The primary objective of the group is to bring together expertise in education, research and practice in the field of information security and algorithms. Our group members conduct research in areas spanning from the theoretical foundations of cryptography to the design and implementation of leading edge efficient and secure communication protocols.

The key areas of our technological expertise include:

• Design and development of practical cryptographic mechanisms and protocols that can be employed by resource-limited devices such as sensor nodes and RFIDs.

• Design of specific middleware security services that can be easily integrated in larger applications of wireless sensor networks. Implementation and deployment of realistic sensor networks with applications in environmental monitoring, health care, energy management of buildings, etc.

• Design of protocols that focus on providing security and enhancing user privacy in ubiquitous environments that use RFID and other similar technologies. Securing transactions in peer-to-peer networks.

• Design of security protocols and intrusion detection techniques for Ad-Hoc networks, such as authentication and key agreement protocols based on challenge-response and zero-knowledge techniques.

• Design of security architectures for wireless and telecommunication networks (UMTS). Smart card security for e-voting and passport control.

• Design and development low-level cryptographic primitives that can be used in securing the communications in critical applications.

For more information about our research activities, download this brochure or visit this link.

The lab for Cryptography and Information Security provides a facility for R&D in Information and Systems security. For more information about the role and the facilities provided by the lab, please visit this link.

PRACSE (PRactical AspeCts of SEcurity) is an annual event organized at AIT whose goal is to provide a forum for continued activity in the area, to allow the interaction between security researchers and professionals and to give attendees the opportunity to network with experts in the field. PRACSE is a yearly event blending together tutorials, keynote presentations and ongoing work, focusing on issues related to important properties of systems and business security, however, with an emphasis on practical aspects of security.

For more information about past PRACSE events visit this link.

I got my BSc degree from the Computer Science and Engineering Department of the University of Patras, Greece back in 1990 and my MSc and PhD degrees from the University of California, San Diego in 1993 and 1996, respectively. My PhD advisor was Russell Impagliazzo.

PhD Thesis

Title: "Go With The Winners" Algorithms: A Rigorous Analysis and a New Framework for Optimization.

Description: It is the first time an attempt is being made to find the conditions under which a general optimization algorithm can be used to solve problems that troubled researchers for more than two decades. The novelty of this approach is to view the combinatorial structure of the space of solutions as the key idea to understanding the behavior of optimization heuristics. These algorithms are based mainly on intuition or experience and their effectiveness and efficiency have never been analyzed in a satisfactory manner. In particular, very little is known about the types of problems for which they do well, the tradeoff between optimality of the solution found and time spent searching, or how to set the various parameters optimally. This work is the first that attempts to provide a causal connection between the combinatorial structure of these problems and the success of these algorithms and give insight into which problems might be susceptible to a randomized optimization algorithm of wide applicability.

Advisor: Prof. Russell Impagliazzo

COURSES TAUGHT AT AIT:

Introduction to Algorithms – MSIN program, Fall - MSIN
Given a problem, how do we find an efficient algorithm for its solution? Given an algorithm, how can we compare it with other algorithms that solve the same problem? What are the criteria that help us judge the quality of an algorithm? Questions as the above are important from both a theoretical and a practical point of view. The objective of this course is to

• Give students an introduction to the basics, as well as some advanced topics, in the area of designing effective algorithms,

• Familiarize them with existing algorithmic techniques and ongoing research, and (hopefully)

• Make them appreciate the beauty behind efficient algorithms (like a famous computer scientist once said, this is your chance to find out how “Angels program”).

Introduction to Cryptography and Security, Spring – MSIN program and MSITT:
This course aims to provide background knowledge on some of the fundamental issues in the field of cryptography and to serve as an introduction to its applications to secure networking and electronic commerce. In this course we will offer a guided tour in the design of both private key and public key encryption systems which meet the above minimal requirements of security against adversaries who not only can listen to messages but who can also intercept messages, alter them, and maybe have limited access to encryption equipments.
Our mission would be to

• Define security in the presence of adversaries of various capabilities.

• Evaluate current proposals of encryption systems

• Explain why “theory” can be different from “practice” when it comes to real-world applications. In particular, we will see why “in-class” crypto protocols and systems are vulnerable to real-life attacks and show how to convert them to ones that are “fit for application”.

• Present practical examples throughout and provide all the required mathematical background.

Introduction to Sensor Networks, Spring – MSIN program
Sensor networks have attracted much scientific interest during the past few years. These networks use hundreds to thousands of inexpensive wireless sensor nodes over an area for the purpose of monitoring and capturing geographically distinct measurements over a long period of time.
Sensor networks differ from wireless networks in that their nodes are characterized by limited storage, computational and communication capabilities. The power of sensor networks, however, lies in the fact that their nodes are so small and cheap to build that a large number of them can be used to cover an extended geographical area, gather information in-site and propagate it to base stations, thus enabling an accurate and reliable monitoring process.
Example topics covered by this course include:

• Sensor network hardware,
• sensor and measurement models,
• localization and tracking of moving objects,
• routing protocols,
• infrastructure establishment (localization, time synchronization),
• sensor network data storage,
• security and privacy issues,
• sensor tasking and control,
• sensor network software and applications.

Hands-on experience includes laboratory work that considers issues described in class and a course project that gives students the opportunity to apply the knowledge acquired in the course to design innovative protocols and applications related to sensor networks and ubiquitous computing.

In addition to these academic courses, the following courses were designed for professionals and people who want to become familiar with the exciting field of network security:

• Short course on Cryptography and Data Security
• Executive course on Information Security

With regards to the Professional courses, one important aspect of this work is to help create “security aware” professionals because security cannot be taken as an afterthought when designing a system. Security is as strong as its weakest link and the tools used to enforce security are never the weakest link. In the professional courses we have designed we emphasize in the following facts:

• One should not base thinking only on today’s threats as attacks grow in malevolence, automation and frequency. In recent years, we have seen a doubling in incidents per year. This means that in 5 years, we should expect about thirty times as many. Planning for the future must assume a more severe threat model.
• One should understand that security is really a management and not a technology issue as it requires top-to-bottom commitment and enforcement.
• One should realize the necessity for comprehensive security and defense in depth.

 

COURSES TAUGHT IN OTHER INSTITUTES:

1. Polytechnic School of Crete - Department of Informatics

Have taught the following courses as a visiting Professor:

• Spring 2001:
  Theory of Algorithms and Computation (3rd year students - equivalent to CSE105 of the Univ. of California).
• Spring 2001:
  Software Technology Ι (1st year students).
  Sorting methods, Abstract Data Types and Elementary Data Structures (lists, stacks, queues, trees), files in C. Implementations using C.
• Fall 2000:
  Parallel Algorithms (4th year students).
• Fall 2000:
  Introduction to C Programming (1^st year students).

2. University of Athens - Computer Science Department.

• Fall 2001:
  Theory of Algorithms and Computation (4th year students)
• Spring 2008:
  Introduction to Cryptography and Security.

3. University of Athens - Computer Science Department.

Have taught the following courses for the Graduate Program "Logic and Algorithms":

• Spring 2001:
  Algorithms and Complexity, II.
  Turing machines, Decidable - Undecidable Problems, Complexity classes (P, NP, RP, BPP, #P, PSPACE, etc.), Interactive Proof Systems and Inapproximability results.
• Fall 2000:
  Introduction to the design and analysis of algorithms. Basic techniques for the time analysis of an algorithm. Lower bounds. Algorithms for sorting, searching, algorithms for graphs and networks, NP-complete problems and Approximation Algorithms, Design methods (Divide & Conquer, Dynamic Programming, Greedy Algorithms, Amortized Analysis).
• Spring 2000:
  Algorithms and Complexity, II.
• Fall 1999:
  Algorithms and Complexity, I. (See description above).
• Spring 1998:
  Elements of the Probabilistic Method.
  The method can be described as follows: to prove the existence of a combinatorial structure, with certain properties, we construct a suitable probabilistic space and show that an element of this space has the desired properties with positive probability.
  One of the reasons for the quick growth of the probabilistic method is its use in the development of Probabilistic "Techniques and Tools" that are used in the design and analysis of algorithms.

4. University of California, San Diego

Have helped organize the following courses:

• CSE 20: Discrete Mathematics.
  First and Second Order Logic. Proof Methods, Mathematical Induction. Number Theory. Discrete Structures, etc.
• CSE 101: Design and Analysis of Algorithms.
  Introduction to the design and analysis of effective algorithms. Basic techniques for the time analysis of an algorithm. Algorithms for sorting, searching, algorithms for graphs and networks, NP-complete problems.
• CSE 105: Theory of Computation.
  Introduction to formal languages, regular expressions and languages, finite automata, minimization of states, non-regular languages. Grammars and context free languages. Computable sets, Turing machines, recursive functions. Church thesis, undecidable sets and the problem of termination of a Turing machine (Halting problem).
• CSE 141: Computer Architecture.
  Introduction to Computer Architecture. Design of computer systems. Design of processors. Design of control units, memories and I/O systems.
• 1993: Teaching Award.

I consider myself lucky for been able to work with these talented persons!  

SUPERVISING MS Students

• Dimitrios Ketikidis: MSc thesis "DNA Computers: Capabilities and Limitations", Mathematics Department, University of Athens, 2001.
• Dimitrios Foteinakis: "Online Voting", ΑΙΤ 2003
• Ioannis Krontiris and Fotis Nikakis: "Secure and Efficient Data Delivery in Sensor Networks", ΑΙΤ 2003
• Mariana Marin: "A Single Sign-On Solution for Web Applications using WEB services", AIT 2004
• Panagiotis Papadimitriou: "A Comparative Study of Key Management protocols for Sensor Networks", AIT 2004
• Vassilis Gkatzioras: "e-Phaistos: an Identity based E-mail system", AIT 2005
• Vassilis Mylonakis: "Indoor monitoring using sensor networks", AIT 2005. Now pursuing a Ph.D degree at the National Technical University of Athens, Greece.
• Ioannis Kolokouris and Nikos Zarokostas, "SENSENET: Sensor network testbed", AIT 2006
• Ioannis Biternas, "VoIP security", AIT 2006
• Hamed Shoroush and Mastooreh Shalajegheh, "Securing Hierarchical Sensor Networks", AIT 2006. Now pursuing a Ph.D degree at the Computer Science Department of the University of Massachusetts, Amherst, USA.
• Ghassan Karame, "Reputation and Trust handling in P2P systems", AIT 2006. Now pursuing a Ph.D degree at System Security Group, ETH Zürich, SWITZERLAND.
• Aram Yegenian, "Disposable Email Addresses", AIT 2009
• Victor Dibia, "Efficient verification of integrity and authenticity of web resources using identity based cryptography: a RESTful web services implementation", AIT 2010
• Ahmad Sabouri, "Secure information retrieval and data authentication schemes for new generation wireless sensor networks", AIT 2010. Now pursuing a Ph.D degree at Goethe Universitaet Frankfurt am Main

SUPERVISING PhD Students

• Ioannis Krontiris: PhD thesis "Intrusion Prevention and Detection on Sensor Networks", in collaboration with the University of Mannheim, Germany. Degree awarded end 2008
• Thanassis Giannetsos: "Security Middleware for WSN: A framework against attacks in WSN", in collaboration with the University of Aalborg and Center for for TeleInFrastruktur (CTIF), Denmark. Degree awarded end 2011
   

With regards to my previous comment (added Sep 2008) I’ve decided to include here my professional activities from 2009 and onward. I consider this a necessary tradeoff…

• International Conference on Security and Cryptography (SECRYPT 2012), July 24-27, 2012, Rome, Italy.
• 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '12), April 16-18, 2012, Tucson, Arizona, USA.
• 4th International ICST Conference on Security and Privacy in Mobile Information and Communication Systems (MOBISEC '12), June 25, 2012, Frankfurt am Main, Germany .
• Program committee member for 8th IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2012) in conjunction with IEEE PerCom 2012, March 19-23, 2012 - Lugano, Switzerland.
• Program committee member for 5th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2012), May 7-10, 2012, Istanbul, Turkey.
• Program committee member for SecureComm 2011 (7th International Conference on Security and Privacy in Communication Networks), September 7-9, London.
• Program committee member for 6th Mediterranean Conference on Information Systems (MCIS 2011), Track on Mobile, Pervasive and Ubiquitous IS Cyprus - September 3-5, 2011.
• Workshop chair for 3rd Workshop on Privacy and Security in Pervasive Environments (PSPAE 2011) May 25-27, 2011, Crete, Greece.
• Program committee member for 7th International Symposium on Algorithms for Sensor Systems, Wireless Ad Hoc Networks and Autonomous Mobile Entities (AlgoSensors 2011) September 8-9, 2011, Saarbruecken, Germany.
• Program committee member for 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2011) to be held in in Paris, France on February 7–10, 2011.
• Program committee member for 7th Workshop on RFID Security (RFIDSec'10 Asia) to be held in Wuxi, China on 6th–8th April 2011.
• Program committee member for 7th IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2011) in conjunction with IEEE PerCom 2011, March 21-25, 2011, Seattle, USA.
• Program committee member for CCNC 2011 - Security and Content Protection track (8th Annual IEEE Consumer Communications and Networking Conference), January 8-11, 2011, Las Vegas, USA.
• Program committee member for SecureComm 2010 (6th International Conference on Security and Privacy in Communication Networks), September 7-10, Singapore.
• Program committee member for SUTC 2010 (IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing), June 7-9, 2010. Hyatt Regency Newport Beach, Newport Beach, California, USA .
• Program committee member for WISTP 2010 (Workshop in Information Security Theory and Practice), April 12-14, Passau, Germany. Check it out at http://www.wistp.org/wistp-2010/
• Program committee member for the 6th IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS 2010) in conjunction with IEEE PerCom 2010, March 29-April 2, 2010, Mannheim, Germany.
• Program committee member for the 6th Workshop on RFID Security (RFIDSec'10) to be held in Singapore on 22nd–23rd February 2010.
• TPC chair for SecureComm 2009. Visit www.securecomm.org for the CFP.
• Program committee member for WISTP 2009 (Workshop in Information Security Theory and Practice). Check it out at http://www.wistp.org
• Program committee member for Mobisec 2009. Visit www.mobisec.org to find more.

I'm also involved in the following European projects. More information about these and other national projects can be found here.

• Principal investigator for the European Project SafeCity (Duration 2 years, ends April 2013, Funding 320K Euros).
• Principal investigator for the European Project Lotus (Duration 3 years, ends December 2011, Funding 284K Euros).

 

---

  [Added Sep 2008] The following section is EXTREMELY OUTDATED and apologize for this... My current activities involve consulting, reviewing papers and articles, serving as committee member in various conferences and fora, organizing workshops and delivering invited presentations for issues related to security, participating in national and European projects again with emphasis in security, and so on. I promise, however, that SOME DAY this section will be updated...

HONORS - AWARDS (mostly related to my PhD years and before!)

1991 - Today: FULBRIGHT Fellow.

1996 - Today: Invited talks to various universities (Berkeley, Athens, Patras) and conferences (12th WWW Conference-Budapest, 5th InfoCom-Athens, etc.)

1998: Invitation for submission to SIAM Journal of Computing dedicated to best SODA papers.

1992 - 1996: Teaching/Research Assistantships, UC. San Diego.

1993: Teaching Assistant Excellence award.

1991 - 1992: Wooley Graduate Fellowship, UC. San Diego.

1989, 1990: Awarded by the Greek National Institute of Scholarships with the "Best Student of the Academic year" award. Department of Computer Science, University of Patras, Greece.

1989: Summer Scholarship in Belgium through IAESTE.

Research Activity

2002 - Today
Research in Heuristics and Analysis of Algorithms for difficult to solve problems. Algorithms for the secure and efficient propagation of information in Smart Dust Systems.

2002 - Today
Research in Algorithmic Game Theory.
Participation in the program FLAGS (Foundational Aspects of Global Computing Systems). Other partners in this program: Computer Technology Institute (Greece), Computer Science Department - University of Athens, University of Cyprus, University of Paderborn, Universitat Politecnica de Catalunya.

2001 - 2002
Visiting professor, Department of Computer Science, Technical University of Crete, Chania.

1997-1998:
Research in Probabilistic and Approximation Algorithms. Computer Technology Institute, Patras, Greece.

1993-1996:
Research in Probabilistic and Approximation Algorithms. This research was supported by the NSF program of basic research. University of California, San Diego.

Chairing/reviewing/invited talks - old stuff

Session chair for the International Workshop “The vision of Ambient Intelligence Computing (aMIComp)” organized under the auspices of the European Association on Theoretical Computer Science (EATCS)

Invitation to give a talk to the Security track of the prestigious 12th International World Wide Web Conference. 20-24 May 2003, Budapest, Hungary

Invited talk to the scientific track of 5th Info-Com, Sponsored by IEEE, Athens, Greece

Invitation to give a presentation related to Security, COMDEX 2004. AIT was represented in a security event which also had participants from CISCO, IBM, etc…

AIT-MICROSOFT Security conference, 2004

Have helped in the organization of SecureComm 2005, an international IEEE security conference that took place in Athens, in October 2005.

Have been invited to participate in a panel of Experts related to RFID security in the IEEE SecureComm conference.

Presentations at European Security Conference on setting up Europe’s agenda with respect to security (PASR 2004 and PASR 2006). Only a few selected presentations were accepted.

AIT-Intracom Security conference Have presented the topic “Managing the security function: a guided tour” in a conference related to IT security

Invited to talk at the Univ. of Pireaus Presentation with title “Issues in Sensor Network Security”

Program committee member of 2nd International Workshop on Algorithmic Aspects of Wireless Sensor Networks (AlgoSensors), 2006

Reviewer for the International Conference on Distributed Computing in Sensor Systems (DCOSS 2006)

Reviewer for ACM transactions on Sensor Networks

etc...

Please, visit the Algorithms and Security group's web page to find more information about projects I'm running...

• Tassos Dimitriou and Russell Impagliazzo. “Towards an Analysis of Local Optimization Algorithms”. International Symposium in Theory of Computing (STOC), Philadelphia, USA, May 1996.
  Combinatorial algorithms usually combine a greedy approach, which attempts to find better solutions by making small changes, with randomization to prevent the algorithm from getting into a “mental fix”.
  These algorithms have been widely used and tested. Intuitively the combination of randomness and local optimization would seem to give them some advantage over either alone. However, their efficiency and effectiveness have never been analyzed in a satisfactory manner. In particular, very little is known about the types of problems for which they perform well, the expected trade-off between optimality of the solution found and time spent searching, or how to set the various parameters optimally.
  In this work a new algorithm (Go with the Winners) and combinatorial property is introduced so that every problem having this property can be solved efficiently using our algorithm. Thus, this work attempts for the first time to formalize the notion of successful local search in terms of the structural properties of the problem’s solutions.

• Tassos Dimitriou and Russell Impagliazzo. “Go with the Winners for Graph Bisection”. International Symposium on Discrete Algorithms (SODA), San Francisco, Jan. 1998.
  In this work we apply Go with the Winners to the graph bisection problem, a problem of great significance in VLSI design. We show that Go with the Winners approximates the best solution in random graphs of certain densities with planted bisections in polynomial time. We also develop a set of probabilistic tools that may be useful in the analysis of similar problems.
  In particular, our results easily extend to hypergraph bisection, whereas it is not clear whether the other known techniques do.
  As a result we obtain a randomized algorithm that solves the broadest range of instances for this problem.

•  Tassos Dimitriou and Russell Impagliazzo. “A new Framework for Combinatorial Optimization”. Submitted to Siam Journal of Computing
  Many real-life optimization problems are not only difficult to solve but also hard to approximate. Even when theoretically-good approximation algorithms are available, they may be too inefficient in practice. Thus, practitioners turn to heuristics, “quick and dirty” algorithms that usually work well in practice but without having any performance guarantees.
  Up to now the only way to tell whether an algorithm of this sort will be effective for a given problem is to implement and run it.
  The goal of this work is to provide better insights to the question of why certain heuristics work well and give an adequate theoretical understanding of the design of search neighborhoods, rules for selecting starting solutions, and the effectiveness of various search strategies.

• Tassos Dimitriou. “Characterizing the Search Space of Cliques in Random Graphs using Go with the Winners”. International Symposium on AI and Math, (AIM) 2002.
  This work demonstrates the fact that it is possible to experimentally show connections between the combinatorial characteristics of the search space and heuristic performance.
  In this work we make a first attempt to explain the hardness of the CLIQUE problem by revealing the combinatorial characteristics of the space of all possible cliques for graphs generated according to the above distribution. In particular, we consider how the search space decomposes into smaller regions of related solutions by imposing a quality threshold to them. If these regions possess a combinatorial property, the so called “local expansion”, then these regions can be effectively sampled by using enough particles and thus discover the optimal solution.
  Most importantly however, sampling can be used to deduce properties of the search space. These properties can then help optimize heuristic performance and design heuristics that take advantage of this information. Thus the goal of this work is not to compare clique-finding heuristics but to exhibit a way to reveal the combinatorial characteristics of the search space, verify this information experimentally and use it to design good heuristics.
  

• Tassos Dimitriou. “A Wealth of SAT Distributions with Planted Assignments”. 9th International Conference on Principles and Practice of Constraint Programming (CP 2003).
  While it is known how to generate satisfiable instances by reducing certain computational problems to SAT, it is not known how a similar generator can be developed directly for k-SAT.
  In this work we improve upon previous results in many ways. First, we give a generator for instances of MAX k-SAT, the version of k-SAT where one wants to maximize the number of satisfied clauses. Second, we provide a useful characterization of the optimal solution. In our model not only we know how the optimal solution looks like but we also prove it is unique. Finally, we show that our generator has certain useful computational properties among which is the ability to control the hardness of the generated instances, the appearance of an easy-hard-easy pattern in the search complexity for good assignments and a new type of phase transition which is related to the uniqueness of the optimal solution.

• Tassos Dimitriou. “SAT Distributions with Phase Transitions between Decision and Optimization Problems”. IEEE Symposium on Logic in Computer Science (LICS 2003). Workshop on Typical Case Complexity and Phase Transitions.
  We present a generator for SAT instances that produces formulas whose hardness can be finely tuned by two parameters p and delta that control the weights of the clauses. Under the right choice of these parameters an easy-hard-easy pattern in the search complexity emerges which is similar to the patterns observed for traditional SAT distributions.
  What is remarkable, however, is that the generated distributions seem to lie in the middle ground between decision and optimization problems. Increasing the value of p from 0 to 1 has the effect of changing the shape of the computational cost from an easy-hard-easy pattern typical of decision problems to an easy-hard pattern which is typical of optimization problems. Thus our distributions seem to bridge the gap between decision and optimization versions of SAT.

• Tassos Dimitriou. “SAT Distributions with Planted Assignments and Phase Transitions between Decision and Optimization”. To appear in a special issue of Discrete Applied Mathematics, Elsevier Science
  A Journal version of the previous two papers.

• Yiannis Chatzigiannakis, Tassos Dimitriou, Sotiris Nikoletseas, Marios Mavronicolas and Paul Spirakis. “A Comparative Study of Protocols for Efficient Data Propagation in Smart Dust Networks”. 9th International Conference on Parallel and Distributed Computing (EuroPar 2003). Distinguished paper.
  Smart Dust is comprised of a vast number of ultra-small fully autonomous computing and communication devices, with very restricted energy and computing capabilities that co-operate to accomplish a large sensing task. Smart Dust can be very useful in practice i.e. in the local detection of a remote crucial event and the propagation of data reporting its realization to a control center.
  In this work, we have implemented and experimentally evaluated four protocols (PFR, LTP and two variations of LTP which we here introduce) for local detection and propagation in smart dust networks, under new, more general and realistic modeling assumptions. We comparatively study, by using extensive experiments, their behavior highlighting their relative advantages and disadvantages. All protocols are very successful. In the setting we considered here, PFR seems to be faster while the LTP based protocols are more energy efficient.

• Yiannis Chatzigiannakis, Tassos Dimitriou, Sotiris Nikoletseas, Marios Mavronicolas and Paul Spirakis. “A Comparative Study of Protocols for Efficient Data Propagation in Smart Dust Networks”. Parallel Processing Letters, 2004.
  A Journal version of the previous paper.

• Yiannis Chatzigiannakis, Tassos Dimitriou, Sotiris Nikoletseas, Paul Spirakis. “A Probabilistic Forwarding Protocol for Efficient Information Propagation in Sensor Networks”. 5th European Wireless Conference, Barcelona, 2004.
  We study the problem of data propagation in sensor networks, comprised of a large number of very small and low-cost nodes, capable of sensing, communicating and computing. The distributed co-operation of such nodes may lead to the accomplishment of large sensing tasks, having useful applications in practice. We present a new protocol for data propagation towards a control center that avoids flooding by probabilistically favoring certain data transmissions.
  This protocol is very simple, uses only local information and operates under total absence of co-ordination between sensors. As shown by a geometry analysis, the protocol always propagates data to the sink, under ideal network conditions (no failures). Using stochastic processes, we show that the protocol is very energy efficient and present large-scale experimental findings validating the analytical results.

• Tassos Dimitriou, Sotiris Nikoletseas, Paul Spirakis. “The Infection Propagation time of Graphs”. 3rd International Conference on Adhoc Networks, July 2004, Canada.
  Consider k particles, 1 red and k-1 white, chasing each other on the nodes of a graph G. If the red one catches one of the white, it infects it with its color. The newly red particles are now available to infect more white ones. When is it the case that all white will become red? It turns out that this simple question is an instance of information propagation between random walks and has important applications to mobile computing where a set of mobile hosts acts as an intermediary for the spread of information.
  In this paper we model this problem by k concurrent random walks and we develop a set of probabilistic tools that we use to obtain upper bounds on the expected value on the time to infect all the white particles with the red color. We demonstrate that our bounds are tight for special cases (lollipop graphs) but when G is a clique or has nice expansion properties, we prove much smaller bounds for the infection time. We have also evaluated and validated all our results by large scale experiments which we also present and discuss. In particular, the experiments demonstrate that our analytical results for these expander graphs are tight.

• Tassos Dimitriou; Sotiris Nikoletseas; Paul Spirakis, “The infection propagation time of graphs”, Journal of Discrete Applied Mathematics, 2005.
  A journal version of the previous paper.

• Tassos Dimitriou. “How to tell a Good neighborhood from a Bad one”. 3rd International Workshop on Experimental Algorithms, WEA, May 2004.
  Optimization algorithms try to locate optimal solutions in a search graph, whose nodes represent all feasible solutions for the given problem. Two nodes in the search graph are neighboring if one solution results from the other by making a small local change. Such a search graph, however, should not be confused with the input graph, which is usually exponentially smaller than the former. The search graph is implicitly defined by the problem at hand and doesn't have to be computed explicitly.
  It is well known that the definition of the search graph (or the neighborhood of solutions) plays an important role on the success of the underlying algorithm. In this work we study different neighborhoods for testing satisfiability of Boolean formulas and we give evidence that it is possible to determine in advance the effect a neighborhood has on the quality of the solutions found.
  We also show how the choice of the right neighborhood gives rise to simple optimization algorithms that work very well in practice.

• Tassos Dimitriou, I. Krontiris and F. Nikakis. “SPEED: Scalable Protocols for Efficient Event Delivery in Sensor Networks”. Networking 2004, Athens, Greece.
  One of the most eminent problems in sensor networks is the routing of data to a central destination in a robust and efficient manner. In this work we propose a new scalable protocol for propagating information about a sensed event towards a receiving center. Using only local information and total absence of coordination between sensors our protocol achieves to propagate the sensed data to a receiving center by activating only those nodes that lie very close to the optimal path between the source of the event and the destination, resulting in low activation of the network's sensors. Thus the protocol is very energy efficient. Furthermore, our protocol is robust as it manages to propagate the information even when sensors fail with certain probability.

• S. Vassilaras, D. Vogiatzis, T. Dimitriou, G. Yovanof, “Security Considerations for the Centralized Ad-Hoc Network Architecture”, International Workshop on Wireless Ad Hoc Networks (IWWAN) 2004, Finland
  The Centralized Ad-hoc Network Architecture is an enhancement to the HIPERLAN/2 standard that uses additional bandwidth at 60 GHz to improve performance. From the network security point of view the new architecture introduces several additional issues that have to be addressed in order to achieve node authentication, data integrity, confidentiality and immunity to Data Link layer protocol attacks. In this paper, we identify these issues and propose ways of resolving them building on the existing security mechanisms of the HIPERLAN/2 standard.

• Tassos Dimitriou, D. Foteinakis. “A new Zero-Knowledge proof for selecting from a family of sets with application to electronic voting”. In TED Conference on e-Government Electronic democracy: The challenge ahead, March 2005, Italy
  We present a methodology for proving in Zero Knowledge the validity of selecting a subset of a set belonging to predefined family of sets. We apply this methodology in conjunction with electronic voting to provide extended ballot options.
  Our proposed voting scheme supports multiple parties and the selection of a number of candidates from one and only one of these parties. We have implemented this system and provide measures of its computational and communication complexity. We prove that the complexity is linear with respect to the total number of candidates and the number of parties participating in the election.

• Tassos Dimitriou, I. Krontiris and F. Nikakis. “Fast and Scalable Key Establishment in Sensor Networks”. IEEE Monograph on Sensor Network Operations, 2004.
  We present a protocol for key establishment in sensor networks. Unlike random key pre-distribution schemes our protocol does not rely on probabilistic key sharing among sensors. During a quick bootstrapping phase, nodes use their pre-deployed key material to form groups or clusters of small size that share a common key. Inter-cluster communication is then achieved by nodes sharing cluster keys. Our scheme is \emph{scalable} and provides \emph{resiliency} against node capture and replication. This is due to the fact that keys are localized; keys that appear in some part of the network are not used again. So, even if a node is compromised and its keys exposed, an adversary can have access only to a very small portion of the network centered around the compromised node. What is more important however, is that our protocol is optimized for \emph{message broadcast}; when a node has to broadcast a message it doesn't have to encrypt it each time with a key targeted for a specific neighbor. This saves energy and makes re-transmissions unnecessary. Furthermore, our scheme is suited for \emph{data fusion} and aggregation processing; if necessary, nodes can ``peak'' at encrypted data using their cluster key and decide upon forwarding or discarding redundant information.

• Tassos Dimitriou, I. Krontiris and F. Nikakis, “Secure and Efficient Delivery in Sensor Networks”. Submitted for publication.
  In the first part of this work we propose a fast and scalable protocol for propagating information about a sensed event towards the base station. In the second part of this work we present a protocol for communicating securely in sensor networks.
  Our security protocol can be easily applied to the routing algorithm of the first part, maintaining its advantages of efficiency and scalability, something that already proposed security schemes fail to do. Nevertheless, our security protocol can also be applied independently of the routing protocol used in order to provide secure communication in sensor networks.

• Antonis Kalis and Tassos Dimitriou, “Applying Smart Antennas in Sensor Networks for Efficient Routing of Information”. In AlgoSensors 2004.
  In this work we present a routing algorithm for sensor networks that utilizes smart antennas to propagate information about a sensed event towards a receiving centre. The novelty of our approach lies in the fact that our protocol uses only local information and total absence of coordination between sensors. We provide detailed experimental analysis that demonstrates the feasibility of our approach, the necessity of using smart antennas in sensor networks and the advantages that are presented to communication links due to their use. Our protocol is suited for those cases where unexpected changes to the environment (i.e. a fire, a person entering a restricted area, etc.) must be propagated quickly back to the base station without the use of complicated protocols that may deplete the network from its resources. Our protocol is very easy to implement as nodes do not have to decide whether or not to forward the message; the protocol ensures packet delivery and low energy consumption solely by the use of smart antennas on sensor nodes.

• Antonis Kalis and Tassos Dimitriou, “Fast routing in wireless sensor networks using directional transmissions”, in International Journal Mobile Network Design and Innovation, 2005.
  A journal version of the previous paper.

• Tassos Dimitriou, D. Foteinakis. “Secure In-Network Processing in Sensor Networks”. IEEE BASENETS, San Francisco, 2004.
  In this work we present new security mechanisms that can be used to provide secure in-network processing n wireless sensor networks. In particular, this means that we design the security mechanisms with both aggregation and dissemination in mind. Secure aggregation implies that data is forwarded from the sensors in a secure and authenticated way. Thus an adversary cannot issue false data into the network unless of course a particular sensor node has been compromised. Secure dissemination requires that lower level nodes are able to authenticate commands issued by their parents in the hierarchy. For both directions, protection is also provided against eavesdropping and tampering of data.
  Our protocol is simple and scalable and most importantly offers resiliency against node capture and replication as compromised nodes cannot be used to populate and eventually take over the network. Furthermore, it requires minimal key material (just three keys) for the majority of the sensors.

• Tassos Dimitriou, I. Krontiris and F. Nikakis. “A Localized, Distributed Protocol for Secure Information Exchange in Sensor Networks”. 5th IEEE International Workshop on. Algorithms for Wireless, Mobile, Ad Hoc and Sensor Networks, WMAN 05.
  We consider the problem of securing communication between sensor nodes in large-scale sensor networks. We propose a distributed, deterministic key management protocol designed to satisfy authentication and confidentiality, without the need of a key distribution center. Our scheme is scalable and it is resilient against node capture and replication. Furthermore, it is suited for data fusion and aggregation processing. Finally, we describe a mechanism for evicting compromised nodes as well as adding new ones. A security analysis is discussed and simulation experiments are presented.

• Tassos Dimitriou. “Efficient Mechanisms for Secure Inter-node and Aggregation Processing in Sensor Networks”. 4th International Conference on AD-HOC Networks & Wireless (ADHOC NOW), 2005.
  In this work we present a protocol for key establishment in wireless sensor networks. Our protocol is designed so that it supports security of data with various sensitivity levels. In particular, the protocol allows the establishment of a key that can be used for communication with the base station, pairwise keys that can be used to communicate with immediate neighbors and keys that allow for secure in-network processing. This last form of operation includes both secure aggregation and dissemination processing and is beneficial to sensor networks as it saves energy and increases network lifetime. Our proposed protocol is simple and scalable and exhibits resiliency against node capture and replication as keys are localized. Finally, our protocol allows incremental addition of new nodes and revocation of compromised ones, while at the same time offers efficiency in terms of computation, communication and storage requirements.

• Tassos Dimitriou. "A Lightweight RFID protocol to protect against Traceability and Cloning attacks", IEEE International Conference on Security and Privacy for Emerging Areas in Communication Networks, SECURECOMM 2005.
  RFID identification is a new technology that will become ubiquitous as RFID tags will be applied to every-day items in order to yield great productivity gains or "smart" applications for users. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy.
  In this work we present an RFID authentication protocol that enforces user privacy and protects against tag cloning. We designed our protocol with both tag-to-reader and reader-to-tag authentication in mind; unless both types of authentication are applied, any protocol can be shown to be prone to either cloning or privacy attacks. Our scheme is based on the use of a secret shared between tag and database that is refreshed to avoid tag tracing. However, this is done in such a way so that efficiency of identification is not sacrificed. Additionally, our protocol is very simple and it can be implemented easily with the use of standard cryptographic hash functions.
  In analyzing our protocol, we identify several attacks that can be applied to RFID protocols and we demonstrate the security of our scheme. Furthermore, we show how \emph{forward privacy} is guaranteed; messages seen today will still be valid in the future, even after the tag has been compromised.

• Tassos Dimitriou, I. Krontiris, "Autonomic Communication Security in Sensor Networks," 2nd International Workshop on Autonomic Communication, WAC 2005.
  The fact that sensor networks are deployed in wide dynamically changing environment and usually left unattended, calls for nomadic, diverse and autonomic behavior. The nature of security threats in such networks as well as the nature of the network itself raise additional security challenges, so new mechanisms and architectures must be designed to protect them. In an autonomic communication context these mechanisms must be based on self-healing, self-configuration and self-optimization in order to enforce high-level security policies. In this work we discuss the research challenges posed by sensor network security as they apply to the autonomic communication setting.

• I. Chatzigiannakis, T. Dimitriou, S. Nikoletseas and P. Spirakis, “A Probabilistic Algorithm for Efficient and Robust Data Propagation in Wireless Sensor Networks”, in Ad-Hoc Networks Journal, Elsevier, 2005.
  We study the problem of data propagation in sensor networks, comprised of a large number of very small and low-cost nodes, capable of sensing, communicating and computing. The distributed co-operation of such nodes may lead to the accomplishment of large sensing tasks, having useful applications in practice. We present a new protocol for data propagation towards a control center (sink) that avoids flooding by probabilistically favoring certain (close to optimal) data transmissions. Motivated by certain applications (see [1, 15]) and also as a starting point for a rigorous analysis, we study here lattice-shaped sensor networks. We however show that this lattice shape emerges even in randomly deployed sensor networks of sufficient sensor density. Our work is inspired and builds upon the directed diffusion paradigm of [15].
  This protocol is very simple to implement in sensor devices, uses only local information and operates under total absence of co-ordination between sensors. We consider a network model of randomly deployed sensors of sufficient density. As shown by a geometry analysis, the protocol is correct, since it always propagates data to the sink, under ideal network conditions (no failures). Using stochastic processes, we show that the protocol is very energy efficient. Also, when part of the network is inoperative, the protocol manages to propagate data very close to the sink, thus in this sense it is robust. We finally present and discuss large-scale simulation findings validating the analytical results.

• Tassos Dimitriou and Ioannis Krontiris. “GRAViTy: Geographic Routing Around Voids in Sensor Networks”, International Journal of Pervasive Computing and Communications, 2006.
  Nodes in sensor networks do not have enough topology information to make efficient routing decisions. To relay messages through intermediate sensors, geographic routing has been proposed as such a solution. Its greedy nature, however, makes routing inefficient especially in the presence of topology voids or holes. In this paper we present GRAViTy (Geographic Routing Around Voids In any TopologY of sensor networks), a simple greedy forwarding algorithm that combines compass routing along with a mechanism that allows packets to explore the area around voids and bypass them without significant communication overhead. Using extended simulation results we show that our mechanism outperforms the right-hand rule for bypassing voids and that the resulting paths found well approximate the corresponding shortest paths. GRAViTy uses a cross-layered approach to improve routing paths for subsequent packets based on experience gained by former routing decisions. Furthermore, our protocol responds to topology changes, i.e. failure of nodes, and efficiently adjusts routing paths towards the destination.

• Tassos Dimitriou, “A Secure and Efficient RFID Protocol that could make Big Brother (partially) Obsolete”, in 4th Annual IEEE International Conference on Pervasive Computer and Communications (PerCom), 2006.
  Identification by RFID technology has many benefits for users and companies such as better supply chain and inventory management, improved logistics, better product information and control that may eventually lead to improved customer service. However, consumer reaction clearly shows an increasing concern about the use of this technology in violating user privacy and tracking of individuals by the tags they carry.
  In this work we propose a solution to the RFID privacy problem that has the potential to guarantee user privacy without requiring changes to existing infrastructure or reducing business value from the use of RFID technology. We give emphasis to the development of a lightweight protocol that does not incur costly overheads with respect to computation, storage as well as time and effort needed for deployment configuration. For RFID technology to be widely used, security should ship as a ``default" and require no significant effort to configure. We demonstrate the security and efficiency properties of our protocol and we offer some interesting time/space tradeoffs that may lead to further improvements.

• I. Krontiris and Tassos Dimitriou, “Authenticated In-Network Programming for Wireless Sensor Networks,” 5th International Conference on Adhoc Networks and Wireless, 2006
  Current in-network programming protocols for sensor networks allow an attacker to gain control of the network or disrupt its proper functionality by disseminating malicious code and reprogramming the nodes. We provide a protocol that yields source authentication in the group setting like a public-key signature scheme, only with signature and verification times much closer to those of a MAC. We show how this can be applied to an existing in-network programming scheme, namely Deluge, to authenticate code update broadcasts. Our implementation shows that our scheme imposes only a minimal computation and communication overhead to the existing cost of network programming and uses memory recourses efficiently, making it practical for use in sensor networks.

• I. Krontiris and Tassos Dimitriou, “A Practical Authentication Scheme for Wireless Sensor Networks,” ACM Workshop on Real-World Wireless Sensor Networks, 2006
  A companion paper to the above describing our own version of securing Deluge.

• M. Salajegheh, H. Soroush, A. Thomos, I. Krontiris and T. Dimitriou, “.Sense A Secure Framework for Sensor Network Data Acquisition, Monitoring and Command”, Poster paper appearing in ACM Workshop on Real-World Wireless Sensor Networks, 2006
  We present .Sense, an end-to-end security framework for sensor network data acquisition, monitoring and command. In order to provide security service inside the sensor network two security protocols are implemented. The first is a key establishment algorithm in which sensor nodes agree on common keys to use for securing communications among them. The second is a scheme in which the base station can issue commands in authenticated manner to the network. We are also using typical security schemes such as SSL to connect the end-users to the system. A user friendly graphical interface has also been implemented to ease the data analysis process for a non sophisticated end-user.

• Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou, “Providing Transparent Security Services to Sensor Networks”, In IEEE International Conference on Communications (ICC 2007), June 2007, Scotland.
  In this paper we introduce a link layer security platform for wireless sensor networks. At the heart of this platform, lies our key management module facilitating an efficient scalable post-distribution key establishment that allows the platform to provide different security services. We have developed this framework under TinyOs and have tested it with MICA2 motes. To the best of our knowledge this is the first implemented security platform for sensor networks that provides acceptable resistance against node capture attacks and replay attacks. The provision of security services is completely transparent to the user of the framework. Furthermore, being highly scalable and lightweight, this platform is appropriate to be used in a wireless sensor network of hundreds of nodes.

• Tassos Dimitriou, Ghassan Karame and Ioannis Christou, “SuperTrust – A Secure and Efficient Framework for Handling Trust in Super Peer Networks”, 26th Annual ACM Symposium on Principles of Distributed Computing (PODC 2007).
  Short paper. For the full version see below...

• Tassos Dimitriou, Ghassan Karame and Ioannis Christou, “SuperTrust – A Secure and Efficient Framework for Handling Trust in Super Peer Networks”, 9th International Conference on Distributed Computing and Networking (ICDCN 2008).
  In this paper, we describe SuperTrust (Super Peer Trust Handling), a secure framework designed to handle trust relationships in Super peer networks. What distinguishes SuperTrust from other contributions is that trust reports remain encrypted and are never opened during the submission or aggregation processes, thus guaranteeing privacy and anonymity of transactions. As reputations of peers influence their future interactions, we argue that such systems must have properties like fairness and soundness, persistence, eligibility and unreusability of reports, perhaps similar to the properties of current electronic voting systems.
  SuperTrust is a decentralized protocol, based on K-redundant Super peer networks, that guarantees the aforementioned properties and is in some sense complementary to the models proposed for building trust among peers. Additionally the framework is very efficient and minimizes the effects of collusion of malicious Super peers/aggregators. We have tested the framework on a large subset of peers and demonstrated via simulations its superior performance with respect to network stress and response time, when compared to the other proposed protocols.

• Krontiris Ioannis, Tassos Dimitriou and Felix C. Freiling, “Towards Intrusion Detection in Wireless Sensor Networks”, in 13th European Wireless Conference, Paris, France 2007
  
  In this work we study the problem of Intrusion Detection is sensor networks and we propose a lightweight scheme that can be applied to such networks. Its basic characteristic is that nodes monitor their neighborhood and collaborate with their nearest neighbors to bring the network back to its normal operational condition. We emphasize in a distributed approach in which, even though nodes don't have a global view, they can still detect an intrusion and produce an alert. We apply our design principles for the blackhole and selective forwarding attacks by defining appropriate rules that characterize malicious behavior. We also experimentally evaluate our scheme to demonstrate its effectiveness in detecting the afore-mentioned attacks.

• Tassos Dimitriou, “Secure Hierarchical Communications in Distributed Sensor Networks”, in 16th IST Mobile & Wireless Communications Summit, Hungary, 2007.
  Hierarchical processing in sensor networks offers a number of operational advantages that cannot be met by flat networks of sensors. Using hierarchical architectures and in-network processing of information, the communication overhead is minimized by combining data coming from different sources, thus eliminating redundancy, minimizing the number of transmissions and eventually saving valuable network energy.
  In this work we focus on securing this aggregation process for all levels of the network hierarchy. Additionally, we explain how commands can be disseminated securely using the pre-established keys. Our protocol is simple and scalable, offering efficiency in terms of computation, communication and storage overhead. Most importantly, however, it is suited for dynamic networks where configuration actions may change the way the network operates, allowing for cluster reorganization and adaptive formation of new clusters

• Tassos Dimitriou, John Kolokouris and Nikos Zarokostas,  “SenseNeT: A Wireless Sensor Network Testbed”, in The 10-th ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), October 2007.
  Wireless sensor networks have emerged as an exciting new area of research in computer science. Continuously shrinking battery powered nodes are equipped with processing, sensing and RF capabilities. However, deploying a network into a realistic environment requires iteratively reprogramming dozens of nodes, locating them throughout an area large enough to produce an interesting radio topology, and instrumenting them to extract debugging and performance data.
  A number of testbed approaches have been proposed by universities and industry to ease the burden imposed by this deployment exercise. These testbeds vary in the number and type of motes employed and the manner they are connected to the central computer  system. For example a separate wired back-channel is usually used for reprogramming, network management and data logging issues. However, this introduces increased cost due to additional hardware equipment required and exhibits low scalability. In this work, we present an efficient and low cost sensor network testbed that exploits only the wireless channel to transfer data and offers an additional number of benefits to users and  administrators like ease of deployment, ease of use, no need of a wired infrastructure, coping with multiple users at the same time and most importantly scalability.

• Ghassan Karame, Ioannis T. Christou and Tassos Dimitriou, “A Secure Hybrid Reputation Management System for Super-Peer Networks”,  in 5^th IEEE Consumer Communications & Networking Conference, Las Vegas, USA, January 2008.
  In this paper, we propose a novel hybrid system for handling reputation in Super-Peer-based networks by combining the personal history of each user’s interactions with other users, the opinions of peer-friends together with global ratings of peers as they emerge from all of their interactions with other users of the network. We introduce the notion of peer friends in a P2P network and use it to prevent malicious collectives from reducing the reputation of a peer in the network. We also present a secure distributed framework that ensures that trust reports remain encrypted and are never opened during the submission or aggregation process. Computational results from our distributed prototype simulation show that our solution compares favorably with all other proposed methods for handling reputation when subject to various malicious strategies.

• Tassos Dimitriou, “Proxy  Framework for Enhanced RFID Security and Privacy”, in 5^th IEEE Consumer Communications & Networking Conference, Las Vegas, USA, January 2008.
  Radio Frequency IDentification (RFID) is a method of remotely storing and retrieving data using small and inexpensive devices called RFID tags. However, the widespread use of RF Identification also introduces serious security and privacy risks since information about tags can easily be retrieved by hidden readers, thus leading to violation of user privacy and tracking of individuals by the tags they carry.
  In this work we propose a proxy agent framework that uses a personal device for privacy enforcement and increased protection against eavesdropping, impersonation and cloning attacks. Using the proxy a user decides when and where information will be released. In particular, the user can put tags under her control, authenticate requests, release tags, transfer them to new owners, and so on. This is the first framework that unifies previous attempts and presents detailed protocols for all the operations required in such a proxy environment.

•   Ioannis Krontiris, Thanassis Giannetsos, Tassos Dimitriou. “Launching a Sinkhole Attack in Wireless Sensor Networks; the Intruder Side,” in the 1st International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, WiMob 2008.
  One of the reasons that the research of intrusion detection in wireless sensor networks has not advanced significantly is that the concept of “intrusion” is not clear in these networks. In this paper we investigate in depth one of the most severe attacks against sensor networks, namely the sinkhole attack, and we emphasize on strategies that an attacker can follow to successfully launch such an attack. Then we propose specific detection rules that can make legitimate nodes become aware of the threat, while the attack is still taking place. Finally, we demonstrate the attack and present some implementation details that emphasize the little effort that an attacker would need to put in order to break into a realistic sensor network.

• Tassos Dimitriou and Ioannis Krontiris. “Security Issues in Biomedical Wireless Sensor Networks”, in the 1st International Symposium on Applied Sciences in Biomedical and Communication Technologies, Aalborg Denmark, Oct. 2008. Invited paper.
  Within the hospital or extended care environment, there is an overwhelming need for constant monitoring of vital body functions and support for patient mobility. Tomorrow’s biomedical networks will address these needs by incorporating new technologies like wireless sensor networks into their infrastructure. However, wireless transmission of sensitive patient data presents some obvious security concerns. In this paper we discuss these concerns and how they are addressed by existing systems. We also discuss issues that need further consideration, such as run-time composition of security services depending on the criticality of data transmitted along with a solution for practical sensor systems using TinyOS. Finally, we propose intrusion detection as a future research direction for biomedical sensor networks and we elaborate on the main components of such a system.

• Ioannis Krontiris, Thanassis Giannetsos, Tassos Dimitriou. “LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks,” in 4th International Conference on Security and Privacy for Communication Networks, SECURECOMM 2008.
  Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance.
  In this paper, we present a lightweight intrusion detection system, called LIDeA (Lightweight Intrusion DEtection Architecture), designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. We show how such a system can be implemented in TinyOS, which components and interfaces are needed, and what is the resulting overhead imposed.

• Tassos Dimitriou, “RFID-DOT: RFID Delegation and Ownership Transfer made simple,” in 4th International Conference on Security and Privacy for Communication Networks, SECURECOMM 2008.
  In this work we introduce RFID-DOT, a protocol for secure access, Delegation and Ownership Transfer of tags along with a model for formally defining privacy in such an environment. As current RFID tags emit constant identifiers that may help in identifying user habits and tracking of people, RFID-DOT allows a user to securely own tagged products. Once a person becomes the owner of such an item, no one can have access to the tag nor find any information about it. Thus user privacy is guaranteed. Additionally, the protocol is secure against such attacks as tag cloning, tag/reader spoofing, eavesdropping, desynchronization and so on.
  Furthermore, since we don’t expect a tagged item to stay with same owner forever, we provide the means to achieve ownership transfer and release without compromising the privacy of future or past owners. And in the unlikely case where user privacy is compromised, it can be restored in a simple and intuitive manner. Thus RFID-DOT achieves a very strong notion of security that is necessary in RFID ownership transfer: forward and backward privacy.

• Sakis Giannetsos, Tassos Dimitriou, Neeli Prassad. “State of the Art on Defenses against Wormhole Attacks in Wireless Sensor Networks”, Wireless VITAE, Denmark.
  As pervasive interconnection of autonomous sensor devices gave birth to a broad class of exiting new applications, security emerges as a central requirement. Wireless sensor networks are vulnerable to attacks as they are frequently deployed in open and unattended environments. In this paper, we describe the wormhole attack, a severe routing attack against sensor networks that is particularly challenging to defend against. We detail its characteristics and study its effects on the successful operation of a sensor network. We present state-of-the-art research for addressing wormhole related problems in wireless sensor networks and discuss the relative strengths and shortcomings of the proposed solutions. To date, most of the proposed defenses focus on preventive mechanisms that can be applied to protect sensor networks from this kind of attacks. However, no work has been published regarding the possibility of using more sophisticated methods, like intrusion detection systems, to achieve a more complete and autonomic defense mechanism against wormhole attackers. We present our work on intrusion detection and describe how LIDeA, a lightweight IDS framework, can be used for defending against wormhole attackers.

• Ioannis Krontiris, Thanassis Giannetsos, Felix Freiling, Tassos Dimitriou. “Cooperative Intrusion Detection in Wireless Sensor Networks,” in 6th European Conference on Wireless Sensor Networks, February 11th-13th, Cork, Ireland.
  We consider the problem of cooperative intrusion detection in wireless sensor networks where the nodes are equipped with local detector modules and have to identify the intruder in a distributed fashion. The detector modules issue suspicions about an intrusion in the sensor’s neighborhood. We formally define the problem of intrusion detection and identify necessary and sufficient conditions for its solvability. Based on these conditions we develop a generic algorithm for intrusion detection and present simulations and experiments which show the effectiveness of our approach.

• Thanassis Tiropanis, Tassos Dimitriou. “Use of ID-based Cryptography for the Efficient Verification of the Integrity and Authenticity of Web Resources,” in 5th International ICST Conference on Security and Privacy in Communication Networks, SECURECOMM 2009.
  As the amount of information resources on the Web keeps increasing so are the concerns for information integrity, confidentiality and authenticity. In Web 2.0 users are producers as well as consumers of content and metadata, which makes guaranteeing the authenticity and integrity of information critical. The scale of the Web requires that any proposals in this direction require minimal (if any) infrastructural or administrative changes. This paper proposes the use of ID-based cryptography (IBC) to address requirements for integrity and authenticity of Web resources using either the URL/URI of a resource or the DNS name part of if. This approach presents certain challenges, which are discussed along with the pros and cons of different designs and implementations..

• Thanassis Giannetsos, Tassos Dimitriou, Ioannis Krontiris and Neeli R. Prasad. “Arbitrary Code Injection through Self-propagating Worms in Von Neumann Architecture Devices,” In The Computer Journal, Special Issue on Algorithms, Protocols, and Future Applications of Wireless Sensor Networks. Oxford University Press, 2010
  Malicious code (or malware) is defined as software designed to execute attacks on software systems and fulfill the harmful intents of an attacker. As lightweight embedded devices become more ubiquitous and increasingly networked, they present a new and very disturbing target for malware developers. In this paper, we demonstrate how to execute malware on wireless sensor nodes that are based on the von Neumann architecture. We achieve this by exploiting a buffer overflow vulnerability to smash the call stack and intrude a remote node over the radio channel. By breaking the malware into multiple packets, the attacker can inject arbitrarily long malicious code to the node and completely take control of it. Then we proceed to show how the malware can be crafted to become a self-replicating worm that broadcasts itself and propagates over the network hop-by-hop, infecting all the nodes. To our knowledge, this is the first instance of a self-propagating worm that can execute arbitrary code. We also provide a complete implementation of our attack, measure its effectiveness in terms of time taken for the worm to propagate to the entire sensor network and, finally, suggest possible countermeasures.

• Thanassis Giannetsos, Tassos Dimitriou and Neeli R. Prasad. “Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks,” In Black Hat Europe 2010
  The pervasive interconnection of autonomous sensor devices has given birth to a broad class of exciting new applications. At the same time, however, the unattended nature and the limited resources of sensor nodes have created an equal number of vulnerabilities that attackers can exploit in order to gain access in the network and the information transferred within. While much work has been done on trying to defend these networks, little has been done on suggesting sophisticated tools for proving how vulnerable sensor networks are. This work demonstrates a tool that allows both passive monitoring of transactional data in sensor networks, such as message rate, mote frequency, message routing, etc., but also discharge of various attacks against them. To the best of our knowledge, this is the first instance of an attack tool that can be used by an adversary to penetrate the confidentiality and functionality of a sensor network. Results show that our tool can be flexibly applied to different sensor network operating systems and protocol stacks giving an adversary privileges to which she is not entitled to. We hope that our tool will be used proactively, to study the weaknesses of new security protocols, and, hopefully, to enhance the level of security provided by these solutions even further.

• Ioannis Krontiris and Tassos Dimitriou. “Scatter - Secure Code AuthenTicaTion for Efficient Reprogramming in Wireless Sensor Networks,” In the International Journal of Sensor Networks (IJSNet), Special Issue on Technologies, Architectures and Applications for Green Wireless Sensor Networks, 2010
  Currently proposed solutions to secure code dissemination in wireless sensor networks (WSNs) involve the use of expensive public-key digital signatures. In this work we present Scatter, a secure code dissemination scheme that enables sensor nodes to authenticate the program image efficiently. To achieve this, we use a scheme that offers source authentication in the group setting like a public-key signature scheme, but with signature and verification times much closer to those of a MAC. In this way, Scatter avoids the use of Elliptic Key Cryptography and manages to surpass all previous attempts for secure code dissemination in terms of energy consumption, memory and time efficiency. Besides the design and theoretical analysis of the solution, we also report the experimental evaluation of Scatter in two different hardware platforms, Mica2 and MicaZ, which proves its efficiency in practice.

• Thanassis Giannetsos, Tassos Dimitriou, Neeli Prassad. “Detecting Wormholes in Wireless Sensor Networks”, Poster in 3rd ACM Conference on Wireless Network Security (WiSec), March 2010.
  See paper below.

• Tassos Dimitriou and Thanassis Giannetsos. “Wormholes no more? Localized Wormhole Detection and Prevention in Wireless Networks,” In the 6th IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS '10), June 21-23, 2010, Santa Barbara, California, USA.
  A number of protocols have been proposed to date to defend against wormhole attacks in wireless networks by adopting synchronized clocks, positioning devices, or directional antennas. In this work, we introduce a novel approach for detecting wormhole attacks. The proposed algorithm is completely localized and works by looking for simple evidence that no attack is taking place, using only connectivity information as implied by the underlying communication graph, and total absence of coordination. Unlike many existing techniques, it does not use any specialized hardware, making it extremely useful for real-world scenarios. Most importantly, however, the algorithm can always prevent wormholes, irrespective of the density of the network, while its efficiency is not affected even by frequent connectivity changes. We also provide an analytical evaluation of the algorithm's correctness along with an implementation on real sensor devices that demonstrates its efficiency in terms of memory requirements and processing overhead.

• Aram Yegenian and Tassos Dimitriou. “Inexpensive Email Addresses: An Email Spam-Combating System ,” In the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm '10), September 7-9, 2010, Singapore.
  This work proposes an effective method of fighting spam by developing Inexpensive Email Addresses (IEA), a stateless system of Disposable Email Addresses (DEAs). IEA can cryptographically generate exclusive email addresses for each sender, with the ability to re-establish a new email address once the old one is compromised. IEA accomplishes proof-of-work by integrating a challenge-response mechanism to be completed before an email is accepted in the recipient's mail system. The system rejects all incoming emails and instead embeds the challenge inside the rejection notice of Standard Mail Transfer Protocol (SMTP) error messages. The system does not create an out-of-band email for the challenge, thus eliminating email backscatter in comparison to other challenge-response email systems. The system is also effective in identifying spammers by exposing the exact channel, i.e. the unique email address that was compromised, so misuse could be traced back to the compromising party. Usability is of utmost concern in building such a system by making it friendly to the end-user and easy to setup and maintain by the system administrator.

• Ioannis Krontiris, Felix Freiling and Tassos Dimitriou. “Location Privacy in Urban Sensing Networks: Research Challenges and Directions,” In the IEEE Wireless Communications Magazine, Special Issue on Security and Privacy in Emerging Wireless Networks, October 2010
  During the last few years there has been an increasing number of people-centric sensing projects. These combine location information with sensors available on mobile phones, giving birth to a different dimension in sensing our environment and providing us with new opportunities to create collective intelligence systems to address urban-scale problems, like air pollution, noise, traffic, etc. However, as people are directly involved in the collection process, they often inadvertently reveal information about themselves, raising new and important privacy concerns. While standard privacy enhancing technologies exist, they do not fully cover the many peculiarities of these new pervasive applications. The ubiquitous nature of the communication and the storage of location traces compose a complex set of threats on privacy, which we overview in this article. Then, we go through the latest advances in security and privacy protection strategies and we discuss how they fit with this new paradigm of people-centric sensing applications. We hope this work will better highlight the needs for privacy in urban sensing applications and spawn further research in this area.

• Tassos Dimitriou and Ahmad Sabouri. “Privacy Preservation Schemes for Querying Wireless Sensor Networks,” In the 7th IEEE International Workshop on Sensor Networks and Systems for Pervasive Computing (PerSeNS '11), March 21, 2011, Seattle, USA.
  In this work we study the problem of query privacy in large scale sensor networks. Motivated by a novel trust model in which clients query networks owned by trusted entities but operated by potentially untrusted adversaries, we consider several proposals for protecting the identities of the queried sensors.
  Our schemes do not rely on the use of public key cryptography nor do they make any assumptions on the topology of the network. Inspired by the data-centric communication model and the collaborative nature of sensor networks, our proposals distribute the data in random locations to be later retrieved by random direction queries, using only local computations and total absence of coordination. It is perhaps of interest to note that query privacy is achieved using only lightweight, symmetric cryptographic primitives.
  Extensive analytical and experimental results confirm that the proposed protocols can achieve their goals using only minimal communication and storage overhead..

• Thanassis Giannetsos, Tassos Dimitriou and Neeli R. Prasad. “People-centric sensing in assistive healthcare: Privacy challenges and directions,” In Security and Communication Networks, Wiley. February, 2011.
  As the domains of pervasive computing and sensor networking are expanding, there is an ongoing trend towards assistive living and healthcare support environments that can effectively assimilate these technologies according to human needs. Most of the existing research in assistive healthcare follows a more passive approach and has focused on collecting and processing data using a static-topology and an application-aware infrastructure. However, with the technological advances in sensing, computation, storage, and communications, a new era is about to emerge changing the traditional view of sensor-based assistive environments where people are passive data consumers, with one where people carry mobile sensing elements involving large volumes of data related to everyday human activities. This evolution will be driven by people centric sensing and will turn mobile phones into global mobile sensing devices enabling thousands new personal, social, and public sensing applications. In this paper, we discuss our vision for people-centric sensing in assistive healthcare environments and study the security challenges it brings. This highly dynamic and mobile setting presents new challenges for information security, data privacy and ethics, caused by the ubiquitous nature of data traces originating from sensors carried by people. We aim to instigate discussion on these critical issues because people-centric sensing will never succeed without adequate provisions on security and privacy. To that end, we discuss the latest advances in security and privacy protection strategies that hold promise in this new exciting paradigm. We hope this work will better highlight the need for privacy in people-centric sensing applications and spawn further research in this area.

• Thanassis Giannetsos and Tassos Dimitriou. “Spy-Sense: Spyware Tool for executing Stealthy Exploits against Sensor Networks,” In Black Hat USA2011
  The expansion of both pervasive computing and sensor networking enables the design and proliferation of intelligent sensor-based applications. At the same time, sensor network security is a very important research area whose goal is to maintain a high degree of confidentiality, integrity and availability of both information and network resources. However, a common threat that is often overlooked in the design of secure sensor network applications is the existence of spyware programs. As most researchers try to defend against adversaries who plan to physically compromise sensor nodes and disrupt network functionality, the risk of spyware programs and their potential for damage and information leakage is bound to increase in the years to come. This work demonstrates Spy-Sense, a spyware tool that allows the injection of stealthy exploits in the heart of each node in a sensor network. Spy-Sense is undetectable, hard to recognize and get rid of, and once activated, it runs in a discrete background operation without interfering or disrupting normal network operation. It provides the ability of executing a stealthy exploit sequence that can be used to achieve the intruder’s goals while reliably evading detection. To the best of our knowledge, this is the first instance of a spyware program that is able to crack the confidentiality and functionality of a sensor network. By exposing the vulnerabilities of sensor networks to spyware attacks, we hope to instigate discussion on these critical issues because sensor networks will never succeed without adequate provisions on security and privacy.

• Tassos Dimitriou and Ahmad Sabouri. “Pollination: A Data Authentication Scheme for Unattended Wireless Sensor Networks,” In the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-11), Changsha, China, November 16-18, 2011.
  An Unattended Wireless Sensor Network (UWSN) is a recently introduced type of sensor network in which realtime data delivery of information is replaced by periodic, offline collection of the sensed data. In this work we focus on UWSNs operating in a hostile environment where the goal of an attacker is to prevent targeted data from ever reaching the sink. More precisely, we study the Data Authentication problem in the presence of a Mobile Adversary who is aiming to target a sensor’s data and modify it without being detected.
  Inspired by the pollination process in nature, we propose two schemes that diffuse data footprints in the network using message carrying "butterflies". These schemes greatly increase the robustness of the network against data modification attempts by the mobile adversary. Extensive analytical and experimental results confirm the superiority of both Pollination and Pollination Light over previous protocols in terms of both security and communication overhead.


The material presented here is to ensure timely dissemination of scholarly and technical work. If it is going to be used for other than personal use, please contact the corresponding copyright owner...



Last Updated: September 2011

Books

• Tassos D. Dimitriou. "Automata and Formal Languages". Used as textbook for the direction Foundations of Computer Science” of the Computer Science Program of the Hellenic Open University, Summer 2001.
   
• "Security and Privacy in Communication Networks". 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers Series: Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering , Vol. 19 Chen, Yan; Dimitriou, Tassos D.; Zhou, Jianying (Eds.)
   

Book Chapters

• Tassos Dimitriou and Ioannis Krontiris. "Secure In-Network Processing in Sensor Networks", Book chapter in the book "Security in Sensor Networks", Yang Xiao (Eds.), CRC Press, 2006.
   
• Tassos Dimitriou and Dimitris Foteinakis, "Secure Multiparty/Multicandidate Electronic Elections", Book Chapter on Secure eGovernment Web Services, Published by Idea Group Publishing, 2006
   
• I. Krontiris, T. Dimitriou, M. Salajegheh and H. Soroush, "WSN Link-layer Security Frameworks", Book chapter in "Wireless Sensors Networks Security", edited by Jianying Zhou and Javier Lopez, IOS Press, 2007.
   
• Tassos Dimitriou and Ioannis Krontiris, "Secure In-Network Programming in Distributed Sensor Networks", Book Chapter on "Security in Distributed and Networking Systems", Yang Xiao, Yi Pan (eds), World Scientific Publishing Co., 2007.
   
• Thanassis Giannetsos, Ioannis Krontiris, Tassos Dimitriou, Felix C. Freiling, "Intrusion Detection in Wireless Sensor Networks", Book Chapter in "Security in RFID and Sensor Networks," Paris Kitsos, Yan Zhang (eds), Auerbach Publications, CRC Press, Taylor&Francis Group, 2008.
   
• Tassos Dimitriou, "RFID Security: Attacks and countermeasures", Book Chapter in "RFID Security: Techniques, Protocols and System-On-Chip Design", Paris Kitsos, Yan Zhang (eds), Springer Verlag, 2009.