PUBLICATIONS [Papers Books and Book Chapters]


 

Conferences and Journals

Tassos Dimitriou and Russell Impagliazzo: "Towards an Analysis of Local Optimization Algorithms". International Symposium in Theory of Computing (STOC), Philadelphia, USA, May 1996.

Combinatorial algorithms usually combine a greedy approach, which attempts to find better solutions by making small changes, with randomization to prevent the algorithm from getting into a "mental fix".

These algorithms have been widely used and tested. Intuitively the combination of randomness and local optimization would seem to give them some advantage over either alone. However, their efficiency and effectiveness have never been analyzed in a satisfactory manner. In particular, very little is known about the types of problems for which they perform well, the expected trade-off between optimality of the solution found and time spent searching, or how to set the various parameters optimally.

In this work a new algorithm (Go with the Winners) and combinatorial property is introduced so that every problem having this property can be solved efficiently using our algorithm. Thus, this work attempts for the first time to formalize the notion of successful local search in terms of the structural properties of the problem's solutions.

Tassos Dimitriou and Russell Impagliazzo: "Go with the Winners for Graph Bisection". International Symposium on Discrete Algorithms (SODA), San Francisco, Jan. 1998.

In this work we apply Go with the Winners to the graph bisection problem, a problem of great significance in VLSI design. We show that Go with the Winners approximates the best solution in random graphs of certain densities with planted bisections in polynomial time. We also develop a set of probabilistic tools that may be useful in the analysis of similar problems.

In particular, our results easily extend to hypergraph bisection, whereas it is not clear whether the other known techniques do.

As a result we obtain a randomized algorithm that solves the broadest range of instances for this problem.

Tassos Dimitriou. "Characterizing the Search Space of Cliques in Random Graphs using Go with the Winners". International Symposium on AI and Math, (AIM) 2002.

This work demonstrates the fact that it is possible to experimentally show connections between the combinatorial characteristics of the search space and heuristic performance.

In this work we make a first attempt to explain the hardness of the CLIQUE problem by revealing the combinatorial characteristics of the space of all possible cliques for graphs generated according to the above distribution. In particular, we consider how the search space decomposes into smaller regions of related solutions by imposing a quality threshold to them. If these regions possess a combinatorial property, the so called "local expansion", then these regions can be effectively sampled by using enough particles and thus discover the optimal solution.

Most importantly however, sampling can be used to deduce properties of the search space. These properties can then help optimize heuristic performance and design heuristics that take advantage of this information. Thus the goal of this work is not to compare clique-finding heuristics but to exhibit a way to reveal the combinatorial characteristics of the search space, verify this information experimentally and use it to design good heuristics.

Tassos Dimitriou. "A Wealth of SAT Distributions with Planted Assignments". 9th International Conference on Principles and Practice of Constraint Programming (CP 2003).

While it is known how to generate satisfiable instances by reducing certain computational problems to SAT, it is not known how a similar generator can be developed directly for k-SAT.

In this work we improve upon previous results in many ways. First, we give a generator for instances of MAX k-SAT, the version of k-SAT where one wants to maximize the number of satisfied clauses. Second, we provide a useful characterization of the optimal solution. In our model not only we know how the optimal solution looks like but we also prove it is unique. Finally, we show that our generator has certain useful computational properties among which is the ability to control the hardness of the generated instances, the appearance of an easy-hard-easy pattern in the search complexity for good assignments and a new type of phase transition which is related to the uniqueness of the optimal solution.

Tassos Dimitriou. "SAT Distributions with Phase Transitions between Decision and Optimization Problems". IEEE Symposium on Logic in Computer Science (LICS 2003). Workshop on Typical Case Complexity and Phase Transitions.

We present a generator for SAT instances that produces formulas whose hardness can be finely tuned by two parameters p and delta that control the weights of the clauses. Under the right choice of these parameters an easy-hard-easy pattern in the search complexity emerges which is similar to the patterns observed for traditional SAT distributions.

What is remarkable, however, is that the generated distributions seem to lie in the middle ground between decision and optimization problems. Increasing the value of p from 0 to 1 has the effect of changing the shape of the computational cost from an easy-hard-easy pattern typical of decision problems to an easy-hard pattern which is typical of optimization problems. Thus our distributions seem to bridge the gap between decision and optimization versions of SAT.

Tassos Dimitriou. "SAT Distributions with Planted Assignments and Phase Transitions between Decision and Optimization". Journal of Discrete Applied Mathematics – Special issue: Typical case complexity and phase transitions. Volume 153 Issue 1, 1 December 2005, Pages 58 – 72. Elsevier Science

A Journal version of the previous two papers.

Yiannis Chatzigiannakis, Tassos Dimitriou, Sotiris Nikoletseas, Marios Mavronicolas and Paul Spirakis. "A Comparative Study of Protocols for Efficient Data Propagation in Smart Dust Networks". 9th International Conference on Parallel and Distributed Computing (EuroPar 2003). Distinguished paper.

Smart Dust is comprised of a vast number of ultra-small fully autonomous computing and communication devices, with very restricted energy and computing capabilities that co-operate to accomplish a large sensing task. Smart Dust can be very useful in practice i.e. in the local detection of a remote crucial event and the propagation of data reporting its realization to a control center.

In this work, we have implemented and experimentally evaluated four protocols (PFR, LTP and two variations of LTP which we here introduce) for local detection and propagation in smart dust networks, under new, more general and realistic modeling assumptions. We comparatively study, by using extensive experiments, their behavior highlighting their relative advantages and disadvantages. All protocols are very successful. In the setting we considered here, PFR seems to be faster while the LTP based protocols are more energy efficient.

Yiannis Chatzigiannakis, Tassos Dimitriou, Sotiris Nikoletseas, Marios Mavronicolas and Paul Spirakis. "A Comparative Study of Protocols for Efficient Data Propagation in Smart Dust Networks". Parallel Processing Letters, 2004.

A Journal version of the previous paper.

Yiannis Chatzigiannakis, Tassos Dimitriou, Sotiris Nikoletseas, Paul Spirakis. "A Probabilistic Forwarding Protocol for Efficient Information Propagation in Sensor Networks". 5th European Wireless Conference, Barcelona, 2004.

We study the problem of data propagation in sensor networks, comprised of a large number of very small and low-cost nodes, capable of sensing, communicating and computing. The distributed co-operation of such nodes may lead to the accomplishment of large sensing tasks, having useful applications in practice. We present a new protocol for data propagation towards a control center that avoids flooding by probabilistically favoring certain data transmissions.

This protocol is very simple, uses only local information and operates under total absence of co-ordination between sensors. As shown by a geometry analysis, the protocol always propagates data to the sink, under ideal network conditions (no failures). Using stochastic processes, we show that the protocol is very energy efficient and present large-scale experimental findings validating the analytical results.

Tassos Dimitriou, Sotiris Nikoletseas, Paul Spirakis. "The Infection Propagation time of Graphs". 3rd International Conference on Adhoc Networks, July 2004, Canada.

Consider k particles, 1 red and k-1 white, chasing each other on the nodes of a graph G. If the red one catches one of the white, it infects it with its color. The newly red particles are now available to infect more white ones. When is it the case that all white will become red? It turns out that this simple question is an instance of information propagation between random walks and has important applications to mobile computing where a set of mobile hosts acts as an intermediary for the spread of information.

In this paper we model this problem by k concurrent random walks and we develop a set of probabilistic tools that we use to obtain upper bounds on the expected value on the time to infect all the white particles with the red color. We demonstrate that our bounds are tight for special cases (lollipop graphs) but when G is a clique or has nice expansion properties, we prove much smaller bounds for the infection time. We have also evaluated and validated all our results by large scale experiments which we also present and discuss. In particular, the experiments demonstrate that our analytical results for these expander graphs are tight.

Tassos Dimitriou; Sotiris Nikoletseas; Paul Spirakis, "The infection propagation time of graphs", Journal of Discrete Applied Mathematics, 2005.

A journal version of the previous paper.

Tassos Dimitriou. "How to tell a Good neighborhood from a Bad one". 3rd International Workshop on Experimental Algorithms, WEA, May 2004.

Optimization algorithms try to locate optimal solutions in a search graph, whose nodes represent all feasible solutions for the given problem. Two nodes in the search graph are neighboring if one solution results from the other by making a small local change. Such a search graph, however, should not be confused with the input graph, which is usually exponentially smaller than the former. The search graph is implicitly defined by the problem at hand and doesn't have to be computed explicitly.

It is well known that the definition of the search graph (or the neighborhood of solutions) plays an important role on the success of the underlying algorithm. In this work we study different neighborhoods for testing satisfiability of Boolean formulas and we give evidence that it is possible to determine in advance the effect a neighborhood has on the quality of the solutions found. We also show how the choice of the right neighborhood gives rise to simple optimization algorithms that work very well in practice.

Tassos Dimitriou, I. Krontiris and F. Nikakis. "SPEED: Scalable Protocols for Efficient Event Delivery in Sensor Networks". Networking 2004, Athens, Greece.

One of the most eminent problems in sensor networks is the routing of data to a central destination in a robust and efficient manner. In this work we propose a new scalable protocol for propagating information about a sensed event towards a receiving center. Using only local information and total absence of coordination between sensors our protocol achieves to propagate the sensed data to a receiving center by activating only those nodes that lie very close to the optimal path between the source of the event and the destination, resulting in low activation of the network's sensors. Thus the protocol is very energy efficient. Furthermore, our protocol is robust as it manages to propagate the information even when sensors fail with certain probability.

S. Vassilaras, D. Vogiatzis, T. Dimitriou, G. Yovanof, "Security Considerations for the Centralized Ad-Hoc Network Architecture", International Workshop on Wireless Ad Hoc Networks (IWWAN) 2004, Finland

The Centralized Ad-hoc Network Architecture is an enhancement to the HIPERLAN/2 standard that uses additional bandwidth at 60 GHz to improve performance. From the network security point of view the new architecture introduces several additional issues that have to be addressed in order to achieve node authentication, data integrity, confidentiality and immunity to Data Link layer protocol attacks. In this paper, we identify these issues and propose ways of resolving them building on the existing security mechanisms of the HIPERLAN/2 standard.

Tassos Dimitriou, D. Foteinakis. "A new Zero-Knowledge proof for selecting from a family of sets with application to electronic voting". In TED Conference on e-Government Electronic democracy: The challenge ahead, March 2005, Italy

We present a methodology for proving in Zero Knowledge the validity of selecting a subset of a set belonging to predefined family of sets. We apply this methodology in conjunction with electronic voting to provide extended ballot options.

Our proposed voting scheme supports multiple parties and the selection of a number of candidates from one and only one of these parties. We have implemented this system and provide measures of its computational and communication complexity. We prove that the complexity is linear with respect to the total number of candidates and the number of parties participating in the election.

Tassos Dimitriou, I. Krontiris and F. Nikakis. "Fast and Scalable Key Establishment in Sensor Networks". IEEE Monograph on Sensor Network perations, 2004.

We present a protocol for key establishment in sensor networks. Unlike random key pre-distribution schemes our protocol does not rely on probabilistic key sharing among sensors. During a quick bootstrapping phase, nodes use their pre-deployed key material to form groups or clusters of small size that share a common key. Inter-cluster communication is then achieved by nodes sharing cluster keys. Our scheme is \emph{scalable} and provides \emph{resiliency} against node capture and replication. This is due to the fact that keys are localized; keys that appear in some part of the network are not used again. So, even if a node is compromised and its keys exposed, an adversary can have access only to a very small portion of the network centered around the compromised node. What is more important however, is that our protocol is optimized for \emph{message broadcast}; when a node has to broadcast a message it doesn't have to encrypt it each time with a key targeted for a specific neighbor. This saves energy and makes re-transmissions unnecessary. Furthermore, our scheme is suited for \emph{data fusion} and aggregation processing; if necessary, nodes can "peak" at encrypted data using their cluster key and decide upon forwarding or discarding redundant information.

Antonis Kalis and Tassos Dimitriou, "Applying Smart Antennas in Sensor Networks for Efficient Routing of Information". In AlgoSensors 2004.

In this work we present a routing algorithm for sensor networks that utilizes smart antennas to propagate information about a sensed event towards a receiving centre. The novelty of our approach lies in the fact that our protocol uses only local information and total absence of coordination between sensors. We provide detailed experimental analysis that demonstrates the feasibility of our approach, the necessity of using smart antennas in sensor networks and the advantages that are presented to communication links due to their use. Our protocol is suited for those cases where unexpected changes to the environment (i.e. a fire, a person entering a restricted area, etc.) must be propagated quickly back to the base station without the use of complicated protocols that may deplete the network from its resources. Our protocol is very easy to implement as nodes do not have to decide whether or not to forward the message; the protocol ensures packet delivery and low energy consumption solely by the use of smart antennas on sensor nodes.

Antonis Kalis and Tassos Dimitriou, "Fast routing in wireless sensor networks using directional transmissions", in International Journal Mobile Network Design and Innovation, 2005.

A journal version of the previous paper.

Tassos Dimitriou, D. Foteinakis. "Secure In-Network Processing in Sensor Networks". IEEE BASENETS, San Francisco, 2004.

In this work we present new security mechanisms that can be used to provide secure in-network processing n wireless sensor networks. In particular, this means that we design the security mechanisms with both aggregation and dissemination in mind. Secure aggregation implies that data is forwarded from the sensors in a secure and authenticated way. Thus an adversary cannot issue false data into the network unless of course a particular sensor node has been compromised. Secure dissemination requires that lower level nodes are able to authenticate commands issued by their parents in the hierarchy. For both directions, protection is also provided against eavesdropping and tampering of data.

Our protocol is simple and scalable and most importantly offers resiliency against node capture and replication as compromised nodes cannot be used to populate and eventually take over the network. Furthermore, it requires minimal key material (just three keys) for the majority of the sensors.

Tassos Dimitriou, I. Krontiris and F. Nikakis. "A Localized, Distributed Protocol for Secure Information Exchange in Sensor Networks". 5th IEEE International Workshop on. Algorithms for Wireless, Mobile, Ad Hoc and Sensor Networks, WMAN 05.

IWe consider the problem of securing communication between sensor nodes in large-scale sensor networks. We propose a distributed, deterministic key management protocol designed to satisfy authentication and confidentiality, without the need of a key distribution center. Our scheme is scalable and it is resilient against node capture and replication. Furthermore, it is suited for data fusion and aggregation processing. Finally, we describe a mechanism for evicting compromised nodes as well as adding new ones. A security analysis is discussed and simulation experiments are presented.

Tassos Dimitriou. "Efficient Mechanisms for Secure Inter-node and Aggregation Processing in Sensor Networks". 4th International Conference on AD-HOC Networks & Wireless (ADHOC NOW), 2005.

In this work we present a protocol for key establishment in wireless sensor networks. Our protocol is designed so that it supports security of data with various sensitivity levels. In particular, the protocol allows the establishment of a key that can be used for communication with the base station, pairwise keys that can be used to communicate with immediate neighbors and keys that allow for secure in-network processing. This last form of operation includes both secure aggregation and dissemination processing and is beneficial to sensor networks as it saves energy and increases network lifetime. Our proposed protocol is simple and scalable and exhibits resiliency against node capture and replication as keys are localized. Finally, our protocol allows incremental addition of new nodes and revocation of compromised ones, while at the same time offers efficiency in terms of computation, communication and storage requirements.

Tassos Dimitriou. "A Lightweight RFID protocol to protect against Traceability and Cloning attacks", IEEE International Conference on Security and Privacy for Emerging Areas in Communication Networks, SECURECOMM 2005.

RFID identification is a new technology that will become ubiquitous as RFID tags will be applied to every-day items in order to yield great productivity gains or "smart" applications for users. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy.

In this work we present an RFID authentication protocol that enforces user privacy and protects against tag cloning. We designed our protocol with both tag-to-reader and reader-to-tag authentication in mind; unless both types of authentication are applied, any protocol can be shown to be prone to either cloning or privacy attacks. Our scheme is based on the use of a secret shared between tag and database that is refreshed to avoid tag tracing. However, this is done in such a way so that efficiency of identification is not sacrificed. Additionally, our protocol is very simple and it can be implemented easily with the use of standard cryptographic hash functions.

In analyzing our protocol, we identify several attacks that can be applied to RFID protocols and we demonstrate the security of our scheme. Furthermore, we show how \emph{forward privacy} is guaranteed; messages seen today will still be valid in the future, even after the tag has been compromised.

Tassos Dimitriou, I. Krontiris, "Autonomic Communication Security in Sensor Networks," 2nd International Workshop on Autonomic Communication, WAC 2005.

The fact that sensor networks are deployed in wide dynamically changing environment and usually left unattended, calls for nomadic, diverse and autonomic behavior. The nature of security threats in such networks as well as the nature of the network itself raise additional security challenges, so new mechanisms and architectures must be designed to protect them. In an autonomic communication context these mechanisms must be based on self-healing, self-configuration and self-optimization in order to enforce high-level security policies. In this work we discuss the research challenges posed by sensor network security as they apply to the autonomic communication setting.

I. Chatzigiannakis, T. Dimitriou, S. Nikoletseas and P. Spirakis, "A Probabilistic Algorithm for Efficient and Robust Data Propagation in Wireless Sensor Networks", in Ad-Hoc Networks Journal, Elsevier, 2005.

We study the problem of data propagation in sensor networks, comprised of a large number of very small and low-cost nodes, capable of sensing, communicating and computing. The distributed co-operation of such nodes may lead to the accomplishment of large sensing tasks, having useful applications in practice. We present a new protocol for data propagation towards a control center (sink) that avoids flooding by probabilistically favoring certain (close to optimal) data transmissions. Motivated by certain applications (see [1, 15]) and also as a starting point for a rigorous analysis, we study here lattice-shaped sensor networks. We however show that this lattice shape emerges even in randomly deployed sensor networks of sufficient sensor density. Our work is inspired and builds upon the directed diffusion paradigm of [15].

This protocol is very simple to implement in sensor devices, uses only local information and operates under total absence of co-ordination between sensors. We consider a network model of randomly deployed sensors of sufficient density. As shown by a geometry analysis, the protocol is correct, since it always propagates data to the sink, under ideal network conditions (no failures). Using stochastic processes, we show that the protocol is very energy efficient. Also, when part of the network is inoperative, the protocol manages to propagate data very close to the sink, thus in this sense it is robust. We finally present and discuss large-scale simulation findings validating the analytical results.

Tassos Dimitriou and Ioannis Krontiris."GRAViTy: Geographic Routing Around Voids in Sensor Networks", International Journal of Pervasive Computing and Communications, 2006.

Nodes in sensor networks do not have enough topology information to make efficient routing decisions. To relay messages through intermediate sensors, geographic routing has been proposed as such a solution. Its greedy nature, however, makes routing inefficient especially in the presence of topology voids or holes. In this paper we present GRAViTy (Geographic Routing Around Voids In any TopologY of sensor networks), a simple greedy forwarding algorithm that combines compass routing along with a mechanism that allows packets to explore the area around voids and bypass them without significant communication overhead. Using extended simulation results we show that our mechanism outperforms the right-hand rule for bypassing voids and that the resulting paths found well approximate the corresponding shortest paths. GRAViTy uses a cross-layered approach to improve routing paths for subsequent packets based on experience gained by former routing decisions. Furthermore, our protocol responds to topology changes, i.e. failure of nodes, and efficiently adjusts routing paths towards the destination.

Tassos Dimitriou, "A Secure and Efficient RFID Protocol that could make Big Brother (partially) Obsolete", in 4th Annual IEEE International Conference on Pervasive Computer and Communications (PerCom), 2006.

Identification by RFID technology has many benefits for users and companies such as better supply chain and inventory management, improved logistics, better product information and control that may eventually lead to improved customer service. However, consumer reaction clearly shows an increasing concern about the use of this technology in violating user privacy and tracking of individuals by the tags they carry.

In this work we propose a solution to the RFID privacy problem that has the potential to guarantee user privacy without requiring changes to existing infrastructure or reducing business value from the use of RFID technology. We give emphasis to the development of a lightweight protocol that does not incur costly overheads with respect to computation, storage as well as time and effort needed for deployment configuration. For RFID technology to be widely used, security should ship as a “default" and require no significant effort to configure. We demonstrate the security and efficiency properties of our protocol and we offer some interesting time/space tradeoffs that may lead to further improvements.

I. Krontiris and Tassos Dimitriou, "Authenticated In-Network Programming for Wireless Sensor Networks", 5th International Conference on Adhoc Networks and Wireless, 2006

Current in-network programming protocols for sensor networks allow an attacker to gain control of the network or disrupt its proper functionality by disseminating malicious code and reprogramming the nodes. We provide a protocol that yields source authentication in the group setting like a public-key signature scheme, only with signature and verification times much closer to those of a MAC. We show how this can be applied to an existing in-network programming scheme, namely Deluge, to authenticate code update broadcasts. Our implementation shows that our scheme imposes only a minimal computation and communication overhead to the existing cost of network programming and uses memory resources efficiently, making it practical for use in sensor networks.

I. Krontiris and Tassos Dimitriou, "A Practical Authentication Scheme for Wireless Sensor Networks," ACM Workshop on Real-World Wireless Sensor Networks, 2006

A companion paper to the above describing our own version of securing Deluge.

M. Salajegheh, H. Soroush, A. Thomos, I. Krontiris and T. Dimitriou, ".Sense A Secure ramework for Sensor Network Data Acquisition, Monitoring and Command", Poster paper appearing in ACM Workshop on Real-World Wireless Sensor Networks, 2006

We present .Sense, an end-to-end security framework for sensor network data acquisition, monitoring and command. In order to provide security service inside the sensor network two security protocols are implemented. The first is a key establishment algorithm in which sensor nodes agree on common keys to use for securing communications among them. The second is a scheme in which the base station can issue commands in authenticated manner to the network. We are also using typical security schemes such as SSL to connect the end-users to the system. A user friendly graphical interface has also been implemented to ease the data analysis process for a non sophisticated end-user.

Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou, "Providing Transparent Security Services to Sensor Networks", In IEEE International Conference on Communications (ICC 2007), June 2007, Scotland.

In this paper we introduce a link layer security platform for wireless sensor networks. At the heart of this platform, lies our key management module facilitating an efficient scalable post-distribution key establishment that allows the platform to provide different security services. We have developed this framework under TinyOs and have tested it with MICA2 motes. To the best of our knowledge this is the first implemented security platform for sensor networks that provides acceptable resistance against node capture attacks and replay attacks. The provision of security services is completely transparent to the user of the framework. Furthermore, being highly scalable and lightweight, this platform is appropriate to be used in a wireless sensor network of hundreds of nodes.

Tassos Dimitriou, Ghassan Karame and Ioannis Christou, "SuperTrust – A Secure and Efficient Framework for Handling Trust in Super Peer Networks", 26th Annual ACM Symposium on Principles of Distributed Computing (PODC 2007).

Short paper. For the full version see below…

Tassos Dimitriou, Ghassan Karame and Ioannis Christou, "SuperTrust – A Secure and Efficient Framework for Handling Trust in Super Peer Networks", 9th International Conference on Distributed Computing and Networking (ICDCN 2008).

In this paper, we describe SuperTrust (Super Peer Trust Handling), a secure framework designed to handle trust relationships in Super peer networks. What distinguishes SuperTrust from other contributions is that trust reports remain encrypted and are never opened during the submission or aggregation processes, thus guaranteeing privacy and anonymity of transactions. As reputations of peers influence their future interactions, we argue that such systems must have properties like fairness and soundness, persistence, eligibility and unreusability of reports, perhaps similar to the properties of current electronic voting systems.

SuperTrust is a decentralized protocol, based on K-redundant Super peer networks, that guarantees the aforementioned properties and is in some sense complementary to the models proposed for building trust among peers. Additionally the framework is very efficient and minimizes the effects of collusion of malicious Super peers/aggregators. We have tested the framework on a large subset of peers and demonstrated via simulations its superior performance with respect to network stress and response time, when compared to the other proposed protocols.

Krontiris Ioannis, Tassos Dimitriou and Felix C. Freiling, "Towards Intrusion Detection in Wireless Sensor Networks", in 13th European Wireless Conference, Paris, France 2007.

In this work we study the problem of Intrusion Detection is sensor networks and we propose a lightweight scheme that can be applied to such networks. Its basic characteristic is that nodes monitor their neighborhood and collaborate with their nearest neighbors to bring the network back to its normal operational condition. We emphasize in a distributed approach in which, even though nodes don't have a global view, they can still detect an intrusion and produce an alert. We apply our design principles for the blackhole and selective forwarding attacks by defining appropriate rules that characterize malicious behavior. We also experimentally evaluate our scheme to demonstrate its effectiveness in detecting the afore-mentioned attacks.

Tassos Dimitriou, "Secure Hierarchical Communications in Distributed Sensor Networks", in 16th IST Mobile & Wireless Communications Summit, Hungary, 2007.

Hierarchical processing in sensor networks offers a number of operational advantages that cannot be met by flat networks of sensors. Using hierarchical architectures and in-network processing of information, the communication overhead is minimized by combining data coming from different sources, thus eliminating redundancy, minimizing the number of transmissions and eventually saving valuable network energy.

In this work we focus on securing this aggregation process for all levels of the network hierarchy. Additionally, we explain how commands can be disseminated securely using the pre-established keys. Our protocol is simple and scalable, offering efficiency in terms of computation, communication and storage overhead. Most importantly, however, it is suited for dynamic networks where configuration actions may change the way the network operates, allowing for cluster reorganization and adaptive formation of new clusters.

Tassos Dimitriou, John Kolokouris and Nikos Zarokostas,  "SenseNeT: A Wireless Sensor Network Testbed", in The 10-th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), October 2007.

Wireless sensor networks have emerged as an exciting new area of research in computer science. Continuously shrinking battery powered nodes are equipped with processing, sensing and RF capabilities. However, deploying a network into a realistic environment requires iteratively reprogramming dozens of nodes, locating them throughout an area large enough to produce an interesting radio topology, and instrumenting them to extract debugging and performance data.

A number of testbed approaches have been proposed by universities and industry to ease the burden imposed by this deployment exercise. These testbeds vary in the number and type of motes employed and the manner they are connected to the central computer  system. For example a separate wired back-channel is usually used for reprogramming, network management and data logging issues. However, this introduces increased cost due to additional hardware equipment required and exhibits low scalability. In this work, we present an efficient and low cost sensor network testbed that exploits only the wireless channel to transfer data and offers an additional number of benefits to users and  administrators like ease of deployment, ease of use, no need of a wired infrastructure, coping with multiple users at the same time and most importantly scalability.

Ghassan Karame, Ioannis T. Christou and Tassos Dimitriou, "A Secure Hybrid Reputation Management System for Super-Peer Networks",  in 5th IEEE Consumer Communications & Networking Conference, Las Vegas, USA, January 2008.

In this paper, we propose a novel hybrid system for handling reputation in Super-Peer-based networks by combining the personal history of each user's interactions with other users, the opinions of peer-friends together with global ratings of peers as they emerge from all of their interactions with other users of the network. We introduce the notion of peer friends in a P2P network and use it to prevent malicious collectives from reducing the reputation of a peer in the network. We also present a secure distributed framework that ensures that trust reports remain encrypted and are never opened during the submission or aggregation process. Computational results from our distributed prototype simulation show that our solution compares favorably with all other proposed methods for handling reputation when subject to various malicious strategies.

Tassos Dimitriou, Proxy  Framework for Enhanced RFID Security and Privacy", in 5th IEEE Consumer Communications & Networking Conference, Las Vegas, USA, January 2008.

Radio Frequency IDentification (RFID) is a method of remotely storing and retrieving data using small and inexpensive devices called RFID tags. However, the widespread use of RF Identification also introduces serious security and privacy risks since information about tags can easily be retrieved by hidden readers, thus leading to violation of user privacy and tracking of individuals by the tags they carry.

In this work we propose a proxy agent framework that uses a personal device for privacy enforcement and increased protection against eavesdropping, impersonation and cloning attacks. Using the proxy a user decides when and where information will be released. In particular, the user can put tags under her control, authenticate requests, release tags, transfer them to new owners, and so on. This is the first framework that unifies previous attempts and presents detailed protocols for all the operations required in such a proxy environment.

Ioannis Krontiris, Thanassis Giannetsos, Tassos Dimitriou. "Launching a Sinkhole Attack in Wireless Sensor Networks; the Intruder Side", in the 1st International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, WiMob 2008.

One of the reasons that the research of intrusion detection in wireless sensor networks has not advanced significantly is that the concept of "intrusion" is not clear in these networks. In this paper we investigate in depth one of the most severe attacks against sensor networks, namely the sinkhole attack, and we emphasize on strategies that an attacker can follow to successfully launch such an attack. Then we propose specific detection rules that can make legitimate nodes become aware of the threat, while the attack is still taking place. Finally, we demonstrate the attack and present some implementation details that emphasize the little effort that an attacker would need to put in order to break into a realistic sensor network.

Tassos Dimitriou and Ioannis Krontiris. "Security Issues in Biomedical Wireless Sensor Networks", in the 1st International Symposium on Applied Sciences in Biomedical and Communication Technologies, Aalborg Denmark, Oct. 2008. Invited paper.

Within the hospital or extended care environment, there is an overwhelming need for constant monitoring of vital body functions and support for patient mobility. Tomorrow's biomedical networks will address these needs by incorporating new technologies like wireless sensor networks into their infrastructure. However, wireless transmission of sensitive patient data presents some obvious security concerns. In this paper we discuss these concerns and how they are addressed by existing systems. We also discuss issues that need further consideration, such as run-time composition of security services depending on the criticality of data transmitted along with a solution for practical sensor systems using TinyOS. Finally, we propose intrusion detection as a future research direction for biomedical sensor networks and we elaborate on the main components of such a system.

Ioannis Krontiris, Thanassis Giannetsos, Tassos Dimitriou. "LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks," in 4th International Conference on Security and Privacy for Communication Networks, SECURECOMM 2008.

Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance.

In this paper, we present a lightweight intrusion detection system, called LIDeA (Lightweight Intrusion DEtection Architecture), designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. We show how such a system can be implemented in TinyOS, which components and interfaces are needed, and what is the resulting overhead imposed.

Tassos Dimitriou, "RFID-DOT: RFID Delegation and Ownership Transfer made simple", in 4th International Conference on Security and Privacy for Communication Networks, SECURECOMM 2008.

In this work we introduce RFID-DOT, a protocol for secure access, Delegation and Ownership Transfer of tags along with a model for formally defining privacy in such an environment. As current RFID tags emit constant identifiers that may help in identifying user habits and tracking of people, RFID-DOT allows a user to securely own tagged products. Once a person becomes the owner of such an item, no one can have access to the tag nor find any information about it. Thus user privacy is guaranteed. Additionally, the protocol is secure against such attacks as tag cloning, tag/reader spoofing, eavesdropping, desynchronization and so on.

Furthermore, since we don't expect a tagged item to stay with same owner forever, we provide the means to achieve ownership transfer and release without compromising the privacy of future or past owners. And in the unlikely case where user privacy is compromised, it can be restored in a simple and intuitive manner. Thus RFID-DOT achieves a very strong notion of security that is necessary in RFID ownership transfer: forward and backward privacy.

Sakis Giannetsos, Tassos Dimitriou, Neeli Prassad. "State of the Art on Defenses against Wormhole Attacks in Wireless Sensor Networks", Wireless VITAE, Denmark.

As pervasive interconnection of autonomous sensor devices gave birth to a broad class of exciting new applications, security emerges as a central requirement. Wireless sensor networks are vulnerable to attacks as they are frequently deployed in open and unattended environments. In this paper, we describe the wormhole attack, a severe routing attack against sensor networks that is particularly challenging to defend against. We detail its characteristics and study its effects on the successful operation of a sensor network. We present state-of-the-art research for addressing wormhole related problems in wireless sensor networks and discuss the relative strengths and shortcomings of the proposed solutions. To date, most of the proposed defenses focus on preventive mechanisms that can be applied to protect sensor networks from this kind of attacks. However, no work has been published regarding the possibility of using more sophisticated methods, like intrusion detection systems, to achieve a more complete and autonomic defense mechanism against wormhole attackers. We present our work on intrusion detection and describe how LIDeA, a lightweight IDS framework, can be used for defending against wormhole attackers.

Ioannis Krontiris, Thanassis Giannetsos, Felix Freiling, Tassos Dimitriou. "Cooperative Intrusion Detection in Wireless Sensor Networks", in 6th European Conference on Wireless Sensor Networks, February 11th-13th, Cork, Ireland.

We consider the problem of cooperative intrusion detection in wireless sensor networks where the nodes are equipped with local detector modules and have to identify the intruder in a distributed fashion. The detector modules issue suspicions about an intrusion in the sensor's neighborhood. We formally define the problem of intrusion detection and identify necessary and sufficient conditions for its solvability. Based on these conditions we develop a generic algorithm for intrusion detection and present simulations and experiments which show the effectiveness of our approach.

Thanassis Tiropanis, Tassos Dimitriou. "Use of ID-based Cryptography for the Efficient Verification of the Integrity and Authenticity of Web Resources", in 5th International ICST Conference on Security and Privacy in Communication Networks, SECURECOMM 2009.

As the amount of information resources on the Web keeps increasing so are the concerns for information integrity, confidentiality and authenticity. In Web 2.0 users are producers as well as consumers of content and metadata, which makes guaranteeing the authenticity and integrity of information critical. The scale of the Web requires that any proposals in this direction require minimal (if any) infrastructural or administrative changes. This paper proposes the use of ID-based cryptography (IBC) to address requirements for integrity and authenticity of Web resources using either the URL/URI of a resource or the DNS name part of it. This approach presents certain challenges, which are discussed along with the pros and cons of different designs and implementations.

Thanassis Giannetsos, Tassos Dimitriou, Ioannis Krontiris and Neeli R. Prasad. Arbitrary Code Injection through Self-propagating Worms in Von Neumann Architecture Devices," In The Computer Journal, Special Issue on Algorithms, Protocols, and Future Applications of Wireless Sensor Networks. Oxford University Press, 2010.

Malicious code (or malware) is defined as software designed to execute attacks on software systems and fulfill the harmful intents of an attacker. As lightweight embedded devices become more ubiquitous and increasingly networked, they present a new and very disturbing target for malware developers. In this paper, we demonstrate how to execute malware on wireless sensor nodes that are based on the von Neumann architecture. We achieve this by exploiting a buffer overflow vulnerability to smash the call stack and intrude a remote node over the radio channel. By breaking the malware into multiple packets, the attacker can inject arbitrarily long malicious code to the node and completely take control of it. Then we proceed to show how the malware can be crafted to become a self-replicating worm that broadcasts itself and propagates over the network hop-by-hop, infecting all the nodes. To our knowledge, this is the first instance of a self-propagating worm that can execute arbitrary code. We also provide a complete implementation of our attack, measure its effectiveness in terms of time taken for the worm to propagate to the entire sensor network and, finally, suggest possible countermeasures.

Thanassis Giannetsos, Tassos Dimitriou and Neeli R. Prasad. Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks", In Black Hat Europe 2010.

The pervasive interconnection of autonomous sensor devices has given birth to a broad class of exciting new applications. At the same time, however, the unattended nature and the limited resources of sensor nodes have created an equal number of vulnerabilities that attackers can exploit in order to gain access in the network and the information transferred within. While much work has been done on trying to defend these networks, little has been done on suggesting sophisticated tools for proving how vulnerable sensor networks are. This work demonstrates a tool that allows both passive monitoring of transactional data in sensor networks, such as message rate, mote frequency, message routing, etc., but also discharge of various attacks against them. To the best of our knowledge, this is the first instance of an attack tool that can be used by an adversary to penetrate the confidentiality and functionality of a sensor network. Results show that our tool can be flexibly applied to different sensor network operating systems and protocol stacks giving an adversary privileges to which she is not entitled to. We hope that our tool will be used proactively, to study the weaknesses of new security protocols, and, hopefully, to enhance the level of security provided by these solutions even further.

Ioannis Krontiris and Tassos Dimitriou. "Scatter – Secure Code AuthenTicaTion for Efficient Reprogramming in Wireless Sensor Networks", In the International Journal of Sensor Networks (IJSNet), Special Issue on Technologies, Architectures and Applications for Green Wireless Sensor Networks, 2010.

Currently proposed solutions to secure code dissemination in wireless sensor networks (WSNs) involve the use of expensive public-key digital signatures. In this work we present Scatter, a secure code dissemination scheme that enables sensor nodes to authenticate the program image efficiently. To achieve this, we use a scheme that offers source authentication in the group setting like a public-key signature scheme, but with signature and verification times much closer to those of a MAC. In this way, Scatter avoids the use of Elliptic Key Cryptography and manages to surpass all previous attempts for secure code dissemination in terms of energy consumption, memory and time efficiency. Besides the design and theoretical analysis of the solution, we also report the experimental evaluation of Scatter in two different hardware platforms, Mica2 and MicaZ, which proves its efficiency in practice.

Thanassis Giannetsos, Tassos Dimitriou, Neeli Prassad. "Detecting Wormholes in Wireless Sensor Networks", Poster in 3rd ACM Conference on Wireless Network Security (WiSec), March 2010.

See paper below.

Tassos Dimitriou and Thanassis Giannetsos. "Wormholes no more? Localized Wormhole Detection and Prevention in Wireless Networks", In the 6th IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS '10), June 21-23, 2010, Santa Barbara, California, USA.

A number of protocols have been proposed to date to defend against wormhole attacks in wireless networks by adopting synchronized clocks, positioning devices, or directional antennas. In this work, we introduce a novel approach for detecting wormhole attacks. The proposed algorithm is completely localized and works by looking for simple evidence that no attack is taking place, using only connectivity information as implied by the underlying communication graph, and total absence of coordination. Unlike many existing techniques, it does not use any specialized hardware, making it extremely useful for real-world scenarios. Most importantly, however, the algorithm can always prevent wormholes, irrespective of the density of the network, while its efficiency is not affected even by frequent connectivity changes. We also provide an analytical evaluation of the algorithm's correctness along with an implementation on real sensor devices that demonstrates its efficiency in terms of memory requirements and processing overhead.

Aram Yegenian and Tassos Dimitriou. Inexpensive Email Addresses: An Email Spam-Combating System" , In the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm '10), September 7-9, 2010, Singapore.

This work proposes an effective method of fighting spam by developing Inexpensive Email Addresses (IEA), a stateless system of Disposable Email Addresses (DEAs). IEA can cryptographically generate exclusive email addresses for each sender, with the ability to re-establish a new email address once the old one is compromised. IEA accomplishes proof-of-work by integrating a challenge-response mechanism to be completed before an email is accepted in the recipient's mail system. The system rejects all incoming emails and instead embeds the challenge inside the rejection notice of Standard Mail Transfer Protocol (SMTP) error messages. The system does not create an out-of-band email for the challenge, thus eliminating email backscatter in comparison to other challenge-response email systems. The system is also effective in identifying spammers by exposing the exact channel, i.e. the unique email address that was compromised, so misuse could be traced back to the compromising party. Usability is of utmost concern in building such a system by making it friendly to the end-user and easy to setup and maintain by the system administrator.

Ioannis Krontiris, Felix Freiling and Tassos Dimitriou. "Location Privacy in Urban Sensing Networks: Research Challenges and Directions", In the IEEE Wireless Communications Magazine, Special Issue on Security and Privacy in Emerging Wireless Networks, October 2010.

During the last few years there has been an increasing number of people-centric sensing projects. These combine location information with sensors available on mobile phones, giving birth to a different dimension in sensing our environment and providing us with new opportunities to create collective intelligence systems to address urban-scale problems, like air pollution, noise, traffic, etc. However, as people are directly involved in the collection process, they often inadvertently reveal information about themselves, raising new and important privacy concerns. While standard privacy enhancing technologies exist, they do not fully cover the many peculiarities of these new pervasive applications. The ubiquitous nature of the communication and the storage of location traces compose a complex set of threats on privacy, which we overview in this article. Then, we go through the latest advances in security and privacy protection strategies and we discuss how they fit with this new paradigm of people-centric sensing applications. We hope this work will better highlight the needs for privacy in urban sensing applications and spawn further research in this area.

Tassos Dimitriou and Ahmad Sabouri. Privacy Preservation Schemes for Querying Wireless Sensor Networks," In the 7th IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS '11), March 21, 2011, Seattle, USA.

In this work we study the problem of query privacy in large scale sensor networks. Motivated by a novel trust model in which clients query networks owned by trusted entities but operated by potentially untrusted adversaries, we consider several proposals for protecting the identities of the queried sensors.

Our schemes do not rely on the use of public key cryptography nor do they make any assumptions on the topology of the network. Inspired by the data-centric communication model and the collaborative nature of sensor networks, our proposals distribute the data in random locations to be later retrieved by random direction queries, using only local computations and total absence of coordination. It is perhaps of interest to note that query privacy is achieved using only lightweight, symmetric cryptographic primitives.

Extensive analytical and experimental results confirm that the proposed protocols can achieve their goals using only minimal communication and storage overhead.

Thanassis Giannetsos, Tassos Dimitriou and Neeli R. Prasad. "People-centric sensing in assistive healthcare: Privacy challenges and directions", In Security and Communication Networks, Wiley. February, 2011.

As the domains of pervasive computing and sensor networking are expanding, there is an ongoing trend towards assistive living and healthcare support environments that can effectively assimilate these technologies according to human needs. Most of the existing research in assistive healthcare follows a more passive approach and has focused on collecting and processing data using a static-topology and an application-aware infrastructure. However, with the technological advances in sensing, computation, storage, and communications, a new era is about to emerge changing the traditional view of sensor-based assistive environments where people are passive data consumers, with one where people carry mobile sensing elements involving large volumes of data related to everyday human activities. This evolution will be driven by people centric sensing and will turn mobile phones into global mobile sensing devices enabling thousands new personal, social, and public sensing applications. In this paper, we discuss our vision for people-centric sensing in assistive healthcare environments and study the security challenges it brings. This highly dynamic and mobile setting presents new challenges for information security, data privacy and ethics, caused by the ubiquitous nature of data traces originating from sensors carried by people. We aim to instigate discussion on these critical issues because people-centric sensing will never succeed without adequate provisions on security and privacy. To that end, we discuss the latest advances in security and privacy protection strategies that hold promise in this new exciting paradigm. We hope this work will better highlight the need for privacy in people-centric sensing applications and spawn further research in this area.

Thanassis Giannetsos and Tassos Dimitriou. "Spy-Sense: Spyware Tool for executing Stealthy Exploits against Sensor Networks", In Black Hat USA2011

The expansion of both pervasive computing and sensor networking enables the design and proliferation of intelligent sensor-based applications. At the same time, sensor network security is a very important research area whose goal is to maintain a high degree of confidentiality, integrity and availability of both information and network resources. However, a common threat that is often overlooked in the design of secure sensor network applications is the existence of spyware programs. As most researchers try to defend against adversaries who plan to physically compromise sensor nodes and disrupt network functionality, the risk of spyware programs and their potential for damage and information leakage is bound to increase in the years to come. This work demonstrates Spy-Sense, a spyware tool that allows the injection of stealthy exploits in the heart of each node in a sensor network. Spy-Sense is undetectable, hard to recognize and get rid of, and once activated, it runs in a discrete background operation without interfering or disrupting normal network operation. It provides the ability of executing a stealthy exploit sequence that can be used to achieve the intruder's goals while reliably evading detection. To the best of our knowledge, this is the first instance of a spyware program that is able to crack the confidentiality and functionality of a sensor network. By exposing the vulnerabilities of sensor networks to spyware attacks, we hope to instigate discussion on these critical issues because sensor networks will never succeed without adequate provisions on security and privacy.

Antonis Michalas, Tassos Dimitriou, Thanassis Giannetsos, Nikos Komninos, and Neeli R. Prasad. "Vulnerabilities of Decentralized Additive Reputation Systems Regarding the Privacy of Individual Votes," In the 3rd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems (MobiSec 2011), Aalborg, Denmark, 2011. Best paper award.

In this invited paper, we focus on attacks and defense mechanisms in additive reputation systems. We start by surveying the most important protocols that aim to provide privacy between individual voters. Then, we categorize attacks against additive reputation systems considering both malicious querying nodes and malicious reporting nodes that collaborate in order to undermine the vote privacy of the remaining users. To the best of our knowledge this is the rst work that provides a description of such malicious behavior against such systems. In light of this analysis we demonstrate the ineciencies of existing protocols.

Antonis Michalas, Tassos Dimitriou, Thanassis Giannetsos, Nikos Komninos, and Neeli R. Prasad. "Vulnerabilities of Decentralized Additive Reputation Systems Regarding the Privacy of Individual Votes," Wireless Personal Communications Volume 66, Number 3 (2012), 559-575, 2012.

A journal version of the previous paper.

Tassos Dimitriou and Ahmad Sabouri. "Pollination: A Data Authentication Scheme for Unattended Wireless Sensor Networks", In the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-11), Changsha, China, November 16-18, 2011.

An Unattended Wireless Sensor Network (UWSN) is a recently introduced type of sensor network in which realtime data delivery of information is replaced by periodic, offline collection of the sensed data. In this work we focus on UWSNs operating in a hostile environment where the goal of an attacker is to prevent targeted data from ever reaching the sink. More precisely, we study the Data Authentication problem in the presence of a Mobile Adversary who is aiming to target a sensor's data and modify it without being detected.

Inspired by the pollination process in nature, we propose two schemes that diffuse data footprints in the network using message carrying "butterflies". These schemes greatly increase the robustness of the network against data modification attempts by the mobile adversary. Extensive analytical and experimental results confirm the superiority of both Pollination and Pollination Light over previous protocols in terms of both security and communication overhead.

Tassos Dimitriou and Antonis Mihalas. "Multi-Party Trust Computation in Decentralized Environments", In the 5th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2012), Istanbul, Turkey, May 7-10, 2012.

In this paper, we describe a decentralized privacy-preserving protocol for securely casting trust ratings in distributed reputation systems. Our protocol allows N participants to cast their votes in a way that preserves the privacy of individual values against both internal and external attacks. The protocol is coupled with an extensive theoretical analysis in which we formally prove that our protocol is resistant to collusion against as many as N-1 corrupted nodes in the semi-honest model.

The behavior of our protocol is tested in a real P2P network by measuring its communication delay and processing overhead. The experimental results uncover the advantages of our protocol over previous works in the area; without sacrificing security, our decentralized protocol is shown to be almost one order of magnitude faster than the previous best protocol for providing anonymous feedback.

Tassos Dimitriou, Ioannis Krontiris and Ahmad Sabouri. "A Privacy-Preserving Query Scheme for Participatory Sensing", In the 4th International Conference on Security and Privacy in Mobile Information and Communication Systems (Mobisec 2012), Frankfurt, Germany, June 25-26, 2012.

In this work we study the problem of querier privacy in the Participatory Sensing domain. While prior work has attempted to protect the privacy of people contributing sensing data from their mobile phones, little or no work has focused on the problem of querier privacy. Motivated by a novel communication model in which clients may directly query participatory sensing networks operated by potentially untrusted adversaries, we provide a privacy-preserving access control scheme for participatory sensing applications that focuses on the privacy of the querier. Contrary to past solutions, we enable queriers to have access to the data provided by participating users without placing any trust in third parties or reducing the scope of queries. Additionally, our approach naturally extends the traditional pull/push models of participatory sensing and integrates nicely with mobile social networks, a new breed of sensing which combines mobile sensor devices with personal sensing environments.

Tassos Dimitriou, Ghassan Karame. "Privacy-Friendly Tasking and Trading of Energy in Smart Grids", In the 28th Symposium On Applied Computing (ACM SAC ’13), March 18 – 22, 2013, Coimbra, Portugal.

The smart-grid is gaining increasing attention nowadays, owing to its premise to o er increased reliability and performance. However, the current design of smart-grids raises serious concerns with respect to privacy and anonymity of users.

In this paper, we address the problem of enhancing the privacy of users in the smart grid throughout the reporting and the billing phases. To that end, we propose a taxonomy of solutions that enable (i) the privacy-preserving aggregation of smart meters’ energy consumption reports without relying on a single point of trust, (ii) the anonymous tasking, e.g., the outsourcing of (maintenance) tasks to smart meters, and (iii) the privacy-preserving billing and barter of energy between the utility provider and the smart meters. To the best of our knowledge, this is the first contribution that comprehensively addresses privacy issues in the tasking and energy-trading processes in smart grids. Our proposed solutions complement previous work in the area and can be easily integrated within existing smart grids.

Ioannis Krontiris and Tassos Dimitriou. "Privacy-Respecting Discovery of Data Providers in Crowd-Sensing Applications". In the 9th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS), 20-23 May 2013, Cambridge, Massachusetts.

Crowd-sensing applications are based on the contribution of user-related context information and as such, they are particularly vulnerable to privacy-compromising attacks. In this paper we focus on the problem of information discovery by data consumers who can pose queries to mobile users providing sensed data. The way to protect the privacy of these mobile users is through the use of cloud-based agents, which obfuscate user location and enforce the sharing practices of their owners. The cloud agents organise themselves in a structure, namely a quadtree, that enables queriers to contact directly the mobile users in the area of interest and, based on their own criteria, select the ones to get sensing data from. The tree is kept in a decentralized manner, stored and maintained by the mobile agents themselves, thus avoiding the privacy implications of previous, centralized techniques. Our proposed solution complements and expands upon prior work in the area while it is shown experimentally to be both scalable, efficient and easy to maintain.

Tassos Dimitriou and Antonis Michalas. Multi-Party Trust Computation in Decentralized Environments in the Presence of Malicious Adversaries. In Ad Hoc Networks, Elsevier, 2013. http://dx.doi.org/10.1016/j.adhoc.2013.04.013

In this paper, we describe a decentralized privacy-preserving protocol for securely casting trust ratings in distributed reputation systems. Our protocol allows n participants to cast their votes in a way that preserves the privacy of individual values against both internal and external attacks. The protocol is coupled with an extensive theoretical analysis in which we formally prove that our protocol is resistant to collusion against as many as n − 1 corrupted nodes in both the semi-honest and malicious adversarial models.

The behavior of our protocol is tested in a real P2P network by measuring its communication delay and processing overhead. The experimental results uncover the advantages of our protocol over previous works in the area; without sacrificing security, our decentralized protocol is shown to be almost one order of magnitude faster than the previous best protocol for providing anonymous feedback.

Thanassis Giannetsos and Tassos Dimitriou. "LDAC: A Localized and Decentralized Algorithm for Efficiently Countering Wormholes in Mobile Wireless Networks. " In Journal of Computer and System Sciences, Volume 80, Issue 3, May 2014. http://dx.doi.org/10.1016/j.jcss.2013.06.015

Several protocols have been proposed to date to defend against wormhole attacks in wireless networks by adopting synchronized clocks, positioning devices, or directional antennas. These requirements and assumptions limit their applicability especially in the case of mobile networks where the degree of association and de-association between the nodes is relatively high. In this work, we present a novel lightweight countermeasure for the wormhole attack, called LDAC (Localized-Decentralized Algorithm for Countering wormholes). It is completely localized and works by looking for simple evidence that no attack is taking place, using only connectivity information, as implied by the underlying communication graph. LDAC is not confined to static networks but extends naturally to dynamic and even mobile ones. Rigorous arguments that prove the correctness of the algorithm are coupled with detailed performance evaluation along with an implementation on real sensor devices that demonstrates its efficiency in terms of memory requirements and processing overhead.

Tassos Dimitriou. "Secure and Scalable Aggregation in the Smart Grid". In the 6th IFIP/IEEE International Conference on New Technologies, Mobility and Security (NTMS 2014), March 30 to April 2, 2014, Dubai, UAE.

In this work, we describe two decentralized protocols that can be used to securely aggregate the electricity measurements of n smart meters. The first protocol is a very lightweight one, it uses only symmetric cryptographic primitives and provides security against honest-but-curious adversaries. The second one is public-key based and its focus in on the malicious adversarial model; malicious entities not only try to learn the private measurements of smart meters but can also disrupt protocol execution. Both protocols do not rely on centralized entities or trusted third parties to operate and they are highly scalable owning to the fact that every smart meter has to interact with only a few other meters. Both are very efficient in practice requiring only O(1) work and memory overhead per meter, thus making these protocols fit for real-life smart grid deployments..

Tassos Dimitriou "Key Evolving RFID Systems: Forward Privacy and Ownership Transfer of RFID tags". In 2014 IEEE RFID Technology and Applications (RFID-TA) Conference. Tampere, Finland, September 8-9, 2014.

In this work we make an important step in providing for RFID privacy by letting users control all the tags they possess. The moment a person buys a tagged object and becomes the owner of it, no one should be able to find any information about the object or have access to the tag. We do this by developing and formalizing the notion of a key-evolving RFID system. In particular, (i) we explain how such a system can be made forward secure using pseudo-random generators and functions, (ii) we derive concrete results based on the security of the underlying primitives, and (iii), we show how this can be effectively realized in practice.

Tassos Dimitriou and Ghassan Karame. "Privacy-Friendly Planning of Energy Distribution in Smart Grids". In SEGS 2014, in association with the 21st ACM Conference on Computer and Communications Security, Arizona, USA. November 3 – 7, 2014.

The smart-grid is gaining increasing attention nowadays, owing to its premise to offer increased reliability, performance and a balanced utilization of energy. However, the current design of smart-grids raises serious concerns with respect to the privacy and anonymity of users. Thus far, the literature has solely focused on the problem of privately aggregating energy reports and has not addressed the privacy threats that can occur through other intelligent operations that take place in the smart grid such as planning the energy distribution in the smart grid.

In this paper, we propose a novel solution that enables the planning of energy distribution in the grid without leaking any information about the energy requests of individual smart meters. We also implement a prototype based on our proposal and we evaluate its performance in realistic deployment settings.

Ioannis Krontiris and Tassos Dimitriou. A platform for privacy protection of data requesters and data providers in mobile sensing. Computer Communications, Elsevier, 2015. http://dx.doi.org/10.1016/j.comcom.2015.02.005

In typical mobile sensing architectures, sensing data are collected from users and stored in centralized servers at third parties, making it difficult to effectively protect users’ privacy. A better way to protect privacy is to upload sensing data on personal data stores, which are owned and controlled by the users, enabling them to supervise and limit personal data disclosure and exercise access control to their data. The problem however remains how data requesters can discover the users who can offer them the data they need. In this paper we suggest a mobile sensing platform that enables data requesters to discover data producers within a specific geographic region and acquire their data. Our platform protects the anonymity of both requesters and producers, while at the same time it enables the incorporation of trust frameworks, incentive mechanisms and privacy-respecting reputation schemes. We also present extensive experimental results that demonstrate the efficiency of our approach in terms of scalability, load balancing and performance.

Tassos Dimitriou, Ebrahim A. Alrashed, Mehmet Hakan Karaata and Ali Hamdan. "Imposter Detection for Replication Attacks on Mobile Sensor Networks" In the 7th IFIP/IEEE International Conference on New Technologies, Mobility and Security (NTMS 2015), July 17-29, 2015, Paris, France.

In a node replication attack, an adversary creates replicas of captured sensor nodes in an attempt to control information that is reaching the base station or, more generally, compromise the functionality of the network. In this work, we develop fully distributed and completely decentralized schemes to detect and evict multiple imposters in mobile wireless sensor networks (MWSNs). The proposed schemes not only quarantine these malicious nodes but also withstand collusion against collaborating imposters trying to blacklist legitimate nodes of the network. Hence the completeness and soundness of the protocols are guaranteed. Our protocols are coupled with extensive mathematical and experimental results, proving the viability of our proposals, thus making them fit for realistic mobile sensor network deployments.

Tassos Dimitriou, Ioannis Krontiris. "Privacy-respecting Auctions as Incentive Mechanisms in Mobile Crowd Sensing" In the 9th IFIP/IEEE WISTP International Conference on Information Security Theory and Practice (WISTP 2015), August 24-25, 2015, Heraklion, Greece.

In many mobile crowd-sensing scenarios it is desirable to give micro-payments to contributors as an incentive for their participation. However, to further encourage participants to use the system, one important requirement is protection of user privacy. In this work we present a reverse auction mechanism as an efficient way to offer incentives to users by allowing them to determine their own price for the data they provide, but also as a way to motivate them to submit better quality data. At the same time our auction protocol guarantees bidders’ anonymity and suggests a new rewarding mechanism that enables winners to claim their reward without being linked to the data they contributed. Our protocol is scalable, can be applied to a large class of auctions and remains both computation- and communication-efficient so that it can be run to the mobile devices of users.

Tassos Dimitriou "Key Evolving RFID Systems: Forward/Backward Privacy and Ownership Transfer of RFID tags" Ad Hoc Networks, Elsevier, 2015. http://dx.doi.org/10.1016/j.adhoc.2015.08.019

RFID, which stands for Radio Frequency Identification, is a relatively new technology often envisioned as an enabler of the Internet of Things. The widespread use of this technology, however, introduces many security and privacy risks since tags contain information that can be easily obtained by anyone with a reader. Eventually this can lead to tracking of users, profiling and violation of their basic right to privacy.

In this work we make an important step in providing for RFID privacy by letting users control all the tags they possess. The moment a person buys a tagged object and becomes the owner of it, no one should be able to find any information about the object or have access to the tag. We do this by developing and formalizing the notion of a key-evolving RFID system. In particular, (i) we explain how such a system can be made forward secure using pseudo-random generators and functions, (ii) we derive concrete results based on the security of the underlying primitives, and (iii), we explain how this can be realized in practice using a protocol that achieves secure ownership transfer and controlled delegation without relying on Trusted Third Parties.

Tassos Dimitriou and Ghassan Karame "Enabling Anonymous Authorization and Rewarding in the Smart Grid." In IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 2015. http://dx.doi.org/10.1109/TDSC.2015.2496211

The smart grid leverages infrastructural support to achieve fine-grained power consumption monitoring in an attempt to offer higher efficiency, reliability, and security. Such functionality, however, requires the collection of fine-grained usage data which may raise serious concerns with respect to consumer privacy. Thus far, existing work has solely focused on the problem of privately aggregating energy measurements. However, these solutions do not allow the provider to acquire detailed energy measurements which are essential for maintaining the network, debugging configuration problems, etc. In this work, we address this problem and we propose an authentication scheme that allows a smart meter to anonymously interact with the utility provider when submitting detailed consumption data. We then move one step further, enabling the incorporation of anonymous rewarding mechanisms in the smart grid in exchange for detailed measurements that users report. We argue that such rewarding mechanisms provide solid incentives for users to accept the release of their detailed energy consumption; we show that our proposal does not leak any information about the identity of users—even when redeeming the rewards. Finally, we implement a prototype based on our proposal and we evaluate its performance in realistic deployment settings.

Tassos Dimitriou and Mohamad Awad "Secure and Scalable Aggregation in the Smart Grid Resilient against Malicious Entities." In Ad Hoc Networks, Elsevier, 2016. http://dx.doi.org/10.1016/j.adhoc.2016.06.014

The smart electricity grid introduces new opportunities for fine-grained consumption monitoring. Such functionality, however, requires the constant collection of electricity data that can be used to undermine consumer privacy. In this work, we address this problem by proposing two decentralized protocols to securely aggregate the measurements of n smart meters. The first protocol is a very lightweight one, it uses only symmetric cryptographic primitives and provides security against honest-but-curious adversaries. The second protocol is public-key based and considers the malicious adversarial model; malicious entities not only try to learn the private measurements of smart meters but also disrupt protocol execution. Both protocols do not rely on centralized entities or trusted third parties to operate. Additionally, we show that they are highly scalable owning to the fact that every smart meter has to interact with only a few others, thus requiring only O(1) work and memory overhead. Finally, we implement a prototype based on our proposals and we evaluate its performance in realistic deployment settings.

Tassos Dimitriou, Ebrahim A. Alrashed, Mehmet Hakan Karaata, Ali Hamdan "Imposter detection for replication attacks in mobile sensor networks." In Computer Networks, Volume 108, October 2016. http://dx.doi.org/10.1016/j.comnet.2016.08.019

In a node replication attack, an adversary creates replicas of captured sensor nodes in an attempt to control information that is reaching the base station or, more generally, compromise the functionality of the network. In this work, we develop fully distributed and completely decentralized schemes to detect and evict multiple imposters in mobile wireless sensor networks (MWSNs). The proposed schemes not only quarantines these malicious nodes but also withstand collusion against collaborating imposters trying to blacklist legitimate nodes of the network. Hence the completeness and soundness of the protocols is guaranteed. Our protocols are coupled with extensive mathematical and experimental results, proving the viability of our proposals, thus making them fit for realistic mobile sensor network deployments.

Tassos Dimitriou and Naser Al Ibrahim "Denying your whereabouts: A Secure and Deniable scheme for Location-Based Services." In 15th International Conference on Cryptology and Network Security (CANS), Milan, Italy, November 2017.

Location Based Services (LBS) are often used in applications that allow users to interact with the environment and query for the location of persons, objects and services. However, such systems may undermine user privacy since the frequent collection of location data may reveal considerable information about an individual’s daily habits and profile. In this work, we present our Deniable-LBS scheme which gives users the ability to deny being in a particular location even if this location has been monitored by an internal or external party.

 

The material presented here is to ensure timely dissemination of scholarly and technical work. If it is going to be used for other than personal use, please contact the corresponding copyright owner…
 

Last Update: November 2016

 

Books

Tassos D. Dimitriou. "Automata and Formal Languages". Textbook for the direction "Foundations of Computer Science" of the Computer Science Program of the Hellenic Open University, 2001.

"Security and Privacy in Communication Networks", 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers Series: Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering , Vol. 19 Chen, Yan; Dimitriou, Tassos D.; Zhou, Jianying (Eds.).

 

Book Chapters

Tassos Dimitriou and Ioannis Krontiris. "Secure In-Network Processing in Sensor Networks", Book chapter in the book "Security in Sensor Networks", Yang Xiao (Eds.), CRC Press, 2006.

Tassos Dimitriou and Dimitris Foteinakis, "Secure Multiparty/Multicandidate Electronic Elections", Book Chapter on Secure eGovernment Web Services, Published by Idea Group Publishing, 2006

I. Krontiris, T. Dimitriou, M. Salajegheh and H. Soroush, "WSN Link-layer Security Frameworks", Book chapter in "Wireless Sensors Networks Security", edited by Jianying Zhou and Javier Lopez, IOS Press, 2007.

Tassos Dimitriou and Ioannis Krontiris, "Secure In-Network Programming in Distributed Sensor Networks", Book Chapter on "Security in Distributed and Networking Systems", Yang Xiao, Yi Pan (eds), World Scientific Publishing Co., 2007.

Thanassis Giannetsos, Ioannis Krontiris, Tassos Dimitriou, Felix C. Freiling, "Intrusion Detection in Wireless Sensor Networks", Book Chapter in "Security in RFID and Sensor Networks," Paris Kitsos, Yan Zhang (eds), Auerbach Publications, CRC Press, Taylor&Francis Group, 2008.

Tassos Dimitriou, "RFID Security: Attacks and countermeasures", Book Chapter in "RFID Security: Techniques, Protocols and System-On-Chip Design", Paris Kitsos, Yan Zhang (eds), Springer Verlag, 2009.