A. Mavromatis, G. Papadopoulos, X. Fafoutis, A. Goulianos, G. Oikonomou, P. Chatzimisios, T. Tryfonas, "Link quality and path based clustering in IEEE 802.15.4-2015 TSCH networks", in Proc. IEEE ISCC, pp. 798-803, 2017
Advance clustering techniques have been widely used in Wireless Sensor Networks (WSNs) since they can potentially reduce latency, improve scheduling, decrease end-to-end delay and optimise energy consumption within a dense network topology. In this paper, we present a novel clustering algorithm for high density IEEE 802.15.4-2015 Time-Slotted Channel Hopping (TSCH). In particular, the proposed methodology merges a variety of solutions into an integrated clustering design. Assuming an homogeneous network distribution, the proposed configuration deploys a hierarchical down-top approach of equally numbered sub-groups, in which the formation of the separate sub-groups is adapted to the network density and the node selection metric is based on the link quality indicator. The presented algorithm is implemented in Contiki Operating System (OS) and several test vectors have been designed in order to evaluate the performance of the proposed algorithm in a COOJA simulation environment. Performance results demonstrate the capability of the clustering structure since compared to the default scheme it significantly improves the energy efficiency up to 35%, packet drops more than 40% as well the packet retransmission rate. Last but not least, the outcome of this study indicates a major increase in the network lifetime, i.e., up to 50%.
G. Margelis, X. Fafoutis, G. Oikonomou, R. Piechocki, T. Tryfonas, P. Thomas, "Physical layer secret-key generation with discreet cosine transform for the Internet of Things", in Proc. IEEE ICC, 2017
The confidentiality of communications in the Internet of Things (IoT) is critical, with cryptography currently being the most widely employed method of ensuring it. Establishing cryptographically secure communication links between two transceivers requires the pre-agreement on some key, unknown to an external attacker. In recent years there has been growing attention in techniques that generate a shared random key through observation of the channel and its effects on the exchanged messages. In this work we present SKYGlow, a novel scheme for secret-key generation, designed for IoT devices, such as IEEE 802.15.4 and Bluetooth Low Energy (BLE) transceivers. SKYGlow employs the Discreet Cosine Transform (DCT) of channel observations and Slepian-Wolf coding for information reconciliation. Real-life experiments have resulted in the creation of 128-bit secret keys with only 65 packet exchanges and with an entropy of 0.9978 bits, making our scheme much more energy-efficient compared with others in the existing literature.
X. Fafoutis, L. Marchegiani, G. Papadopoulos, R. Piechocki, T. Tryfonas, G. Oikonomou, "Privacy Leakage of Physical Activity Levels in Wireless Embedded Wearable Systems", Signal Processing Letters, IEEE, 24(2), pp. 136-140, 2017
With the ubiquity of sensing technologies in our personal spaces, the protection of our privacy and the confidentiality of sensitive data becomes a major concern. In this paper, we focus on wearable embedded systems that communicate data periodically over the wireless medium. In this context, we demonstrate that private information about the physical activity levels of the wearer can leak to an eavesdropper through the physical layer. Indeed, we show that the physical activity levels strongly correlate with changes in the wireless channel that can be captured by measuring the signal strength of the eavesdropped frames. We practically validate this correlation in several scenarios in a real residential environment, using data collected by our prototype wearable accelerometer-based sensor. Lastly, we propose a privacy enhancement algorithm that
mitigates the leakage of this private information.
P. Cooper, K. Maraslis, T. Tryfonas, G. Oikonomou, "An intelligent hot-desking model harnessing the power of occupancy sensing", Journal of Facilities, Emerald Group Publishing Limited, 2017 (in press)
In this paper a model is developed to harness the power of occupancy sensing in an Intelligent Hot-Desking system utilizing experimental data from a commercial office in central London. To achieve that, the model uses that data as an input in order to undertake the task of allocating the office desks to the employees in a way that will maximise their productivity based on the type of project that each employee is working on each time. In this way, and by taking into account other parameters that are involved as well, the synergy that this situation can create, can increase productivity significantly compared to the situation where employees have their desks fixed under any circumstances and also allow for expenses cut since the desks can now be less than the employees. Not only is this approach able to optimize desk utilization based on quality occupancy data, but also speculates how and by how much overall productivity increases, while proving that its benefits outweigh the costs of adopting such a system. Furthermore, this paper explores the barriers towards Intelligent Hot-Desking, including how an increase in occupancy data collection in the private sector could have key advantages for the business as an organization and the city as a whole. Ultimately, it provides a valuable and feasible use case for the use of occupancy data in smart buildings, a dataset that is perceived to be valuable yet underexplored.
P. Andriotis, G. Oikonomou, T. Tryfonas, S. Li, "Highlighting Relationships of a Smartphone’s Social Ecosystem in Potentially Large Investigations", IEEE Transactions on Cybernetics, IEEE, 46(9), pp. 1974-1985, 2016
Social media networks are becoming increasingly popular because they can satisfy diverse needs of individuals (both personal and professional). Modern mobile devices are empowered with increased capabilities, taking advantage of the technological progress that makes them smarter than their predecessors. Thus, a smartphone user is not only the phone owner, but also an entity that may have different facets and roles in various social media networks. We believe that these roles can be aggregated in a single social ecosystem, which can be derived by the smartphone. In this paper, we present our concept of the social ecosystem in contemporary devices and we attempt to distinguish the different communities that occur from the integration of social networking in our lives. In addition, we propose techniques to highlight major actors within the ecosystem. Moreover, we demonstrate our suggested visualization scheme, which illustrates the linking of entities that live in separate communities using data taken from the smartphone. Finally, we extend our concept to include various parallel ecosystems during potentially large investigations and we link influential entities in a vertical fashion. We particularly examine cases where data aggregation is performed by specific applications, producing volumes of textual data that can be analyzed with text mining methods. Our analysis demonstrates the risks of the rising ``bring your own device'' trend in enterprise environments.
A. Mavromatis, G. Papadopoulos, X. Fafoutis, A. Elsts, G. Oikonomou, T. Tryfonas, "Impact of Guard Time Length on IEEE 802.15.4e TSCH Energy Consumption", in Proc. IEEE SECON, 2016
The IEEE 802.15.4-2015 standard defines a number of Medium Access Control (MAC) layer protocols for low- power wireless communications in the IoT. Originally defined in the IEEE 802.15.4e amendment, TSCH (Time Slotted Channel Hopping) is among the proposed mechanisms. TSCH is a scheme aiming to guarantee network reliability by keeping nodes time-synchronised at the MAC layer. In order to ensure successful communication between a sender and a receiver, the latter starts listening shortly before the expected time of a MAC layer frame’s arrival. The offset between the time a node starts listening and the estimated time of frame arrival is called guard time and it aims to reduce the probability of missed frames due to clock drift. In this poster, we investigate the effect of the guard time duration on energy consumption. We identify that, when using the 6tisch minimal schedule, the most significant cause of energy consumption is idle listening during guard time. Therefore, the energy-efficiency of TSCH can be significantly improved by guard time optimisation. Our performance evaluation results, conducted using the Contiki operating system, show that an efficient configuration of guard time may reduce energy consumption by up to 30%, without compromising network reliability.
G. Papadopoulos, V. Kotsiou, A. Gallais, G. Oikonomou, P. Chatzimisios, T. Tryfonas, T. Noël, "A Mobility-Supporting MAC Scheme for Bursty Traffic in IoT and WSNs", in Proc. IEEE GLOBECOM, 2016
Recent boom of mobile applications has become an essential class of mobile Internet of Things (IoT), whereby large amounts of sensed data are collected and shared by mobile sensing devices for observing phenomena such as traffic or the environmental. However, most of the existing Medium Access Control (MAC) protocols mainly focus on static networks. Thus, mobile sensor nodes may pose many communication challenges during the design and development of a MAC protocol. These difficulties first require an efficient connection establishment between a mobile and static node, and then an effective data packet transmissions. In this study, we propose MobIQ, a MAC scheme that allows an advanced mobility-handling scheme for low-power MAC protocols, which allows for efficient neighbour(hood) discovery and low-delay communication. Our thorough performance evaluation, conducted on top of Contiki OS, shows that MobIQ outperforms state-of-the-art solutions such as MoX-MAC, MOBINET and ME-ContikiMAC, in terms of reducing both delay, contention to the medium and energy consumption.
G. Papadopoulos, A. Mavromatis, X. Fafoutis, N. Montavont, R. Piechocki, T. Tryfonas, G. Oikonomou, "Guard Time Optimisation and Adaptation for Energy Efficient Multi-hop TSCH Networks", in Proc. IEEE WF-IoT, 2016
In the IEEE 802.15.4-2015 standard, Time Slotted Channel Hopping (TSCH) aims to guarantee high-level network reliability by keeping nodes time-synchronised. In order to ensure successful communication between a sender and a receiver, the latter starts listening shortly before the expected time of a MAC layer frame’s arrival. The offset between the time a node starts listening and the estimated time of frame arrival is called guard time and it aims to reduce the probability of missed frames due to clock drift. In this paper, we investigate the impact of the guard time on network performance. We identify that, when using the 6tisch minimal schedule, the most significant cause of energy consumption is idle listening during guard time. Therefore, we first perform mathematical modelling on a TSCH link to identify the guard time that maximises the energy-efficiency of the TSCH network in single hop topology. We then continue in multi-hop network, where we empirically adapt the guard time locally at each node depending its distance, in terms of hops, from the sink. Our performance evaluation results, conducted using the Contiki OS, demonstrate that the proposed decentralised guard time adaptation can reduce the energy consumption by up to 40\%, without compromising network reliability.
G. Papadopoulos, A. Georgallides, T. Tryfonas, G. Oikonomou, "BMFA: Bi-Directional Multicast Forwarding Algorithm for RPL-based 6LoWPANs", in Proc. InterIoT, ser. LNICST, 190, pp. 18-25, 2016
In scenarios involving point-to-multipoint network traffic, transmitting to each destination individually with unicast may lead to poor utilisation of network bandwidth, excessive energy consumption caused by the high number of packets and suffers from low scalability as the number of destinations increases. An alternative approach, would be to use network-layer multicast, where packets are transmitted to multiple destinations simultaneously. In doing so, applications adopting a one-to-many communication paradigm may improve their energy efficiency and bandwidth utilisation. In this paper, we present Bi-directional Multicast Forwarding Algorithm (BMFA), a novel RPL-based multicast forwarding mechanism. BMFA improves its pre-predecessor SMRF in that it allows multicast traffic to travel both upwards as well as downwards in an RPL tree. At the same time, it retains SMRF’s low latency and very low energy consumption characteristics. Our performance evaluation results, conducted using the Contiki operating system, show that BMFA outperforms its rival Trickle Multicast / Multicast Protocol for Low power and Lossy Networks (TM / MPL), in terms of reducing both delay and energy consumption.
G. Papadopoulos, A. Mavromatis, X. Fafoutis, R. Piechocki, T. Tryfonas, G. Oikonomou, "Guard Time Optimisation for Energy Efficiency in IEEE 802.15.4-2015 TSCH Links", in 2nd EAI International Conference on Interoperability in IoT, ser. LNICST, pp. 56-63, 2016
Time Slotted Channel Hopping (TSCH) is among the Medium Access Control (MAC) schemes defined in the IEEE 802.15.4-2015 standard. TSCH aims to guarantee high-level network reliability by keeping nodes time-synchronised. In order to ensure successful communication between a sender and a receiver, the latter starts listening shortly before the expected time of a MAC layer frame’s arrival. The offset between the time a node starts listening and the estimated time of frame arrival is called guard time and it aims to reduce the probability of missed frames due to clock drift. In this paper, we investigate the impact of the guard time length on network performance. We identify that, when using the 6TiSCH minimal schedule, the most significant cause of energy consumption is idle listening during guard time. Therefore, we perform empirical optimisations on the guard time to maximise the energy-efficiency of a TSCH link. Our experiments, conducted using the Contiki OS, show that optimal guard time configuration can reduce energy consumption by up to 40\%, without compromising network reliability.
G. Margelis, X. Fafoutis, R. Piechocki, G. Oikonomou, T. Tryfonas, P. Thomas, "Practical Limits of the Secret Key-Capacity for IoT Physical Layer Security", in Proc. IEEE WF-IoT, 2016
The confidentiality of communications in the Internet of Things (IoT) is critical, with cryptography being currently the most widely employed method to achieve it. Establishing cryptographically secure communication links between two transceivers requires the pre-agreement on some key, unknown to an external attacker. In recent years there has been growing interest for techniques that generate a shared random key through observation of the channel and its effects on the exchanged messages. The maximum length of that key is characterised by the Mutual Information (MI) between the observations of the two radios. In this work we examine the practical limits of the MI of off-the-shelf transceivers communicating through the IEEE 802.15.4 specification in an indoor office environment, and calculate the secret-key capacity, that is, the maximum length of an extracted secret-key in the presence of an eavesdropper. Furthermore, we study how using groups of observations can affect the MI and both analytically and experimentally prove that grouping observations leads to better results and an increased key-capacity.
K. Maraslis, P. Cooper, T. Tryfonas, G. Oikonomou, "An intelligent hot-desking model based on occupancy sensor data and its potential for social impact", in Proc. HICSS, ser. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9860, pp. 142-158, 2016
In this paper we develop a model that utilises occupancy sensor data in a commercial Hot-Desking environment. Hot-Desking (or ‘office-hoteling’) is a method of office resource management that emerged in the nineties hoping to reduce the real estate costs of workplaces, by allowing offices to be used interchangeably among employees. We show that sensor data can be used to facilitate office resources management, in our case desk allocation in a Hot-Desking environment, with results that outweigh the costs of occupancy detection. We are able to optimise desk utilisation based on quality occupancy data and also demonstrate the effectiveness of the model by comparing it to a theoretically ideal, but impractical in real life, model. We then explain how a generalisation of the model that includes input from human sensors (e.g. social media) besides the presence sensing and pre-declared personal preferences, can be used, with potential impact on wider community scale.
V. Kumar, G. Oikonomou, T. Tryfonas, "Traffic Forensics for IPv6-Based Wireless Sensor Networks and the Internet of Things", in Proc. IEEE WF-IoT, 2016
Research and standardisation efforts in the fields of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) are leading towards the adoption of TCP/IP for deployments of networks of severely constrained smart embedded objects. As a result, wireless sensors can now be uniquely identified by an IPv6 address and thus be directly connected to and reachable from the internet. This has a series of advantages but also exposes sensor deployments to new security vulnerabilities. Should a deployment be compromised, post-incident analysis can provide information about the nature of the attack by inspecting the network’s state and traffic during the time period prior, during and after the attack. In this paper we adopt traffic forensic techniques in order to achieve post-hoc detection of attacks against availability in IPv6-based Low-Power Wireless Personal Area Networks. To this end, we first implement an attack which exploits inherent vulnerabilities of the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). Subsequently, we present an automated method to detect and analyse this attack by examining network packet captures.
A. Fragkiadakis, G. Oikonomou, H. Pöhls, E. Tragos, M. Wojcik, T. Tryfonas, "Securing Communications Among Severely Constrained, Wireless Embedded Devices", in Engineering Secure IoT Systems, IET, 2016
The goal of this chapter is to present the ideas and concepts of the EU-FP7 SMARTCITIES project “RERUM” with regards to improving the communication security in IoT-based smart city applications. The chapter tries to identify the gaps in previous IoT frameworks with regards to security and privacy and shows the advances that RERUM brings to the IoT community with its significant focus on embedded device functionalities. The goal of the RERUM secure communications framework is to provide light-weight solutions so that they can be applied even in the very constrained IoT devices. Solutions for lightweight encryption (based on the relatively new theory of Compressive Sensing), on transport-layer security (based on DTLS) and on integrity verification of data (using on-device signatures) are presented in detail, discussing their applicability and the benefits they bring to IoT.
P. Andriotis, G. Oikonomou, A. Mylonas, T. Tryfonas, "A Study on Usability and Security Features of the Android Pattern Lock Screen", Information and Computer Security, Emerald, 24(1), pp. 53-72, 2016
The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern.
P. Cooper, T. Crick, T. Tryfonas, G. Oikonomou, "Whole-Life Environmental Impacts of ICT Use", in Proc. 2015 IEEE Globecom Workshops (GC Wkshps), 2015
In this paper we apply a whole-life assessment approach to estimate the environmental impact of the use of ICT of an individual within the UK over a one-year period. By estimating the energy and data consumption of an average user's use of a typical device, and estimating the associated energy usage (and thus CO2 produced) of each stage in the data chain, we are able to calculate the summed CO2 value for embodied carbon of an average device. Overall, device energy is seen to dominate; within device, desktops dominate, both due to their high energy use for a given task, but also their high standby power, which is the most significant point of behaviour-driven waste. Geographical, behavioural and chronological factors are all evaluated to be highly significant to the impact of a user's ICT use, along with a number of secondary factors. Finally, we present policy recommendations to further the understanding of the factors affecting the environmental impact of ICT, particularly focusing on sustainability, resource efficiency and the social implications of ICT in a low-carbon transformation.
M. Haghighi, K. Maraslis, T. Tryfonas, G. Oikonomou, A. Burrows, P. Woznowski, "Game Theoretic Approach Towards Optimal Multi-tasking and Data-distribution in IoT", in Proc. IEEE World Forum on Internet of Things (WF-IoT), pp. 406-411, 2015
Current applications of Internet of Things (IoT) often require nodes to implement logical decision-making on aggregated data, which involves more processing and wider interactions amongst network peers, resulting in higher energy consumption and shorter node lifetime. This paper presents a game theoretic approach used in Sensomax, an agent-based WSN middleware that facilitates seamless integration of mathematical functions in large-scale wireless sensor networks. In this context, we investigate game theoretic and auction-based techniques to optimise task distribution and energy consumption in IoT networks of multiple concurrent WSNs. We also demonstrate how our proposed game theoretic approach affects the performance of WSN applications with different operational paradigms.
L. Suzuki, P. Cooper, T. Tryfonas, G. Oikonomou, "Hidden Presence: Sensing Occupancy and Extracting Value from Occupancy Data", in Design, User Experience, and Usability: Interactive Experience Design, ser. Lecture Notes in Computer Science, 9188, pp. 412-424, 2015
In this paper we review various technical architectures for sensing occupancy in commercial real estate spaces and discuss the potential benefits of applications that could be built upon the collected data. The technical capabilities reviewed range from simple presence detection to identifying individual workers and relating those semantically to jobs, teams, processes or other elements of the business. The volume and richness of accumulated data varies accordingly allowing the development of a range of occupancy monitoring applications that could bring multiple benefits to an organization. We find that overall occupancy-based applications are underappreciated in the Smart Buildings mantra due to occupancy’s inability to align to traditional building engineering silos, a lack of common view between stakeholders with respect to what is ‘value’ and the current client assessment tendencies which use predominantly demonstrator-based logic rather than a combination of practical demonstrators and theoretical value. We demonstrate that in commercial office buildings, occupancy-based Smart Building concepts have the potential to deliver benefits that can be orders of magnitude greater than current practice associated with silos such as energy and lighting. The directness of value in these is far more variable however, and the barriers and enablers to its realization are non-trivial. We identify and discuss these factors (including privacy, perceived additional capital expenditure, retrofitting requirements etc.) in more detail and relate them to stages of design and delivery of the built environment. We conclude that, on the presumption costs of development and implementation are relatively similar, the value streams of occupancy-based systems, while requiring more careful and bespoke design in the short term, could produce greater lifetime value in commercial office scenarios than leading smart building technologies.
T. Spyridopoulos, K. Maraslis, A. Mylonas, T. Tryfonas, G. Oikonomou, "A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention", Information Security Journal: A Global Perspective, Taylor & Francis, 24(4-6), pp. 164-176, 2015
Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.
K. Maraslis, T. Spyridopoulos, G. Oikonomou, T. Tryfonas, M. Haghighi, "Application of a Game Theoretic Approach in Smart Sensor Data Trustworthiness Problems", in Proc. 30th IFIP TC 11 International Conference (SEC), ser. IFIP Advances in Information and Communication Technology, 455, pp. 601-615, 2015
In this work we present an Intrusion Detection (ID) and an Intrusion Prevention (IP) model for Wireless Sensor Networks (WSNs). The attacker’s goal is to compromise the deployment by causing nodes to report faulty sensory information. The defender, who is the WSN’s operator, aims to detect the presence of faulty sensor measurements (ID) and to subsequently recover compromised nodes (IP). In order to address the conflicting interests involved, we adopt a Game Theoretic approach that takes into consideration the strategies of both players and we attempt to identify the presence of Nash Equilibria in the two games. The results are then verified in two simulation contexts: Firstly, we evaluate the model in a middleware-based WSN which uses clustering over a bespoke network stack. Subsequently, we test the model in a simulated IPv6-based sensor deployment. According to the findings, the results of both simulation models confirm the results of the theoretic one.
M. Haghighi, K. Maraslis, G. Oikonomou, T. Tryfonas, "Game Theoretic Approach Towards Energy - Efficient Task Distribution in Multitasking Wireless Sensor Networks", in Proc. IEEE Sensors 2015, 2015
WSNs have a wide variety of applications, and their usability for remote monitoring of various parameters of interest is growing dramatically. Conventional applications mostly involved a single WSN for collecting raw parameters with limited aggregation on the node side, whereby more sophisticated data mining was implemented by the end-users. Recent applications however, often require more intelligent functions, in which nodes are expected to implement logical decision-makings on the aggregated data. Implementing such functions often involves more processing, and wider interactions amongst network peers, hence resulting in higher energy consumption and shorter node lifetime. Sensomax is an agent-based WSN middleware, which facilitates seamless integration of mathematical functions in large-scale wireless sensor networks. In this paper, we will investigate game theoretic and auction-based techniques in order to optimise task distribution and energy consumption in WSNs.
B. Chen, Z. Fan, F. Cao, G. Oikonomou, T. Tryfonas, "Class Based Overall Priority Scheduling for M2M Communications over LTE Networks", in Proc. 81st Vehicular Technology Conference (VTC2015-Spring), 2015
The rapidly increasing demand of M2M (Machine to Machine) communications poses great challenges to the capacity of cellular networks. This paper proposes a new M2M scheduling algorithm, namely, Class Based Overall Priority (CBOP) scheduling, which is designed particularly to improve uplink scheduling for a massive number of MTCDs (Machine Type Communication Devices) in LTE networks. We compare the proposed algorithm with several existing scheduling algorithms via simulations and discuss its advantages and limitations.
P. Andriotis, T. Tryfonas, G. Oikonomou, I. King, "A framework to describe multimedia circulation in the smartphone ecosystem", in Advances in Digital Forensics XI, ser. IFIP Advances in Information and Communication Technology, 462, pp. 251-267, 2015
Contemporary mobile devices allow almost unrestricted sharing of multimedia and other types of files. But as smartphones and tablets can easily access the Internet or exchange files wirelessly, they've also transformed to useful tools for criminals, aiming at performing illegal activities such as sharing contraband or distributing child abuse images. Thus, the need to investigate the source and destination of a multimedia file that resides in the internal memory of a smartphone becomes apparent. In this paper we present a framework that illustrates and visualizes the flow of digital images as evidence obtained from the artefacts retrieved from Android smartphones during a forensic investigation. Our approach uses `big data' concepts to facilitate the processing of diverse (semi-structured) evidence derived from mobile devices and extends the idea of Digital Evidence Bags (DEB). We obtained our data after running an experiment that included image exchanging through numerous channels such as Bluetooth, Internet and cloud services. Our study presents information about the locations where evidence resides and uses graph databases to store metadata and therefore, visualize the relationships that connect images with apps and events.
V. Kumar, G. Oikonomou, T. Tryfonas, D. Page, I. Phillips, "Digital Investigations for IPv6-Based Wireless Sensor Networks", Digital Investigation, Elsevier, 11, Supplement 2(0), pp. S66-S75, 2014 (Fourteenth Annual DFRWS Conference)
Developments in the field of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) mean that sensor devices can now be uniquely identified using an IPv6 address and, if suitably connected, can be directly reached from the Internet. This has a series of advantages but also introduces new security vulnerabilities and exposes sensor deployments to attack. A compromised Internet host can send malicious information to the system and trigger incorrect actions. Should an attack take place, post-incident analysis can reveal information about the state of the network at the time of the attack and ultimately provide clues about the tools used to implement it, or about the attacker's identity. In this paper we critically assess and analyse information retrieved from a device used for IoT networking, in order to identify the factors which may have contributed to a security breach. To achieve this, we present an approach for the extraction of RAM and flash contents from a sensor node. Subsequently, we analyse extracted network connectivity information and we investigate the possibility of correlating information gathered from multiple devices in order to reconstruct the network topology. Further, we discuss experiments and analyse how much information can be retrieved in different scenarios. Our major contribution is a mechanism for the extraction, analysis and correlation of forensic data for IPv6-based WSN deployments, accompanied by a tool which can analyse RAM dumps from devices running the Contiki Operating System (OS) and powered by 8051-based, 8-bit micro-controllers.
P. Andriotis, T. Tryfonas, G. Oikonomou, "Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method", in Proc. 16th International Conference on Human-Computer Interaction (HCI 2014), ser. Lecture Notes in Computer Science, 8533, pp. 115-126, 2014 (invited)
One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock.
T. Spyridopoulos, K. Maraslis, T. Tryfonas, G. Oikonomou, S. Li, "Managing Cyber Security Risks in Industrial Control Systems with Game Theory and Viable System Modelling", in Proc. 9th IEEE International System of Systems Engineering Conference (SOSE 2014), 2014
Cyber security risk management in Industrial Control Systems has been a challenging problem for both practitioners and the research community. Their proprietary nature along with the complexity of those systems renders traditional approaches rather insufficient and creating the need for the adoption of a holistic point of view. This paper draws upon the principles of the Viable System Model and Game Theory in order to present a novel systemic approach towards cyber security management in this field, taking into account the complex inter-dependencies and providing cost-efficient defence solutions.
S. Li, G. Oikonomou, T. Tryfonas, T. Chen, L. Xu, "A distributed consensus algorithm for decision-making in service-oriented Internet of Things", Transactions on Industrial Informatics, IEEE, 10(2), pp. 1461-1468, 2014
In a service-oriented Internet of Things (IoT) deployment, it is difficult to make consensus decisions for services at different IoT edge nodes, where available information might be insufficient or overloaded. Existing statistical methods attempt to resolve the inconsistency, which requires adequate information to make decisions. Distributed Consensus Decision Making (CDM) methods can provide an efficient and reliable means of synthesizing information by using a wider range of information than existing statistical methods. In this paper, we firstly discuss service composition for the IoT, by minimizing the multi-parameter dependent matching value. Subsequently, a cluster-based distributed algorithm is proposed, whereby consensuses are first calculated locally and subsequently combined in an iterative fashion to reach global consensus. The distributed consensus method improves the robustness and trustiness of the decision process.
P. Andriotis, T. Tryfonas, G. Oikonomou, S. Li, Z. Tzermias, K. Xynos, H. Read, V. Prevelakis, "On the Development of Automated Forensic Analysis Methods for Mobile Devices", in Proc. 7th International Conference on Trust & Trustworthy Computing (TRUST 2014), ser. Lecture Notes in Computer Science, 8564, pp. 212-213, 2014
T. Spyridopoulos, G. Karanikas, T. Tryfonas, G. Oikonomou, "A Game Theoretic Defence Framework Against DoS/DDoS Cyber Attacks", Computers & Security, Elsevier, 38, pp. 39-50, 2013
Game-theoretic approaches have been previously employed in the research area of network security in order to explore the interaction between an attacker and a defender during a Distributed Denial of Service (DDoS) attack scenario. Existing literature investigates payoffs and optimal strategies for both parties, in order to provide the defender with an optimal defence strategy. In this paper, we model a DDoS attack as a one-shot, non-cooperative, zero-sum game. We extend previous work by incorporating in our model a richer set of options available to the attacker compared to what has been previously achieved. We investigate multiple permutations in terms of the cost to perform an attack, the number of attacking nodes, malicious traffic probability distributions and their parameters. We analytically demonstrate that there exists a single optimal strategy available to the defender. By adopting it, the defender sets an upper boundary to attacker payoff, which can only be achieved if the attacker is a rational player. For all other attack strategies (those adopted by irrational attackers), attacker payoff will be lower than this boundary. We preliminary validate this model via simulations with the ns2 network simulator. The simulated environment replicates the analytical model's parameters and the results confirm our model's accuracy.
T. Spyridopoulos, G. Oikonomou, T. Tryfonas, M. Ge, "Game Theoretic Approach for Cost-Benefit Analysis of Malware Proliferation Prevention", in Proc. 28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference, pp. 28-41, 2013
Many existing research efforts in the field of malware proliferation aim at modelling and analysing its spread dynamics. Many malware dissemination models are based on the characteristics of biological disease spread in human populations. In this work, we utilise game theory in order to extend two very commonly used malware spread models (SIS and SIR) by incorporating defence strategies against malware proliferation. We consider three different security mechanisms, ``patch'', ``removal'' and ``patch and removal'' on which our model is based. We also propose a cost-benefit model that describes optimal strategies the defender could follow when cost is taken into account. Lastly, as a way of illustration, we apply our models on the well studied Code-Red worm.
P. Andriotis, T. Tryfonas, G. Oikonomou, T. Spyridopoulos, A. Zaharis, A. Martini, I. Askoxylakis, "On Two Different Methods for Steganography Detection in JPEG Images with Benford's Law", in Proc. 7th Scientific NATO Conference in Security and Protection of Information (SPI 2013), Brno, Czech Republic, pp. 3-14, 2013
The practice of steganography, which in a computer context usually means manipulating multimedia content to embed hidden messages, may be used by criminals worldwide to facilitate their communication instead of, or complementary to, encryption. There is even speculation that global terrorist groups have been using steganography to communicate in covert ways. This paper will introduce steganography and discuss practical aspects of its detection. It will also discuss two recently proposed methods for detecting whether hidden messages exist in JPEG images using Benford's Law. The Law describes the logarithmic distribution of leading digits in sets of naturally set numbers and has been used with success in detecting financial fraud and election rigging in the past. The first approach examines the lead digit distribution of the raw contents of the bytes of a suspect image, whilst the second examines the distribution of lead digits of quantised discrete cosine transform (DCT) coefficients of the JPEG encoding. Both methods produce fast and credible results and are supported by open source toolkits that can be used by law enforcement and investigative authorities worldwide.
P. Ilia, G. Oikonomou, T. Tryfonas, "Cryptographic Key Exchange in IPv6-Based Low Power, Lossy Networks", in Proc. Workshop in Information Theory and Practice (WISTP 2013), ser. Lecture Notes in Computer Science, 7886, pp. 34-49, 2013
The IEEE 802.15.4 standard for low-power radio communications defines techniques for the encryption of layer 2 network frames but does not discuss methods for the establishment of encryption keys. The constrained nature of wireless sensor devices poses many challenges to the process of key establishment. In this paper, we investigate whether any of the existing key exchange techniques developed for traditional, application-centric wireless sensor networks (WSN) are applicable and viable for IPv6 over Low power Wireless Personal Area Networks (6LoWPANs). We use Elliptic Curve Cryptography (ECC) to implement and apply the Elliptic Curve Diffie Hellman (ECDH) key exchange algorithm and we build a mechanism for generating, storing and managing secret keys. The mechanism has been implemented for the Contiki open source embedded operating system. We use the Cooja simulator to investigate a simple network consisting of two sensor nodes in order to identify the characteristics of the ECDH technique. We also simulate a larger network to examine the solution's performance and scalability. Based on those results, we draw our conclusions, highlight open issues and suggest further work.
P. Andriotis, G. Oikonomou, T. Tryfonas, "JPEG Steganography Detection with Benford's Law", Digital Investigation, Elsevier, 9(3-4), pp. 246-257, 2013
In this paper we present a novel approach to the problem of steganography detection in JPEG images by applying a statistical attack. The method is based on the empirical Benford's Law and, more specifically, on its generalised form. We prove and extend the validity of the logarithmic rule in colour images and introduce a blind steganographic method which can flag a file as a suspicious stego-carrier. The proposed method achieves very high accuracy and speed and is based on the distributions of the first digits of the quantised Discrete Cosine Transform coefficients present in JPEGs. In order to validate and evaluate our algorithm, we developed steganographic tools which are able to analyse image files and we subsequently applied them on the popular Uncompressed Colour Image Database. Furthermore, we demonstrate that not only can our method detect steganography but, if certain criteria are met, it can also reveal which steganographic algorithm was used to embed data in a JPEG file.
G. Oikonomou, I. Phillips, T. Tryfonas, "IPv6 Multicast Forwarding in RPL-Based Wireless Sensor Networks", Wireless Personal Communications, Springer US, 73(3), pp. 1089-1116, 2013
Abstract In wireless sensor deployments, network layer multicast can be used to improve the bandwidth and energy efficiency for a variety of applications, such as service discovery or network management. However, despite efforts to adopt IPv6 in networks of constrained devices, multicast has been somewhat overlooked. The Multicast Forwarding Using Trickle (Trickle Multicast) internet draft is one of the most noteworthy efforts. The specification of the IPv6 Routing Protocol for Low power and Lossy Networks (RPL) also attempts to address the area but leaves many questions unanswered. In this paper we highlight our concerns about both these approaches. Subsequently, we present our alternative mechanism, called Stateless Multicast RPL Forwarding algorithm (SMRF), which addresses the aforementioned drawbacks. Having extended the TCP/IP engine of the Contiki embedded operating system to support both Trickle Multicast (TM) and SMRF, we present an in-depth comparison, backed by simulated evaluation as well as by experiments conducted on a multi-hop hardware testbed. Results demonstrate that SMRF achieves significant delay and energy efficiency improvements at the cost of a small increase in packet loss. The outcome of our hardware experiments show that simulation results were realistic. Lastly, we evaluate both algorithms in terms of code size and memory requirements, highlighting SMRF’s low implementation complexity. Both implementations have been made available to the community for adoption.
P. Andriotis, T. Tryfonas, G. Oikonomou, C. Yildiz, "A Pilot Study on the Security of Pattern Screen-Lock Methods and Soft Side Channel Attacks", in Proc. 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 13), pp. 1-6, 2013
Graphical passwords that allow a user to unlock a smartphone's screen are one of the Android operating system's features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our survey's results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.
P. Andriotis, G. Oikonomou, T. Tryfonas, "Forensic Analysis of Wireless Networking Evidence of Android Smartphones", in Proc. IEEE International Workshop on Information Forensics and Security (WIFS 12), Tenerife, Spain, pp. 109 - 114, 2012
This paper introduces a method for acquiring forensic-grade evidence from Android smartphones using open source tools. We investigate in particular cases where the suspect has made use of the smartphone's Wi-Fi or Bluetooth interfaces. We discuss the forensic analysis of four case studies, which revealed traces that were left in the inner structure of three mobile Android devices and also indicated security vulnerabilities. Subsequently, we propose a detailed plan for forensic examiners to follow when dealing with investigations of potential crimes committed using the wireless facilities of a suspect Android smartphone. This method can be followed to perform physical acquisition of data without using commercial tools and then to examine them safely in order to discover any activity associated with wireless communications. We evaluate our method using the Association of Chief Police Officers' (ACPO) guidelines of good practice for computer-based, electronic evidence and demonstrate that it is made up of an acceptable host of procedures for mobile forensic analysis, focused specifically on the device's Bluetooth and Wi-Fi facilities.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without explicit permission from the copyright holder.