Change search
Refine search result
1 - 22 of 22
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Abdullah, Nazri
    et al.
    Universiti Tun Hussien Onn Malaysia, Malaysia .
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Muftic, Sead
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Security Extensions for Mobile Commerce Objects2014In: SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies, 2014Conference paper (Refereed)
    Abstract [en]

    Electronic commerce and its variance mobile commerce have tremendously increased their popularity in the last several years. As mobile devices have become the most popular mean to access and use the Internet, mobile commerce and its security are timely and very hot topics. Yet, today there is still no consistent model of various m–commerce applications and transactions, even less clear specification of their security. In order to address and solve those issues, in this paper, we first establish the concept of mobile commerce objects, an equivalent of virtual currencies, used for m–commerce transactions. We describe functionalities and unique characteristics of these objects; we follow with security requirements, and then offer some solutions – security extensions of these objects. All solutions are treated within the complete lifecycle of creation and use of the m–commerce objects.

  • 2. Baldini, Gianmarco
    et al.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS. European Commiss, Joint Res Ctr, Inst Protect & Secur Citizen, Ispra, VA, Italy..
    Loeschner, Jan
    Tallacchini, Mariachiara
    European Citizens and Their Trust in Social Networks2014In: Learning and Collaboration Technologies. Technology-Rich Environments for Learning and Collaboration: First International Conference, LCT 2014, Held as Part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014, Proceedings, Part II, Springer International Publishing , 2014Conference paper (Refereed)
    Abstract [en]

    In information and communication technology (ICT) trust has been considered as a crucial component of digital interactions. Trust has been dissected in a variety of potential meanings and dimensions and through the merging of trust in humans and trust in machines. In this paper, we investigate the role and the aggregation of trust in social networks and blogs and how it relates to knowledge production, and its connections to concepts such as reputation and sustainability in the European context. Moreover, we discuss knowledge production in information and communication technology and its relationship to user trust. We develop a view on the co-production of knowledge and trust and propose a policy management framework to support the users in their trusted use of social networks and blogs. This is presented based on an e-health use case analysis considering web based reputation and developing a new reputation scheme.

  • 3.
    Baldini, Gianmarco
    et al.
    Institute for the Protection and Security of the Citizen (IPSC), Italy.
    Kounelis, Ioannis
    Institute for the Protection and Security of the Citizen (IPSC), Italy.
    Nai Fovino, Igor
    Institute for the Protection and Security of the Citizen (IPSC), Italy.
    Neisse, Ricardo
    Institute for the Protection and Security of the Citizen (IPSC), Italy.
    A Framework for Privacy Protection and Usage Control of Personal Data in a Smart City Scenario2013In: Critical Information Infrastructures Security: 8th International Workshop, CRITIS 2013, Amsterdam, The Netherlands, September 16-18, 2013, Revised Selected Papers, Springer Publishing Company, 2013, p. 212-217Conference paper (Refereed)
    Abstract [en]

    In this paper we address trust and privacy protection issues related to identity and personal data provided by citizens in a smart city environment. Our proposed solution combines identity management, trust negotiation, and usage control. We demonstrate our solution in a case study of a smart city during a crisis situation.

  • 4.
    Geneiatakis, Dimitrios
    et al.
    Joint Research Centre of the European Commission.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS. Institute for the Protection and Security of the Citizen, Joint Research Centre (JRC), European Commission, Ispra, VA, Italy.
    Loeschner, Jan
    Joint Research Centre of the European Commission.
    Nai Fovino, Igor
    Joint Research Centre of the European Commission.
    Stirparo, Pasquale
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Security and Privacy in Mobile Cloud Under a Citizen’s Perspective2013In: Cyber Security and Privacy: Trust in the Digital World and Cyber Security and Privacy EU Forum 2013, Brussels, Belgium, April 2013, Revised Selected Papers / [ed] Massimo Felici, Security and Cloud Lab, Hewlett-Packard Laboratories, Springer Berlin/Heidelberg, 2013, p. 16-27Conference paper (Refereed)
    Abstract [en]

    Cloud usage has become a reality in users’ everyday habits (even if sometimes unconsciously), and security and privacy issues in this context have already been subject of consideration by scientific, business and policy-makers communities. However, the increasing use of mobile phones, and, generally speaking mobile smart devices, to access the Cloud, introduced recently in the area the concept of Mobile Cloud. Scope of this paper is to address the security and privacy aspects of the mobile cloud phenomenon, under the citizen perspective, taking as driving example the context of commercial mobile transactions.

  • 5. Geneiatakis, Dimitrios
    et al.
    Nai Fovino, Igor
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS. Institute for the Protection and Security of the Citizen, Italy.
    Stirparo, Pasquale
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS. Institute for the Protection and Security of the Citizen, Italy.
    A Permission verification approach for android mobile applications2015In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 49, p. 192-205Article in journal (Refereed)
    Abstract [en]

    Mobile applications build part of their security and privacy on a declarative permission model. In this approach mobile applications, to get access to sensitive resources, have to define the corresponding permissions in a manifest. However, mobile applications may request access to permissions that they do not require for their execution (over-privileges) and offer opportunities to malicious software to gain access to otherwise inaccessible resources. In this paper, we investigate on the declarative permissions model on which security and privacy services of Android rely upon. We propose a practical and efficient permission certification technique, in the direction of risk management assessment. We combine both runtime information and static analysis to profile mobile applications and identify if they are over-privileged or follow the least privilege principle. We demonstrate a transparent solution that neither requires modification to the underlying framework, nor access to the applications' original source code. We assess the effectiveness of our approach, using a randomly selected varied set of mobile applications. Results show that our approach can accurately identify whether an application is over-privileged or not, whilst at the same time guaranteeing the need of declaring specific permissions in the manifest.

  • 6.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Secure and Trusted Mobile Commerce System based on Virtual Currencies2015Doctoral thesis, monograph (Other academic)
    Abstract [en]

    With the widespread usage of mobile devices and their applications, many areas of innovation have created a multitude of opportunities for mobile technologies to be deployed with very interesting effects. One such new area that emerged in the last few years is mobile commerce. It represents a system where various entities create real–life or digital assets, distribute information about them to interested consumers, execute transactions, accept various types of compensation methods, and finally deliver these assets; all of it in a secure and trusted manner, respecting users’ privacy.

    Since mobile devices are increasingly used for m-commerce, it is important to ensure that users’ data on such devices are kept secure. Mobile devices contain many of our personal and private data and information, since we nowadays use them for all kind of activities, both personal and professional. However, such data and information are not always treated in a secure and privacy friendly way.

    The goal of this thesis is to identify and provide solutions to security related problems found on mobile devices, such as communications, storage and mobile application design, and with the use of cryptocurrencies to combine the findings in the design of a secure mobile commerce system.

    As a result, this thesis describes a design and architecture of a secure e-commerce system, called eAgora, primarily exploiting mobile technology. The system is innovative as it treats digital goods, classified and called mobile commerce objects. Based on the attributes and anticipated use of such specific m–commerce objects, different security and privacy measures for each of them are needed and enforced. The goal was to design a system that deals with mobile commerce in a secure and privacy friendly way in all the lifecycle of the transactions.

    As users are mostly using mobile devices to connect to the proposed services, research first focused on mobile device security and privacy issues, such as insecure storage on the mobile device, insecure handling of user credentials and personal information, and insecure communications. Issues not only coming from the device itself but also from the nature of it; being mobile it is used in a different way that the classical desktop computers. Mobile devices are used in public, in an environment that cannot be controlled, and are interfacing a variety of networks that are not under the mobile device user’s control. Potential attackers’ interest was analysed in different mobile commerce scenarios in order to understand the needs for security enhancements.

    After having analyzed the possible threats, a methodology for mobile application development that would allow many common development errors to be avoided and security and privacy mechanisms to be considered by design was specified. Moreover, in order to provide secure storage and guard against active and passive intruder attacks, a secure Mobile Crypto Services Provider facility that allows storage of data on the UICC cards was designed and implemented.

    In order to secure communications, a secure e-mail application was designed and implemented. The application provides a user-friendly way to encrypt and sign e-mails, using the users’ already working e-mail accounts. The security functionality is completely transparent to users and ensures confidentiality and integrity of e-mail exchange.

    For the mobile commerce system, an architecture that enables exchange of m-commerce objects between different merchants, customers and retailers is proposed. Inthe architecture, policy enforcement and the feature to detect suspicious events that may be illegal and to cooperate with law enforcement was embedded.

    The newly defined technology of virtual currencies is used as a payment facilitator within the proposed architecture. Many of its innovative features are adopted but some are also extended, such as the secure use of the user wallet files, i.e. the files that link the user with the virtual currencies and enable payment transactions between customers and merchants. Although there is no distinction between different virtual currencies, Bitcoin is used as an example of a market valued trading currency to validate and evaluate the proposed secure e-commerce architecture and the findings have been applied on it.

    The thesis provides detailed use cases that demonstrate how the proposed architecture of eAgora functions in different complicated e-trading circumstances and how different security related mechanisms are used. The thesis concludes with the analysis of the research results and with proposed directions for future research and development works.

  • 7.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Security System for Mobile Commerce Applications2013Licentiate thesis, monograph (Other academic)
  • 8.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Baldini, G.
    Muftic, Sead
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Loschner, J.
    An architecture for secure m-commerce applications2013In: Proceedings - 19th International Conference on Control Systems and Computer Science, CSCS 2013, 2013, p. 519-525Conference paper (Refereed)
    Abstract [en]

    As mobile communication technology evolves, more and more features are available to users of mobile devices. The adoption of such features is rapid and the demand for more capabilities is growing, especially with the development of the Internet of Things. One of the most challenging and sensitive concepts used in the always connected mobile world is mobile commerce. Security for mobile financial transactions is of extreme high concern. In this paper we describe the architecture of a secure mcommerce system based on the concepts defined in the FP7 iCore project. We propose a framework that structures an m-commerce system in objects with semantic searching capabilities to provide an efficient and secure handling of system resources and transactions.

  • 9.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Baldini, Gianmarco
    Neisse, Ricardo
    Steri, Gary
    Tallacchini, Mariachiara
    Pereira, Angela Guimaraes
    Building Trust in the Human-Internet of Things Relationship2014In: IEEE technology & society magazine, ISSN 0278-0097, E-ISSN 1937-416X, Vol. 33, no 4, p. 73-80Article in journal (Refereed)
    Abstract [en]

    The concept of the Internet of Things (IoT) was initially proposed by Kevin Ashton in 1998 [1], where it was linked to RFID technology. More recently, the initial idea has been extended to support pervasive connectivity and the integration of the digital and physical worlds [2], encompassing virtual and physical objects, including peopl and places.

  • 10.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Loeschner, Jan
    Joint Research Centre of the European Commission.
    Trust in Mobile Commerce2012In: Proceedings of the User-Centered Trust in Interactive Systems Workshop: a Workshop from NordiCHI 2012 / [ed] Trenton Schulz - Norwegian Computing Center, Norsk Regnesentral (Norwegian Computing Center, NR) , 2012, p. 57-61Conference paper (Refereed)
    Abstract [en]

    This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.

  • 11.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Loeschner, Jan
    Joint Research Centre of the European Commission.
    Mahieu, Vincent
    Joint Research Centre of the European Commission.
    Nordvik, Jean-Pierre
    Joint Research Centre of the European Commission.
    Stirparo, Pasquale
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Muftic, Sead
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Towards a better understanding of the impact of emerging ICT on the safety and security of the Citizen: Digital Citizen Security - a programmatic approach2011In: Proceedings of the First SysSec Workshop - SysSec 2011, Amsterdam, 2011, p. 84-87Conference paper (Refereed)
    Abstract [en]

    The Joint Research Centre (JRC) of the European Commission has taken initiative to investigate, assess and forecast issues of the exploitation of digitalized personal data of citizens in our forthcoming digital society. It responds that way to some of the key challenges put forward in the Communication from the Commission “Europe 2020” and to one of its flagship initiatives, the "A Digital Agenda for Europe". The issues addressed are namely Trust and Security, a vibrant digital single market through building digital confidence and ICT-enabled benefits for the EU society and Intelligent Transport Systems for safer, more secure and more efficient transport and better mobility in Europe. The paper describes the current organization and the research roadmap of the Traceability and Vulnerability Assessment Unit [1] of the JRC and its partners. It illustrates the unit’s objectives for the coming years and into the European Unions 8th Research Framework program in respect to the digital security of citizens. 

  • 12.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Loeschner, Jan
    Scheer, Stefan
    Threats and Risks Associated with m-Commerce Objects2012In: ABSRC Conference Venice 2012 / [ed] CIP - Kataložni zapis o publikaciji Narodna in univerzitetna knjižnica, Edukator d.o.o. Koper, Kidričeva ulica 46, SI-6000 Koper, Slovenia: Edukator d.o.o. Koper , 2012Conference paper (Refereed)
    Abstract [en]

    Mobile phones have already become a frequently used tool for every citizen. As the citizens use them for a big variety of activities it is becoming common and acceptable to use them more and more for m-commerce by executing economical transactions. But what are the risks and threats for the citizen associated with this kind of commercial transactions when interacting mobile? Where will a potential attacker try to gain from? The paper describes concepts involving four basic m-objects (e-tickets, coupons, vouchers and gift cards) and describes the potential phases where a malicious person is more likely going to attack the business process. The concept is in-depth analysing a voucher purchase scenario from a mobile user.

  • 13.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Löschner, J.
    Shaw, D.
    Scheer, S.
    Security of service requests for cloud based m-commerce2012In: MIPRO 2012 - 35th International Convention on Information and Communication Technology, Electronics and Microelectronics - Proceedings, 2012, p. 1479-1483Conference paper (Refereed)
    Abstract [en]

    Cloud usage has already become a reality in users' everyday habits. Combining it with the wide adoption and use of mobile phones, mobile clouds seem to be the next step in mobile business. In our paper we analyze mobile cloud service requests with respect to the relevance they have for m-commerce and economy in large. We describe potential architecture solutions which include the use of UICCs (Universal Integrated Circuit Card). Finally, we illustrate the information flow of such a system with the example of mobile e-tickets and assess such architectures with respect to security, privacy and trust.

  • 14.
    Kounelis, Ioannis
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Muftic, Sead
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Loeschner, Jan
    Secure and Privacy-enhanced E-Mail System based on the Concept of Proxies2014Conference paper (Refereed)
    Abstract [en]

    Security and privacy on the Internet and especially the e-mail, is becoming more and more important and crucial for the user. The requirements for the protection of e-mail include issues like tracking and privacy intrusions by hackers and commercial advertisers, intrusions by casual observers, and even spying by government agencies. In an expanding e-mail use in the digital world, Internet and mobile, the quantity and sensitivity of personal information has also tremendously expanded. Therefore, protection of data and transactions and privacy of user information is key and of interest for many users. Based on such motives, in this paper we present the design and current implementation of our secure and privacy-enhanced e-mail system. The system provides protection of e-mails, privacy of locations from which the e-mail system is accessed, and authentication of legitimate users. Differently from existing standard approaches, which are based on adding security extensions to e-mail clients, our system is based on the concept of proxy servers that provide security and privacy of users and their e-mails. It uses all required standards: S/ MIME for formatting of secure letters, strong cryptographic algorithms, PKI protocols and certificates. We already have the first implementation and an instance of the system is very easy to install and to use.

  • 15.
    Kounelis, Ioannis
    et al.
    Institute for the Protection and Security of the Citizen (IPSC) Joint Research Centre – European Commission, Ispra (Va), Italy.
    Zhao, Hao
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Muftic, Sead
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Secure Middleware for Mobile Phones and UICC Applications2012In: Mobile Wireless Middleware, Operating Systems, and Applications: 4th International ICST Conference, Mobilware 2011, London, UK, June 22-24, 2011, Revised Selected Papers / [ed] Nalini Venkatasubramanian, Vladimir Getov, Stephan Steglich, London: Springer Berlin/Heidelberg, 2012, , p. 10p. 143-152Conference paper (Refereed)
    Abstract [en]

    In this paper we describe our concept, design and current prototype implementation of a new middleware for mobile phones and UICC. The purpose of the middleware is to be used as an interface between applications, loaded in mobile phones, and functionalities of the corresponding supporting modules (applets) stored in UICC. At the moment, our middleware supports only security and mobile payment functions. Our primary goal was to explore the features that multi–application chips provide and to create a new way for handling of sensitive information when stored and used in mobile phones.  Another goal is to extend the middleware to hide technology details of underlying UICC and their applets, so that applications developed on the top of the middleware are independent of the underlying mobile phone technologies. We plan to extend the current version of our middleware module to be used with other UICC applications and alternative mobile operating systems.

  • 16. Scheer, S.
    et al.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Löschner, J.
    Will the cloud make the citizen more vulnerable?: Risk and vulnerability assessment in times of cloud-computing2012In: CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science, 2012, p. 173-176Conference paper (Refereed)
    Abstract [en]

    Through digital traces that are left behind citizens are more and more exposing their personal data, digital identities to third parties in a conscious or mostly unconscious way. The latter is particularly the case for a variety of cloud computing applications implicitly used by a default citizen. To interact in a digital world and to give away personalized information opens the door for several hazards that may occur - deliberately or not. Consequently a citizen becomes vulnerable in various dimensions. Current research tries to re-apply well-known risk analysis strategies within the new context and in particular to cloud-computing scenarios. Final aim would be to identify individual risks in a qualitative and quantitative manner.

  • 17. Scheer, Stefan
    et al.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Loeschner, Jan
    Joint Research Centre of the European Commission.
    Old and new stakeholder functions in m-commerce2012In: Old and new stakeholder functions in m-commerce, Slovenia: Edukator d.o.o. Koper , 2012Conference paper (Refereed)
    Abstract [en]

    Mobile e-commerce (m-commerce) – very much following classical purchase schemes - is dealing with electronic tokens that represent valuables for obtaining goods or services. M-commerce deals with such electronic tokens by using similar functionalities applicable by three principle stakeholders: the individual operating with a mobile device, the service provider that issues an electronic token to the individual, and the venue accepting an electronic token and subsequently delivering the goods or services to the individual.Through an analysis of business processes the purpose of each function can be described together with an assessment of potential failures combined with appropriate mitigation strategies.The paper demonstrates within three typical m-commerce scenarios how electronic tokens are shifted and used within the business processes, which failures may occur and how they could be handled.

  • 18.
    Scheer, Stefan
    et al.
    Joint Research Centre of the European Commission.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Loeschner, Jan
    Joint Research Centre of the European Commission.
    Mahieu, Vincent
    Joint Research Centre of the European Commission.
    Shaw, David
    Joint Research Centre of the European Commission.
    Stirparo, Pasquale
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    CITIZEN DIGITAL FOOTPRINT: State of the art2011Report (Other (popular science, discussion, etc.))
    Abstract [en]

    A citizen is creating while navigating online his digital footprint, which is a steadily increasing trail of personal and individual data. In a growing digital society, a citizen is nowadays navigating not online online but as well in various dimensions such as that of the cyberspace, or in motion as in transportation networks, or simply as being listed or mentioned in digitalized archives. The citizen is interfacing with interconnected entities, in smarter environments, trending to the Internet of Things.

    The impact of emerging information and communication technologies on citizen becomes dramatic under the light of rapid changes in the field of ICT and under the perspective of huge potentials which could be developed and exploited. It is clear that implications on personal integrity and privacy are blatant; hence it becomes more and more obvious that regulatory measures to be applied in future could be in the forefront of research and investigation.This report summarizes the discussions held in the Citizen Digital Footprint (CIDIPRINT) action inrespect:

    - To develop and assess scenarios associated with information recorded when a citizen interacts in a digital smart environment, in particular with the internet of the future and with intelligent transport systemsand

    - To assess the impact of mobile information and communication applications on European citizens with respect to security and safety issues, starting by networking with relevant stakeholders and by gaining knowledge with state of the art and emerging mobile architectures. The report aims to provide the basis for future discussions and as such it will iterate and reflect on issues related to the core work of the CIDIPRINT action. The report is elaborating on the digital footprint of citizens in the 27 EU Member States. It will also look at the facts and then – the digital footprint being of global dimension – compare with elements of the rest of the world.

    The report focuses on state-of-the-art methods about how digital footprints are generated and collected (chapter 3). It investigates the perspectives of users and companies with regard to their roles either as data producer or data consumer (chapter 4). Chapter 5 gives an overview of currently offered business products. Chapter 6 provides an overview of the concerns and aspirations of the three stakeholders: citizen, companies, and governments. The last chapter, eventually, provides a bridge (“business opportunities”) towards an additional document whose content will demonstrate an inventory of possible digital footprint scenarios.

  • 19.
    Stirparo, Pasquale
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Fovino, I. N.
    Taddeo, M.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    In-memory credentials robbery on android phones2013In: 2013 World Congress on Internet Security, WorldCIS 2013, IEEE Computer Society, 2013, p. 88-93Conference paper (Refereed)
    Abstract [en]

    Mobile phones have almost replaced the work of traditional computers and people nowadays use them for both business and personal purposes, in a much more complex way than some years ago. However, the notion of 'mobile phone' has not changed accordingly: the majority of the people consider this device as a phone without thinking the implications of their digital life when using it. In this paper we demonstrate how to steal user's credentials and sensitive information in general from the memory of an Android device. We do so by analysing how mobile applications manage users data when these are loaded in the memory of the device. We use this findings to create a malware application able to retrieve login credentials from memory of the target applications, exploiting vulnerabilities due to both the user behavior and the poor practices when developing mobile applications. Finally, and most importantly, we show that this attack is not noticed by the mobile phone user both in terms of visibility and mobile phone performance.

  • 20.
    Stirparo, Pasquale
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    The MobiLeak Project: Forensics Methodology for Mobile Application Privacy Assessment2012In: 2012 International Conference for Internet Technology and Secured Transactions, ICITST 2012, ICITST , 2012, p. 297-303Conference paper (Refereed)
    Abstract [en]

    When talking about privacy, we talk about infor- mation, about data. There are several aspects that have to be considered when aiming to assess the privacy level of an application. These aspects are the states in which data can exist: data at rest, data in use and data in transit. Each of these require different methodologies and technologies in order to be properly addressed. This paper focuses on the state where data are at rest. It will be shown how common mobile forensics methodologies and tools can be used to assess the privacy level of mobile applications, and therefore how mobile applications store and manage personal information.

  • 21.
    Stirparo, Pasquale
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Nai Fovino, Igor
    Joint Research Centre of the European Commission.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS, Network Systems Laboratory (NS Lab).
    Data-in-use leakages from Android memory - Test and analysis2013In: Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on, IEEE , 2013, p. 701-708Conference paper (Refereed)
    Abstract [en]

    Due to their increasing pervasiveness, smartphones and more in general mobile devices are becoming the citizen’s companions in the daily life activities. Smartphones are today the repositories of our secrets (photos, email), of our money (online e-commerce) and of our identities (social networks accounts). Therefore mobile applications have the responsibility of handling such sensitive and personal information in a proper, secure way. This paper present the second phase of the MobiLeak project, analysing how mobile applications manage users data when these are loaded in the volatile memory of the device. Scope of this work is to raise the awareness of the research and development communities on the poor attention that is generally paid in the secure development of mobile applications.

  • 22.
    Zhang, Feng
    et al.
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Kounelis, Ioannis
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Muftic, Sead
    KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
    Generic, secure and modular (GSM) methodology for design and implementation of secure mobile applications2012In: SECURWARE 2012 - 6th International Conference on Emerging Security Information, Systems and Technologies, Rome, Italy: International Academy, Research and Industry Association (IARIA), 2012, p. 1-6Conference paper (Refereed)
    Abstract [en]

    The generic, secure and modular methodology, described in this paper, provides a generic approach for the design and development of secure mobile applications. It is applicable to multiple mobile phone platforms and mobile operating environments. This approach treats a mobile application in a holistic way and structures it into four groups of modules: user interface modules, communication modules, security modules, and business logic modules. These four groups of modules can be designed and implemented independently and finally be integrated together. This approach not only simplifies the process of design and development of mobile applications, but also improves the reusability and robustness of mobile applications. In addition, this paper proposes a trusted layer model for designing the security modules of mobile applications, which provides generic application interfaces and comprehensive data protection. The paper finally gives an example of a secure mobile application, called SAFE Mobile Wallet, which was designed and implemented using GSM methodology.

1 - 22 of 22
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf