Your search keyword '"Georgios Mantas"' showing total 81 results

1. Novelty Detection for Risk-based User Authentication on Mobile Devices

Author

Maria Papaioannou, Georgios Zachos, Georgios Mantas, and Jonathan Rodriguez

Published

2022

2. A Cryptographic Perspective to Achieve Practical Physical Layer Security

Author

Marcus de Ree, Georgios Mantas, and Jonathan Rodriguez

Published

2022

3. Risk Estimation for a Secure & Usable User Authentication Mechanism for Mobile Passenger ID Devices

Author

Maria Papaioannou, Georgios Mantas, Aliyah Essop, Victor Sucasas, Najwa Aaraj, and Jonathan Rodriguez

Published

2022

4. Generating Datasets Based on the HuMIdb Dataset for Risk-based User Authentication on Smartphones

Author

Maria Papaioannou, Georgios Zachos, Georgios Mantas, Aliyah Essop, Abdulkareem Karasuwa, and Jonathan Rodriguez

Published

2022

5. Prototyping an Anomaly-Based Intrusion Detection System for Internet of Medical Things Networks

Author

Georgios Zachos, Georgios Mantas, Ismael Essop, Kyriakos Porfyrakis, Jose C. Ribeiro, and Jonathan Rodriguez

Published

2022

6. A Scalable Approach of Practical Byzantine Fault Tolerance Algorithms for IoMT Blockchains

Author

Filippos Pelekoudas-Oikonomou, Georgios Zachos, Georgios Mantas, Jose Ribeiro, Joaquim Manuel C.S. Bastos, and Jonathan Rodriguez

Published

2022

7. A survey on security threats and countermeasures in Internet of Medical Things (IoMT)

Author

Dimitrios K. Lymberopoulos, Marina Karageorgou, Jonathan Rodriguez, Georgios Mantas, Victor Sucasas, Maria Papaioannou, and Ismael Essop

Subjects

QA75, Computer science, business.industry, Internet privacy, The Internet, Electrical and Electronic Engineering, business

Abstract

Internet of medical things (IoMT) is an emerging technology aiming to improve the patient's quality of life by enabling personalized e‐health services without limitations on time and location. Nevertheless, IoMT devices (eg, medical sensors) that constitute the key underlying elements of the IoMT edge network are vulnerable to various types of security threats and thus, they pose a significant risk to patient's privacy and safety. Based on that and the fact that the security is a critical factor for the successful integration of IoMT technology into pervasive healthcare systems, there is an urgent need for novel security mechanisms to preserve the security of the IoMT edge network. Toward this direction, the first step is the comprehensive understanding of existing and potential threats to the IoMT edge network environment. Thus, in this article, we provide a categorization of security threats to the edge network environment based on the major security objectives that they target. Moreover, we present a categorization of security countermeasures, derived from the literature, against threats to IoMT edge networks. The authors' intent is to provide a foundation for organizing research efforts toward the development of proper security countermeasures for protecting IoMT edge networks against internal and external threats.

Published

2022

8. A Signature Scheme with Unlinkable-yet-Accountable Pseudonymity for Privacy-Preserving Crowdsensing

Author

Georgios Mantas, Francisco Damiao, Victor Sucasas, Joaquim Bastos, and Jonathan Rodriguez

Subjects

Information privacy, Authentication, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Public key infrastructure, 02 engineering and technology, Group signature, Computer security, computer.software_genre, Public-key cryptography, Digital signature, 0202 electrical engineering, electronic engineering, information engineering, Sybil attack, ComputingMilieux_COMPUTERSANDSOCIETY, Electrical and Electronic Engineering, business, computer, Pseudonymity, Software

Abstract

Crowdsensing requires scalable privacy-preserving authentication that allows users to send anonymously sensing reports, while enabling eventual anonymity revocation in case of user misbehavior. Previous research efforts already provide efficient mechanisms that enable conditional privacy through pseudonym systems, either based on Public Key Infrastructure (PKI) or Group Signature (GS) schemes. However, previous schemes do not enable users to self-generate an unlimited number of pseudonyms per user to enable users to participate in diverse sensing tasks simultaneously, while preventing the users from participating in the same task under different pseudonyms, which is referred to as sybil attack. This paper addresses this issue by providing a scalable privacy-preserving authentication solution for crowdsensing, based on a novel pseudonym-based signature scheme that enables unlinkable-yet-accountable pseudonymity. The paper provides a detailed description of the proposed scheme, the security analysis, the performance evaluation, and details of how it is implemented and integrated into a real crowdsensing platform.

Published

2020

9. Toward a secure and usable user authentication mechanism for mobile passenger ID devices for land/sea border control

Author

Maria Papaioannou, Georgios Zachos, Ismael Essop, Georgios Mantas, and Jonathan Rodriguez

Subjects

QA75, General Computer Science, TK, General Engineering, General Materials Science, Electrical and Electronic Engineering

Abstract

Nowadays the critical sector of transport becomes progressively more dependent on digital technologies to perform essential activities and develop novel efficient transport services and infrastructure to empower economic and social cohesion exploiting the economic strengths of the European Union (EU). However, although the continuously increasing number of visitors, entering the EU through land-border crossing points or seaports, brings immense economic value, novel border control solutions, such as mobile devices for passenger identification for land/sea border control, are essential to precisely identify passengers “on the fly” ensuring their comfort. Nevertheless, these devices are expected to handle highly confidential personal data and thus, it is very likely to become an attractive target to malicious actors. Therefore, to ensure high level of device security without interrupting border control activities, strong secure and usable user authentication mechanisms are required. Towards this direction, we, firstly, discuss risk-based and adaptive authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge and a novel risk-based adaptive user authentication mechanism is proposed to address this challenge. Afterwards, a set of popular Machine Learning (ML) classification algorithms for risk-based authentication was tested and evaluated on the HuMIdb (Human Mobile Interaction database) dataset to identify the most appropriate ones for the proposed mechanism. The evaluation results demonstrated impact of overfitting (Accuracy: 1,0000) and therefore, we considered novelty detection algorithms to overcome this challenge and demonstrate high performance. To the best of our knowledge, this is the first time that novelty detection algorithms have been considered for risk-based adaptive user authentication showing promising results (OneClassSVM 0,9536, LOF 0,9740, KNN_average 0,9998).

Published

2022

10. A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Author

Maria Papaioannou, Filippos Pelekoudas-Oikonomou, Georgios Mantas, Emmanouil Serrelis, Jonathan Rodriguez, and Maria-Anna Fengou

Subjects

continuous user authentication, risk-based user authentication, quantitative risk estimation, mobile devices, security vs. usability, Electrical and Electronic Engineering, Biochemistry, Instrumentation, Atomic and Molecular Physics, and Optics, Analytical Chemistry

Abstract

Mobile user authentication acts as the first line of defense, establishing confidence in the claimed identity of a mobile user, which it typically does as a precondition to allowing access to resources in a mobile device. NIST states that password schemes and/or biometrics comprise the most conventional user authentication mechanisms for mobile devices. Nevertheless, recent studies point out that nowadays password-based user authentication is imposing several limitations in terms of security and usability; thus, it is no longer considered secure and convenient for the mobile users. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Alternatively, biometric-based user authentication has gained attention as a promising solution for enhancing mobile security without sacrificing usability. This category encompasses methods that utilize human physical traits (physiological biometrics) or unconscious behaviors (behavioral biometrics). In particular, risk-based continuous user authentication, relying on behavioral biometrics, appears to have the potential to increase the reliability of authentication without sacrificing usability. In this context, we firstly present fundamentals on risk-based continuous user authentication, relying on behavioral biometrics on mobile devices. Additionally, we present an extensive overview of existing quantitative risk estimation approaches (QREA) found in the literature. We do so not only for risk-based user authentication on mobile devices, but also for other security applications such as user authentication in web/cloud services, intrusion detection systems, etc., that could be possibly adopted in risk-based continuous user authentication solutions for smartphones. The target of this study is to provide a foundation for organizing research efforts toward the design and development of proper quantitative risk estimation approaches for the development of risk-based continuous user authentication solutions for smartphones. The reviewed quantitative risk estimation approaches have been divided into the following five main categories: (i) probabilistic approaches, (ii) machine learning-based approaches, (iii) fuzzy logic models, (iv) non-graph-based models, and (v) Monte Carlo simulation models. Our main findings are summarized in the table in the end of the manuscript.

Published

2023

11. Risk-based user authentication for mobile passenger ID devices for land and sea border control

Author

Maria Papaioannou, Georgios Mantas, Jonathan Rodriguez, and Conference organizing committee, Institute of Electrical and Electronics Engineers (IEEE)

Subjects

T1, QA76

Abstract

Although the continuously increasing number of visitors entering the European Union through land-border crossing points or seaports brings tremendous economic benefits, novel border control solutions, such as mobile devices for passenger identification for land and sea border control, are essential to promote further the comfort of passengers. Nevertheless, the highly sensitive information handled by this type of devices makes them an attractive target for malicious actors. Therefore, novel secure and usable user authentication mechanisms are required to increase the level of security of this kind of devices without interrupting border control activities. Towards this direction, we, firstly, discuss risk-based authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Besides that, an overview of existing risk estimation approaches – both qualitative and quantitative – is given to provide a foundation\ud for organizing research efforts towards the design and development of proper risk estimation mechanisms for risk-based user authentication for mobile passenger identification devices used by border control officers at land and sea borders.

Published

2021

12. A blockchain-based architecture for secure IoT-based health monitoring systems

Author

Filippos Pelekoudas Oikonomou, Georgios Mantas, Phil Cox, Firooz Bashashi, Felipe Gil-Castineira, Jonathan Gonzalez, and Conference organizing committee, Institute of Electrical and Electronics Engineers (IEEE)

Subjects

QA75, T1

Abstract

Although IoT technology brings significant benefits to the healthcare sector and can play a noteworthy role in improving citizens’ quality of life by enabling IoT-based health monitoring systems, it also raises many security challenges. Conventional security mechanisms are inadequate to secure IoT-based health monitoring systems as they have high resource requirements, in terms of computational power and energy consumption, and thus they cannot be afforded by the resource-constrained IoT nodes of these systems. On the other hand, blockchain is a promising technology that can be used to enhance the security of IoT-based health monitoring systems due to its decentralized and autonomous nature. Therefore, in this paper, we propose a blockchain architecture, based on the Hyperledger Fabric platform, for securing IoTbased health monitoring systems in a more lightweight manner as Hyperledger Fabric does not apply the consensus protocol of Proof of Work (PoW) that cannot be afforded by IoT devices.

Published

2021

13. A privacy-preserving user authentication mechanism for smart city mobile apps

Author

Maria Papaioannou, Jose C Ribeiro, Valdemar Monteiro, Victor Sucasas, Georgios Mantas, Jonathan Rodriguez, and IEEE Conference Committee, Institute of Electrical and Electronics

Subjects

QA75, T1

Abstract

In the dawn of the 5G era, the advances in mobile communications have created a suitable environment for the emergence of a wide spectrum of Smart City mobile applications that will play a significant role towards the improvement of citizens' life quality in the upcoming years. It is expected that Smart City mobile applications will allow citizens to access numerous and diverse services, provided by third-party Service Providers, through their mobile devices (e.g., smartphones). However, in order for the emerging Smart City mobile applications to gain the trust of all involved stakeholders and reach their full potential in the 5G market, many security and privacy concerns should be addressed in advance. Towards this direction, this paper proposes a privacy-preserving user authentication mechanism, developed in the context of the Mobilizador5G project, in order to: (a) provide mobile users with efficient and effective means to authenticate towards Service Providers, while preventing user identification and tracking; (b) allow anonymity revocation in case of user misbehavior; (c) avoid multiple user profiles creation on the Service Provider side; and (d) enable easy integration in current mobile application implementations.

Published

2021

14. Security for UDNs: A Step Toward 6G

Author

Georgios Mantas, Stavros Kotsopoulos, Reza Parsamehr, Jonathan Rodriguez, Ilias Politis, Marcus de Ree, Felipe Gil-Castineira, Vipindev Adat, José-Fernán Martínez-Ortega, and Ifiok Otung

Subjects

Network security, business.industry, Computer science, Cellular network, Intrusion detection system, Enterprise information security architecture, Small cell, business, Key management, Mobile device, Virtual network, Computer network

Abstract

The next-generation mobile networks are taking advantage of small cell technology toward building the notion of ultra-dense networks (UDNs). The considered UDN within this chapter consists of virtual network coding (NC)-enabled mobile small cells (MSCs), a novel networking scenario that consists entirely out of heterogeneous mobile devices. In this networking scenario, the mobile devices benefit from high transmission speeds, low latency, and increased energy efficiency, whereas the mobile network infrastructure benefits from a reduction in traffic due to enabling traffic offloading. However, MSCs can potentially face a variety of security and privacy challenges. This chapter covers three important security infrastructures, (i) decentralized key management schemes, (ii) intrusion detection and prevention schemes, and (iii) blockchain-based integrity schemes. Decentralized key management enables the heterogeneous mobile devices to securely exchange cryptographic keys. These cryptographic keys can then be utilized by blockchain-based integrity schemes to establish secure and reliable communication channels between mobile devices, even in the presence of malicious adversaries. The intrusion detection and prevention schemes attempt to identify and remove these malicious adversaries from the network. These security infrastructures can potentially be used as stepping stones toward a security architecture for general MSC architectures and 6G communications.

Published

2021

15. An Anomaly-Based Intrusion Detection System for Internet of Medical Things Networks

Author

Ismael Essop, Jonathan Rodriguez, Georgios Mantas, Georgios Zachos, Jose Ribeiro, and Kyriakos Porfyrakis

Subjects

TK7800-8360, Computer Networks and Communications, Computer science, Anomaly-based intrusion detection system, intrusion detection system (IDS), Intrusion detection system, Internet of Medical Things (IoMT), Computer security, computer.software_genre, Default gateway, machine learning algorithms, Leverage (statistics), Overhead (computing), Electrical and Electronic Engineering, anomaly-based intrusion detection, business.industry, IoT datasets, TA, Hardware and Architecture, Control and Systems Engineering, Signal Processing, The Internet, Anomaly detection, Electronics, business, Host (network), computer

Abstract

Over the past few years, the healthcare sector is being transformed due to the rise of the Internet of Things (IoT) and the introduction of the Internet of Medical Things (IoMT) technology, whose purpose is the improvement of the patient’s quality of life. Nevertheless, the heterogenous and resource-constrained characteristics of IoMT networks make them vulnerable to a wide range of threats. Thus, novel security mechanisms, such as accurate and efficient anomaly-based intrusion detection systems (AIDSs), considering the inherent limitations of the IoMT networks, need to be developed before IoMT networks reach their full potential in the market. Towards this direction, in this paper, we propose an efficient and effective anomaly-based intrusion detection system (AIDS) for IoMT networks. The proposed AIDS aims to leverage host-based and network-based techniques to reliably collect log files from the IoMT devices and the gateway, as well as traffic from the IoMT edge network, while taking into consideration the computational cost. The proposed AIDS is to rely on machine learning (ML) techniques, considering the computation overhead, in order to detect abnormalities in the collected data and thus identify malicious incidents in the IoMT network. A set of six popular ML algorithms was tested and evaluated for anomaly detection in the proposed AIDS, and the evaluation results showed which of them are the most suitable.

Published

2021

16. Attribute-based pseudonymity for privacy-preserving authentication in cloud services

Author

Georgios Mantas, Jonathan Rodriguez, Victor Sucasas, and Maria Papaioannou

Subjects

QA75, Authentication, T1, Computer Networks and Communications, business.industry, Computer science, Access control, Cloud computing, Service provider, Pseudonym, Computer security, computer.software_genre, Secret sharing, Computer Science Applications, Hardware and Architecture, ComputingMilieux_COMPUTERSANDSOCIETY, Verifiable secret sharing, business, computer, Pseudonymity, Software, Information Systems

Abstract

Attribute-based authentication is considered a cornerstone component to achieve scalable fine-grained access control in the fast growing market of cloud-based services. Unfortunately, it also poses a privacy concern. Users attributes should not be linked to the users identity and spread across different organizations. To tackle this issue, several solutions have been proposed such as Privacy Attribute-Based Credentials (Privacy-ABCs), which support pseudonym-based authentication with embedded attributes. Privacy-ABCs allow users to establish anonymous accounts with service providers while hiding the identity of the user under a pseudonym. However, Privacy-ABCs require the selective disclosure of the attribute values towards service providers. Other schemes such as Attribute Base Signatures (ABS) and mesh signatures do not require the disclosure of attributes; unfortunately, these schemes do not cater for pseudonym generation in their construction, and hence cannot be used to establish anonymous accounts. In this paper, we propose a pseudonym-based signature scheme that enables unlinkable pseudonym self-generation with embedded attributes, similarly to Privacy-ABCs, and integrates a secret sharing scheme in a similar fashion to ABS and mesh signature schemes for attribute verification. Our proposed scheme also provides verifiable collusion, enabling users to share attributes according to the service providers policies.

Published

2021

17. Secure Virtual Mobile Small Cells: A Stepping Stone Towards 6G

Author

Roberto Torre, Riccardo Bassoli, Xavier Gelabert, Muhammad Tayyab, Gerrit Schulte, Georgios P. Koudouridis, Issa Elfergani, M. de Ree, Frank H. P. Fitzek, Raed A. Abd-Alhameed, Jonathan Rodriguez, Maryam Sajedin, P. Diogo, Sarah Irum, Fatma Marzouk, Ilias Politis, and Georgios Mantas

Subjects

FOS: Computer and information sciences, QA75, Computer Networks and Communications, Computer science, Context (language use), 02 engineering and technology, computer.software_genre, QA76, Computer Science - Networking and Internet Architecture, Management of Technology and Innovation, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Safety, Risk, Reliability and Quality, Protocol (object-oriented programming), Networking and Internet Architecture (cs.NI), business.industry, Wireless network, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Virtualization, Wireless security, Software-defined networking, business, Law, computer, 5G, Computer network

Abstract

As 5th Generation research reaches the twilight, the research community must go beyond 5G and look towards the 2030 connectivity landscape, namely 6G. In this context, this work takes a step towards the 6G vision by proposing a next generation communication platform, which aims to extend the rigid coverage area of fixed deployment networks by considering virtual mobile small cells (MSC) that are created on demand. Relying on emerging computing paradigms such as NFV (Network Function Virtualization) and SDN (Software Defined Networking), these cells can harness radio and networking capability locally reducing protocol signaling latency and overhead. These MSCs constitute an intelligent pool of networking resources that can collaborate to form a wireless network of MSCs providing a communication platform for localized, ubiquitous and reliable connectivity. The technology enablers for implementing the MSC concept are also addressed in terms of virtualization, lightweight wireless security, and energy efficient RF. The benefits of the MSC architecture towards reliable and efficient cell offloading are demonstrated as a use-case., 9 pages, 5 figures. IEEE Communications Standards Magazine, 2021

Published

2021

18. Generating Datasets for Anomaly-Based Intrusion Detection Systems in IoT and Industrial IoT Networks

Author

Jonathan Rodriguez, Georgios Zachos, Jose Ribeiro, Maria Papaioannou, Ismael Essop, and Georgios Mantas

Subjects

QA75, IoT, Computer science, 02 engineering and technology, Intrusion detection system, benign datasets generation, lcsh:Chemical technology, Biochemistry, Contiki OS, Article, Analytical Chemistry, Set (abstract data type), Industrial IoT, 0202 electrical engineering, electronic engineering, information engineering, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, anomaly-based intrusion detection, business.industry, Anomaly (natural sciences), 020208 electrical & electronic engineering, 020206 networking & telecommunications, Data science, Atomic and Molecular Physics, and Optics, TA, Benchmark (computing), Cooja simulator, malicious datasets generation, Internet of Things, business

Abstract

Over the past few years, we have witnessed the emergence of Internet of Things (IoT) and Industrial IoT networks that bring significant benefits to citizens, society, and industry. However, their heterogeneous and resource-constrained nature makes them vulnerable to a wide range of threats. Therefore, there is an urgent need for novel security mechanisms such as accurate and efficient anomaly-based intrusion detection systems (AIDSs) to be developed before these networks reach their full potential. Nevertheless, there is a lack of up-to-date, representative, and well-structured IoT/IIoT-specific datasets which are publicly available and constitute benchmark datasets for training and evaluating machine learning models used in AIDSs for IoT/IIoT networks. Contribution to filling this research gap is the main target of our recent research work and thus, we focus on the generation of new labelled IoT/IIoT-specific datasets by utilising the Cooja simulator. To the best of our knowledge, this is the first time that the Cooja simulator is used, in a systematic way, to generate comprehensive IoT/IIoT datasets. In this paper, we present the approach that we followed to generate an initial set of benign and malicious IoT/IIoT datasets. The generated IIoT-specific information was captured from the Contiki plugin “powertrace” and the Cooja tool “Radio messages”.

Published

2021

19. DISTANT: DIStributed Trusted Authority-based key managemeNT for beyond 5G wireless mobile small cells

Author

Ifiok Otung, Georgios Mantas, Christos Verikoukis, Jonathan Rodriguez, and Marcus de Ree

Subjects

QA75, Security analysis, Service (systems architecture), Computer Networks and Communications, Computer science, business.industry, Quality of service, 020206 networking & telecommunications, 02 engineering and technology, Key management, QA76, Decentralized system, Mobile small cell, D2D communication, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, Overhead (computing), 020201 artificial intelligence & image processing, Small cell, business, 5G, Beyond 5G security, Computer network

Abstract

The 5G mobile network is embracing new technologies to keep providing network subscribers with a high Quality of Service (QoS). However, this has become increasingly difficult in the urban landscape as more devices are being connected and each device is requesting increasing amounts of data. Network operators rely on the small cell technology to maintain coverage and service for its subscribers, but this technology is incapable of mitigating the increasing workload on the network infrastructure and preventing the associated network delays. The next logical step is to cover the urban landscape with mobile small cells, since these take advantage of the dynamic network topology and optimizes network services in a cost-effective fashion while taking advantage of the high device density. However, the introduction of mobile small cells raises various security challenges. Cryptographic solutions are capable of solving these as long as they are supported by an appropriate key management scheme. In this article, we propose DISTANT: a DIStributed Trusted Authority-based key managemeNT scheme. This key management scheme is specifically designed to provide security in a network which takes advantage of the mobile small cell technology. The scheme relies on threshold secret sharing to decentralize trust and utilizes the self-generated certificates paradigm. Through an extensive security analysis and communication overhead evaluation, we conclude that our design provides an improved level of security and has a low communication overhead compared to previous works.

Published

2021

20. Public key cryptography without certificates for beyond 5G mobile small cells

Author

Jonathan Rodriguez, James Gao, Georgios Mantas, Ifiok Otung, Marcus de Ree, and Conference Commitee, IEEE

Subjects

QA75, Cover (telecommunications), business.industry, Wireless ad hoc network, Computer science, Cloaking, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, QA76, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, Cryptosystem, 020201 artificial intelligence & image processing, business, Key management, computer, 5G

Abstract

The 5G network takes advantage of the small cells\ud technology. The next logical step is to cover the urban landscape\ud with mobile small cells, to optimize network services. However,\ud the introduction of mobile small cells raises various security\ud challenges. Cryptographic solutions are capable of solving these\ud as long as they are supported by appropriate key management\ud schemes. The threshold-tolerant identity-based cryptosystem\ud forms a solid basis for key management schemes for mobile small\ud cells. However, this approach is unable to sustain security over\ud time. Therefore, we introduce two extensions, proactive secret\ud sharing and private key cloaking, to address this challenge.

Published

2020

21. On the Performance Analysis of IDLP and SpaceMac for Network Coding-enabled Mobile Small Cells

Author

Georgios Mantas, José-Fernán Martínez-Ortega, Jonathan Rodriguez, and Reza Parsamehr

Subjects

QA75, Computer science, business.industry, Network packet, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Electronic mail, Computer Science Applications, QA76, Modeling and Simulation, Linear network coding, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, 5G, Decoding methods, Computer network

Abstract

Network coding (NC)-enabled mobile small cells are observed as a promising technology for 5G networks in a cost-effective and energy-efficient manner. The NC-enabled environment suffers from pollution attacks where malicious intermediate nodes manipulate packets in transition. Detecting the polluted packets as well as identifying the exact location of malicious users are equally important tasks for these networks. SpaceMac (Le & Markopoulou, 2012) is one of the most competitive mechanisms in the literature for detecting pollution attacks and identifying the exact location of attackers in RLNC. In this letter, we compare SpaceMac with the IDLP mechanism presented by Parsamehr et al. (2020). Both mechanisms have been implemented in KODO and they are compared in terms of computational complexity, computational overhead, communication overhead and decoding probability. The performance evaluation results demonstrated that IDLP is more efficient than SpaceMac while at the same time is more secure as shown through the security analysis part in this letter.

Published

2020

22. Classification of Psychosomatic’s Symptoms of Depression: Iliou Versus PCA Preprocessing Methods

Author

George C. Anastassopoulos, Theodoros Iliou, Jonathan Rodriguez, Georgios Mantas, Georgia Konstantopoulou, Konstantinos Anastasopoulos, Christina Lymperopoulou, and Dimitrios K. Lymberopoulos

Subjects

Statistical classification, Health services, Computer science, business.industry, Principal component analysis, Preprocessor, Data pre-processing, Artificial intelligence, Machine learning, computer.software_genre, business, computer, Cross-validation

Abstract

In this paper, we propose a novel data preprocessing method in order to facilitate the prediction performance of machine learning algorithms applied on datasets derived from mental patients. In this study, 136 questionnaires were distributed to mental patients – students with psychosomatic problems who were asked to volunteer at the University of Patras Specialty Health Service. The precision of the machine learning methods has to be very high for patients with this kind of issues, in order to achieve the sooner the possible the appropriate treatment. In our research, we used ILIOU data preprocessing method in order to enhance classification techniques for psychosomatic symptoms (i.e., depression). Firstly, we transformed the initial dataset with Principal Component Analysis and ILIOU data preprocessing methods, respectively. Afterwards, for the classification purpose we used seven machine learning classification algorithms with 10-fold cross validation method. According to the classification results, ILIOU preprocessing method led to a classification accuracy of 100% which is suitable for classification and prediction of psychosomatic symptoms.

Published

2020

23. An Autonomous Host-Based Intrusion Detection System for Android Mobile Devices

Author

José Ribeiro, Firooz B. Saghezchi, Georgios Mantas, Jonathan Rodriguez, Simon J. Shepherd, and Raed A. Abd-Alhameed

Subjects

Computer Networks and Communications, Hardware and Architecture, Software, Information Systems

Published

2019

24. An Efficient Web Authentication Mechanism Preventing Man-In-The-Middle Attacks in Industry 4.0 Supply Chain

Author

Jonathan Rodriguez, Manuel Violas, Joaquim Bastos, A. Manuel de Oliveira Duarte, Jose Ribeiro, Georgios Mantas, Shahid Mumtaz, and Alireza Esfahani

Subjects

Web server, General Computer Science, Industry 4.0, Computer science, Supply chain, 02 engineering and technology, Man-in-the-middle attack, Computer security, computer.software_genre, MITM attack, Industry 40 Supply Chain, Secure communication, TLS, 0202 electrical engineering, electronic engineering, information engineering, Information system, Web application, General Materials Science, Industrial Revolution, Authentication, business.industry, General Engineering, 020206 networking & telecommunications, impersonation, TA, authentication, 020201 artificial intelligence & image processing, The Internet, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971

Abstract

The fourth industrial revolution (Industry 4.0) is transforming the next generation of the supply chain by making it more agile and efficient compared with the traditional supply chain. However, data communication across the partners in the Industry 4.0 supply chain can be the target of a wide spectrum of attackers exploiting security breaches in the internal/external environment of the partners due to its heterogeneous and dynamic nature as well as the fact that the non-professional users in security issues usually operate their information systems. Attackers can compromise the data communication between legitimate parties in the Industry 4.0 Supply Chain, and thus, jeopardizing the delivery of services across the partners as well as the continuity of the service provision. Consequently, secure data communications across the partners in the Industry 4.0 Supply Chain are of utmost importance. Toward this direction, TLS protocol, which is the de facto standard for secure Internet communications, is employed to ensure secure communication between a user's web browser and a remote web server located in the premises of the same or another partner. However, over the last few years, there have been several serious attacks on TLS, including man-in-the-middle attacks in web applications using TLS to secure HTTP communication. Therefore, in this paper, we propose an efficient TLS-based authentication mechanism, which is resistant against MITM in web applications.

Published

2019

25. Cybersecurity attacks on medical IoT devices for smart city healthcare services

Author

Georgios Mantas, Jonathan Rodriguez, Marina Karageorgou, Dimitrios K. Lymberopoulos, and Ismael Essop

Subjects

business.industry, Computer science, Context (language use), Computer security, computer.software_genre, Patient safety, Smart city, Health care, Key (cryptography), ICTS, Internet of Things, business, Good practice, computer

Abstract

Smart city is an emerging concept whose main goal is to improve the quality of life of its citizens by leveraging Information and Communications Technologies (ICTs) as the key medium. In this context, smart city healthcare can play a pivotal role toward the improvement of citizens' quality of life, since it can allow citizens to be provided with personalized e-health services, without limitations on time and location. In smart city healthcare, medical Internet of Things (IoT) devices constitute a key underlying technology for providing personalized e-health services to smart city patients. However, despite the significant advantages that IoT medical device technology brings into smart city healthcare, medical IoT devices are vulnerable to various types of cybersecurity threats and thus, they pose a significant risk to smart city patient safety. Based on that and the fact that the security is a critical factor for the success of smart city healthcare services, novel security mechanisms against cyberattacks of today and tomorrow on IoT medical devices are required. Toward this direction, the first step is the comprehensive understanding of the existing cybersecurity attacks on IoT medical devices. Thus, in this chapter, we will provide a categorization of cybersecurity attacks on medical IoT devices which have been seen in the wild and can cause security issues and challenges in smart city healthcare services. Moreover, we will present security mechanisms, derived from the literature, for the most common attacks, as well as highlight emerging good practice and approaches that manufacturers can take to improve medical IoT device security throughout its life cycle. In this chapter, the authors' intent is to provide a foundation for organizing research efforts toward the development of the proper security mechanism against cyberattacks targeting IoT medical devices.

Published

2020

26. IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Author

Georgios Mantas, José-Fernán Martínez-Ortega, Reza Parsamehr, and Jonathan Rodriguez

Subjects

General Computer Science, Computer science, intrusion detection, 0211 other engineering and technologies, Throughput, 02 engineering and technology, Intrusion detection system, Network coding, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Electrical and Electronic Engineering, 021110 strategic, defence & security studies, business.industry, Wireless network, Network packet, Node (networking), General Engineering, location-aware prevention, 020206 networking & telecommunications, TA, efficiency, Linear network coding, Small cell, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, 5G, Computer network, pollution attacks

Abstract

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efcient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efcient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efcient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well.

Published

2020

27. Blockchain-Based Security Mechanisms for IoMT Edge Networks in IoMT-Based Healthcare Monitoring Systems

Author

Filippos Pelekoudas-Oikonomou, Georgios Zachos, Maria Papaioannou, Marcus de Ree, José C. Ribeiro, Georgios Mantas, and Jonathan Rodriguez

Subjects

QA75, Internet of Things, IoMT, blockchain, authentication, authorization, anomaly-based IDS, healthcare, Biochemistry, Atomic and Molecular Physics, and Optics, QA76, Analytical Chemistry, Blockchain, Quality of Life, Electrical and Electronic Engineering, RA, Delivery of Health Care, Instrumentation, Monitoring, Physiologic

Abstract

Despite the significant benefits that the rise of Internet of Medical Things (IoMT) can bring into citizens’ quality of life by enabling IoMT-based healthcare monitoring systems, there is an urgent need for novel security mechanisms to address the pressing security challenges of IoMT edge networks in an effective and efficient manner before they gain the trust of all involved stakeholders and reach their full potential in the market of next generation IoMT-based healthcare monitoring systems. In this context, blockchain technology has been foreseen by the industry and research community as a disruptive technology that can be integrated into novel security solutions for IoMT edge networks, as it can play a significant role in securing IoMT devices and resisting unauthorized access during data transmission (i.e., tamper-proof transmission of medical data). However, despite the fact that several blockchain-based security mechanisms have already been proposed in the literature for different types of IoT edge networks, there is a lack of blockchain-based security mechanisms for IoMT edge networks, and thus more effort is required to be put on the design and development of security mechanisms relying on blockchain technology for such networks. Towards this direction, the first step is the comprehensive understanding of the following two types of blockchain-based security mechanisms: (a) the very few existing ones specifically designed for IoMT edge networks, and (b) those designed for other types of IoT networks but could be possibly adopted in IoMT edge networks due to similar capabilities and technical characteristics. Therefore, in this paper, we review the state-of-the-art of the above two types of blockchain-based security mechanisms in order to provide a foundation for organizing research efforts towards the design and development of reliable blockchain-based countermeasures, addressing the pressing security challenges of IoMT edge networks in an effective and efficient manner.

Published

2022

28. A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications

Author

Georgios Mantas, Leonardo Oliveira, Ifiok Otung, Victor Sucasas, Jonathan Rodriguez, Saud Althunibat, and Angelos Antonopoulos

Subjects

Scheme (programming language), General Computer Science, Computer science, media_common.quotation_subject, Vulnerability, 02 engineering and technology, Computer security, computer.software_genre, Privacy-preserving, Smart city, 0202 electrical engineering, electronic engineering, information engineering, Pseudonym-based signatures, Protocol (object-oriented programming), media_common, computer.programming_language, Authentication, Delegation, Authorization, 020206 networking & telecommunications, 020207 software engineering, Privacy rights, Service provider, OAuth 2.0, Smart City, Law, Mobile device, computer

Abstract

In the forthcoming Smart City scenario, Service Providers will require users to authenticate themselves and authorize their mobile applications to access their remote accounts. In this scenario, OAuth 2.0 has been widely adopted as a de facto authentication and authorization protocol. However, the current OAuth 2.0 protocol specification does not consider the user privacy issue and presents several vulnerabilities that can jeopardize users' privacy rights. Therefore, in this paper we propose an OAuth 2.0 based protocol for Smart City mobile applications that addresses the user privacy issue by integrating a pseudonym-based signature scheme and a signature delegation scheme into the OAuth 2.0 protocol flow. The proposed solution allows users to self-generate user-specific and app-specific pseudonyms on-demand and ensure privacy-enhanced user authentication at the Service Provider side. The proposed protocol has been validated with Proverif and its performance has been evaluated in terms of time and space complexity. Results show that the proposed protocol can provide users with efficient and effective means to authenticate towards service providers while preventing user tracking and impersonation from malicious entities located in the network side or in the users' mobile device.

Published

2018

29. A Location-aware IDPS scheme for Network Coding-enabled Mobile Small Cells

Author

Georgios Mantas, Jonathan Rodriguez, José-Fernán Martínez-Ortega, Alireza Esfahani, Reza Parsamehr, and Institute of Electrical and Electronics Engineers, IEEE Committees

Subjects

QA75, Scheme (programming language), Cover (telecommunications), Computer science, TK, 0211 other engineering and technologies, Intrusion detection and prevention, 02 engineering and technology, locating attackes, IDPS, 11. Sustainability, Location aware, 0202 electrical engineering, electronic engineering, information engineering, Exact location, Network Coding, computer.programming_language, 021103 operations research, business.industry, 020206 networking & telecommunications, Adversary, Linear network coding, business, computer, 5G, pollution attacks, Computer network

Abstract

Due to an explosive growing demand for higher data rates that have led to the 5th generation of mobile networks, Network Coding-enabled mobile small cells are observed as a promising technology for 5G networks that can cover the urban landscape by being set up on-demand at any place, and at any time on any device. Despite the benefits of network coding technology on these networks, pollution attacks should be addressed before network coding technology reaches its full potential in 5G mobile small cells. In this paper, we have proposed an intrusion detection and prevention scheme which is able not only to detect and prevent pollution attacks but also to detect the exact location of adversary nodes which are the source of pollution attacks.

Published

2019

30. Key Management for Beyond 5G Mobile Small Cells: A Survey

Author

Marcus de Ree, Jonathan Rodriguez, Shahid Mumtaz, Georgios Mantas, Ayman Radwan, and Ifiok Otung

Subjects

General Computer Science, Computer science, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, decentralized systems, beyond 5G, key management, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, mobile small cells, Key management, 021110 strategic, defence & security studies, Network architecture, business.industry, General Engineering, 020206 networking & telecommunications, Mobile ad hoc network, TA, device-to-device communication, Trust anchor, lcsh:Electrical engineering. Electronics. Nuclear engineering, Small cell, business, lcsh:TK1-9971, Mobile device, 5G, Computer network

Abstract

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells.

Published

2019

31. Effect of diabetes mellitus on the clinical outcome of lower limb arterial bypass surgery: A propensity score analysis

Author

Georgios Kouvelos, Evangelos Kontopantelis, Konstantinos G. Moulakakis, Georgios Mantas, Spyros N. Vasdekis, Konstantinos Antonopoulos, George Geroulakos, Andreas M. Lazaris, and Miltiadis Matsagkas

Subjects

Male, medicine.medical_specialty, Time Factors, Databases, Factual, Kaplan-Meier Estimate, 030204 cardiovascular system & hematology, Risk Assessment, Outcome (game theory), Amputation, Surgical, Disease-Free Survival, Lower limb, Peripheral Arterial Disease, 03 medical and health sciences, 0302 clinical medicine, Risk Factors, Internal medicine, Diabetes mellitus, medicine, Humans, Radiology, Nuclear Medicine and imaging, 030212 general & internal medicine, Propensity Score, Vascular Patency, Aged, Aged, 80 and over, business.industry, General Medicine, Middle Aged, Limb Salvage, medicine.disease, Surgery, Logistic Models, Treatment Outcome, Lower Extremity, Bypass surgery, Propensity score matching, Cardiology, Female, Cardiology and Cardiovascular Medicine, business, Vascular Surgical Procedures, Diabetic Angiopathies

Abstract

Objectives Diabetic patients who undergo lower limb arterial bypass surgery are considered to have a worse clinical outcome compared to non-diabetics. The aim of the study was to test this hypothesis after applying propensity score matching analysis. Patients and methods A total of 113 consecutive lower limb bypass procedures (55 diabetic and 58 non-diabetic) were evaluated regarding their clinical outcome. Endpoints of the study included amputation-free survival, limb salvage, patency and patients’ survival up to 36 months post-procedure. After propensity score matching analysis, two new groups, diabetic and non-diabetic, of 31 limbs in each one were created, both equivalent regarding all baseline characteristics. Results Between the propensity score matching groups, the amputation-free survival was 68.8% in the non-diabetic and 37.7% in the diabetic group at 36 months ( p = 0.004). Similarly, the survival was 88.6% and 57.6%, respectively, in the two groups at the same time point ( p = 0.01). On the contrary, no difference was found in patency (58.3% vs. 56%) and in limb salvage rate (74.1% vs. 60.8%). Conclusions Lower limbs arterial bypass surgery has similar results regarding patency and limb salvage rate in diabetic and non-diabetic patients. On the contrary, mortality is worse in diabetic patients, this affecting negatively their amputation-free survival.

Published

2016

32. An efficient homomorphic MAC-based scheme against data and tag pollution attacks in network coding-enabled wireless networks

Author

Jonathan Rodriguez, Alireza Esfahani, Jose Carlos Neves, and Georgios Mantas

Subjects

020203 distributed computing, Computer Networks and Communications, business.industry, Wireless network, Computer science, Network packet, Homomorphic encryption, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Hash-based message authentication code, Robustness (computer science), Linear network coding, 0202 electrical engineering, electronic engineering, information engineering, Message authentication code, Safety, Risk, Reliability and Quality, business, Software, Information Systems, Computer network

Abstract

Recent research efforts have shown that wireless networks can benefit from network coding (NC) technology in terms of bandwidth, robustness to packet losses, delay and energy consumption. However, NC-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted packets that prevent the destination nodes from decoding correctly. Due to recoding, occurred at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research effort has been devoted to schemes against data pollution attacks. Homomorphic MAC-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modifies tags appended to the end of the transmitted packets. Therefore, in this paper, we propose an efficient homomorphic message authentication code-based scheme, called HMAC, providing resistance against data pollution attacks and tag pollution attacks in NC-enabled wireless networks. Our proposed scheme makes use of three types of homomorphic tags (i.e., MACs, D-MACs and one signature) which are appended to the end of the coded packet. Our results show that the proposed HMAC scheme is more efficient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead.

Published

2016

33. An autonomous privacy-preserving authentication scheme for intelligent transportation systems

Author

Jonathan Rodriguez, Firooz B. Saghezchi, Victor Sucasas, Georgios Mantas, and Ayman Radwan

Subjects

Authentication, General Computer Science, business.industry, Computer science, 020302 automobile design & engineering, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Pseudonym, Computer security, computer.software_genre, 0203 mechanical engineering, Transmission (telecommunications), Server, 0202 electrical engineering, electronic engineering, information engineering, business, Law, computer, Intelligent transportation system

Abstract

Privacy-preservation is of paramount importance for the emerging Intelligent Transportation System (ITS) applications, such as traffic monitoring and road safety. These applications require regular transmission of messages among vehicles or between vehicles and back-end servers. The received messages should be authenticated so that messages from malicious or malfunctioning entities can be detected and discarded. However, this requirement poses a challenge in terms of location privacy, since the user's identity is sent in clear text in the transmitted messages, and thus it can be linked to the vehicle's position. Cryptographic pseudonyms are advocated as computationally efficient solutions for preserving the privacy of vehicles' location. However, pseudonym-based systems require permanent contact between vehicles and a trusted authority (TA) to periodically renew the pseudonyms. This might cause network congestion or be infeasible in some situations due to the lack or scarcity of deployed infrastructure. In this paper, we address this challenge by proposing an autonomous privacy-preserving authentication scheme, where vehicles only need to contact the TA once; afterward, they can renew their pseudonyms by themselves without communicating with the TA. To the best of our knowledge, this is the first authentication scheme providing vehicles with the capability to renew their pseudonym sets without requiring permanent contact with a TA.

Published

2016

34. Broadband Communications, Networks, and Systems

Author

Georgios Mantas, Victor Sucasas, and Saud Althunibat

Subjects

Telemedicine, Computer science, business.industry, Antenna design, eHealth, Network virtualization, Internet of Things, business, Telecommunications, Broadband communication, Spatial modulation, Reliability (statistics)

Abstract

This book constitutes the refereed post-conference proceedings of the 9th International Conference on Broadband Communications, Networks, and Systems, Broadnets 2018, which took place in Faro, Portugal, in September 2018. The 30 revised full and 16 workshop papers were carefully reviewed and selected from 68 submissions. The papers are thematically grouped as follows: Advanced Techniques for IoT and WSNs; SDN and Network Virtualization; eHealth and Telemedicine Mobile Applications; Security and Privacy Preservation; Communication Reliability and Protocols; Spatial Modulation Techniques; Hardware Implementation and Antenna Design.

Published

2019

35. Security framework for the semiconductor supply chain environment

Author

Victor Sucasas, Firooz B. Saghezchi, Mariana Barcelos, Alireza Esfahani, Georgios Mantas, Joaquim Bastos, Jonathan Rodriguez, Sucasas, Victor, Mantas, Georgios, and Althunibat, Saud

Subjects

Security framework, Transport Layer Security, Industry 4.0, Computer science, Supply chain, 02 engineering and technology, Cryptographic protocol, Computer security, computer.software_genre, TA, Order (business), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, computer

Abstract

This paper proposes a security framework for secure data communications across the partners in the Semiconductor Supply Chain Environment. The security mechanisms of the proposed framework will be based on the SSL/TLS and OAuth 2.0 protocols, which are two standard security protocols. However, both protocols are vulnerable to a number of attacks, and thus more sophisticated security mechanisms based on these protocols should be designed and implemented in order to address the specific security challenges of the Semiconductor Supply Chain in a more effective and efficient manner.

Published

2019

36. Editorial: Security and Privacy Protection for Mobile Applications and Platforms

Author

Georgios Mantas, Victor Sucasas, José-Fernán Martínez Ortega, and Saud Althunibat

Subjects

Computer Networks and Communications, Hardware and Architecture, Computer science, Privacy protection, Computer security, computer.software_genre, computer, Computer communication networks, Software, Information Systems

Published

2020

37. Machine Learning to Automate Network Segregation for Enhanced Security in Industry 4.0

Author

Georgios Mantas, Jonathan Rodriguez, Hassan Alizadeh, Firooz B. Saghezchi, Alireza Esfahani, Jose Ribeiro, Joaquim Bastos, Sucasas, Victor, Mantas, Georgios, and Althunibat, Saud

Subjects

021110 strategic, defence & security studies, Industry 4.0, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Context (language use), Feature selection, 02 engineering and technology, Attack surface, Machine learning, computer.software_genre, Security policy, Cross-validation, Traffic classification, TA, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Artificial intelligence, business, computer

Abstract

The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%.

Published

2018

38. Profile Management System in Ubiquitous Healthcare Cloud Computing Environment

Author

Georgios Mantas, Evy I. Karavatselou, Maria-Anna Fengou, and Dimitrios K. Lymberopoulos

Subjects

Exploit, business.industry, Computer science, media_common.quotation_subject, Context (language use), Cloud computing, Data science, 030218 nuclear medicine & medical imaging, Personalization, InformationSystems_GENERAL, 03 medical and health sciences, 0302 clinical medicine, TA, Software deployment, Health care, Quality (business), Smart card, business, 030217 neurology & neurosurgery, media_common

Abstract

A shift from the doctor-centric model to a patient-centric model is required to face the challenges of the healthcare sector. The vision of patient-centric model can be materialized integrating ubiquitous healthcare and the notion of personalization in services. Cloud computing can be the underlying technology for ubiquitous healthcare. The use of profiles enables the personalization in healthcare services and the use of profile management systems facilitates the deployment of these services. In this paper, we propose a profile management system in ubiquitous healthcare cloud computing environment. The proposed system exploits the cloud computing technology and the smart card technology to increase the efficiency and the quality of the provided healthcare services in the context of the patient-centric model. Furthermore, we propose generic healthcare profile structures corresponding to the main classes of the participating entities in a ubiquitous healthcare cloud computing environment.

Published

2018

39. Software-Defined Networking for Ubiquitous Healthcare Service Delivery

Author

Georgios Mantas, Konstantinos Birkos, Dimitrios K. Lymberopoulos, Foteini Andriopoulou, Sucasas, Victor, Mantas, Georgios, and Althunibat, Saud

Subjects

Service delivery framework, Computer science, business.industry, 0206 medical engineering, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Overlay, Load balancing (computing), 020601 biomedical engineering, TA, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Interrupt, Software-defined networking, business, Computer network, Data transmission

Abstract

The growth of the mobile, portable devices and the server-to-server communication through cloud computing increase the network traffic. The dependence of the ubiquitous healthcare service delivery on the network connectivity creates failures that may interrupt or delay the treatment plan with adverse effects in patients’ quality of life even leading to mortality. In the present work, we propose the incorporation of Software Defined Networking (SDN) features in the healthcare domain in order to provide the appropriate bandwidth and guarantee the accurate real time medical data transmission independently of the connectivity of the ISP provider. The SDN controller monitors the network traffic and specifies how traffic should be routed providing load balancing, lower delays and better performance. Finally, the proposed healthcare architecture addresses the SDN scalability challenge by incorporating the logically centralized control plane using multiple distributed controllers. A 2-tier hierarchical overlay is formed among SDN controllers following the principles of peer-to-peer networking.

Published

2018

40. Towards an Autonomous Host-Based Intrusion Detection System for Android Mobile Devices

Author

Simon J. Shepherd, Jonathan Rodriguez, Georgios Mantas, Raed A. Abd-Alhameed, José Carlos Ribeiro, Firooz B. Saghezchi, Sucasas, Victor, Mantas, Georgios, and Althunibat, Saud

Subjects

Computer science, 02 engineering and technology, Intrusion detection system, Communications system, Computer security, computer.software_genre, Host-based intrusion detection system, 03 medical and health sciences, User privacy, 0302 clinical medicine, TA, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Android (operating system), Computer communication networks, Mobile device, computer, 5G, 030215 immunology

Abstract

In the 5G era, mobile devices are expected to play a pivotal role in our daily life. They will provide a wide range of appealing features to enable users to access a rich set of high quality personalized services. However, at the same time, mobile devices (e.g., smartphones) will be one of the most attractive targets for future attackers in the upcoming 5G communications systems. Therefore, security mechanisms such as mobile Intrusion Detection Systems (IDSs) are essential to protect mobile devices from a plethora of known and unknown security breaches and to ensure user privacy. However, despite the fact that a lot of research effort has been placed on IDSs for mobile devices during the last decade, autonomous host-based IDS solutions for 5G mobile devices are still required to protect them in a more efficient and effective manner. Towards this direction, we propose an autonomous host-based IDS for Android mobile devices applying Machine Learning (ML) methods to inspect different features representing how the device’s resources (e.g., CPU, memory, etc.) are being used. The simulation results demonstrate a promising detection accuracy of above 85%, reaching up to 99.99%.

Published

2018

41. Security Threats in Network Coding-Enabled Mobile Small Cells

Author

Georgios Mantas, Reza Parsamehr, Jonathan Rodriguez, Ayman Radwan, José-Fernán Martínez, Sucasas, Victor, Mantas, Georgios, and Althunibat, Saud

Subjects

021110 strategic, defence & security studies, Network packet, Computer science, Mobile broadband, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, TA, Categorization, Robustness (computer science), Linear network coding, 0202 electrical engineering, electronic engineering, information engineering, Wireless multicast, Architecture, computer, 5G

Abstract

The recent explosive growth of mobile data traffic, the continuously growing demand for higher data rates, and the steadily increasing pressure for higher mobility have led to the fifth-generation mobile networks. To this end, network-coding (NC)-enabled mobile small cells are considered as a promising 5G technology to cover the urban landscape by being set up on-demand at any place, and at any time on any device. In particular, this emerging paradigm has the potential to provide significant benefits to mobile networks as it can decrease packet transmission in wireless multicast, provide network capacity improvement, and achieve robustness to packet losses with low energy consumption. However, despite these significant advantages, NC-enabled mobile small cells are vulnerable to various types of attacks due to the inherent vulnerabilities of NC. Therefore, in this paper, we provide a categorization of potential security attacks in NC-enabled mobile small cells. Particularly, our focus is on the identification and categorization of the main potential security attacks on a scenario architecture of the ongoing EU funded H2020-MSCA project “SECRET” being focused on secure network coding-enabled mobile small cells.

Published

2018

42. Physical-layer entity authentication scheme for mobile MIMO systems

Author

Victor Sucasas, Georgios Mantas, Jonathan Rodriguez, and Saud Althunibat

Subjects

Scheme (programming language), Authentication, Computer science, business.industry, 05 social sciences, Physical layer, 050801 communication & media studies, 020206 networking & telecommunications, Authentication scheme, 02 engineering and technology, Computer Science Applications, 0508 media and communications, TA, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Electrical and Electronic Engineering, business, Mobile device, computer, Mimo systems, Computer network, Communication channel, computer.programming_language, Computer Science::Cryptography and Security

Abstract

Exploiting physical layer in achieving different security aspects in wireless communications has been widely encouraged. In this work, the authors propose an entity authentication scheme for mobile devices with multiple antennas, which is purely based on physical layer parameters. According to the proposed scheme, in order to authenticate a device, a number of predefined authentication signals should be detected at the receive antennas on the authenticator side. The transmitted signals are designed based on the instantaneous channel responses in order to deliver the authentication signals to the receiver. The proposed scheme works efficiently even for mobile users, which is considered a significant improvement over previous related works. Mathematical analysis of the different involved factors along with sufficient simulations show the high performance of the proposed authentication scheme.

Published

2018

43. Implementation of a pseudonym-based signature scheme with bilinear pairings on Android

Author

Jonathan Rodriguez, Victor Sucasas, Leonardo Oliveira, Georgios Mantas, Marques, Paulo, Radwan, Ayman, Mumtaz, Shahid, Noguet, Dominique, Rodriguez, Jonathan, and Gundlach, Michael

Subjects

business.industry, Computer science, Pseudonym, Service provider, Trusted third party, Computer security, computer.software_genre, TA, Smart city, Confidentiality, Use case, Android (operating system), business, computer, Wearable technology

Abstract

Privacy preservation is of paramount importance in the emerging smart city scenario, where numerous and diverse online services will be accessed by users through their mobile or wearable devices. In this scenario, service providers or eavesdroppers can track users’ activities, location, and interactions with other users, which may discourage citizens from accessing smart city services. Pseudonym-based systems have been proposed as an efficient solution to provide identity confidentiality, and more concretely pseudonym-based signature schemes have been suggested as an effective means to authenticate entities and messages privately. In this paper we describe our implementation of a pseudonym-based signature scheme, based on bilinear-pairings. Concretely, our implementation consists of an Android application that enables users to authenticate messages under self-generated pseudonyms, while still enabling anonymity revocation by a trusted third party in case of misbehavior. The paper presents a description of the implementation, performance results, and it also describes the use cases for which it was designed.

Published

2018

44. Hepatorenal Revascularization Enables Endovascular Aneurysm Repair on a Patient with Abdominal Aortic Aneurysm and an Ectopic Right Renal Artery

Author

Konstantinos G. Moulakakis, Spyros N. Vasdekis, Katerina Poulou, Georgios Mantas, Evangelos Alexiou, G. Geroulakos, and Andreas M. Lazaris

Subjects

Male, medicine.medical_specialty, Aortography, Computed Tomography Angiography, medicine.medical_treatment, 030204 cardiovascular system & hematology, Revascularization, Endovascular aneurysm repair, 03 medical and health sciences, Aortic aneurysm, Blood Vessel Prosthesis Implantation, 0302 clinical medicine, Aneurysm, Hepatic Artery, Renal Artery, medicine.artery, medicine, Humans, cardiovascular diseases, 030212 general & internal medicine, Right Renal Artery, Renal artery, Aged, medicine.diagnostic_test, business.industry, Endovascular Procedures, General Medicine, medicine.disease, Abdominal aortic aneurysm, Surgery, Treatment Outcome, Regional Blood Flow, cardiovascular system, Cardiology and Cardiovascular Medicine, business, Aortic Aneurysm, Abdominal

Abstract

In last 30 years, the endovascular aneurysm repair (EVAR) has become the standard method of treatment of abdominal aortic aneurysms (AAAs). Nevertheless, the method has limitations mainly based on the anatomic characteristics of the specific aneurysm. In these cases, a combination of endovascular and open techniques can be used. We describe a case of a patient with an infrarenal AAA and an ectopic right renal artery emerging from within the aneurysm sac. The patient was treated with a combination of endovascular and open techniques. In particular, he underwent a hepatorenal revascularization followed by a standard EVAR procedure, with a successful final outcome. For the treatment of AAA disease, the combination of open and endovascular procedures can overcome difficulties, where a standard EVAR cannot be an option.

Published

2018

45. Key Management for Secure Network Coding-enabled Mobile Small Cells

Author

Georgios Mantas, Jonathan Rodriguez, Ayman Radwan, Marcus de Ree, Ifiok Otung, Sucasas, Victor, Mantas, Georgios, and Althunibat, Saud

Subjects

QA75, 020203 distributed computing, Computer science, business.industry, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Base station, Linear network coding, 11. Sustainability, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, The Internet, Key management, business, Secure channel, 5G, Computer network

Abstract

The continuous growth in wireless devices connected to the Internet and the increasing demand for higher data rates put ever increasing pressure on the 4G cellular network. The EU funded H2020-MSCA project “SECRET” investigates a scenario architecture to cover the urban landscape for the upcoming 5G cellular network. The studied scenario architecture combines multi-hop device-to-device (D2D) communication with network coding-enabled mobile small cells. In this scenario architecture, mobile nodes benefit from high transmission speeds, low latency and increased energy efficiency, while the cellular network benefits from a reduced workload of its base stations. However, this scenario architecture faces various security and privacy challenges. These challenges can be addressed using cryptographic techniques and protocols, assuming that a key management scheme is able to provide mobile nodes with secret keys in a secure manner. Unfortunately, existing key management schemes are unable to cover all security and privacy challenges of the studied scenario architecture. Certificateless key management schemes seem promising, although many proposed schemes of this category of key management schemes require a secure channel or lack key update and key revocation procedures. We therefore suggest further research in key management schemes which include secret key sharing among mobile nodes, key revocation, key update and mobile node authentication to fit with our scenario architecture.

Published

2018

46. A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment

Author

Christoph Schmittner, Georgios Mantas, Markus Tauber, Firooz B. Saghezchi, Alireza Esfahani, Silia Maksuti, Ani Bicaku, Jonathan Rodriguez, Joaquim Bastos, and Rainer Matischek

Subjects

IoT, Computer Networks and Communications, Computer science, Hash function, Machine-to-machine communications, 02 engineering and technology, Device to Device Communication, Computer security, computer.software_genre, Public-key cryptography, Quality of service, Teknik och teknologier, 0202 electrical engineering, electronic engineering, information engineering, Session key, Overhead (computing), Annan elektroteknik och elektronik, Replay attack, Computer science [C05] [Engineering, computing & technology], Authentication, Other Electrical Engineering, Electronic Engineering, Information Engineering, business.industry, Sensors, 020208 electrical & electronic engineering, Production, 020206 networking & telecommunications, Mutual authentication, Sciences informatiques [C05] [Ingénierie, informatique & technologie], Computer Science Applications, computer network security, cryptographic protocols, Internet of Things, machine-to-machine communication, machine-to-machine communication technology, IIoT environment, IIoT domain, resource-constrained IoT devices, security issues, lightweight security mechanisms, lightweight authentication mechanism, industrial IoT environment, M2M protocols, M2M communications, Protocols, Industrial Internet of Things (IIoT), lightweight authentication, machine-to-machine (M2M) communications, security, sensors, TA, Hardware and Architecture, Privacy, Signal Processing, Key (cryptography), Security, Engineering and Technology, business, computer, Information Systems, Computer network

Abstract

In the emerging industrial Internet of Things (IIoT) era, machine-to-machine (M2M) communication technology is considered as a key underlying technology for building IIoT environments, where devices (e.g., sensors, actuators, and gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the IIoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the IIoT environment. Therefore, lightweight security mechanisms are required for M2M communications in IIoT in order to reach its full potential. As a step toward this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in IIoT environment. The proposed mechanism is characterized by low computational cost, communication, and storage overhead, while achieving mutual authentication, session key agreement, device's identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack. Informationstechnologie und Informationsmanagement

Published

2017

47. Towards a secure network architecture for smart grids in 5G era

Author

Georgios Mantas, Mohammed Al-Rawi, Firooz B. Saghezchi, Jose Ribeiro, Shahid Mumtaz, and Jonathan Rodriguez

Subjects

Consumption (economics), 021110 strategic, defence & security studies, Network architecture, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Intrusion detection system, Grid, Computer security, computer.software_genre, Smart grid, TA, Home automation, 0202 electrical engineering, electronic engineering, information engineering, HD28, Electricity, business, computer

Abstract

Smart grid introduces a wealth of promising applications for upcoming fifth-generation mobile networks (5G), enabling households and utility companies to establish a two-way digital communications dialogue, which can benefit both of them. The utility can monitor real-time consumption of end users and take proper measures (e.g., real-time pricing) to shape their consumption profile or to plan enough supply to meet the foreseen demand. On the other hand, a smart home can receive real-time electricity prices and adjust its consumption to minimize its daily electricity expenditure, while meeting the energy need and the satisfaction level of the dwellers. Smart Home applications for smart phones are also a promising use case, where users can remotely control their appliances, while they are away at work or on their ways home. Although these emerging services can evidently boost the efficiency of the market and the satisfaction of the consumers, they may also introduce new attack surfaces making the grid vulnerable to financial losses or even physical damages. In this paper, we propose an architecture to secure smart grid communications incorporating an intrusion detection system, composed of distributed components collaborating with each other to detect price integrity or load alteration attacks in different segments of an advanced metering infrastructure.

Published

2017

48. Towards a Hybrid Intrusion Detection System for Android-based PPDR terminals

Author

Pedro Borges, Luis Cordeiro, Jose Ribeiro, Luís Carlos de Souza Ferreira, Jonathan Rodriguez, Paulo Simões, Georgios Mantas, Firooz B. Saghezchi, and Bruno Sousa

Subjects

Data collection, business.industry, Computer science, Mission critical, 02 engineering and technology, Intrusion detection system, computer.software_genre, 020204 information systems, Embedded system, Information leakage, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Mobile telephony, Android (operating system), business, computer, Mobile device, Computer network

Abstract

Mobile devices are used for communication and for tasks that are sensitive and subject to tampering. Indeed, attacks can be performed on the users' devices without user awareness, this represents additional risk in mission critical scenarios, such as Public Protection and Disaster Relief (PPDR). Intrusion Detection Systems are important for scenarios where information leakage is of crucial importance, since they allow to detect possible attacks to information assets (e.g., installation of malware), or can even compromise the security of PPDR personnel. HyIDS is an Hybrid IDS for Android and supporting the stringent security requirements of PPDR, by comprising agents that continuously monitor mobile device and periodically transmit the data to an analysis framework at the Command Control Center (CCC). The data collection retrieves resource usage metrics for each installed application such as CPU, memory usage, and incoming and outgoing network traffic. At the CCC, the HyIDS employs Machine Learning techniques to identify patterns that are consistent with malware signatures based on the data collected from the applications. The HyIDS's evaluation results demonstrate that the proposed solution has low impact on the mobile device in terms of battery consumption and CPU/memory usage.

Published

2017

49. Endovascular reconstruction of iliac artery bifurcation atherosclerotic disease with the kissing technique

Author

Georgios Mantas, Christine Aivatidi, G. Vourliotakis, Yannis Kandounakis, and Athanasios Katsargyris

Subjects

Male, medicine.medical_specialty, Time Factors, Constriction, Pathologic, Iliac Artery, Severity of Illness Index, Peripheral Arterial Disease, medicine.artery, Humans, Medicine, Radiology, Nuclear Medicine and imaging, Ultrasonography, Doppler, Color, Endovascular treatment, Vascular Patency, Aged, Iliac artery, business.industry, Balloon catheter, Atherosclerotic disease, Angiography, Digital Subtraction, External iliac artery, General Medicine, Intermittent Claudication, Internal iliac artery, Surgery, Treatment Outcome, Left buttock, Stents, Radiology, medicine.symptom, Cardiology and Cardiovascular Medicine, business, Claudication, Angioplasty, Balloon

Abstract

A 71-year-old male patient with severe left buttock and lower-extremity claudication due to iliac artery bifurcation stenoses was referred to our institution for endovascular treatment. A ‘kissing’ technique was used in order to dilate the proximal parts of both internal and external iliac arteries and avoid compromization of the internal iliac artery during proximal external iliac artery stenting. A balloon expandable stent was inserted via a left ipsilateral retrograde access to the narrowed origin of the left external iliacartery and a balloon catheter via a right contralateral access inside the origin of the left internal iliac artery. Simultaneous balloons inflation restored full patency of both vessels. Twelve months later the patient is doing well, free of buttock or lower-extremity claudication symptoms. For iliac artery bifurcation atherosclerotic disease, endovascular repair with the ‘kissing’ technique can achieve a complete bifurcation reconstruction offering significant clinical benefit in selected patients.

Published

2013

50. A Lightweight Privacy-Preserving OAuth2-Based Protocol for Smart City Mobile Apps

Author

Ayman Radwan, Victor Sucasas, Jonathan Rodriguez, and Georgios Mantas

Subjects

Authentication, Computer science, business.industry, 05 social sciences, Mobile computing, 050801 communication & media studies, 020206 networking & telecommunications, Mobile Web, 02 engineering and technology, Service provider, Computer security, computer.software_genre, 0508 media and communications, TA, Smart city, 0202 electrical engineering, electronic engineering, information engineering, Mobile payment, Mobile search, business, Mobile device, computer, Computer network

Abstract

In the forthcoming Smart City scenario, users' mobile applications will be of fundamental role towards supporting the envisioned functionalities and services. Mobile users, provided with a smartphone, will be capable of ubiquitously connecting to service providers through their installed mobile applications. However, this connection must be authenticated, which threatens the citizen privacy rights. Privacy-preserving mechanisms have already been proposed in the past; nevertheless, they are based on RSA groups or groups with bilinear pairings, which are inefficient in mobile devices due to its computational complexity. Thus, in this paper, we integrate a lightweight anonymous credential mechanism, suitable for computationally-limited mobile devices, into the user authentication phase of the OAuth2 protocol, which has become a de facto solution for user authentication in mobile applications. The proposed protocol enables citizen's authentication towards service providers, while preserving their privacy. Additionally, the protocol is compliant with the OAuth2 specification, which enables an easy integration in current mobile application implementations.

Published

2017