Costas Lambrinoudakis

• University of Piraeus

The chapter discusses the intricate challenges of privacy and data protection in eHealth/M-Health systems. These systems must adhere to specific demands from organizations and users, along with the diverse legal mandates set by the GDPR, which governs the rights of data subjects and the duties of data controllers. To tackle these challenges, the ch...

Recent technological advances allow us to design and implement sophisticated infrastructures to assist users’ everyday life; technological paradigms such as Intelligent Transportation Systems (ITS) and Multi-modal Transport are excellent instances of those cases. Therefore, a systematic risk evaluation process in conjunction with proper threat iden...

Society has become increasingly dependent on IT infrastructure and services. Additionally, the pandemic of COVID-19 forced the transition of the traditional way of working (i.e., physical presence) into a more modern and flexible one (i.e., working remotely). This has led to an increase of cyberattacks, as a direct consequence of the increase of th...

The financial crisis made companies around the world search for cheaper and more efficient solutions to cover their needs in terms of computational power and storage. Their quest came to end with the birth of Cloud Computing infrastructures. However, along with the new promising technology, new attack vectors were born, and one old and known threat...

Android Intent redirection, malicious activity launch and intent hijacking attacks can highly impact users’ data confidentiality and integrity. More specifically, malicious applications launch this type of attacks in order to manipulate the provided services and gain access to sensitive data. Though such attacks are not yet common, we argue that th...

Nowadays, people and enterprises put effort in protecting systems and applications that handle personal data and also in protecting digital footprints, and they realize that the concept of privacy protection is continuously evolving, depending on each environment. Admittedly, there is a plethora of digital products or services that necessitates the...

Web addresses, or Uniform Resource Locators (URLs), represent a vector by which attackers are able to deliver a multitude of unwanted and potentially harmful effects to users through malicious software. The ability to detect and block access to such URLs has traditionally been enabled through reactive and labour intensive means such as human verifi...

Android task and hijacking attacks can have a high impact on end users’ data confidentiality, since malicious applications exploiting such a threat can deceive end users and gain access to sensitive data silently. We believe that these threats are of high importance and thus in this paper we study them thoroughly through a tool capable to identify...

Web addresses, or Uniform Resource Locators (URLs), represent a vector by which attackers are able to deliver a multitude of unwanted and potentially harmful effects to users through malicious software. The ability to detect and block access to such URLs has traditionally been enabled through reactive and labour intensive means such as human verifi...

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of th...

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal fr...

Intelligent Transport Systems (ITS) play a key role in our daily activities. ITS development over the last decades has been based on the rapid evolution of information technologies, which include processing capabilities, availability of hardware and communication technologies. Moreover, ITS use Information and Communication Technologies (ICT) to im...

In this paper, we investigate the implications of the General Data Protection Regulation (GDPR) on the design of a Cloud-based Health System. Keeping secure healthcare information and protecting patients’ privacy is a major responsibility of all healthcare providers. On May 25th 2018, when the GDPR has become mandatory within the European Union, th...

Currently, there are several challenges that Cloud-based health-care Systems, around the world, are facing. The most important issue is to ensure security and privacy or in other words to ensure the confidentiality, integrity and availability of the data. Although the main provisions for data security and privacy were present in the former legal fr...

This article presents the cyber security progress in Greece since the creation of the Greek National Cyber Security Authority as a nationwide cybersecurity coordination and policy making unit. During this period, Greece issued a Ministerial Decree that established the National Cyber Security Authority, issued the National Cybersecurity strategy, tr...

The final few years, Information and Communication Technology (ICT) have delivered the concept of central enterprise model in e-health. Health-care is increasingly being supported via IT functions and new technologies, such as Cloud Computing. But sharing sensitive private data in Cloud Computing can be risky, when an unauthorized person gets acces...

Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, which is analogous to many social engineering attacks. This has led to calls for total bans on this k...

A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Among them is the Mirai botnet which has had its source code leaked to the world, allowing any maliciou...

Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, which is analogous to many social engineering attacks. This has led to calls for total bans on this k...

The final few years, Information and Communication Technology (ICT) have delivered the concept of central enterprise model in e-health. Health-care is increasingly being supported via IT functions and new technologies, such as Cloud Computing. But sharing sensitive private data in Cloud Computing can be risky, when an unauthorized person gets acces...

Purpose The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR). Design/methodology/approach This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (da...

The NIS Directive introduces obligations for the security of the network and information systems of operators of essential services and of digital service providers and require from the national competent authorities to assess their compliance to these obligations. This paper describes a novel cybersecurity maturity assessment framework (CMAF) that...

The NIS Directive introduces obligations for the security of the network and information systems of operators of essential services and of digital service providers and require from the national competent authorities to assess their compliance to these obligations. This paper describes a novel cybersecurity maturity assessment framework (CMAF) that...

Purpose This study aims to assist organizations to protect the privacy of their users and the security of the data that they store and process. Users may be the customers of the organization (people using the offered services) or the employees (users who operate the systems of the organization). To be more specific, this paper proposes a privacy im...

A large majority of cheap Internet of Things (IoT) devices that arrive brand new, and are configured with out-of-the-box settings, are not being properly secured by the manufactures, and are vulnerable to existing malware lurking on the Internet. Among them is the Mirai botnet which has had its source code leaked to the world, allowing any maliciou...

Technology is already affecting every aspect of life, and our health is no exception. Artificial intelligence (AI) has become one of the most emerging technologies over the last few years in almost every environment. New technological advances such as cloud computing provide benefits and have changed the way we store, access and exchange informatio...

The assessment of the potential impact for an organization from a privacy violation incident is important for three main reasons: the organization will have a justified estimate of the cost (financial, reputation or other) that may be raised, will facilitate the selection of the appropriate technical, procedural and organizational protection mechan...

The maritime ecosystem has undergone through changes due to the increasing use of information systems and smart devices. The newly introduced technologies give rise to new attack surface in maritime infrastructures. In this position paper, we propose the MAritime Threat INtelligence FRAMEwork (MAINFRAME), which is tailored towards collection and an...

The process of GDPR compliance for cloud computing environments may turn out to be a demanding process in terms of the technical, organizational and procedural measures that should be adopted. This paper identifies the requirements and the appropriate countermeasures for GDPR compliance in cloud environments. Furthermore, it describes the necessary...

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First International Workshop on Security, Privacy, Organizations, a...

This book constitutes the refereed post-conference proceedings of the 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and the Third International Workshop on Attacks and Defenses for Inter...

Privacy and Data protection are highly complex issues within eHealth/M-Health systems. These systems should meet specific requirements deriving from the organizations and users, as well as from the variety of legal obligations deriving from GDPR that dictate protection rights of data subjects and responsibilities of data controllers. To address tha...

The so-far most credible approach to Security Evaluation , the Common Criteria standard, relies on a thorough methodology to provide confidence that the security requirements of an IT system are satisfied. Towards that end, a Protection Profile (PP) document gathers carefully all required data and identifies in an implementation-independent way the...

The maritime ecosystem has undergone through changes due to the increasing use of information systems and smart devices. The newly introduced technologies give rise to new attack surface in maritime infrastructures. In this position paper, we propose the MAritime Threat INtelligence FRAMEwork (MAINFRAME), which is tailored towards collection and an...

This book constitutes the thoroughly refereed post-conference proceedings of the 4th International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2018, and the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2018, held in Barcelona, Spain, in September 2018, in con...

The General Data Protection Regulation was introduced to reinforce and consolidate data protection for all citizens in the European Union and to deal with export of personal data outside the EU. It effectively dispatches the control of personal data to the user and helps international companies to comply with regulations by integrating them within...

The Android architecture introduces to the application layer a permission based access control model for restricting access to sensitive phone resources. In this model the access to Application Programming Interfaces (APIs) is protected through permissions defined by the Android OS. The developers in order to utilize protected API methods must decl...

Security assurance is defined as the degree of confidence that the security requirements of an IT system are satisfied. In view of the emerging paradigm of connected vehicles i.e., dynamic Cyber-Physical systems of highly-equipped infrastructure-connected vehicles, specifying the involved assurance becomes highly-critical yet challenging; vehicles...

This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2017, and the First International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, held in Oslo, Norway, in September 2017, in con...

Several governments and citizens embrace information systems that are designed to enable transparency of public expenses and discourage corruption in the public sector. The objective of this paper is to examine the capacity and value of information systems designed to enhance transparency, from a citizens’/users’ perspective. Our purpose is to addr...

The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2017), held between February 19-23, 2017 in Athens, Greece, continued a series of events meant to prospect the applications supported by the cloud computing paradigm and validate the techniques and the mechanisms. A complementary target was to identif...

Cloud computing is the most accurate paradigm of next generation internet-based distributed computing systems providing an innovative business model for organisations. It offers potential benefits including cost savings, flexibility and improved business outcomes for organisations. Despite the potential advantages of cloud computing, security is on...

This book constitutes the refereed proceedings of the 14th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2017, held in Lyon, France, in August 2017 in conjunction with DEXA 2017. The 15 revised full papers presented were carefully reviewed and selected from 40 submissions. The papers are organized in the foll...

This book constitutes the refereed proceedings of the Second Conference on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2016, held in Crete, Greece, in September 2016 in conjunction with ESORICS 2016, the 21st annual European Symposium on Research in Computer Security. The 5 revised full papers 2 invited papers prese...

Smart phones are, nowadays, a necessity for the vast majority of individuals around the globe. In addition to the ubiquitous computing paradigm supported by such devices, there are numerous software applications that utilize the high computational capabilities that they offer. This type of software is a vital part of what is known as e-Commerce, wi...

This book constitutes the thoroughly refereed post-conference proceedings of the 10th International Conference on Risks and Security of Internet Systems, CRiSIS 2015, held in Mytilene, Lesbos Island, Greece, in July 2015. The 18 full papers presented were selected from 50 submissions. The papers sessions that have covered a broad range of topics: t...

This book constitutes the refereed proceedings of the 13th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2016, held in Porto, Portugal, in September 2016 in conjunction with DEXA 2016. The 8 revised full papers presented were carefully reviewed and selected from 18 submissions. The papers are organized in the...

This book constitutes the refereed proceedings of the First Conference on Cybersecurity of Industrial Control Systems, CyberICS 2015, and the First Workshop on the Security of Cyber Physical Systems, WOS-CPS 2015, held in Vienna, Austria, in September 2015 in conjunction with ESORICS 2015, the 20th annual European Symposium on Research in Computer...

The appeal of e-Government users to retain control over their personal information, while making use of advanced governmental electronic services through interconnected and interoperable deployments, can be assisted by the incorporation of privacy policy and Preferences documents. This paper addresses the formulation of light-weight and accurate pr...

Security is a crucial issue in cloud computing especially since a lot of stakeholders worldwide are involved. Achieving an acceptable security level in cloud environments is much harder when compared to other traditional IT systems due to specific cloud characteristics like: architecture, openness, multi-tenancy etc. Conventional security mechanism...

There are many methodologies that have been proposed in the literature for identifying the security and privacy requirements that must be satisfied by an information system in order to protect its users. At the same time, there are several “privacy principles” that have been considered as equally important for the avoidance of privacy violation inc...

A lot of privacy principles have been proposed in the literature with the aim to preserve users’ privacy through the protection of the personal data collected by service providers. Despite the fact that there were remarkable efforts to gather all privacy principles and use them on a common privacy-by-design system, to the best of our knowledge, the...

Recently there is a trend to use cloud computing on service deployment, enjoying various advantages that it offers with emphasis on the economy which is achieved in the era of the financial crisis. However, along with the transformation of technology, several security issues are raised and especially the threat of malicious insiders. For instance,...

This book constitutes the refereed proceedings of the 12th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2015, held in Valencia, Spain, in September 2015 in conjunction with DEXA 2015. The 17 revised full papers presented were carefully reviewed and selected from 45 submissions. The papers are organized in th...

Many times in the past, critical infrastructures like e-health and e-government services have become a target of cyber-attacks resulting to manipulation of sensitive information. Meanwhile, there are several approaches applying security and privacy protection measures on cloud-based databases. Simultaneously, many steganographic algorithms have bee...

The provision of advanced e-Government services has raised users’ concerns on personal data disclosure and privacy violation threats as more and more information is released to various governmental service providers. Towards this direction, the employment of Privacy Policies and Preferences has been proposed in an attempt to simplify the provision...

Agent based platforms provide a means for creating applications that run independently of operating system and network architecture; as a result, agents have become part of many systems and support a large number of interactions between different systems. Lately due to a shift to mobile computing paradigms, lightweight platforms, mainly oriented fo...

Cloud computing is gradually becoming the most popular option of Information Technology infrastructures. However, an important issue that has emerged through that revolution is the preservation of an adequate level of security for the infrastructure and the confrontation of malicious insiders. This paper proposes a methodology for detecting the co-...

Cloud Computing is a new computing paradigm originating and combining characteristics from grid computing, distributed computing, parallel computing, virtualization and other computer technologies. Trust and security in Cloud Computing are more complex than in traditional IT systems. Conventional security policies designed for other technologies do...

Next Generation Networks bring together wired and wireless architectures, under the umbrella of an all IP architecture. Architectures such as the IP Multimedia Subsystem (IMS) offer advanced services at very low cost but also inherit IP infrastructure’s security and privacy issues. The utilized signaling protocol (i.e. Session Initiation Protocol)...

The evolvement of e-government has raised users' concerns on personal data disclosure and privacy threats as more and more information is released to various governmental service providers. This paper addresses the consideration of users who would wish to retain control over their personal information while using advanced governmental electronic se...

Cloud computing is gradually replacing traditional IT infrastructures. However, an important issue that has emerged through that revolution is the preservation of an adequate level of security for the infrastructure. Currently there are many researchers working in the area of cloud security and privacy protection, proposing several solutions that a...

It is an undisputable fact that nowadays many different types of crime are conducted by utilizing some type of electronic device - communication. To address this new situation, modern forensics tools evolved, becoming sophisticated enough to handle almost all kinds of digital content. However, surprisingly enough, collecting and validating the auth...

Purpose The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards. Design/methodology/approach The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recog...

The Voice Over IP (VoIP) environments and the most contemporary ones such as the IP Multimedia Subsystem (IMS) are deployed in order to provide cheap and at the same time high quality services to their users. Video calls, conferences, and applications can be provided to mobile devices with the lowest possible delay, while the Quality of Service (Qo...

Several steganographic algorithms have been proposed for protecting message secrecy against unauthorized "reads". The most used method for hiding a message relies on embedding the secret message in Least Significant Bit (LSB) on the cover object. Though various digital formats have been proposed in literature to be used as cover objects, little att...

When a forensic investigation is carried out in the enterprise environment, most of the important data are stored in database servers, and data stored in them are very important elements for a forensic investigation. As for database servers with such ...

Over the last few years the use of social networking sites has been dramatically increased. However, this extensive growth is not without consequences, identity theft, cyber bullying and child exploitation are only some of the problems that have arisen and are directly connected to privacy violation and trace ability problems that are present in su...

Point‐to‐Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It is widely used by commercial Internet service providers to provide Internet surfing for customers who pay bills. In this paper, we analyze the security of PPPoE network. We find that we can easily collect information about bot...

In this paper, we analyze the block cipher SEED‐192, which is an extended version of the ISO/IEC block cipher SEED. According to the result of this paper, there exist weak keys in 8 out of the 20 rounds of SEED‐192 against related‐key differential attacks, and there exist weak keys in 16 out of the 20 rounds of SEED‐192 against related‐key rectangl...

In complex environments like the IP multimedia Subsystem (IMS), state of the art security solutions cannot always provide satisfactory protection against any type of attack. This paper addresses the security mechanisms utilized by IMS with respect to their susceptibility to SIP based attacks that have been described in the literature. This analysis...

This special issue presents extended and revised versions of distinguished papers presented at the security & privacy track of the 3rd IEEE International Conference on Cloud Computing Technology and Science (IEEE Cloudcom 2011).

The convergence of different network types under the same architecture offers the opportunity for low cost multimedia services. The main objective has been the high quality of the provided services. However, considering that older equipment with limited processing capabilities may be present in such environments, a tradeoff between security and ser...

In this paper we identify some areas where cryptography can help a rapid adoption of cloud computing. Although secure storage has already captured the attention of many cloud providers, offering a higher level of protection for their customer’s data, we think that more advanced techniques such as searchable encryption and secure outsourced computat...

The convergence of different network types under the same architecture offers the opportunity for low cost multimedia services. The main objective has been the high quality of the provided services. However, considering that older equipment with limited processing capabilities may be present in such environments, a tradeoff between security and ser...

In the near future, wireless heterogeneous networks are expected to interconnect in an all-IP architecture. An open issue towards this direction is the uninterrupted continuation of the received services during handover between networks employing different access technologies. In this context, Mobile IP (MIP) is a protocol that allows fast and secu...

In this paper we assess the open IP Multimedia Subsystem (IMS) robustness against malformed message attacks. We employ an IMS test-bed architecture using two different testing suites; the PROTOS which is publicly available, and a proprietary one, that has been develop for the purpose of this specific work. Results have highlighted that although IMS...

This book constitutes the thoroughly refereed post-conference proceedings of the 7th European Workshop on Public Key Infrastructures, Services and Applications, EuroPKI 2010, held in Athens, Greece, in September 2010. The 14 revised full papers presented together with an invited article were carefully reviewed and selected from 41 submissions. The...

This book constitutes the refereed proceedings of the 8th International Conference on Trust and Privacy in Digital Business, TrustBus 2011, held in Toulouse, France, in August/September 2011 in conjunction with DEXA 2011. The 18 revised full papers presented were carefully reviewed and selected from numerous submissions. The papers are organized in...

Purpose – Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awa...

Modern e-Government environments across the public sector have achieved significant interoperability and coherence but are now in front of the next leap forward, which is the adaptation of Web 2.0 technologies. This transition towards e-Government 2.0 will not only improve participation, transparency and integration but it will also speed up the pa...

The IP Multimedia Subsystem (IMS) infrastructure is currently considered to be the main core of Next Generation Networks (NGNs), integrating IP and other network types under one common infrastructure. Consequently, IMS inherits security flaws and vulnerabilities residing in all those technologies. Besides, the protection against unauthorized access...

Several research studies have applied information systems acceptance theories in order to examine issues related to the acceptance of e-services by users. Their application in the e-government systems has revealed that trust is a prerequisite for their usage. Moreover, it has been proved that privacy concerns are a main antecedent of trust in e-gov...

SIP is rapidly becoming a standard for service integration within a variety of wireless and wireline networks. In this regard high availability, reliability and redundancy are key factors for any SIP based infrastructure. In an adverse environment, especially the Internet and foreseeable 3GPP IMS, high availability solutions are of major importance...

As a result of the way that information and communica- tion systems are utilized nowadays, personal data is becom- ing available or can be collected from various sites and in many different ways around the world. Undoubtedly the utilization of personal information leads to several advan- tages, such as personalized and more flexible customer serv-...

Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services,...

The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the securit...