Publications
Authors: V.Malamas, T.Dasaklis , P.Kotzanikolaou, M.Burmester, S.Katsikas
Publisher: IEEE World Congress on Services 2019, July 2019
Link: https://ieeexplore.ieee.org/document/8817216
Abstract:
The Internet of Medical Things (IoMT) provides ubiquitous healthcare services for patient monitoring and treatment. However, the interaction between doctors, patients, healthcare personnel and device manufacturers, with different and often conflicting security and privacy objectives, make such services vulnerable and subject to exploitation. In addition, since parties may require different access levels and the IoMT devices involve different functionalities, access control can be challenging. In this paper, we propose a blockchain-enabled authorization framework for managing both IoMT devices and medical files by creating a distributed chain of custody and health data privacy scheme. The core idea is to build trust domains for the various stakeholders and IoMT devices, in such a way that fine-grain access is enabled by taking into account critical attributes of the IoMT ecosystem such as a) the different roles and capabilities of the IoMT devices and b) their interaction with the users/stakeholders. A private blockchain is used in combination with on-chain smart contracts to allow for a forensics-by-design management architecture with audit trails for integrity and provenance guarantees as well as health data privacy. The private blockchain ecosystem is authenticated by a proof-of-medical-stake consensus mechanism that is tailored for medical applications.
Authors: V.Malamas, F.Chantzis, T.Dasaklis, G.Stergiopoulos, P.Kotzanikolaou, C.Douligeris
Publisher: IEEE Access, March 2021
Link: https://ieeexplore.ieee.org/abstract/document/9373445
Abstract:
The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well-being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices are part of a distributed and trustless environment and naturally support functionalities that favor reliability and usability instead of security. In this paper, we provide a survey of risk assessment and mitigation methodologies for IoMT. For conducting the survey, we assess two streams of literature. First, we systematically review and classify the current scientific research in IoMT risk assessment methodologies. Second, we review existing standards/best practices for IoMT security assessment and mitigation in order to i) provide a comparative assessment of these standards/best practices based on a set of predefined criteria (scope or coverage, maturity level, and relevant risk methodology applied) and ii) identify common themes for IoMT security controls. Based on the analysis, we provide various IoMT research and implementation gaps along with a road map of fruitful areas for future research. The paper could be of significant value to security assessment researchers and policymakers/stakeholders in the healthcare industry.
Authors: V.Malamas, P.Kotzanikolaou, T.Dasaklis, M.Burmester
Publisher: IEEE Access (Vol 8), July 2020
Link: https://ieeexplore.ieee.org/document/9146294
Abstract:
The health care ecosystem involves various interconnected stakeholders with different, and sometimes conflicting security and privacy needs. Sharing medical data, sometimes generated by remote medical devices, is a challenging task. Although several solutions exist in the literature covering functional requirements such as interoperability and scalability, as well as security & privacy requirements such as fine-grained access control and data privacy, balancing between them is not a trivial task as off-the-shelf solutions do not exist. On one hand, centralized cloud architectures provide scalability and interoperable access, but make strong trust assumptions. On the other, decentralized blockchain based solutions favor data privacy and independent trust management, but typically do not support dynamic changes of the underlying trust domains. To cover this gap, in this paper, we present a novel hierarchical multi expressive blockchain architecture. At the top layer, a proxy blockchain enables independently managed trust authorities to interoperate. End-users from different health care domains, such as hospitals or device manufacturers are able to access and securely exchange medical data, provided that a commonly agreed domain-wise access policy is enforced. At the bottom layer, one or more domain blockchains allow each domain (e.g. a hospital or device manufacturer) to enforce their policy and allow fine-grained access control with attribute-based encryption.
Authors: F.Fotopoulos, V.Malamas, T.Dasaklis, P.Kotzanikolaou, C.Douligeris
Publisher: 2020 IEEE Eurasia Conference on IoT, Communication and Engineering (ECICE), Oct.2020
Link: https://ieeexplore.ieee.org/abstract/document/9301913
Abstract:
The healthcare sector is beginning to integrate Internet of Medical Things (IoMT) technologies and adopt new practices regarding how patient data are collected, processed and stored. Although various medical device authentication mechanisms have been proposed in the literature so far, most of them describe systems that are power consuming, not cost-effective or face scalability issues. We propose a novel IoMT authentication framework incorporating new concepts and technologies like self-sovereign identity, zero-knowledge proofs, and blockchain technology to cover this gap. The architecture is built upon key elements of the healthcare ecosystem (hospital entities, device manufacturers, medical devices etc.) and provides multi-entity IoMT authentication functionalities with revocation. We demonstrate the proposed architecture’s efficiency through a proof-of-concept implementation based on Hyperledger Aries, Indy and Ursa.
Authors: K.Nomikos, A.Papadimitriou, G.Stergiopoulos, D.Koutras, M. Psarakis, P.Kotzanikolaou
Publisher: 23rd Euromicro Conference on Digital System Design (DSD), Aug 2020
Link: https://ieeexplore.ieee.org/document/9217848
Abstract:
As medical devices more and more use Internet of Things based technologies, serious concerns are raised about their security and the privacy of patient’s personal health data. To address these concerns, while maintaining reasonable overheads, designers of medical devices need to take security into account from the beginning until the completion of their designs. In this work we identify the relevant security domains and focus to the Hardware Security perspective. Additionally, we present a secure design and evaluation framework which can assist designers towards more secure medical devices. The framework integrates a complete insulin pump architecture containing all the basic components used in such applications. To illustrate the advantages of the proposed framework we perform a Side Channel Analysis attack against the embedded encryption algorithm of the device to obtain the secret encryption key. Then, we make use of the framework to identify all the components of the system which are either directly or indirectly affected by the attack. This analysis leads us to determine more complex combined attacks which may complement the SCA attack into compromising the overall security of the system.
Authors: D.Koutras, G.Stergiopoulos, T.Dasaklis, P.Kotzanikolaou, D.Glynos C.Douligeris
Publisher: Sensors, Aug 2020
Link: https://www.mdpi.com/1424-8220/20/17/4828
Abstract:
The Internet of Medical Things (IoMT) couples IoT technologies with healthcare services in order to support real-time, remote patient monitoring and treatment. However, the interconnectivity of critical medical devices with other systems in various network layers creates new opportunities for remote adversaries. Since most of the communication protocols have not been specifically designed for the needs of connected medical devices, there is a need to classify the available IoT communication technologies in terms of security. In this paper we classify IoT communication protocols, with respect to their application in IoMT. Then we describe the main characteristics of IoT communication protocols used at the perception, network and application layer of medical devices. We examine the inherent security characteristics and limitations of IoMT-specific communication protocols. Based on realistic attacks we identify available mitigation controls that may be applied to secure IoMT communications, as well as existing research and implementation gaps.
Authors: A. Ioannis Stellios, Panayiotis Kotzanikolaou, Christos Grigoriadis
Publisher: Computers & Security, 2021
Link: https://doi.org/10.1016/j.cose.2021.102316
Abstract:
Internet of Things (IoT) increase the interconnectivity and interoperability of systems in various critical sectors, such as industrial control, healthcare and smart transportation systems. At the same time, as IoT technologies enable systems to interact both in cyber and physical ways, they also act as enablers of complex attack paths against critical systems. In this paper we propose a novel risk-based methodology for identifying and assessing IoT-enabled attack paths against critical cyber-physical systems. While the majority of existing approaches focus on cyber system connectivity only, the proposed methodology models both cyber and physical interactions. In comparison to existing cyber physical approaches that grow exponentially, our approach is significantly more efficient, by utilizing an attack tree topology; the critical system is set as the root (target) of an attack tree that is recursively build, based on the identified cyber-physical system interactions. Our methodology uses well-known building blocks such Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and threat modeling. Furthermore,we significantly reduce false positives by prioritizing the identified attack paths in a risk manner, which, in turn, can assist decision makers in effectively mitigating multi-hop attack paths. To validate our methodology, we developed a proof-of-concept implementation and tested it using a realistic scenario from the healthcare sector. Our results show that the proposed methodology can efficiently identify and assess hidden and/or underestimated cyber physical attack paths.
Authors: A. Papadimitriou, K. Nomikos, M. Psarakis, E. Aerabi and D. Hely
Publisher: 2020 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), Frascati, Italy, 2020, pp. 1-6
Link: https://ieeexplore.ieee.org/abstract/document/9250870
Abstract:
Cryptographic implementations are prune to Side Channel Analysis (SCA) attacks and Fault Injection (FI) attacks at the same time. Therefore, countermeasures protecting an implementation need to be evaluated against both attacks. The main contribution of this work is twofold. First, we propose an evaluation platform capable to perform emulated fault injection campaigns against modern MCUs and at the same time able to acquire experimental electromagnetic EM emissions and power traces of cryptographic computations to be used for SCA attacks. Second, we perform experimental evaluations of countermeasures protecting against both SCA and FI attacks which show that the injections of faults can dramatically reduce the effectiveness of SCA countermeasures. We evaluate two cryptographic algorithms, an AES and a PRESENT-Sbox implementation, which are protected employing different countermeasures protecting in parallel against FI and SCA attacks. The AES secure implementation is protected by hiding-based SCA countermeasures, while it uses a redundancy-based technique against FI attacks. On the other hand, the PRESENT Sbox is protected by a software implementation of a Dual-rail with Precharge Logic (DPL) countermeasure including fault detection capabilities. We present extensive experimental evaluations for the AES implementation and first results for PRESENT-Sbox showing that for both implementations the fault injections increase the efficiency of the SCA attacks and lead to very fast recoveries of the secret keys.
Authors: Anagnostakis, A. G., Giannakeas, N., Tsipouras, M. G., Glavas, E., & Tzallas, A. T
Publisher: Sensors, 2021
Link: https://doi.org/10.3390/s21082784
Abstract:
In this paper we investigate the essential minimum functionality of the autonomous blockchain, and the minimum hardware and software required to support it in the micro-scale in the IoT world. The application of deep-blockchain operation in the lower-level activity of the IoT ecosystem, is expected to bring profound clarity and constitutes a unique challenge. Setting up and operating bit-level blockchain mechanisms on minimal IoT elements like smart switches and active sensors, mandates pushing blockchain engineering to the limits. “How deep can blockchain actually go?” “Which is the minimum Thing of the IoT world that can actually deliver autonomous blockchain functionality?” To answer, an experiment based on IoT micro-controllers was set. The “Witness Protocol” was defined to set the minimum essential micro-blockchain functionality. The protocol was developed and installed on a peer, ad-hoc, autonomous network of casual, real-life IoT micro-devices. The setup was tested, benchmarked, and evaluated in terms of computational needs, efficiency, and collective resistance against malicious attacks. The leading considerations are highlighted, and the results of the experiment are presented. Findings are intriguing and prove that fully autonomous, private micro-blockchain networks are absolutely feasible in the smart dust world, utilizing the capacities of the existing low-end IoT devices.
Authors: G. Stergiopoulos, P. Kotzanikolaou, C. Konstantinou and A. Tsoukalis
Publisher: under review, 2022
Link:
Abstract:
As medical infusion pumps are known to be vulnerable to cybersecurity threats, industrial reports, guidelines and state-of-the art research have focused on securing such devices. This includes hardening a pump’s network communications, wireless interfaces and patching software flaws that can allow adversaries to compromise the device’s usability and potentially lead to adverse effects on patients. Still, a very small percentage of this work has focused on securing devices against process-aware attacks that target the business logic behind medical treatment processes, even though it is widely known that deviations or disruptions in continuous medication administration may be harmful, even lethal. In this work, we develop a threat model on an insulin infusion pump used for blood glucose regulation in Type-I diabetics. We set up a generalized Simulink model of common insulin pumps used for Type-I diabetic treatment and perform a volume control assessment to investigate the probability of process-aware cyberattacks to cause patient harm through micro-alterations on continuous medical administration over time. We achieve this by manipulating the business process logic behind semi-automatic drug administration on the insulin pump model that uses continuous glucose monitoring systems. We validate attack models capable of causing adverse impact on patients through performance degradation of the drug administration processes.
Authors: V. Malamas, G. Palaiologos, P. Kotzanikolaou, M. Burmester and D. Glynos
Publisher: under review, 2022
Link:
Abstract:
Although there are several solutions in the literature for fine-grained access control, few practical implementations exist in the shared multi-owner setting. We present HMBAC, a distributed fined-grained access control model for shared multi-domain and multi-authority setting, along with \textit{Janus}, a practical system for HMBAC policy enforcement. Janus relies on the effective fusion of two core components. First,a \textit{Hierarchical Multi-Blockchain} that supports: (a) dynamic trust management between different authorities; (b) flexible access control policy enforcement, defined at domain and cross-domain level; (c) a global source of truth for all entities, provided by an immutable, forensics-by-design auditing mechanism. Second, a \textit{Multi-Authority Attribute Based Encryption} protocol that supports: (a) flexible shared multi-owner encryption, where attribute keys by different authorities are combined to decrypt data distributedly stored in different authorities; and (b) a single access point that cannot be bypassed by users or authorities.Our approach was implemented using the Hyperledger Fabric as underlying blockchain, and its effectiveness and efficiency were experimentally validated.
Authors: F. Casino, K. R. Choo and C. Patsakis
Publisher: IEEE Transactions on Information Forensics and Security, vol. 14, no. 11, pp. 2916-2926, Nov. 2019.
Link: http://10.1109/TIFS.2019.2911156
Abstract:
As the size and source of network traffic increase, so does the challenge of monitoring and analyzing network traffic. Therefore, sampling algorithms are often used to alleviate these scalability issues. However, the use of high entropy data streams, through the use of either encryption or compression, further compounds the challenge as current state-of-the-art algorithms cannot accurately and efficiently differentiate between encrypted and compressed packets. In this paper, we propose a novel traffic classification method named High Entropy DistinGuishEr (HEDGE) to distinguish between compressed and encrypted traffic. HEDGE is based on the evaluation of the randomness of the data streams and can be applied to individual packets without the need to have access to the entire stream. The findings from the evaluation show that our approach outperforms current state of the art. We also make available our statistically sound dataset, based on known benchmarks, to the wider research community.
Authors: Tsipouras, M.G
Publisher: EURASIP J. Adv. Signal Process. 2019, 10 (2019)
Link: https://doi.org/10.1186/s13634-019-0606-8
Abstract:
This work includes the first systematic assessment of the impact of the frequency sub-bands to the epileptic EEG classification accuracy, and the obtained results revealed several frequency sub-band combinations that achieve high classification accuracy and have never been reported in the literature before. In order to assess the impact of the alternative definitions of the frequency sub-bands that are analysed, a number of spectral thresholds are defined and the respective frequency sub-band combinations are generated. For each of these frequency sub-band combination, the EEG signal is analysed and a vector of spectral characteristics is defined. Based on this feature vector, a classification schema is used to measure the appropriateness of the specific frequency sub-band combination, in terms of epileptic EEG classification accuracy. The obtained results indicate that additional frequency band analysis is beneficial towards epilepsy detection.
Authors: G. Chatzisophroniou and P. Kotzanikolaou
Publisher: Proc. οf the 9th International Workshop on Socio-Technical Aspects in SecuriTy (ESORICS 2019 Workshops), Luxembourg, September 2019.
Link: http://10.1109/TIFS.2019.2911156
Abstract:
Association attacks in IEEE 802.11 aim to manipulate wireless clients into associating with a malicious access point, usually by exploiting usability features that are implemented on the network managers of modern operating systems. In this paper we review known association attacks in IEEE 802.11 and we provide a taxonomy to classify them according to the network manager features that each attack exploits. In addition, we analyze the current applicability status of association attacks, by implementing them using the well-known Wifiphisher tool and we review the security posture of modern network managers against known association attacks and their variations. Our results show that association attacks still pose an active threat. In particular, we analyze various strategies that may be implemented by an adversary in order to increase the success rate of association attacks, and we show that even though network managers have hampered the effectiveness of some known attacks (e.g. KARMA), other techniques (e.g. Known Beacons) are still an active threat.
Authors: G. Chatzisofroniou and P. Kotzanikolaou
Publisher: Journal of Computer Security, 2022
Link: https://doi.org/10.1186/s13634-019-0606-8
Abstract:
Association attacks aim to manipulate WiFi clients into associating with a malicious access point, by exploiting protocol vulnerabilities and usability features implemented on the network managers of modern operating systems. In this paper we classify association attacks based on the network manager features that each attack exploits. To validate their current validity status, we implement and test all known association attacks against the network managers of popular operating systems, by using our Wifiphisher tool. We analyze various strategies that may be implemented by an adversary in order to increase the success rate of association attacks. Furthermore, we examine the behavior of association attacks against upcoming security protocols and certifications for IEEE 802.11, such as WPA3, Wi-Fi Enhanced Open and Easy Connect. Our results show that even though the network managers have hampered the effectiveness of some known attacks (e.g. KARMA), other techniques (e.g. Known Beacons) are still active threats. More importantly, our results show that even the newer security protocols leave room for association attacks. Finally, we describe novel detection and prevention techniques for association attacks, as well as security controls based on user awareness.
English 
Greek