Spyros Kokolakis

Spyros Kokolakis
University of the Aegean · Department of Information and Communication Systems Engineering

PhD

About

71
Publications
73,485
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,044
Citations
Additional affiliations
October 2000 - present
University of the Aegean
Position
  • Professor (Assistant)
October 2000 - present
University of the Aegean
Position
  • Professor (Assistant)
January 1997 - July 2000
Athens University of Economics and Business

Publications

Publications (71)
Article
Purpose: This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a behavioral biometrics continuous authentication (BBCA) system that is based on users keystroke dynamics and touch gestures on mobile devices. This research aims to build a system that will continuously authenticate the user...
Article
Authentication systems that are based on the entry-point authentication model are exposed to attacks that take place past the initial authentication. To address this vulnerability, the development of Behavioral Biometrics (BB) Continuous Authentication (CA) technologies has been suggested by several researchers. For the success of future investment...
Article
Purpose: The purpose of this paper is to present a new paradigm, named BioGames, for the extraction of behavioral biometrics (BB) conveniently and entertainingly. To apply the BioGames paradigm, the authors developed a BB collection tool for mobile devices named BioGames App. The BioGames App collects keystroke dynamics, touch gestures, and motion...
Article
Full-text available
Smartphone user authentication based on passwords, PINs, and touch patterns raises several security concerns. Behavioral Biometrics Continuous Authentication (BBCA) technologies provide a promising solution which can increase smartphone security and mitigate users’ concerns. Until now, research in BBCA technologies has mainly focused on developing...
Preprint
Full-text available
Session authentication schemes establish the identity of the user only at the be-ginning of the session, so they are vulnerable to attacks that tamper with commu-nications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which ar...
Article
This paper offers an up-to-date, comprehensive, extensive and targeted survey on Behavioral Biometrics and Continuous Authentication technologies for mobile devices. Our aim is to help interested researchers to effectively grasp the background in this field and to avoid pitfalls in their work. In our survey, we first present a classification of beh...
Article
Full-text available
Concerns about privacy and frustration over censorship and content blocking urge a great number of users to use privacy enhancing products. This research focuses on anonymity tools, as a Privacy Enhancing Technology (PET), investigating the human values associated with users’ behavior towards them. We use means-end analysis, a methodology we consid...
Article
Purpose Privacy policies emerge as the main mechanism to inform users on the way their information is managed by online service providers, and still remain the dominant approach for this purpose. The literature notes that users find difficulties in understanding privacy policies because they are usually written in technical or legal language even,...
Conference Paper
Information privacy is constantly negotiated when people interact with enterprises and government agencies via the Internet. In this context, all relevant stakeholders take privacy-related decisions. Individuals, either as consumers buying online products and services or citizens using e-government services, face decisions with regard to the use of...
Conference Paper
Full-text available
Smartphones are the most popular personal electronic devices. They are used for all sorts of purposes, from managing bank accounts to playing games. As smartphone apps and services proliferate, the amount of sensitive data stored on or processed by handheld devices rise as well. This practice entails risks, such as violating users’ privacy, stealin...
Thesis
Full-text available
Mobile phones are one of the most popular means of access to the internet. Users, via the telephone, connect to different services such as: Google, social networks, work accounts, banks accounts, etc. Those services, are oftentimes, left running on their device. This practice entails risks, such as, loss or/and the violation of their personal data....
Conference Paper
Full-text available
Mobile phones are one of the most popular means of access to the internet. Users, via the telephone, connect to different services such as: Google, social networks, work accounts, banks accounts, etc. Those services, are many times, left open in their device. This enables risks, such as, loss or/and the violation of their personal data. In addition...
Article
Full-text available
Do people really care about their privacy? Surveys show that privacy is a primary concern for citizens in the digital age. On the other hand, individuals reveal personal information for relatively small rewards, often just for drawing the attention of peers in an online social network. This inconsistency of privacy attitudes and privacy behaviour i...
Article
Standards and best practices for information security awareness programs focus on the content and processes of the programs, without taking into consideration how individuals internalize security-related information and how individuals make security related decisions. Relevant literature, however has identified that individual perceptions, beliefs,...
Conference Paper
Full-text available
Members of online social networks are often under an illusion of privacy, underestimating privacy risks related to their personal information published in their profiles. Current literature identifies privacy awareness as a key factor for enhancing user privacy. This paper identifies awareness raising applications and explores the effectiveness of...
Article
Full-text available
Several studies explore information security awareness focusing on individual and/ or organisational aspects. This paper argues that security awareness processes are associated with interrelated changes that occur at the organisational, the technological and the individual level. We introduce an integrated analytical framework that has been develop...
Conference Paper
Free mobile applications of cloud computing offer a range of diverse services (e.g. gaming, storage etc.) usally in return for delivering personalized advertising to their consenting end-users. In order to do so they may retain a range of personal information such as location and personal preferences. Thus, privacy-related interactions between serv...
Article
Full-text available
E-government initiatives often face citizens’ mistrust, particularly when they involve the collection and processing of personal data. In this paper we present the results of an empirical study regarding citizens’ intention to use a new service offered by the Greek Ministry of Finance, the so-called “tax card”. Tax card is used to collect informati...
Conference Paper
Full-text available
Free mobile applications of cloud computing offer a range of diverse services (e.g. gaming, storage etc.) usally in return for delivering personalized advertising to their consenting endusers. In order to do so they may retain a range of personal information such as location and personal preferences. Thus, privacy-related interactions between servi...
Conference Paper
Full-text available
E-commerce transactions, in addition to the exchange of goods and services for payment, often entail an indirect transaction, where personal data are exchanged for better services or lower prices. This paper analyses buyer’s and seller’s privacy-related strategic choices in e-commerce transactions through game theory. We demonstrate how game theory...
Article
Full-text available
Purpose: Recent global security surveys indicate that security training and awareness programs are not working as well as they could be and that investments made by organizations are inadequate. The purpose of the paper is to increase our understanding of this phenomenon and illuminate the problems that organizations face when trying to establish a...
Conference Paper
Full-text available
Public Key Infrastructure (PKI) is an established technology that has been around for more than fifteen years. However, its adoption follows a very slow pace. Previous research, based either on a theoretical analysis of PKI or on specific cases of PKI implementation, has indicated several possible reasons for PKI non-adoption. In this paper we exam...
Article
Full-text available
Purpose – Recent information security surveys indicate that both the acceptance of international standards and the relative certifications increase continuously. However, it is noted that still the majority of organizations does not know the dominant security standards or does not fully implement them. The aim of this paper is to facilitate the awa...
Conference Paper
Full-text available
Information security awareness is a continuous effort to raise attention to information security and its importance, in order to stimulate security-oriented behaviors. Despite the increasing interest of researchers on the topic and the continuous notifications of global security surveys for its significance, awareness remains a critical issue of in...
Article
Full-text available
As a result of the way that information and communica- tion systems are utilized nowadays, personal data is becom- ing available or can be collected from various sites and in many different ways around the world. Undoubtedly the utilization of personal information leads to several advan- tages, such as personalized and more flexible customer serv-...
Article
Full-text available
This paper explores the way information security awareness connects to the overall information security management framework it serves. To date, the formulation of security awareness initiatives has tended to ignore the important relationship with the overall security management context, and vice versa. In this paper we show that the two processes...
Conference Paper
Full-text available
The need for common understanding and agreement of functional and non-functional requirements is well known and understood by information system designers. This is necessary for both: designing the "correct" system and achieving interoperability with other systems. Security is maybe the best example of this need. If the understanding of the securit...
Chapter
Full-text available
In this chapter we present an overview of the SERENITY approach. We describe the SERENITY model of secure and dependable applications and show how it addresses the challenge of developing, integrating and dynamically maintaining security and dependability mechanisms in open, dynamic, distributed and heterogeneous computing systems and in particular...
Article
Full-text available
Purpose – This paper aims to contribute to the ongoing discourse about the nature of privacy and its role in ubiquitous environments and provide insights for future research. Design/methodology/approach – The paper analyses the privacy implications of particular characteristics of ubiquitous applications and discusses the fundamental principles and...
Chapter
In this chapter we present an innovative approach towards the design and application of Security and Dependability (S&D) solutions for Web services and service-based workflows. Recently, several standards have been published that prescribe S&D solutions for Web services, e.g. OASIS WS-Security. However,the application of these solutions in specific...
Article
In this chapter we present the prospects of the SERENITY approach towards secure and dependable AmI ecosystems and identify issues for further research. We also describe the foreseen impact that the SERENITY model, processes, tools, and technologies can produce.
Article
Full-text available
The aim of this survey is largely exploratory, namely, to discover patterns and trends in the way that practitioners and academics alike tackle the security awareness issue and to have a better understanding of the reasons why security awareness practice remains an unsolved problem. Open coding analysis was performed on numerous publications (artic...
Article
Full-text available
Purpose – The purpose of this paper is to study the way information systems (IS) security researchers approach information security awareness and examine whether these approaches are consistent with the organization theory and IS approaches for the study of organizational processes. Design/methodology/approach – Open coding analysis was performed o...
Chapter
Full-text available
This paper explores privacy perceptions among members of online communities. Fourteen members of MySpace have been interviewed, online, with regard to their attitude towards privacy. Although no major concerns with regard to privacy have been expressed, interviewees described relevant threat scenarios and some reported having endured privacy violat...
Conference Paper
Organizational culture influences the way a) information security is perceived, b) security countermeasures are adopted, and c) the organization reacts to the cultural changes of a new security program. In Information Security Management Outsourcing (ISMO), cultural differences may arise between the organization and the provider, for example confli...
Conference Paper
Full-text available
This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with the...
Conference Paper
Full-text available
This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that help them fulfil security requirements more effectively. We have d...
Article
Purpose – The purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders' perception of risk and its effect on information system (IS) risk management. Design/methodology/approach – Risk management involves a number of human activities which are based on the way the various stakeholde...
Conference Paper
Application developers are often confronted with difficulties in choosing or embedding security mechanisms that are necessary for building secure applications, since this demands possessing expertise in security issues. Involving security experts early in the development process can circumvent this problem. This practice, however, entails high cost...
Conference Paper
Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by emplo...
Article
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by th...
Article
Full-text available
Purpose – Information systems security management is a knowledge‐intensive activity that currently depends heavily on the experience of security experts. However, the knowledge dimension of IS security management has been neglected, both by research and industry. This paper aims to explore the sources of IS security knowledge and the potential role...
Article
The protection of information systems is a major problem faced by organisations. The application of a security policy is considered essential for managing the security of information systems. Implementing a successful security policy in an organisation, however, is not a straightforward task and depends on many factors. This paper explores the proc...
Conference Paper
Full-text available
Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by emplo...
Article
Health Care Establishments (HCE) are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to this effort, but they could become the cause of portability a...
Conference Paper
Most organizations currently build customized security policies by extending the principles and guidelines suggested by generic security policies. This method cannot guarantee that the resulting policies are compatible, neither it can ensure that the resulting protection levels are equivalent. We introduce a Security Policies Repository (SPR), whic...
Conference Paper
Full-text available
With the rapid growth of the Internet, online voting appears to be a reasonable alternative to conventional elections and other opinion expressing processes. Current research focuses on designing and building "voting protocols" that can support the voting process, while implementing the security mechanisms required for preventing fraud and protecti...
Conference Paper
Electronic Government today focuses mainly on offering citizens-enterprises the capability to perform electronically their transactions with the Public Administration (PA). However, the huge potential of ICT has only to a small extent been exploited in the most critical higher level functions of PA, such as the development, monitoring and evaluatio...
Article
Healthcare Establishments (HCE) have are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to this effort, but they could become the cause of portabili...
Article
In this paper the issue of security policy development for health information systems is addressed. Security policy development involves the definition of the policy content, the analysis of the social, organisational, and technical contexts, as well as the organisation of the policy development process. We present the structure of security policie...
Conference Paper
Full-text available
Security management is now acknowledged as a key constituent of Information Systems (IS) management. IS security management traditionally relies on the formation and application of security policies. Most of the research in this field address issues regarding the structure and content of security policies; whereas the context within which security...
Article
This chapter presents the benefits resulting from standardisation in the field of Security in Healthcare Information Systems (HIS). Especially in the EU, standardisation appears as a key element for the effectiveness of the Single Market and the competitiveness of European industry.
Article
The intense need for Healthcare information exchange has revealed a lack of interoperability of systems and applications. Security controls, usually based on proprietary methods and techniques, aggravate the current situation. However, timely development of HIS security standards may improve the interoperability and enable the integration of system...
Conference Paper
Full-text available
Electronic voting has been attracting the attention of governments and research groups with most work on the subject referring to the user requirements such a system should satisfy. For several cases, though, requirement identification seldom goes further than a simple narrative description of a basic set of non- functional characteristics related...
Conference Paper
Full-text available
Research on Information Security has been based on a well-established definition of the subject. Consequently, it has delivered a plethora of methods techniques, mechanisms and tools to protect the so-called security attributes (i.e. availability, confidentiality and integrity) of information. However, modern Information Systems (IS) appear rather...
Conference Paper
Full-text available
Research on Information Security has been based on a well-established definition of the subject. Consequently, it has delivered a plethora of methods, techniques, mechanisms and tools to protect the so-called security attributes (i.e. availability, confidentiality and integrity) of information. However, a modern Information System (IS) appear rathe...
Article
The increasing reliance of organisations on information systems connected to or extending over open data networks has established information security as a critical success factor for modern organisations. Risk analysis appears to be the predominant methodology for the introduction of security in information systems (IS). However, risk analysis is...
Article
The interoperability problems that emerge when information systems cooperate, are often attributed to incompatible security policies. In this paper, we introduce a systemic framework for achieving interoperability when multiple security policies are employed. First, we present a Metapolicy Development System (MDS) for the resolution of interoperabi...
Conference Paper
During the last fifty years Information and Communication Technology (ICT) has contributed to almost all sectors of organized societies. As a result, information security is fundamental for several social and business processes that rely on ICT. One dimension of information security concerns availability of information and computational resources....
Article
The pervasive use of information technology in enterprises of every size and the emergence of widely deployed ubiquitous networking technologies have brought with them a widening need for security. Information system security policy development must begin with a thorough analysis of sensitivity and criticality. Risk analysis methodologies, like CRA...
Article
Healthcare Establishments (HCEs) have developed a major dependency on Information and Communications Technologies (ICT) in the last decade. The increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to make to this effort, but they could ca...
Conference Paper
A considerable number of formal information security models have been developed during the last two decades. We present and discuss some of the most widespread ones that have been successfully applied to the traditional, centralised Information Systems of the past. We show the special security needs of modern information systems that are based on t...
Chapter
This paper demonstrates that Information Systems (IS) are usually examined either from an holistic perspective (an ‘outside-looking-in’ view) or from a systemic perspective (an ‘inlooking-outside’ view). We describe the differences of the two perspectives and argue that when addressing the IS Security problem a synthesis of the above is needed. We...
Article
Full-text available
This paper introduces a knowledge-based approach for the security analysis and design of e-health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of...

Network

Cited By

Projects

Projects (3)
Project
Project goal: Development and validation of a Behavioral Biometrics Continuous Authentication System. This research is co-financed by Greece and the European Union (European Social Fund- ESF) through the Operational Programme «Human Resources Development, Education and Lifelong Learning 2014- 2020» in the context of the project “BioPri-vacy: Development and validation of a Behavioral Biometrics Continuous Authenti-cation System” (MIS 5052062).
Project
The goal of this study show that users’ anonymity and privacy is easily deprived and information is exposed to a knowledgeable seeker. For the data exposure we use only free to use public data bases. Our de-anonymization percentace is 75% at the moment with increase perspectives.