2019). "A taxonomy and survey of attacks against machine learning." Computer Science Review.
(JCR 2019: 7.707, SJR 2019: 14.7)

DT-CP: A double-TTPs based contract-signing protocol with lower computational cost


This paper characterizes a contract signing protocol with high efficiency in Internet of Things. Recent studies show that existing contract-signing protocols can achieve abuse-freeness and resist inference attack, but cannot meet the high-efficiency and convenience requirement of the future Internet of things applications. To solve this problem, we propose a novel contract-signing protocol. Our proposed protocol includes two main parts: 1) we use the partial public key of the sender, instead of the zero-knowledge protocol, to verify the intermediate result; 2) we employ two independent Trusted Third Parties (TTPs) to prevent the honest-but-curious TTP. Our analysis shows that our double TTP protocol can not only result in lower computational cost, but also can achieve abuse-freeness with trapdoor commitment scheme. In a word, our proposed scheme performs better than the state of the art in terms of four metrics: encryption time, number of exponentiations, data to be exchanged and exchange steps in one round contract-signing.

Guangquan Xu, Yao Zhang, Litao Jiao, Emmanouil Panaousis, Kaitai Liang, Hao Wang, Xiaotong Li (2019). "DT-CP: A double-TTPs based contract-signing protocol with lower computational cost." IEEE Access, 7, 174740 - 174749.
(JCR 2019: 3.745, CiteScore 2019: 3.9)

Optimizing investments in cyber hygiene for protecting healthcare users


Cyber hygiene measures are often recommended for strengthening an organization’s security posture, especially for protecting against social engineering attacks that target the human element. However, the related recommendations are typically the same for all organizations and their employees, regardless of the nature and the level of risk for different groups of users. Building upon an existing cybersecurity investment model, this paper presents a tool for optimal selection of cyber hygiene safeguards, which we refer as the Optimal Safeguards Tool (OST). The model combines game theory and combinatorial optimization (0-1 Knapsack) taking into account the probability of each user group to being attacked, the value of assets accessible by each group, and the efficacy of each control for a particular group. The model considers indirect cost as the time employees could require for learning and trainning against an implemented control. Utilizing a game-theoretic framework to support the Knapsack optimization problem permits us to optimally select safeguards’ application levels minimizing the aggregated expected damage within a security investment budget. We evaluate OST in a healthcare domain use case. In particular, on the Critical Internet Security (CIS) Control group 17 for implementing security awareness and training programs for employees belonging to the ICT, clinical and administration personnel of a hospital. We compare the strategies implemented by OST against alternative common-sense defending approaches for three different types of attackers: Nash, Weighted and Opportunistic. Our results show that Nash defending strategies are consistently better than the competing strategies for all attacker types with a minor exception where the Nash defending strategy, for a specific game, performs at least as good as other common-sense approaches. Finally, we illustrate the alternative investment strategies on different Nash equilibria (called plans) and discuss the optimal choice using the framework of 0-1 Knapsack optimization.

Sakshyam Panda, Emmanouil Panaousis, George Loukas, Christos Laoudias (2020). "Optimizing investments in cyber hygiene for protecting healthcare users." From Lambda Calculus to Cybersecurity Through Program Analysis, 268–29.

On-the-fly privacy for location histograms


An important motivation for research in location privacy has been to protect against user profiling, i.e., inferring a user's political affiliation, wealth level, sexual preferences, religious beliefs and other sensitive attributes. Existing approaches focus on distorting or suppressing individual locations, but we argue that, for directly protecting against profiling, it is more appropriate to focus on the frequency with which various locations are visited - in other words, the histogram of a user's locations. We introduce and explore a new privacy notion for location histograms, in which the user chooses a target histogram that she wants to avoid or to resemble by obfuscating her location visits. For example, she may want to avoid looking wealthy or to resemble a health conscious person. We describe how to design concrete privacy mechanisms that operate under different assumptions on e.g. the user's mobility, including provably optimal mechanisms. We use a mobility dataset with 1083 users to illustrate how these mechanisms achieve privacy while minimizing the quality loss caused by the location obfuscation, in the context of two types of Location-Based Services: nearest-PoI, and geofence.

George Theodorakopoulos, Emmanouil Panaousis, Kaitai Liang, George Loukas (2022). "On-the-fly privacy for location histograms." IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 19(1), 566-578.
(JCR 2021: 6.791, CiteScore 2021: 13.5)

Post quantum proxy signature scheme based on the multivariate public key cryptographic signature


Proxy signature is a very useful technique which allows the original signer to delegate the signing capability to a proxy signer to perform the signing operation. It finds wide applications especially in the distributed environment where the entities such as the wireless sensors are short of computational power and needed to be convinced to the authenticity of the server. Due to less proxy signature schemes in the post-quantum cryptography aspect, in this article, we investigate the proxy signature in the post-quantum setting so that it can resist against the potential attacks from the quantum adversaries. A general multivariate public key cryptographic proxy scheme based on a multivariate public key cryptographic signature scheme is proposed, and a heuristic security proof is given for our general construction. We show that the construction can reach Existential Unforgeability under an Adaptive Chosen Message Attack with Proxy Key Exposure assuming that the underlying signature is Existential Unforgeability under an Adaptive Chosen Message Attack. We then use our general scheme to construct practical proxy signature schemes for three well-known and promising multivariate public key cryptographic signature schemes. We implement our schemes and compare with several previous constructions to show our efficiency advantage, which further indicates the potential application prospect in the distributed network environment.

Jiahui Chen, Jie Ling, Jianting Ning, Emmanouil Panaousis, George Loukas, Kaitai Liang, Jiageng Chen (2019). "Post quantum proxy signature scheme based on the multivariate public key cryptographic signature." International Journal of Distributed Sensor Networks, 16(4).

Dynamic decision support for resource offloading in heterogeneous internet of things environments


Computation offloading is one of the primary technological enablers of the Internet of Things (IoT), as it helps address individual devices’ resource restrictions. In the past, offloading would always utilise remote cloud infrastructures, but the increasing size of IoT data traffic and the real-time response requirements of modern and future IoT applications have led to the adoption of the edge computing paradigm, where the data is processed at the edge of the network. The decision as to whether cloud or edge resources will be utilised is typically taken at the design stage based on the type of the IoT device. Yet, the conditions that determine the optimality of this decision, such as the arrival rate, nature and sizes of the tasks, and crucially the real-time condition of the networks involved, keep changing. At the same time, the energy consumption of IoT devices is usually a key requirement, which is affected primarily by the time it takes to complete tasks, whether for the actual computation or for offloading them through the network. Here, we model the expected time and energy costs for the different options of offloading a task to the edge or the cloud, as well as of carrying out on the device itself. We use this model to allow the device to take the offloading decision dynamically as a new task arrives and based on the available information on the network connections and the states of the edge and the cloud. Having extended EdgeCloudSim to provide support for such dynamic decision making, we are able to compare this approach against IoT-first, edge-first, cloud-only, random and application-oriented probabilistic strategies. Our simulations on four different types of IoT applications show that allowing customisation and dynamic offloading decision support can improve drastically the response time of time-critical and small-size applications, and the energy consumption not only of the individual IoT devices but also of the system as a whole. This paves the way for future IoT devices that optimise their application response times, as well as their own energy autonomy and overall energy efficiency, in a decentralised and autonomous manner.

Ali Jaddoa, Georgia Sakellari, Emmanouil Panaousis, George Loukas, Panagiotis G. Sarigiannidis (2020). "Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning." Simulation Modelling Practice and Theory, 101, 102019.
(JCR 2019: 2.219, CiteScore 2019 : 5.3)

An efficient attribute-based multi-keyword search scheme in encrypted keyword generation


With the growing popularity of cloud computing in recent years, data owners (DOs) now prefer to outsource their data to cloud servers and allow the specific data users (DUs) to retrieve the data. Searchable encryption is an important tool to provide secure search over the encrypted cloud data without infringing data confidentiality and data privacy. In this work, we consider a secure search service providing fine-grained and search functionality, called attribute-based multiple keyword search (ABMKS), which can be seen as an extension of searchable encryption. In the existing ABMKS schemes, the computation operations in the encrypted keyword index generation are time-consuming modular exponentiation, and the number of which is linearly growing with the factor $m$. Here $m$ is the number of keywords embedded in a file. To reduce the computation overhead, in this paper, we propose an ABMKS with only multiplication operations in encrypted keyword index generation. As a result, the computation cost of the encrypted keyword index generation is more efficient than the existing schemes. In addition, the encrypted keyword indexes are aggregated into one item, which is regardless of the number of underlying keywords in a file data. Finally, the security and the performance analysis demonstrate that our scheme is both efficient and secure.

Yuanbo Cui, Fei Gao, Yijie Shi, Wei Yin, Emmanouil Panaousis, Kaitai Liang (2020). "An efficient attribute-based multi-keyword search scheme in encrypted keyword generation." IEEE Access, 8, 99024-99036.
(JCR 2020: 4.1, CiteScore 2020: 4.8)

TT-SVD: An efficient sparse decision making model with two-way trust recommendation in the AI enabled IoT systems


The convergence of AI and IoT enables data to be quickly explored and turned into vital decisions, and however, there are still some challenging issues to be further addressed. For example, lacking of enough data in AI-based decision making (so-called Sparse Decision Making, SDM) will decrease the efficiency dramatically, or even disable the intelligent IoT networks. Taking the intelligent IoT networks as the network infrastructure, the recommendation systems have been facing such SDM problems. A naive solution is to introduce trust information. However, trust information may also face the difficulty of sparse trust evidence (a.k.a sparse trust problem). In our work, an accurate sparse decision-making model with two-way trust recommendation in the AI-enabled IoT systems is proposed, named TT-SVD. Our model incorporates both trust information and rating information more thoroughly, which can efficiently alleviate the above-mentioned sparse trust problem and therefore be able to solve the cold start and data sparsity problems. Specifically, we first consider the two-fold trust influences from both trustees and trusters, which can be represented by a factor named trust propensity. To this end, We propose a dual model, including a truster model (TrusterSVD) and a trustee model (TrusteeSVD) based on an existing rating-only recommendation model called SVD++, which are integrated by the weighted average and yield the final model, TT-SVD. The experimental results show that our model outperforms the state-of-the-art including SVD and TrustSVD in both the "all users" and "cold start users" cases, and the accuracy improvement can reach a maximum of 29%. Complexity analysis shows that our model is equally suitable for the case of large sparse datasets. In a summary, our model can effectively solve the sparse decision problem by introducing the two-way trust recommendation, and hence improve the efficiency of the intelligent recommendation systems.

Guangquan Xu, Yuyang Zhao, Litao Jiao, Meiqi Feng, Zhong Ji, Emmanouil Panaousis, Si Chen, Xi Zheng (2022). "TT-SVD: An efficient sparse decision making model with two-way trust recommendation in the AI enabled IoT systems." IEEE Internet of Things, 8(12), 9559 - 9567.
(JCR 2019: 9.515, CiteScore 2020: 13.9)

Cache-based privacy preserving solution for location and content protection in location-based services


Location-Based Services (LBSs) are playing an increasingly important role in people’s daily activities nowadays. While enjoying the convenience provided by LBSs, users may lose privacy since they report their personal information to the untrusted LBS server. Although many approaches have been proposed to preserve users’ privacy, most of them just focus on the user’s location privacy, but do not consider the query privacy. Moreover, many existing approaches rely heavily on a trusted third-party (TTP) server, which may suffer from a single point of failure. To solve the problems above, in this paper we propose a Cache-Based Privacy-Preserving (CBPP) solution for users in LBSs. Different from the previous approaches, the proposed CBPP solution protects location privacy and query privacy simultaneously, while avoiding the problem of TTP server by having users collaborating with each other in a mobile peer-to-peer (P2P) environment. In the CBPP solution, each user keeps a buffer in his mobile device (e.g., smartphone) to record service data and acts as a micro TTP server. When a user needs LBSs, he sends a query to his neighbors first to seek for an answer. The user only contacts the LBS server when he cannot obtain the required service data from his neighbors. In this way, the user reduces the number of queries sent to the LBS server. We argue that the fewer queries are submitted to the LBS server, the less the user’s privacy is exposed. To users who have to send live queries to the LBS server, we employ the l-diversity, a powerful privacy protection definition that can guarantee the user’s privacy against attackers using background knowledge, to further protect their privacy. Evaluation results show that the proposed CBPP solution can effectively protect users’ location and query privacy with a lower communication cost and better quality of service.

Yuanbo Cui, Fei Gao, Wenmin Li, Yijie Shi, Hua Zhang, Qiaoyan Wen, Emmanouil Panaousis (2020). "An options approach to cybersecurity investment." Sensors, 20(16), 4651.
(JCR 2019: 3.275, CiteScore 2019: 5.8)

Deep binarized convolutional neural network inferences over encrypted data


Homomorphic encryption provides a way to perform deep learning over encrypted data and permits the user to encrypt the data before uploading, leaving the control of data on the user side. However, operations on encrypted data based on homomorphic encryption are time-consuming, especially in a deep convolutional neural network (CNN), which incorporates a large number of layers and operations. To speed up deep learning on encrypted data, we binarized the input data and weights of CNN model, while operations including the addition and multiplication in CNN become bit-wise operations. Therefore, the homomorphic evaluation of CNN can be performed in the binary field in a highly efficient way. We also construct an efficient pooling layer by designing circuits to perform comparison operations on the ciphertext. Simulation results clearly show that the convolution operation of the proposed model is at least 6.3 times faster than that of existing schemes. Last, our model exhibits no privacy leakage associated with the data being processed.

Junwei Zhou, Junjiong Li, Emmanouil Panaousis, Kaitai Liang (2022). "Deep binarized convolutional neural network inferences over encrypted data." 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom).

SECONDO: A platform for cybersecurity investments and cyber insurance decisions


This paper represents the SECONDO framework to assist organizations with decisions related to cybersecurity investments and cyber-insurance. The platform supports cybersecurity and cyber-insurance decisions by implementing and integrating a number of software components. SECONDO operates in three distinct phases: (i) cyber-physical risk assessment and continuous monitoring; (ii) investment-driven optimized cyber-physical risk control; and (iii) blockchain-enabled cyber-insurance contract preparation and maintenance. Insurers can leverage SECONDO functionalities to actively participate in the management of cyber-physical risks of a shipping company to reduce their insured risk.

Aristeidis Farao, Sakshyam Panda, Sofia Anna Menesidou, Entso Veliou, Nikolaos Episkopos, George Kalatzantonakis, Farnaz Mohammadi, Nikolaos Georgopoulos, Michael Sirivianos, Nikos Salamanos, Spyros Loizou, Michalis Pingos, John Polley, Andrew Fielder, Emmanouil Panaousis, Christos Xenakis (2022). "A trusted platform module-based, pre-emptive and dynamic asset discovery tool." International Conference on Trust and Privacy in Digital Business (TrustBus 2020).

ARIES: A novel multivariate intrusion detection system for smart grid


The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Panagiotis Radoglou Grammatikis, Panagiotis Sarigiannidis, Georgios Efstathopoulos, Emmanouil Panaousis (2020). "ARIES: A novel multivariate intrusion detection system for smart grid." Sensors 2020, 20(18), 5305.
(JCR 2019: 3.275, CiteScore 2019: 5.0)

Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning


The modern Internet of Things (IoT)-based smart home is a challenging environment to secure: devices change, new vulnerabilities are discovered and often remain unpatched, and different users interact with their devices differently and have different cyber risk attitudes. A security breach's impact is not limited to cyberspace, as it can also affect or be facilitated in physical space, for example, via voice. In this environment, intrusion detection cannot rely solely on static models that remain the same over time and are the same for all users. We present MAGPIE, the first smart home intrusion detection system that is able to autonomously adjust the decision function of its underlying anomaly classification models to a smart home's changing conditions (e.g., new devices, new automation rules and user interaction with them). The method achieves this goal by applying a novel probabilistic cluster-based reward mechanism to non-stationary multi-armed bandit reinforcement learning. MAGPIE rewards the sets of hyperparameters of its underlying isolation forest unsupervised anomaly classifiers based on the cluster silhouette scores of their output. Experimental evaluation in a real household shows that MAGPIE exhibits high accuracy because of two further innovations: it takes into account both cyber and physical sources of data; and it detects human presence to utilise models that exhibit the highest accuracy in each case. MAGPIE is available in open-source format, together with its evaluation datasets, so it can benefit from future advances in unsupervised and reinforcement learning and be able to be enriched with further sources of data as smart home environments and attacks evolve.

Ryan Heartfield, George Loukas, Anatolij Bezemskij, Emmanouil Panaousis (2020). "Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning." IEEE Transactions on Information Forensics and Security (IEEE TIFS), 16, 1720-1735.
(JCR 2021: 7.231, CiteScore 2020: 15.1)

Data-driven decision support for optimizing cyber forensic investigations


Cyber attacks consisting of several attack actions can present considerable challenge to forensic investigations. Consider the case where a cybersecurity breach is suspected following the discovery of one attack action, for example by observing the modification of sensitive registry keys, suspicious network traffic patterns, or the abuse of legitimate credentials. At this point, the investigator can have multiple options as to what to check next to discover the rest, and will likely pick one based on experience and training. This will be the case at each new step. We argue that the efficiency of this aspect of the job, which is the selection of what next step to take, can have significant impact on its overall cost (e.g., the duration) of the investigation and can be improved through the application of constrained optimization techniques. Here, we present DISCLOSE, the first data-driven decision support framework for optimizing forensic investigations of cybersecurity breaches. DISCLOSE benefits from a repository of known adversarial tactics, techniques, and procedures (TTPs), for each of which it harvests threat intelligence information to calculate its probabilistic relations with the rest. These relations, as well as a proximity parameter derived from the projection of quantitative data regarding the adversarial TTPs on an attack life cycle model, are both used as input to our optimization framework. We show the feasibility of this approach in a case study that consists of 31 adversarial TTPs, data collected from 6 interviews with experienced cybersecurity professionals and data extracted from the MITRE ATT&CK STIX repository and the Common Vulnerability Scoring System (CVSS).

Antonia Nisioti, George Loukas, Aron Laszka, Emmanouil Panaousis (2019). "Data-driven decision support for optimizing cyber forensic investigations." IEEE Transactions on Information Forensics and Security (IEEE TIFS), Vol. 16, pp. 2397-2412.
(JCR 2021: 7.231, CiteScore 2021: 14.9)

Cyber-insurance: Past, present and future


Insurance, in general, is a financial contract between the one buying the insurance (also known as the policyholder or insured) and the one providing insurance (known as insurance carrier or insurer). The contract, known as the insurance policy, typically states that the policyholder will pay a regular insurance premium in exchange for a financial compensation, also known as indemnification, in the event of a loss defined in the insurance policy. Insurance is used to manage risks by transferring them to the insurer, and cyber-insurance in particular deals with cyber risks covering direct and indirect damages caused by cyberattacks. The cyber-insurance market is still growing and has been receiving broader interest from research communities and government bodies over the years. This paper provides an overview of cyber-insurance, novel models proposed throughout the years and future challenges to be addressed for cyber-insurance to become a key component of an organisation’s and household’s cyber risk management approach.

Sakshyam Panda, Aristeidis Farao, Emmanouil Panaousis, Christos Xenakis (2021). "Cyber-Insurance: Past, Present and Future." 2020 Encyclopedia of Cryptography, Security and Privacy, In Encyclopedia of Cryptography, Security and Privacy (pp. 1-4). Berlin, Heidelberg: Springer Berlin Heidelberg.

How secure is home: Assessing human susceptibility to IoT threats


The Internet of Vehicles (IoV), whereby interconnected vehicles that communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. To protect these entities and learn about adversaries, data on attackers can be realistically gathered using decoy systems like honeypots. Admittedly, honeypots introduces a trade-off between the level of honeypot-attacker interactions and incurred overheads and costs for implementing and monitoring these systems. Deception through honeypots can be achieved by strategically configuring the honeypots to represent components of the IoV to engage attackers and collect cyber threat intelligence. Here, we present HoneyCar, a novel decision support framework for honeypot deception in IoV. HoneyCar benefits from the repository of known vulnerabilities of the autonomous and connected vehicles found in the Common Vulnerabilities and Exposure (CVE) database to compute optimal honeypot configuration strategies. The adversarial interaction is modelled as a repeated imperfect-information zero-sum game where the IoV network administrator strategically chooses a set of vulnerabilities to offer in a honeypot and a strategic attacker chooses a vulnerability to exploit under uncertainty. Our investigation examines two different versions of the game, with and without the re-configuration cost, to empower the network administrator to determine optimal honeypot investment strategies given a budget. We show the feasibility of this approach in a case study that consists of the vulnerabilities in autonomous and connected vehicles gathered from the CVE database and data extracted from the Common Vulnerability Scoring System (CVSS).

Emily Kate Parsons, George Loukas, Emmanouil Panaousis (2020). "How secure is home: Assessing human susceptibility to IoT threats." 24th Pan-Hellenic Conference on Informatics, 64-71.

Influence of human factors on cyber security within healthcare organisations: A systematic review


Cybersecurity is increasingly becoming a prominent concern among health- care providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.

Sokratis Nifakos, Krishna Chandramouli, Charoula Konstantina Nikolaou, Panagiotis Papachristou, Sabine Koch, Emmanouil Panaousis, Stefano Bonacina (2010). ""Influence of human factors on cyber security within healthcare organisations: A systematic review." Sensors 2021, 21(15), 5119.
(JCR 2021: 3.847, CiteScore 2021: 6.4)

Automated cyber and privacy risk management toolkit


Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (AutoMated cyBer and prIvacy risk managEmeNt Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit, in the academic literature, that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.

Gustavo González-Granadillo, Sofia Anna Menesidou, Dimitrios Papamartzivanos, Ramon Romeu, Diana Navarro-Llobet, Caxton Okoh, Sokratis Nifakos, Christos Xenakis, Emmanouil Panaousis (2021). "Automated cyber and privacy risk management toolkit." Sensors 2021, 21(16), 5493.
(JCR 2021: 3.847, CiteScore 2021: 6.4)

Game-theoretic decision support for cyber forensic investigations


The use of anti-forensic techniques is a very common practice that stealthy adversaries may deploy to minimise their traces and make the investigation of an incident harder by evading detection and attribution. In this paper, we study the interaction between a cyber forensic Investigator and a strategic Attacker using a game-theoretic framework. This is based on a Bayesian game of incomplete information played on a multi-host cyber forensics investigation graph of actions traversed by both players. The edges of the graph represent players’ actions across different hosts in a network. In alignment with the concept of Bayesian games, we define 8 two Attacker types to represent their ability of deploying anti-forensic techniques to conceal their activities. In this way, our model allows the Investigator to identify her optimal investigating 10 policy taking into consideration the cost and impact of the available actions, while coping with the uncertainty of the Attacker’s type and strategic decisions. To evaluate our model, we construct a realistic case study based on threat reports and data extracted from the MITRE ATT&CK STIX repository, Common Vulnerability Scoring System (CVSS), and interviews with cyber-security practitioners. We use the case study to compare the performance of the proposed method against 15 two other investigative methods and three different types of Attackers.

Antonia Nisioti, George Loukas, Stefan Rass, Emmanouil Panaousis (2021). "Game-theoretic decision support for cyber forensic investigations." Sensors 2021, 21(16), 5300.
(JCR 2021: 3.847, CiteScore 2021: 6.4)

A lightweight certificateless non-interactive authentication and key exchange protocol for IoT Environments


In order to protect user privacy and provide better access control in Internet of Things (IoT) environments, designing an appropriate two-party authentication and key exchange protocol is a prominent challenge. In this paper, we propose a lightweight certificateless non-interactive authentication and key exchange (CNAKE) protocol for mutual authentication between remote users and smart devices. Based on elliptic curves, our lightweight protocol provides high security performance, realizes non-interactive authentication between the two entities, and effectively reduces communication overhead. Under the random oracle model, the proposed protocol is provably secure based on the Computational Diffie-Hellman and Bilinear Diffie-Hellman hardness assumption. Finally, through a series of experiments and comprehensive performance analysis, we demonstrate that our scheme is fast and secure.

Menghan Pan, Daojing He, Xuru Li, Sammy Chan, Emmanouil Panaousis, Yun Gao (2021). "A lightweight certificateless non-interactive authentication and key exchange protocol for IoT Environments." IEEE Symposium on Computers and Communications, 124, 102951.
(CORE2021 Ranking: B)

Multi-stage threat modelling and security monitoring in 5GCN


The fifth generation of mobile networks (5G) promises a range of new capabilities including higher data rates and more connected users. To support the new capabilities and use cases the 5G Core Network (5GCN) will be dynamic and reconfigurable in nature to deal with demand. It is these improvements which also introduce issues for traditional security monitoring methods and techniques which need to adapt to the new network architecture. The increased data volumes and dynamic network architecture mean an approach is required to focus security monitoring resources where it is most needed and react to network changes in real time. When considering multi-stage threat scenarios a coordinated, centralised approach to security monitoring is required for the early detection of attacks which may affect different parts of the network. Int his chapter we identify potential solutions for overcoming these challenges which begins by identifying the threats to the 5G networks to determine suit-able security monitoring placement in the 5GCN.

Robert Pell, Sotiris Moschoyiannis, Emmanouil Panaousis (2021). "Multi-stage threat modelling and security monitoring in 5GCN." Cyber Security Issues for Emerging Technologies.

Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK


This article discusses how the gap between early 5G network threat assessments and an adversarial Tactics, Techniques, Procedures (TTPs) knowledge base for future use in the MITRE ATT&CK threat modelling framework can be bridged. We identify knowledge gaps in the existing framework for key 5G technology enablers such as SDN, NFV, and 5G specific signalling protocols of the core network. We adopt a pre-emptive approach to identifying adversarial techniques which can be used to launch attacks on the 5G core network (5GCN) and map these to its components. Using relevant 5G threat assessments along with industry reports, we study how the domain specific techniques can be employed by APTs in multi-stage attack scenarios based on historic telecommunication network attacks and motivation of APT groups. We emulate this mapping in a pre-emptive fashion to facilitate a rigorous cyber risk assessment, support intrusion detection, and design defences based on common APT TTPs in a 5GCN.

Robert Pell, Sotiris Moschoyiannis, Emmanouil Panaousis, Ryan Heartfield (2021). "Towards dynamic threat modelling in 5G core networks based on MITRE ATT&CK." arXiv preprint arXiv:2108.11206.

Practical algorithm substitution attack on extractable signatures


An algorithm substitution attack (ASA) can undermine the security of cryptographic primitives by subverting the original implementation. An ASA succeeds when it extracts secrets without being detected. To launch an ASA on signature schemes, existing studies often needed to collect signatures with successive indices to extract the signing key. However, collection with successive indices requires uninterrupted surveillance of the communication channel and a low transmission loss rate in practice. This hinders the practical implementation of current ASAs, thus causing users to misbelieve that the threat incurred by ASA is only theoretical and far from reality. In this study, we first classify a group of schemes called extractable signatures that achieve traditional security (unforgeability) by reductions ending with key extraction, thus demonstrating that there is a generic and practical approach for ASA with this class of signatures. Further, we present the implementation of ASAs in which only two signatures and no further requirements are needed for the extraction of widely used discrete log-based signatures such as DSA, Schnorr, and modified ElGamal signature schemes. Our attack presents a realistic threat to current signature applications, which can also be implemented in open and unstable environments such as vehicular ad hoc networks. Finally, we prove that the proposed ASA is undetectable against polynomial time detectors and physical timing analysis.

Yi Zhao, Kaitai Liang, Yanqi Zhao, Bo Yang, Yang Ming, Emmanouil Panaousis (2022). "Practical algorithm substitution attack on extractable signatures." Designs, Codes and Cryptography, 90, 921–937.

Optimising user security recommendations for AI-powered smart-homes


Research in the context of user awareness has shown that smart-home occupants often lack cybersecurity awareness even when it comes to frequently used technologies such as online social networks and email. To cope with the risks, smart-homes must be equipped with adequate cybersecurity measures besides the knowledge and time required by smart- home occupants to implement security measures. In this paper, we explore potential threats in AI-powered smart-homes and identify a list of cybersecurity controls required to mitigate their potential impact considering attack vectors, as well as the time and knowledge required to implement a control. We use optimisation to identify the best set of controls to minimise the risk exposure considering these metrics. Our comparative analysis against a random selection approach highlight that our approach is at least 25% better at minimising risk. Finally, we show how improved knowledge or time impacts the risk.

Emma Scott, Sakshyam Panda, George Loukas, Emmanouil Panaousis (2022). "Optimising user security recommendations for AI-powered smart-homes." IEEE Conference on Dependable and Secure Computing (IEEE DSC), 1-8.

MULTI-FLGANs: Multi-distributed adversarial networks for non-IID distribution


Federated learning is an emerging concept in the domain of distributed machine learning. This concept has enabled GANs to benefit from the rich distributed training data while preserving privacy. However, in a non-iid setting, current federated GAN architectures are unstable, struggling to learn the distinct features and vulnerable to mode collapse. In this paper, we propose a novel architecture MULTI-FLGAN to solve the problem of low-quality images, mode collapse and instability for non-iid datasets. Our results show that MULTI-FLGAN is four times as stable and performant (i.e. high inception score) on average over 20 clients compared to baseline FLGAN.

Akash Amalan, Rui Wang, Yanqi Qiao, Emmanouil Panaousis, Kaitai Liang (2022). "MULTI-FLGANs: Multi-distributed adversarial networks for non-IID distribution." arXiv preprint arXiv:2206.12178.

MITRE ATT&CK-driven cyber risk assessment


Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups– Lazarus and menuPass.

Mohamed G Ahmed, Sakshyam Panda, Emmanouil Panaousis, Christos Xenakis (2022). "MITRE ATT&CK-driven cyber risk assessment." Proceedings of the 16th International Conference on Availability, Reliability and Security.
(CORE2021 Ranking: B)

HoneyCar: A framework to configure honeypot vulnerabilities on the internet of vehicles


The Internet of Vehicles (IoV), whereby interconnected vehicles that communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. To protect these entities and learn about adversaries, data on attackers can be realistically gathered using decoy systems like honeypots. Admittedly, honeypots introduces a trade-off between the level of honeypot-attacker interactions and incurred overheads and costs for implementing and monitoring these systems. Deception through honeypots can be achieved by strategically configuring the honeypots to represent components of the IoV to engage attackers and collect cyber threat intelligence. Here, we present HoneyCar, a novel decision support framework for honeypot deception in IoV. HoneyCar benefits from the repository of known vulnerabilities of the autonomous and connected vehicles found in the Common Vulnerabilities and Exposure (CVE) database to compute optimal honeypot configuration strategies. The adversarial interaction is modelled as a repeated imperfect-information zero-sum game where the IoV network administrator strategically chooses a set of vulnerabilities to offer in a honeypot and a strategic attacker chooses a vulnerability to exploit under uncertainty. Our investigation examines two different versions of the game, with and without the re-configuration cost, to empower the network administrator to determine optimal honeypot investment strategies given a budget. We show the feasibility of this approach in a case study that consists of the vulnerabilities in autonomous and connected vehicles gathered from the CVE database and data extracted from the Common Vulnerability Scoring System (CVSS).

Sakshyam Panda, Stefan Rass, Sotiris Moschoyiannis, Kaitai Liang, George Loukas, Emmanouil Panaousis (2019). "HoneyCar: A framework to configure honeypot vulnerabilities on the internet of vehicles." IEEE Access, 10, 104671-104685.
(JCR 2021: 3.476, CiteScore 2021: 6.7)

A trusted platform module-based, pre-emptive and dynamic asset discovery tool


This paper presents an original Intelligent and Secure Asset Discovery Tool (ISADT) that uses artificial intelligence and TPM-based technologies to: (i) detect the network assets, and (ii) detect suspicious pattern in the use of the network. The architecture has specifically been designed to discover the assets of medium and large size companies and institutions, such as hospitals, universities, or government buildings. Given the distributed design of the architecture, it can cope with the problem of the isolation of different Virtual Local Area Networks (VLANs). This is done by collecting information from all the VLANs and storing it in a central node, which can be accessed by the network administrator, who may consult and visualize the status in any moment, or even by other authorized applications. The collected data is kept in a secure warehouse by the use of a Trusted Platform Module. Moreover, collected data is processed by the use of artificial intelligence in two ways: (i) the traffic of each network is analysed so that suspicious patterns can be detected, and (ii) identified ports and status are analysed to detect anomalous combinations of open ports in a device.

Antonio Jesus Diaz-Honrubia, Alberto Blázquez Herranz, Lucía Prieto Santamaría, Ernestina Menasalvas Ruiz, Alejandro Rodríguez-González, Gustavo Gonzalez-Granadillo, Rodrigo Diaz, Emmanouil Panaousis, Christos Xenakis (2022). "A trusted platform module-based, pre-emptive and dynamic asset discovery tool." Journal of Information Security and Applications (JISA), 71, 103350.
(JCR 2021: 4.96, CiteScore 2021: 7.6)

Forensics for multi-stage cyber incidents: Survey and future directions


The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data produced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to operate more efficiently, in terms of resources and evidence recovery, and cope with a wide range of cyber incidents. This paper presents a comprehensive survey of 49 works that aim to sup- port cyber forensic investigations of modern multi-stage cyber incidents and highlights the need for decision support systems on the field. The works reviewed are compared using 11 criteria, such as their evaluation method, how they optimise the forensic process, or what stage of investigation they study. We also classify the surveyed papers using 8 categories that represent the overall aim of the proposed cyber investigation method or tool. We identify and discuss open issues, arising from this extensive survey, such as the need for realistic evaluation, as well as realistic and representative modelling to increase applicability and performance. Finally, we provide directions for future research on improving the state-of-the-art of cyber forensics.

Antonia Nisioti, George Loukas, Alexios Mylonas, Emmanouil Panaousis (2021). "Game-theoretic decision support for cyber forensic investigations." Forensic Science International: Digital Investigation, 21(16), 5300.
(JCR 2021: 1.805, CiteScore 2021: 5.0)

Principled data-driven decision support for cyber-forensic investigations


In the wake of a cybersecurity incident, it is crucial to promptly discover how the threat actors breached security in order to assess the impact of the incident and to develop and deploy countermeasures that can protect against further attacks. To this end, defenders can launch a cyber-forensic investigation, which discovers the techniques that the threat actors used in the incident. A fundamental challenge in such an investigation is prioritizing the investigation of particular techniques since the investigation of each technique requires time and effort, but forensic analysts cannot know which ones were actually used before investigating them. To ensure prompt discovery, it is imperative to provide decision support that can help forensic analysts with this prioritization. A recent study demonstrated that data-driven decision support, based on a dataset of prior incidents, can provide state- of-the-art prioritization. However, this data-driven approach, called DISCLOSE, is based on a heuristic that utilizes only a subset of the available information and does not approximate optimal decisions. To improve upon this heuristic, we introduce a principled approach for data-driven decision support for cyber-forensic investigations. We formulate the decision-support problem using a Markov decision process, whose states represent the states of a forensic investigation. To solve the decision problem, we propose a Monte Carlo tree search based method, which relies on a k-NN regression over prior incidents to estimate state-transition probabilities. We evaluate our proposed approach on multiple versions of the MITRE ATT&CK dataset, which is a knowledge base of adversarial techniques and tactics based on real-world cyber incidents, and demonstrate that our approach outperforms DISCLOSE in terms of techniques discovered per effort spent.

Soodeh Atefi, Sakshyam Panda, Manos Panaousis, Aron Laszka (2023). "Principled data-driven decision support for cyber-forensic investigations." 37th AAAI Conference on Artificial Intelligence (AAAI 23).
(CORE2021 Ranking: A*)

Privacy-protecting attribute-based conjunctive keyword search scheme in cloud storage


Cloud storage has been deployed in various real-world applications. But how to enable Internet users to search over encrypted data and to enable data owners to perform fine- grained search authorization are of huge challenge. Attribute- based keyword search (ABKS) is a well-studied solution to the challenge, but there are some drawbacks that prevent its practical adoption in cloud storage context. First, the access policy in the index and the attribute set in the trapdoor are both in plaintext, they are likely to reveal the privacy of data owners and users. Second, the current ABKS schemes cannot provide multi-keyword search under the premise of ensuring security and efficiency. We explore an efficient way to connect the inner product encryption with the access control mechanism and search process in ABKS, and propose a privacy-protecting attribute- based conjunctive keyword search scheme. The proposed scheme provides conjunctive keyword search and ensures that the access policy and attribute set are both fully hidden. Formal security models are defined and the scheme is proved IND-CKA, IND-OKGA, access policy hiding and attribute set hiding. Finally, empirical simulations are carried out on real-world dataset, and the results demonstrate that our design outperforms other existing schemes in security and efficiency.

Yang Chen, Yang Liu, Jin Pan, Fei Gao, Emmanouil Panaousis (2023) "Privacy-protecting attribute-based conjunctive keyword search scheme in cloud storage." Journal of Internet Technology, 624(1), pp.65-75.

Virtually Secure: A taxonomic assessment of cybersecurity challenges in virtual reality environments


Although Virtual Reality (VR) is certainly not a new technology, its recent adoption across several sectors beyond entertainment has led the information security research community to take note of the new cyber threats that come with it. The variety of system components presents an extensive attack surface that can be exploited. At the same time, VR’s emphasis on immersion, interaction and presence means that the user can be targeted directly, yet the use of head-mounted displays may prevent them from observing a cyber attack’s impact in their immediate physical environment. This paper presents the first taxonomic representation of VR security challenges. By systemically classifying existing VR cyber threats against existing defences in a single comparative matrix, we aim to help researchers from different backgrounds to identify key focus areas where further research would be most beneficial.

Blessing Odeleye, George Loukas, Ryan Heartfield, Georgia Sakellari, Emmanouil Panaousis, Fotios Spyridonis (2023). "Virtually Secure: A taxonomic assessment of cybersecurity challenges in virtual reality environments." Computers & Security, 124, 102951.
(JCR 2021: 5.105, CiteScore: 10.1)

Cyber hygiene methodology for raising cybersecurity and data privacy awareness in healthcare organisations


In this paper we present a structured methodology for improving the cyber hygiene perception and behaviour of personnel in the healthcare sector. The applicability and added value of the proposed CH methodology is demonstrated using real- life survey data collected at 3 European healthcare organisations. Our findings suggest that there are considerable differences with respect to human-oriented cybersecurity and data privacy risks across different organisations and diverse employee groups within the same organisation. By applying the CH methodology, we provide the risk strategies together with the list of recommended human-centric controls for managing a wide range of cybersecurity and data privacy risks related to healthcare employees.

Elina Argyridou, Sokratis Nifakos, Christos Laoudias, Sakshyam Panda, Emmanouil Panaousis, Krishna Chandramouli, Diana Navarro-Llobet, Juan Mora Zamorano, Panagiotis Papachristou, Stefano Bonacina (2023). "Cyber hygiene methodology for raising cybersecurity and data privacy awareness in healthcare organisations." Journal of Medical Internet Research.
(JCR 2022: 7.08, CiteScore 2021: 8.2)

Secure genotype imputation using homomorphic encryption


Genotype imputation estimates missing genotypes from the haplotype or genotype reference panel in individual genetic sequences, which boosts the potential of genome-wide association and is essential in genetic data analysis. However, the genetic sequences involve people’s privacy, confirming an individual’s identification and even disease information. This work proposes a secure genotype imputation model, which uses a linear regression model and the homomorphic encryption scheme over ciphertext to impute missing genotypes. The inference model is trained with float plaintext parameters, which are round into integers to avoid high complexity homomorphic evaluation on float number operations without bootstrapping operations. Even though the rounding parameters in the inference model are not the same as those in the trained model, We find that it will no effect on the outcome of the homomorphic prediction. Thus, a high-efficiency genotype imputation inference model over the ciphertext is obtained while keeping the high-security level. The simulation results indicate that the accuracy of the secure inference model is almost the same as the original model trained on float parameters. The secure inference model’s accuracy is 98.6% for a single genotype.

Junwei Zhou, Botian Lei, Huile Lang, Emmanouil Panaousis, Kaitai Liang, Jianwen Xiang (2022). "Secure genotype imputation using homomorphic encryption." Journal of Information Security and Applications (JISA), 72, 103386.
(JCR 2021: 4.96, CiteScore 2021: 7.6)

CROSS: A framework for cyber risk optimisation in smart homes


This work introduces a decision support framework, called Cyber Risk Optimiser for Smart homeS (CROSS), which advises both smart home users and smart home service providers on how to select an optimal portfolio of cyber security controls to counteract cyber attacks in a smart home including traditional cyber attacks and adversarial machine learning attacks. CROSS is based on a multi-objective bi-level two-stage optimisation. In stage-one optimisation, the problem is modelled as a multi-leader-follower game that considers both security and economic objectives, where the provider selects a security portfolio to protect both itself and its users, while rational attackers target the weakest path. Stage-two optimisation is a Stackelberg security game that focuses on additional user security controls under the remit of smart home users. While CROSS can potentially be applied to other similar use cases, in this paper, our aim is to address threats against artificial intelligence (AI) applications as the use of AI in smart Internet of Things (IoT) devices introduces new cyber threats to home environments. Specifically, we have implemented and assessed CROSS in a smart heating use case in a prototypical AI-enabled IoT environment that combines characteristics and vulnerabilities currently present on existing commercial off-the-shelf (COTS) devices, demonstrating the selection of optimal decisions.

Yunxiao Zhang, Pasquale Malacaria, George Loukas, Emmanouil Panaousis (2023). "CROSS: A Framework for Cyber Risk Optimisation in Smart Homes." Computers & Security
(JCR 2021: 5.105, CiteScore: 10.1)

SoK: The MITRE ATT&CK framework in research and practice


The MITRE ATT&CK framework, a comprehensive knowledge base of adversary tactics and techniques, has been widely adopted by the cybersecurity industry as well as by academic researchers. Its broad range of industry applications include threat intelligence, threat detection, and incident response, some of which go beyond what it was originally designed for. Despite its popularity, there is a lack of a systematic review of the applications and the research on ATT&CK. This systematization of work aims to fill this gap. To this end, it introduces the first taxonomic systematization of the research literature on ATT&CK, studies its degree of usefulness in different applications, and identifies important gaps and discrepancies in the literature to identify key directions for future work. The results of this work provide valuable insights for academics and practitioners alike, highlighting the need for more research on the practical implementation and evaluation of ATT&CK.

Shanto Roy, Emmanouil Panaousis, Cameron Noakes, Aron Laszka, Sakshyam Panda, George Loukas (2023). "SoK: The MITRE ATT&CK framework in research and practice." arXiv preprint arXiv:2304.07411.

Cyber risk assessment and optimization: A small business case study


Assessing and controlling cyber risk is the cornerstone of information security management, but also a formidable challenge for organisations due to the uncertainties associated with attacks, the resulting risk exposure, and the availability of scarce resources for investment in mitigation measures. In this paper, we propose a cybersecurity decision-support framework, called CENSOR, for optimal cyber security investment. CENSOR accounts for the serial nature of a cyber attack, the uncertainty in the time required to exploit a vulnerability, and the optimisation of mitigation measures in the presence of a limited budget. First, we evaluate the cost that an organisation incurs due to a cyber security breach that progresses in stages and derive an analytical expression for the distribution of the present value of the cost. Second, we adopt a Set Covering and a Knapsack formulation to derive and compare optimal strategies for investment in mitigation measures. Third, we validate CENSOR via a case study of a small business (SB) based on: (i) the 2020 Common Weakness Enumeration (CWE) top 25 most dangerous software weaknesses; and (ii) the Center for Internet Security (CIS) Controls. Specifically, we demonstrate how the Knapsack formulation provides solutions that are both more affordable and entail lower risk compared to those of the Set Covering formulation. Interestingly, our results confirm that investing more in cybersecurity does not necessarily lead to an analogous cyber risk reduction, which indicates that the latter decelerates beyond a certain point of security investment intensity.

Maria Tsiodra, Sakshyam Panda, Michail Chronopoulos, Emmanouil Panaousis.(2023). "Cyber risk assessment and optimization: A small business case study." IEEE Access, 44467 - 44481.
(JCR 2022: 3.9, CiteScore: 9.0)

Game-theoretic APT defense: An experimental study on robotics


This paper proposes a novel game-theoretic framework for defending against Advanced Persistent Threats (APTs). It applies the original Cut-The-Rope model into an experimental study extending the previously studied attacker movements beyond the Poisson distribution to a realistic set of attack actions. More importantly, it demonstrates the value of this framework on an experimental study of an APT defense game on attack graphs, which lets a security officer establish an optimized defense policy against stealthy intrusions. The security model and algorithm under study is designed for practical use with attack graphs as threat models, possibly including vulnerability information if available. The game-theoretic optimization delivers a proactive defense policy under the following assumptions or requirements: first, we do not need to assume that the system is, or has been, clean from adversaries at any time. At the moment when the defender computes the defense policy, the attacker is assumed to already be in the system (also having penetrated it until an unknown depth). Second, the defender does not rely on any signaling or other indicators of adversarial activity, nor is there a reliable feedback mechanism to tell the defender if its actions were successful or not. Third, the model can use information on exploits, such as Common Vulnerabilities and Exposures (CVE) numbers, to refine the defense game, but can also operate without such information. We corroborate our findings on publicly documented attack graphs from the robotics domain; without and with CVE information. We run experiments against two different types of defense regimes, and compare the results against an intuitive baseline defense heuristic. The results show that the optimized defense strongly outperforms simple heuristics, like taking the shortest or easiest attack paths.

Stefan Rass, Sandra König, Jasmin Wachter, Víctor Mayoral-Vilches, Emmanouil Panaousis (2023). "Game-theoretic APT defense: An experimental study on robotics." Computers & Security (COSE), 132, 103328.
(JCR 2021: 5.105, CiteScore: 10.1)

Behavioral biometrics for mobile user authentication: Benefits and limitations


User authentication serves as the primary defense, also referred to as first line of defense, by verifying the identity of a mobile user, often as a requirement for accessing resources on a mobile device. For many years, user authentication relied on “something that the user knows,” also known as knowledge-based user authentication. However, recent research indicates that knowledge-based user authentication is no longer considered secure or convenient for mobile users because it imposes several limitations. These limitations highlight the need for more secure and user-friendly user authentication methods. One promising solution is user authentication based on “something that the user is,” which includes authentication methods that use physical characteristics of the mobile user (i.e., physiological biometrics) or their involuntary actions (i.e., behavioral biometrics). Although physiological biometrics have been successfully deployed for mobile user authentication over the last years, recent studies suggest that they show several weaknesses (e.g., vulnerable to various attacks such as impersonation). Consequently, experts in the security field are now focusing more on user authentication based on behavioral biometrics. Therefore, the aim of this work is to investigate the benefits, as well as the limitations of behavioral biometrics for mobile user authentication in order to provide a foundation for organizing research efforts toward the design and development of proper user authentication solutions based on behavioral biometrics for mobile devices.

Maria Papaioannou, Georgios Mantas, Emmanouil Panaousis, Aliyah Essop, Jonathan Rodriguez, Victor Sucasas (2023). "Behavioral biometrics for mobile user authentication: Benefits and limitations." Proceedings of the 2023 IFIP Networking Conference (IFIP Networking)..
(CORE2023 Ranking: B)

A survey on cyber risk management for the Internet of Things


The Internet of Things (IoT) continues to grow at a rapid pace, becoming integrated into the daily operations of individuals and organisations. IoT systems automate crucial services within daily life that users may rely on, which makes the assurance of security towards entities such as devices and information even more significant. In this paper, we present a comprehensive survey of papers that model cyber risk management processes within the context of IoT, and provide recommendations for further work. Using 39 collected papers, we studied IoT cyber risk management frameworks against four research questions that delve into cyber risk management concepts and human-orientated vulnerabilities. The importance of this work being human-driven is to better understand how individuals can affect risk and the ways that humans can be impacted by attacks within different IoT domains. Through the analysis, we identified open areas for future research and ideas that researchers should consider.

Emily Kate Parsons, Emmanouil Panaousis, George Loukas, Georgia Sakellari (2023). "A survey on cyber risk management for the Internet of Things." Applied Sciences, 13, 15.
(JCR 2021: 2.7, CiteScore: 4.5)

INCHAIN: a cyber insurance architecture with smart contracts and self-sovereign identity on top of blockchain


Despite the rapid growth of the cyber insurance market in recent years, insurance companies in this area face several challenges, such as a lack of data, a shortage of automated tasks, increased fraudulent claims from legal policyholders, attackers masquerading as legal policyholders, and insurance companies becoming targets of cybersecurity attacks due to the abundance of data they store. On top of that, there is a lack of Know Your Customer procedures. To address these challenges, in this article, we present INCHAIN, an innovative architecture that utilizes Blockchain technology to provide data transparency and traceability. The backbone of the architecture is complemented by Smart Contracts, which automate cyber insurance processes, and Self-Sovereign Identity for robust identification. The effectiveness of INCHAIN ’s architecture is compared with the literature against the challenges the cyber insurance industry faces. In a nutshell, our approach presents a significant advancement in the field of cyber insurance, as it effectively combats the issue of fraudulent claims and ensures proper customer identification and authentication. Overall, this research demonstrates a novel and effective solution to the complex problem of managing cyber insurance, providing a solid foundation for future developments in the field.

Aristeidis Farao, Georgios Paparis, Sakshyam Panda, Emmanouil Panaousis, Apostolis Zarras, Christos Xenakis (2023). "INCHAIN: a cyber insurance architecture with smart contracts and self-sovereign identity on top of blockchain." International Journal of Information Security, 13, 15.

Privacy impact assessment of cyber attacks on connected and autonomous vehicles


Connected and autonomous vehicles (CAVs) are vulnerable to security gaps that can result in serious consequences, including cyber-physical and privacy risks. For example, an attacker can reconstruct a vehicle’s location trajectory by knowing the speed and steering wheel position of the vehicle. Such inferences not only lead to safety issues but also significantly threaten privacy. This paper assesses the privacy impacts of cyber threats on vehicular networks. We augment the Privacy Risk Assessment Methodology (PRAM), proposed by the National Institute of Standards and Technology, with cyber threats, with cyber threats, which are, in practice, mapped to PRAM impact metrics. We demonstrate the practical application of the enhanced PRAM methodology through a use case that highlights attacks leading to privacy risks in CAVs. The consideration of cyber attacks for privacy risk assessment addresses a major gap in current practices, which is to integrate privacy risk into cyber risk management.

Sakshyam Panda, Emmanouil Panaousis, George Loukas, Konstantinos Kentrotis (2023). "Privacy impact assessment of cyber attacks on connected and autonomous vehicles." Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES 2023).