Panayiotis Kotzanikolaou

Panayiotis Kotzanikolaou
University of Piraeus · Department of Informatics

Professor

About

121
Publications
28,299
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,660
Citations

Publications

Publications (121)
Article
Association attacks aim to manipulate WiFi clients into associating with a malicious access point, by exploiting protocol vulnerabilities and usability features implemented on the network managers of modern operating systems. In this paper we classify association attacks based on the network manager features that each attack exploits. To validate t...
Article
Dependence analysis has been applied as a method to design resilient wide area measurement systems (WAMSs). Based on the graph theory, it is possible to distribute the importance, and therefore, the dependencies, among WAMS elements almost evenly, and thus, plan resilient-by-design infrastructures; since no element will be significantly more import...
Article
As medical infusion pumps are known to be vulnerable to cybersecurity threats, industrial reports, guidelines, and state-of-the art research have focused on securing such devices. This includes hardening a pump's network communications, wireless interfaces, and patching software flaws that can allow adversaries to compromise the device's usability...
Article
Full-text available
The increasing integration of IoT devices in various sectors has created complex and dynamically changing interconnected systems. In several multi-authority and multi-domain applications, IoT devices may continuously change their connectivity status, leading to dynamic topologies; an IoT device may be connected to different gateways at different ti...
Article
The primary objective of this paper is to introduce a comprehensive framework designed to automate the assessment of environmental vulnerability status of communication protocols and networked services, within operational contexts. The proposed algorithm leverages the Common Vulnerability Scoring System version 3 (CVSS 3) metrics in conjunction wit...
Article
Wi-Fi networks enable user-friendly network connectivity in various environments, ranging from home to enterprise networks. However, vulnerabilities in Wi-Fi implementations may allow nearby adversaries to gain an initial foothold into a network, e.g., in order to attempt further network penetration. In this paper we propose a methodology for the d...
Conference Paper
In the rapidly evolving landscape of supply chain (SC) management, the importance of tracking services in overseeing the lifecycle from production to sale cannot be overstated. These services rely on sophisticated systems that monitor vital condition information such as temperature and humidity. However, beyond the technical and mechanical aspects,...
Article
Full-text available
Although there are several access control systems in the literature for flexible policy management in multi-authority and multi-domain environments, achieving interoperability and scalability, without relying on strong trust assumptions, is still an open challenge. We present HMBAC, a distributed fine-grained access control model for shared and dyn...
Preprint
Although there are several access control systems in the literature for flexible policy management in multi-authority and multi-domain environments, achieving interoperability & scalability, without relying on strong trust assumptions, is still an open challenge. We present HMBAC, a distributed fine-grained access control model for shared and dynam...
Book
Full-text available
After the completion of its third year of operation in 2022, the CyberSec4Europe pilot project (https://cybersec4europe.eu/) produced this ”Blue Book” (and delivered it as Deliverable D4.7) to serve as a Horizon Research Roadmap in the area of cyber security. To make this book a reality, the project put together a ”Task Force” of young and senior r...
Article
Full-text available
Although Vehicle to Infrastructure (V2I) communications greatly improve the efficiency of early warning systems for car safety, communication privacy is an important concern. Although solutions exist in the literature for privacy preserving VANET communications, they usually require high trust assumptions for a single authority. In this paper we pr...
Article
Full-text available
Internet-of-Things (IoT) extends the provision of remotely managed services across different domains. At the same time, IoT devices primarily designed for home environments may also be installed within the premises of critical urban environments, such as government, banking and corporate domains, without proper risk evaluation. In this paper, we ex...
Chapter
The rapid evolution of the Internet-of-Things (IoT) introduces innovative services that span across various application domains. As a result, smart automation systems primarily designed for non-critical environments may also be installed in premises of critical sectors, without proper risk assessment. In this paper we focus on IoT-enabled attacks,...
Chapter
The goal of this paper is to define an extended cybersecurity ontology, which may be used to assist in targeted information gathering and risk assessment procedures applied on complex cyber-physical systems. The proposed ontology unifies information from an extensive collection of known cybersecurity datasets, semi-structured or unstructured (text)...
Article
Full-text available
Aim: The paper proposes a novel risk assessment method ology for complex cyber-physical systems: The proposed method ology may assist risk assessors to: (a) assess the risks deriving from cyber and physical interactions among cyber-physical components; and (b) prioritize the control selection process for mitigating these risks. Methods: To achieve...
Article
Full-text available
Maritime processes involve actors and systems that continuously change their underlying environment, location and threat exposure. Thus, risk mitigation requires a dynamic risk assessment process, coupled with an adaptive, event driven security enforcement mechanism, to efficiently deal with dynamically evolving risks in a cost efficient manner. In...
Chapter
Full-text available
As critical systems shall withstand different types of perturbations affecting their functionalities and their service level, resilience is a very important requirement. Especially in an urban critical infrastructures where the occurrence of natural events may influence the state of other dependent infrastructures from various different sectors, th...
Chapter
Association attacks in IEEE 802.11 aim to manipulate wireless clients into associating with a malicious access point, usually by exploiting usability features that are implemented on the network managers of modern operating systems. In this paper we review known association attacks in IEEE 802.11 and we provide a taxonomy to classify them according...
Article
Internet of Things (IoT) increase the interconnectivity and interoperability of systems in various critical sectors, such as industrial control, healthcare and smart transportation systems. At the same time, as IoT technologies enable systems to interact both in cyber and physical ways, they also act as enablers of complex attack paths against crit...
Article
Full-text available
The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices form part of a distributed and trustless environment and naturally...
Conference Paper
Wide Area Measurement Systems (WAMS) enable the real time monitoring and control of smart grids by combining digital measurement devices, communication and control systems. As WAMS consist of various interdependent infrastructures, they imply complex cyber, physical and geographical dependencies among their underlying components. Although several e...
Chapter
Internet of Things (IoT) technologies have enabled Cyber-Physical Systems (CPS) to become fully interconnected. This connectivity however has radically changed their threat landscape. Existing risk assessment methodologies often fail to identify various attack paths that stem from the new connectivity/functionality features of IoT-enabled CPS. Even...
Article
Full-text available
Course evaluations have become a common practice in most academic environments. To enhance participation, evaluations should be private and ensure a fair result. Related privacy-preserving method and technologies (e.g., anonymous credentials, Privacy Attribute-Based Credentials, and domain signatures) fail to address, at least in an obvious way, th...
Chapter
WAMS infrastructures consist of various elements such as digital metering devices, communication and processing systems, in order to facilitate the operation, monitoring and control of power grids. For smart grids, resilience is a high-priority design requirement, since they must be able to resist in failures at any layer, caused by intentional att...
Article
Full-text available
The Internet of Medical Things (IoMT) couples IoT technologies with healthcare services in order to support real-time, remote patient monitoring and treatment. However, the interconnectivity of critical medical devices with other systems in various network layers creates new opportunities for remote adversaries. Since most of the communication prot...
Article
Full-text available
The health care ecosystem involves various interconnected stakeholders with different, and sometimes conflicting security and privacy needs. Sharing medical data, sometimes generated by remote medical devices, is a challenging task. Although several solutions exist in the literature covering functional requirements such as interoperability and scal...
Article
Automation and data capture in manufacturing, known as Industry 4.0, requires the deployment of a large number of wireless sensor devices in industrial environments. These devices have to be connected via a reliable, low-latency, low-power and low operating-cost network. Although LoRaWAN provides a low-power and reasonable-cost network technology,...
Article
Wide Area Measurement Systems (WAMS) consist of the measuring and the communication layers (infrastructures) of smart grids, which are used to monitor, operate and control the electrical infrastructure. Resilience is a very important requirement in smart grids, since they must be able to resist in failures at any layer, caused both by intentional a...
Article
The Internet of Things (IoT) creates new technological opportunities for a wide range of systems, such as industrial control systems, smart power grids, vehicular networks (VNs) and intelligent transportation systems, body area networks and healthcare monitoring and control systems and smart homes. At the same time, IoT also increases the threat su...
Conference Paper
The Internet of Medical Things (IoMT) provides ubiquitous healthcare services for patient monitoring and treatment. However, the interaction between doctors, patients, healthcare personnel and device manufacturers, with different and often conflicting security and privacy objectives, make such services vulnerable and subject to exploitation. In add...
Conference Paper
The Internet of Medical Things (IoMT) provides ubiquitous healthcare services for patient monitoring and treatment. However, the interaction between doctors, patients, health-care personnel and device manufacturers, with different and often conflicting security and privacy objectives, make such services vulnerable and subject to exploitation. In ad...
Chapter
Manufacturing industry, electricity networks, supply chain, food production and water treatment plants have been heavily depended on Industrial Automation and Control (IAC) Systems. Integration of Information and Communication Technology (ICT) played a significant role in the evolution of these systems. New emerging trends and technologies, such as...
Chapter
The protection of critical infrastructures at a national level is not a trivial task. In involves various steps such as the indentation, the prioritization and the protection of those infrastructures and services that are vital for the wellbeing of the society. Although some sectors, subsectors and services seem to be very important for all countri...
Conference Paper
The Critical Infrastructures (CIs) whose assets, systems, and networks, whether physical or virtual, are considered so vital to the whole world that their loss or destruction would have a crucial effect on security, national economic security, or safety, or any combination of them. Therefore, security training and awareness is a very important secu...
Article
As the deployment of Internet of Things (IoT) is experiencing an exponential growth, it is no surprise that many recent cyber attacks are IoT-enabled: The attacker initially exploits some vulnerable IoT technology as a first step towards compromising a critical system that is connected, in some way, with the IoT. For some sectors, like industry, sm...
Conference Paper
Time Slotted Channel Hopping (TSCH) has been proposed in various wireless protocols as a solution to combat external interference, path-loss fading and static jamming attacks. However, since TSCH algorithms generate a deterministic and periodic pattern of channel hops, they are still subject to jamming attacks. Proactive randomization of the channe...
Conference Paper
The protection of Critical Infrastructures (CI) is, by definition, of high importance for the welfare of citizens, due to direct threats (dictated by the current international political situation) and also due to their dependencies at international and European levels. Today, Greece remains one of the countries of the European Union, which has no c...
Article
Full-text available
We propose BAR, a scalable anonymous Internet communication system that combines broadcasting features of dc-net with layered encryption of mix-nets. The main advantage of BAR over other broadcast systems is bandwidth configurability: by using selective broadcasting it can significantly reduce the required bandwidth for a small increase in latency,...
Article
Full-text available
Young generations make extensive use of mobile devices, such as smartphones, tablets and laptops, while a plethora of security risks associated with such devices are induced by vulnerabilities related to user behavior. Furthermore, the number of security breaches on or via portable devices increases exponentially. Thus, deploying suitable risk trea...
Conference Paper
Modeling and analysis of critical infrastructure interdependencies is a research area that has attracted considerable interest. Interdependency and risk analyses can be computationally intensive, but can also yield useful results that enhance risk assessments and offer risk mitigation alternatives. Unfortunately, many tools and methodologies are le...
Chapter
The deployment of Next Generation networks such as wireless broadband networks and wireless ad hoc networks, has lead to the proliferation of new mobile, pervasive and ubiquitous services, such as online social networks, location based services or cloud computing services. These new network paradigms and services raise serious privacy concerns. Thi...
Article
Full-text available
Dependency analysis of critical infrastructures is a computationally intensive problem when dealing with large-scale, cross-sectoral, cascading and common-cause failures. The problem intensifies when attempting a dynamic, time-based dependency analysis. This paper extends a previous graph-based risk analysis methodology to dynamically assess the ev...
Article
Full-text available
Dependency risk graphs have been proposed as a tool for analyzing cascading failures due to critical infrastructure dependency chains. However, dependency chain analysis is not by itself adequate to develop an efficient risk mitigation strategy – one that specifies which critical infrastructures should have high priority for applying mitigation con...
Conference Paper
Full-text available
Nowadays, most smartphones come pre-equipped with location (GPS) sensing capabilities, allowing developers to create a wide variety of location-aware applications and services. While location awareness provides novel features and functionality, it opens the door to many privacy nightmares. In many occasions, however, users do not need to share thei...
Article
Full-text available
The wide adoption of smart phones has enabled Online Social Networks (OSNs) to exploit the location awareness capabilities offering users better interaction and context aware content. While these features are very attractive, the publication of users’ location in an OSN exposes them to privacy hazards. Recently, various protocols have been proposed...
Conference Paper
Although efforts have been made to standardize Supply Chain (SC) security risk assessment, there is a lack of targeted methodologies. In this paper we propose Medusa, a SC risk assessment methodology, compliant with ISO28001. Medusa can be used in order to assess the overall risk of the entire supply chain. The derived overall risk values are used...
Conference Paper
Full-text available
One way to model cascading critical infrastructure failures is through dependency risk graphs. These graphs help assess the expected risk of critical infrastructure dependency chains. This research extends an existing dependency risk analysis methodology towards risk management. The relationship between dependency risk paths and graph centrality me...
Chapter
The deployment of Next Generation networks such as wireless broadband networks and wireless ad hoc networks, has lead to the proliferation of new mobile, pervasive and ubiquitous services, such as online social networks, location based services or cloud computing services. These new network paradigms and services raise serious privacy concerns. Thi...
Conference Paper
Full-text available
In this paper, we propose a practical, privacy-preserving equality testing primitive which allows two users to learn if they share the same encrypted input data. Our protocol assumes no trust on a third party and/or other peers, and it is specifically suited for low-min entropy data (i.e., data that can be exhaustively searched by an attacker), suc...
Chapter
Existing Risk Management (RM) methodologies are mainly expert driven and require a large number of interviews with the security experts, which makes rather inefficient to take into account the knowledge from all the organization’s participants. In this paper we extend the STORM-RM multi-criteria group decision-making methodology. More specifically,...
Conference Paper
Distributed Denial of Service attacks generally require a botmaster controlling a large number of infected systems (bots) in order to take down a target service. However, more recent DDoS attacks targeting at the HTTP layer can be very effective even with a small number of infected bots. In this paper we analyze DDoS attacks which require only a sm...
Conference Paper
One of the most challenging problems in critical infrastructure protection is the assessment and mitigation of cascading failures across infrastructures. In previous research, we have proposed a model for assessing the cumulative security risk of cascading threats due to high-order dependencies between infrastructures. However, recent empirical stu...
Article
In this paper, we build on a recent worm propagation stochastic model, in which random effects during worm spreading were modeled by means of a stochastic differential equation. On the basis of this model, we introduce the notion of the critical size of a network, which is the least size of a network that needs to be monitored, in order to correctl...
Article
Full-text available
The protection of critical infrastructures (CI) is a complex task, since it involves the assessment of both internal and external security risk. In the recent literature, methodologies have been proposed that can be used to identify organisation-wise security threats, or even first-order dependency risk (i.e., risk deriving from direct dependencies...
Conference Paper
One of the most challenging problems, when protecting critical infrastructures, is the identification and assessment of interdependencies. In this paper we examine the possible cumulative effects of a single security incident on multiple infrastructures. Our method provides a way to identify threats that may appear insignificant when examining only...
Conference Paper
The strand space model has been proposed as a formal method for verifying the security goals of cryptographic protocols. Many cryptographic protocols aim not only to provide security, but also privacy properties of the communication such as anonymity. In this paper, we apply the strand space model in order to verify the security and privacy goals o...
Conference Paper
Full-text available
We propose an efficient anonymous authentication scheme that provides untraceability and unlinkability of mobile devices, while accessing Location-Based Services. Following other recent approaches for mobile anonymity, in our scheme the network operator acts as an anonymous credential issuer for its users. However, our scheme supports credential no...
Article
Many P2P applications require security services such as privacy, anonymity, authentication, and non-repudiation. Such services could be provided through a hierarchical Public Key Infrastructure. However, P2P networks are usually Internet-scale distributed systems comprised of nodes with an undetermined trust level, thus making hierarchical solution...
Article
Assessing risk in interdependent infrastructures is a challenging topic due to its complexity and the nature of critical infrastructures. This paper describes a methodology for assessing the risk of an infrastructure or a sector, taking into account the presence of interdependencies between infrastructures and sectors. Although the proposed methodo...
Article
This paper focuses on the inherent trade-off between privacy and access control in pervasive computing environments (PCEs). On one hand, service providers require user authentication and authorization for the provision of a service, while at the same time end users require untraceability and unlinkability for their transactions. There are also case...
Article
In this paper we propose a holistic Criticality Assessment methodology, suitable for the development of an infrastructure protection plan in a multi-sector or national level. The proposed methodology aims to integrate existing security plans and risk assessments performed in isolated infrastructures, in order to assess sector-wide or intra-sector s...