Change search
Refine search result
123 1 - 50 of 140
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the 'Create feeds' function.
  • 1.
    Alexiou, Nikolaos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Gisdakis, Stylianos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Laganà, Marcello
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Towards a secure and privacy-preserving multi-service vehicular architecture2013In: 2013 IEEE 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2013, IEEE , 2013, 6583472- p.Conference paper (Refereed)
    Abstract [en]

    Intensive efforts in industry, academia and standardization bodies have brought vehicular communications (VC) one step before commercial deployment. In fact, future vehicles will become significant mobile platforms, extending the digital life of individuals with an ecosystem of applications and services. To secure these services and to protect the privacy of individuals, it is necessary to revisit and extend the vehicular Public Key Infrastructure (PKI)-based approach towards a multi-service security architecture. This is exactly what this work does, providing a design and a proof-of-concept implementation. Our approach, inspired by long-standing standards, is instantiated for a specific service, the provision of short-term credentials (pseudonyms). Moreover, we elaborate on its operation across multiple VC system domains, and craft a roadmap for further developments and extensions that leverage Web-based approaches. Our current results already indicate our architecture is efficient and can scale, and thus can meet the needs of the foreseen broad gamut of applications and services, including the transportation and safety ones.

  • 2.
    Alexiou, Nikolaos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Laganá, Marcello
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Gisdakis, Stylianos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Khodaei, Mohammad
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    VeSPA: Vehicular security and privacy-preserving architecture2013In: HotWiSec 2013: Proceedings of the 2013 ACM Workshop on Hot Topics on Wireless Network Security and Privacy, 2013, 19-23 p.Conference paper (Refereed)
    Abstract [en]

    Vehicular Communications (VC) are reaching a near deploment phase and will play an important role in improving road safety, driving efficiency and comfort. The industry and the academia have reached a consensus for the need of a Public Key Infrastructure (PKI), in order to achieve security, identity management, vehicle authentication, as well as preserve vehicle privacy. Moreover, a gamut of proprietary and safety applications, such as location-based services and pay-as-you-drive systems, are going to be offered to the vehicles. The emerging applications are posing new challenges for the existing Vehicular Public Key Infrastructure (VPKI) architectures to support Authentication, Authorization and Accountability (AAA), without exposing vehicle privacy. In this work we present an implementation of a VPKI that is compatible with the VC standards. We propose the use of tickets as cryptographic tokens to provide AAA and also preserve vehicle privacy against adversaries and the VPKI. Finally, we present the efficiency results of our implementation to prove its applicability.

  • 3. Babaheidarian, P.
    et al.
    Salimi, S.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Preserving confidentiality in the Gaussian broadcast channel using compute-and-forward2017In: 2017 51st Annual Conference on Information Sciences and Systems, CISS 2017, Institute of Electrical and Electronics Engineers (IEEE), 2017, 7926077Conference paper (Refereed)
    Abstract [en]

    We study the transmission of confidential messages across a wireless broadcast channel with K > 2 receivers and K helpers. The goal is to transmit all messages reliably to their intended receivers while keeping them confidential from the unintended receivers. We design a codebook based on nested lattice structure, cooperative jamming, lattice alignment, and i.i.d. coding. Moreover, we exploit the asymmetric compute-and-forward decoding strategy to handle finite SNR regimes. Unlike previous alignment schemes, our achievable rates are attainable at any finite SNR value. Also, we show that our scheme achieves the optimal sum secure degrees of freedom of 1 for the K-receiver Gaussian broadcast channel with K confidential messages and K helpers.

  • 4. Babaheidarian, P.
    et al.
    Salimi, Somayeh
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Security in the Gaussian interference channel: Weak and moderately weak interference regimes2016In: 2016 IEEE International Symposium on Information Theory - Proceedings, Institute of Electrical and Electronics Engineers (IEEE), 2016, 2434-2438 p., 7541736Conference paper (Refereed)
    Abstract [en]

    We consider a secure communication scenario through the two-user Gaussian interference channel: each transmitter (user) has a confidential message to send reliably to its intended receiver while keeping it secret from the other receiver. Prior work investigated the performance of two different approaches for this scenario; i.i.d. Gaussian random codes and real alignment of structured codes. While the latter achieves the optimal sum secure degrees of freedom (s.d.o.f.), its extension to finite SNR regimes is challenging. In this paper, we propose a new achievability scheme for the weak and the moderately weak interference regimes, in which the reliability as well as the confidentiality of the transmitted messages are maintained at any finite SNR value. Our scheme uses lattice structure, structured jamming codewords, and lattice alignment in the encoding and the asymmetric compute-and-forward strategy in the decoding. We show that our lower bound on the sum secure rates scales linearly with log(SNR) and hence, it outperforms i.i.d. Gaussian random codes. Furthermore, we show that our achievable result is asymptotically optimal. Finally, we provide a discussion on an extension of our scheme to K > 2 users.

  • 5. Babaheidarian, Parisa
    et al.
    Salimi, Somayeh
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Finite-SNR Regime Analysis of The Gaussian Wiretap Multiple-Access Channel2015In: 2015 53rd Annual Allerton Conference on Communication, Control, and Computing, Allerton 2015, 2015, 307-314 p., 7447020Conference paper (Refereed)
    Abstract [en]

    In this work, we consider a K-user Gaussian wiretap multiple-access channel (GW-MAC) in which each transmitter has an independent confidential message for the receiver. There is also an external eavesdropper who intercepts the communications. The goal is to transmit the messages reliably while keeping them confidential from the eavesdropper. To accomplish this goal, two different approaches have been proposed in prior works, namely, i.i.d. Gaussian random coding and real alignment. However, the former approach fails at moderate and high SNR regimes as its achievable result does not grow with SNR. On the other hand, while the latter approach gives a promising result at the infinite SNR regime, its extension to the finite-SNR regime is a challenging task. To fill the gap between the performance of the existing approaches, in this work, we establish a new scheme in which, at the receiver's side, it utilizes an extension of the compute-and-forward decoding strategy and at the transmitters' side it exploits lattice alignment, cooperative jamming, and i.i.d. random codes. For the proposed scheme, we derive a new achievable bound on sum secure rate which scales with log(SNR) and hence it outperforms the i.i.d. Gaussian codes in moderate and high SNR regimes. We evaluate the performance of our scheme, both theoretically and numerically. Furthermore, we show that our sum secure rate achieves the optimal sum secure degrees of freedom in the infinite-SNR regime.

  • 6. Bauer, K.
    et al.
    Boreli, R.
    Carlsson, N.
    Chen, Z.
    Francillon, A.
    Freudiger, J.
    Friedman, A.
    Gambs, S.
    Haddadi, H.
    Hecker, A.
    Hui, P.
    Kaafar, M. -A
    Köpf, B.
    Mahanti, A.
    Önen, M.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Ries, S.
    Salamatian, K.
    Schneider, F.
    Shikfa, A.
    Shue, C.
    Strufe, T.
    Uhlig, S.
    Uzun, E.
    Xie, G.
    Welcome message from the PADE chairs2013In: Welcome message from the PADE chairs  (Editorial), IEEE Computer Society, 2013, lxi-lxii p.Conference paper (Other academic)
  • 7.
    Bohli, J. M.
    et al.
    NEC Research.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Verardi, D.
    EPFL.
    Westhoff, D.
    Resilient Data Aggregation for Unattended WSNs2011In: 6th International IEEE Workshop on PracticalᅵIssues in Building Sensor Network Applicationsᅵ(IEEE SenseApp 2011), in conjunction with the 36th IEEE LCN, IEEE , 2011, 994-1002 p.Conference paper (Refereed)
    Abstract [en]

    Unattended wireless sensor networks (WSNs) collect and store sensed data in the absence of a base station (sink). WSN data aggregation is a widely accepted approach to improve storage and communication efficiency. But the vulnerability of low-cost WSN nodes to compromise makes the use of secure protocols mandatory. As most secure data aggregation algorithms use the base station as a trust anchor, unattended WSNs need new solutions for secure data aggregation. We address exactly this problem, proposing a new resilient data aggregation scheme that protects data integrity and remains robust to a wide range of attacks, integrating Quality-of-Information (QoI) as a defense mechanism. We argue that a QoI metric accompanying every aggregation result is necessary for the WSN user, to assess the quality of obtained data and detect errors or attacks. Even with a significant fraction of the WSN nodes controlled by the attacker, our scheme identifies and mitigates the effect of the attacks. This is supported by our analysis, with simulations of realistic strong attacks. The practicality of our scheme is supported by our proof of concept implementation.

  • 8. Calandriello, G.
    et al.
    Papadimitratos, Panagiotis
    Lioy, A.
    Hubaux, J. -P
    On the Performance of Secure Vehicular Communication Systems2011In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018Article in journal (Refereed)
  • 9. Calandriello, Giorgio
    et al.
    Papadimitratos, Panos
    Hubaux, Jean-Pierre
    Lioy, Antonio
    Efficient and Robust Pseudonymous Authentication in VANET2007In: VANET'07: PROCEEDINGS OF THE FOURTH ACM INTERNATIONAL WORKSHOP ON VEHICULAR AD HOC NETWORKS, 2007, 19-27 p.Conference paper (Refereed)
    Abstract [en]

    Effective and robust operations, as well as security and privacy are critical for the deployment of vehicular ad hoc networks (VANETs). Efficient and easy-to-manage security and privacy-enhancing mechanisms axe essential for the wide-spread adoption of the VANET technology. In this paper, we are concerned with this problem; and in particular, how to achieve efficient and robust pseudonym-based authentication. We design mechanisms that reduce the security overhead for safety beaconing, and retain robustness for transportation safety, even in adverse network settings. Moreover, we show how to enhance the availability and usability of privacy-enhancing VANET mechanisms: Our proposal enables vehicle on-board units to generate their own pseudonyms, without affecting the system security.

  • 10. Ehdaie, M.
    et al.
    Alexiou, Nikolaos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Ahmadian, M.
    Aref, M. R.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Key splitting for random key distribution schemes2012In: Network Protocols (ICNP), 2012 20th IEEE International Conference on, IEEE , 2012, 6459951- p.Conference paper (Refereed)
    Abstract [en]

    A large number of Wireless Sensor Network (WSN) security schemes have been proposed in the literature, relying primarily on symmetric key cryptography. To enable those, Random Key pre-Distribution (RKD) systems have been widely accepted. However, WSN nodes are vulnerable to physical compromise. Capturing one or more nodes operating with RKD would give the adversary keys to compromise communication of other benign nodes. Thus the challenge is to enhance resilience of WSN to node capture, while maintaining the flexibility and low-cost features of RKD. We address this problem, without any special-purpose hardware, proposing a new and simple idea: key splitting. Our scheme does not increase per-node storage, and computation and communication overheads, and it can increase connectivity. More important, it achieves a significant increase in resilience to compromise compared to the state of the art, notably when the adversary does not have overwhelming computational power.

  • 11.
    Ehdaie, Mohammad
    et al.
    CCL, K.N. Toosi University of Technology, Iran.
    Alexiou, Nikolaos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Ahmadian, Mahmoud
    CCL, K.N. Toosi University of Technology, Iran.
    Reza Aref, Mohammad
    CCL, K.N. Toosi University of Technology, Iran.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Key Splitting for Random Key Distribution Schemes2012In: 7th Workshop on Secure Network Protocols (NPSec12), 2012Conference paper (Refereed)
  • 12. Ehdaie, Mohammad
    et al.
    Alexiou, Nikolaos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Attari, Mahmoud Ahmadian
    Aref, Mohammad Reza
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Key splitting: making random key distribution schemes resistant against node capture2015In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, Vol. 8, no 3, 431-445 p.Article in journal (Refereed)
    Abstract [en]

    A large number of random key pre-distribution (RKD) schemes have been proposed in the literature to secure wireless sensor network applications, relying on symmetric key cryptography. However, sensor nodes are exposed to physical compromise by adversaries, who target the symmetric keys stored at each node. With the stolen keys in their possession, the adversaries are then able to compromise communication links between benign nodes. Here, the big challenge arises: how to increase resilience of RKD schemes for wireless sensor networks to node capture, while maintaining the flexibility and low-cost features of RKD? We propose the idea of key splitting to address this problem, without the need of any special-purpose hardware. Our key splitting scheme neither increases per-node storage nor introduces additional computation and communication overheads. Nevertheless, it can achieve better connectivity. More importantly, it significantly increases resilience to node compromise, when the adversary does not have overwhelming computational power.

  • 13. Ehdaie, Mohammad
    et al.
    Alexiou, Nikos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Ahmadian, Mahmoud
    Aref, Mohammad Reza
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    2D Hash Chain robust Random Key Distribution scheme2016In: Information Processing Letters, ISSN 0020-0190, E-ISSN 1872-6119, Vol. 116, no 5, 367-372 p.Article in journal (Refereed)
    Abstract [en]

    Many Random Key Distribution (RKD) schemes have been proposed in the literature to enable security applications in Wireless Sensor Networks (WSNs). A main security aspect of RKD schemes is their resistance against node capture attacks, since compromising the sensors and capturing their keys is a common risk in such networks. We propose a new method, based on a 2-Dimensional Hash Chain (2DHC), that can be applied on any RKD scheme to improve their resilience. Our method maintains the flexibility and low cost features of RKD schemes and it doesn't require any special-purpose hardware or extra memory to store keys in the sensors. We demonstrate that our approach significantly increases the resilience of RKD schemes against node capture at the cost of a few additional computations, while maintaining network connectivity at the same level.

  • 14. Festag, A.
    et al.
    Papadimitratos, Panagiotis
    Tielert, T.
    Design and Performance of Secure Geocast for Vehicular Communication2010In: IEEE Transactions on Vehicular Technology, ISSN 0018-9545, E-ISSN 1939-9359, Vol. 59, no 5, 2456-2471 p.Article in journal (Refereed)
    Abstract [en]

    The characteristics of vehicular communication environments and their networking and application requirements have led to the development of unique networking protocols. They enable vehicle-to-vehicle and vehicle-to-infrastructure communication based on the IEEE 802.11 technology, ad hoc principles, and wireless multihop techniques using geographical positions. These protocols, which are commonly referred to as Geocast, greatly support the vehicular communication and applications but necessitate a tailored security solution that provides the required security level with reasonable processing and protocol overhead, as well as reasonably priced onboard and road-side unit equipment. In this paper, we present the design of a security solution for Geocast, which is based on cryptographic protection, plausibility checks using secure neighbor discovery and mobility-related checks, trustworthy neighborhood assessment, and rate limitation. We analyze the achieved security level of the proposed scheme and assess its overhead and performance. Furthermore, we develop a software-based prototype implementation of a secure vehicular communication system. We find that the proposed security measures could result in a network performance bottleneck in realistic vehicular scenarios. Finally, we analyze the tradeoff between security overhead and protocol performance and determine the minimal processing overhead needed for acceptable performance.

  • 15. Fiore, M.
    et al.
    Casetti, C.
    Chiasserini, C. -F
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Secure Neighbor Position Discovery in Vehicular Networks2011In: Proceedings of the 10th IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net), IEEE , 2011, 71-78 p.Conference paper (Refereed)
    Abstract [en]

    In vehicular ad hoc networks, knowledge of neighbor positions is a requirement in a number of important tasks. However, distributed techniques to perform secure neighbor position discovery, suitable for highly mobile ad hoc environments, are missing. In this paper, we address this need by proposing a lightweight distributed protocol that relies only on information exchange among neighbors, without any need of a-priori trustworthy nodes. We present a detailed security analysis of our protocol in presence of one or multiple adversaries, and we evaluate its performance in a realistic vehicular environment.

  • 16. Fiore, Marco
    et al.
    Casetti, Claudio Ettore
    Chiasserini, Carla-Fabiana
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Discovery and Verification of Neighbor Positions in Mobile Ad Hoc Networks2013In: IEEE Transactions on Mobile Computing, ISSN 1536-1233, E-ISSN 1558-0660, Vol. 12, no 2, 289-303 p.Article in journal (Refereed)
    Abstract [en]

    A growing number of ad hoc networking protocols and location-aware services require that mobile nodes learn the position of their neighbors. However, such a process can be easily abused or disrupted by adversarial nodes. In absence of a priori trusted nodes, the discovery and verification of neighbor positions presents challenges that have been scarcely investigated in the literature. In this paper, we address this open issue by proposing a fully distributed cooperative solution that is robust against independent and colluding adversaries, and can be impaired only by an overwhelming presence of adversaries. Results show that our protocol can thwart more than 99 percent of the attacks under the best possible conditions for the adversaries, with minimal false positive rates.

  • 17. Flury, M.
    et al.
    Poturalski, M.
    Papadimitratos, Panos
    Hubaux, J. -P
    Boudec, J.-Y. Le
    Effectiveness of distance-decreasing attacks against impulse radio ranging2010In: Proceedings of the Third ACM Conference on Wireless Network Security (WiSec), ASSOC COMPUTING MACHINERY , 2010, 117-128 p.Conference paper (Refereed)
    Abstract [en]

    We expose the vulnerability of an emerging wireless ranging technology, impulse radio ultra-wide band (IR-UWB), to distance-decreasing attacks on the physical communication layer (PITY). These attacks violate the security of secure ranging protocols that allow two wireless devices to securely estimate the distance between them, with the guarantee that the estimate is an upper-bound on the actual distance. Such protocols serve as crucial building blocks in security-sensitive applications such as location tracking, physical access control, or localization.Prior works show the theoretical possibility of PHY attacks bypassing cryptographic mechanisms used by secure ranging protocols. They also demonstrates that for physical layers used in ISO 14443 RFID and wireless sensor networks, some PHY attacks are indeed feasible. IR-UWB was proposed as a possible solution, but we show that the de facto standard for IR-UWB, IEEE 802.15.4a, does not automatically provide security against such attacks. We find that with the mandatory modes of the standard an external attacker can decrease the measured distance by as much as 140 meters with a high probability (above 99%).

  • 18. Franz, M.
    et al.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Preface2016In: 9th International Conference on Trust and Trustworthy Computing, TRUST 2016, Springer, 2016Conference paper (Refereed)
  • 19. Freudiger, J.
    et al.
    Raya, M.
    Felegyhazi, M.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Hubaux, J. -P-
    Mix-zones for Location Privacy in Vehicular Networks2007In: Proceedings of the First International Workshop on Wireless Networking for Intelligent Transportation Systems (Win-ITS), 2007Conference paper (Refereed)
    Abstract [en]

    Vehicular Networks (VNs) seek to provide, among other applications, safer driving conditions. To do so, vehicles need to periodically broadcast safety messages providing preciseposition information to nearby vehicles. However, this frequentmessaging (e.g., every 100 to 300ms per car) greatly facilitates the tracking of vehicles, as it suffices to eavesdrop the wireless medium. As a result, the drivers privacy is atstake. In order to mitigate this threat, while complying with the safety requirements of VNs, we suggest the creation ofmix-zones at appropriate places of the VN. We propose to do so with the use of cryptography, and study analytically how the combination of mix-zones into mix-networks brings forth location privacy in VNs. Finally, we show by simulations that the proposed mix system is effective in various scenarios.

  • 20. Galuba, W.
    et al.
    Papadimitratos, P.
    Poturalski, M.
    Aberer, K.
    Despotovic, Z.
    Kellerer, W.
    More on Castor: the Scalable Secure Routing Protocol for Ad-hoc Networks2009Report (Other academic)
    Abstract [en]

    Wireless ad hoc networks are inherently vulnerable,as  any  node  can  disrupt  the  communication  of  potentially  anyother  node  in  the  network.  Many  solutions  to  this  problem  havebeen  proposed.  In  this  paper,  we  take  a  fresh  and  comprehen-sive  approach,  simultaneously  addressing  three  aspects:  security,scalability and adaptability to changing network conditions. Ourcommunication  protocol,  Castor,  occupies  a  unique  point  in  thedesign  space: it  does not  use any  control messages  except simplepacket acknowledgements, and each node makes routing decisionslocally  and  independently  of  other  nodes  without  exchangingrouting state with them. This novel design makes Castor resilientto a wide range of attacks and allows it to scale to large networksizes  and  to  remain  efficient  under  high  mobility.  We  compareCastor  against  four  representative  protocols  from  the  literature.Our  protocol  achieves  up  to  two  times  higher  packet  deliveryrates, particularly in large and highly volatile networks, incursno  or  only  limited  additional  overhead  and  it  is  able  to  survivemore severe attacks and recovers from them faster.

  • 21. Galuba, W.
    et al.
    Papadimitratos, Panagiotis
    Poturalski, M.
    Aberer, Karl
    Despotovic, Z.
    Kellerer, W.
    Castor: Scalable Secure Routing for Ad Hoc Networks2010In: 2010 PROCEEDINGS IEEE INFOCOM, NEW YORK, NY: IEEE , 2010, 1-9 p.Conference paper (Refereed)
    Abstract [en]

    Wireless ad hoc networks are inherently vulnerable, as any node can disrupt the communication of potentially any other node in the network. Many solutions to this problem have been proposed. In this paper, we take a fresh and comprehensive approach that addresses simultaneously three aspects: security, scalability and adaptability to changing network conditions. Our communication protocol, Castor, occupies a unique point in the design space: It does not use any control messages except simple packet acknowledgements, and each node makes routing decisions locally and independently without exchanging any routing state with other nodes. Its novel design makes Castor resilient to a wide range of attacks and allows the protocol to scale to large network sizes and to remain efficient under high mobility. We compare Castor against four representative protocols from the literature. Our protocol achieves up to two times higher packet delivery rates, particularly in large and highly volatile networks, while incurring no or only limited additional overhead. At the same time, Castor is able to survive more severe attacks and recovers from them faster.

  • 22.
    Gerami, Majid
    et al.
    KTH, School of Electrical Engineering (EES).
    Xiao, Ming
    KTH, School of Electrical Engineering (EES), Information Science and Engineering.
    Salimi, S.
    Skoglund, Mikael
    KTH, School of Electrical Engineering (EES), Information Science and Engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Optimal secure partial-repair in distributed storage systems2017In: 2017 51st Annual Conference on Information Sciences and Systems, CISS 2017, Institute of Electrical and Electronics Engineers (IEEE), 2017, 7926093Conference paper (Refereed)
    Abstract [en]

    Consider a distributed storage system where parts of the source file fragments in storage nodes are lost. We denote a storage node that lost a part of its fragments as a faulty storage node and a storage node that lost non of its fragment as a complete storage node. In a process, termed as partial repair, a set of storage nodes (among faulty and complete storage nodes) transmit repairing fragments to other faulty storage nodes to recover the lost fragments. We first investigate the optimal partial repair in which the required bandwidth for recovering the lost fragments is minimal. Next, we assume that an eavesdropper wiretaps a subset of links connecting storage nodes, and overhears a number of repairing fragments. We then study optimal secure partial-repair in which the partial-repair bandwidth is minimal and the eavesdropper obtains no information about the source file by overhearing the repairing fragments. We propose optimal secure codes for exact partial-repair in a special scenario.

  • 23.
    Giannetsos, Thanassis
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Gisdakis, Stylianos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Trustworthy People-Centric Sensing: Privacy, Security and User Incentives Road-Map2014In: 2014 13th Annual Mediterranean Ad Hoc Networking Workshop, MED-HOC-NET 2014, IEEE Computer Society, 2014, 39-46 p.Conference paper (Refereed)
    Abstract [en]

    The broad capabilities of widespread mobile devices have paved the way for People-Centric Sensing (PCS). This emerging paradigm enables direct user involvement in possibly large-scale and diverse data collection and sharing. Unavoidably, this raises significant privacy concerns, as participants may inadvertently reveal a great deal of sensitive information. However, ensuring user privacy, e.g., by anonymizing data they contribute, may cloak faulty (possibly malicious) actions. Thus, PCS systems must not only be privacy-preserving but also accountable and reliable. As an increasing number of applications (e.g., assistive healthcare and public safety systems) can significantly benefit from people-centric sensing, it becomes imperative to meet these seemingly contradicting requirements. In this work, we discuss security, user privacy and incentivization for this sensing paradigm, exploring how to address all aspects of this multifaceted problem. We critically survey the security and privacy properties of state-of-the-art research efforts in the area. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security and privacy do not hinder the deployment of PCS systems.

  • 24.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, T.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    SPPEAR: Security & privacy-preserving architecture for participatory-sensing applications2014In: WiSec 2014 - Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2014, 39-50 p.Conference paper (Refereed)
    Abstract [en]

    Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of participatory sensing (PS). The openness of such systems and the richness of user data they entail raise significant concerns for their security, privacy and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a comprehensive solution. That is, a secure and accountable PS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after a PS system that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving PS entities (servers). We address these seemingly contradicting requirements with our SPPEAR architecture. Our full blown implementation and experimental evaluation demonstrate that SPPEAR is efficient, practical, and scalable. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system is a comprehensive solution that significantly extends the state-of-the-art and can catalyze the deployment of PS applications.

  • 25.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks. Networked Systems Security Group.
    Giannetsos, Thanassis
    KTH, School of Electrical Engineering (EES), Communication Networks. Networked Systems Security Group.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks. Networked Systems Security Group.
    Security, Privacy, and Incentive Provision for Mobile Crowd Sensing Systems2016In: IEEE Internet of Things Journal, ISSN 2327-4662, Vol. 3, no 5, 839-853 p., 7463023Article in journal (Refereed)
    Abstract [en]

    Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of mobile crowd sensing (MCS). The openness of such systems and the richness of data MCS users are expected to contribute to them raise significant concerns for their security, privacy-preservation and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a holistic solution. That is, a secure and accountable MCS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after an MCS architecture that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving and intelligent MCS entities (servers). In this paper, we meet these challenges and propose a comprehensive security and privacy-preserving architecture. With a full blown implementation, on real mobile devices, and experimental evaluation we demonstrate our system's efficiency, practicality, and scalability. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system offers strong security and privacy-preservation guarantees, thus, facilitating the deployment of trustworthy MCS applications.

  • 26.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, Thanassis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    SHIELD: a data verification framework for participatory sensing systems2015In: WiSec '15 Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, ACM Digital Library, 2015Conference paper (Refereed)
    Abstract [en]

    The openness of PS systems renders them vulnerable to malicious users that can pollute the measurement collection process, in an attempt to degrade the PS system data and, overall, its usefulness. Mitigating such adversarial behavior is hard. Cryptographic protection, authentication, authorization, and access control can help but they do not fully address the problem. Reports from faulty insiders (participants with credentials) can target the process intelligently, forcing the PS system to deviate from the actual sensed phenomenon. Filtering out those faulty reports is challenging, with practically no prior knowledge on the participants' trustworthiness, dynamically changing phenomena, and possibly large numbers of compromised devices. This paper proposes SHIELD, a novel data verification framework for PS systems that can complement any security architecture. SHIELD handles available, contradicting evidence, classifies efficiently incoming reports, and effectively separates and rejects those that are faulty. As a result, the deemed correct data can accurately represent the sensed phenomena, even when 45% of the reports are faulty, intelligently selected by coordinated adversaries and targeted optimally across the system's coverage area.

  • 27.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, Thanassis
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    SPPEAR: Security &  Privacy-Preserving Architecture for Mobile Crowd-Sensing ApplicationsManuscript (preprint) (Other academic)
  • 28.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, Thanassis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Android Privacy C(R)ache: Reading your External Storageand Sensors for Fun and Profit2015Report (Other (popular science, discussion, etc.))
    Abstract [en]

    Android's permission system empowers informed privacy decisions when installing third-party applications.  However, examining the access permissions is not enough to assess privacy exposure; even seemingly harmless applications can severely expose user data. This is what we demonstrate here: an application with the common READ_EXTERNAL_STORAGE and the INTERNET permissions can be the basis of extracting and inferring a wealth of private information. What has been overlooked is that such a ``curious'' application can prey on data stored in the Android's commonly accessible external storage or on unprotected phone sensors. By accessing and stealthily extracting data thought to be unworthy of protection, we manage to access highly sensitive information: user identifiers and habits. Leveraging data-mining techniques, we explore a set of popular applications, establishing that there is a clear privacy danger for numerous users installing innocent-looking and but, possibly, ``curious'' applications.

  • 29.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, Thanassis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Security, Privacy & Incentive Provision for Mobile Crowd Sensing Systems2015Report (Other academic)
    Abstract [en]

    Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of Mobile Crowd Sensing (MCS). The openness of such systems and the richness of data MCS users are expected to contribute to them raise significant concerns for their security, privacy-preservation and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a holistic solution. That is, a secure and accountable MCS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after a MCS architecture that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving and intelligent MCS entities (servers). In this work, we meet these challenges and propose a comprehensive security and privacy-preserving architecture. With a full blown implementation, on real mobile devices, and experimental evaluation we demonstrate our system's efficiency, practicality, and scalability. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system offers strong security and privacy-preservation guarantees, thus, facilitating the deployment of trustworthy MCS applications.

  • 30.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Katselis, Dimitrios
    KTH, School of Electrical Engineering (EES), Signal Processing. KTH, School of Electrical Engineering (EES), Automatic Control.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Allocating adversarial resources in wireless networks2013In: 2013 Proceedings of the 21st European Signal Processing Conference (EUSIPCO), IEEE , 2013, 6811603- p.Conference paper (Refereed)
    Abstract [en]

    A plethora of security schemes for wireless sensor networks (WSNs) has been proposed and their resilience to various attacks analyzed; including situations the adversary compromises a subset of the WSN nodes and/or deploys own misbehaving devices. The higher the degree of such intrusion is, the more effective an attack will be. Consider, however, an adversary that is far from omnipotent: How should she attack, how should she deploy her resources to maximally affect the attacked WSN operation? This basic question has received little attention, with one approach considering genetic algorithms for devising an attack strategy [5]. In this work, we recast the problem towards a more systematic treatment and more computationally efficient solutions: a combination of a genetic algorithm with a convex relaxation, and an l(1)-constraint formulation. The devising of near-optimal attack strategies efficiently strengthens the adversary, allowing her to adapt and mount effective and thus harmful attacks even in complex and dynamically changing settings.

  • 31.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Laganà, Marcello
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, Thanassis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    SEROSA: SERvice oriented security architecture for Vehicular Communications2013In: 2013 IEEE Vehicular Networking Conference (VNC), 2013 IEEE, IEEE conference proceedings, 2013, 111-118 p.Conference paper (Refereed)
    Abstract [en]

    Modern vehicles are no longer mere mechanical devices; they comprise dozens of digital computing platforms, coordinated by an in-vehicle network, and have the potential to significantly enhance the digital life of individuals on the road. While this transformation has driven major advancements in road safety and transportation efficiency, significant work remains to be done to support the security and privacy requirements of the envisioned ecosystem of commercial services and applications (i.e., Internet access, video streaming, etc.). In the era when 'service is everything and everything is a service', Vehicular Communication (VC) systems cannot escape from this ongoing trend towards multi-service environments accessible from anywhere. To meet the diverse requirements of vehicle operators and Service Providers (SPs), we present SEROSA, a service-oriented security and privacy-preserving architecture for VC. By synthesizing existing VC standards and Web Services (WS), our architecture provides comprehensive identity and service management while ensuring interoperability with existing SPs. We fully implement our system and extensively assess its efficiency, practicality, and dependability. Overall, SEROSA significantly extends the state of the art and serves as a catalyst for the integration of vehicles into the vast domain of Internet-based services.

  • 32.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Manolopoulos, Vasileios
    KTH.
    Tao, Sha
    KTH, School of Information and Communication Technology (ICT), Integrated Devices and Circuits.
    Rusu, Ana
    KTH, School of Information and Communication Technology (ICT), Integrated Devices and Circuits.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Secure and Privacy-Preserving Smartphone based Traffic Information Systems2015In: IEEE transactions on intelligent transportation systems (Print), ISSN 1524-9050, E-ISSN 1558-0016, Vol. 16, no 3Article in journal (Refereed)
    Abstract [en]

    Increasing smartphone penetration, combined with the wide coverage of cellular infrastructures, renders smartphone-based traffic information systems (TISs) an attractive option. The main purpose of such systems is to alleviate traffic congestion that exists in every major city. Nevertheless, to reap the benefits of smartphone-based TISs, we need to ensure their security and privacy and their effectiveness (e.g., accuracy). This is the motivation of this paper: We leverage state-of-the-art cryptographic schemes and readily available telecommunication infrastructure. We present a comprehensive solution for smartphone-based traffic estimation that is proven to be secure and privacy preserving. We provide a full-blown implementation on actual smartphones, along with an extensive assessment of its accuracy and efficiency. Our results confirm that smartphone-based TISs can offer accurate traffic state estimation while being secure and privacy preserving.

  • 33.
    Gisdakis, Stylianos
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Giannetsos, Athanasios
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Data Verification andPrivacy-respecting User Remuneration in Mobile Crowd Sensing2015Report (Other academic)
    Abstract [en]

    The broad capabilities of current mobile devices have paved the way forMobile Crowd Sensing (MCS) applications. The success of this emergingparadigm strongly depends on the quality of received data which, in turn, iscontingent to mass user participation; the broader the participation, the moreuseful these systems become. This can be achieved if users are gratified fortheir contributions while being provided with strong guarantees for the securityand the privacy of their sensitive information. But this very openness is adouble-edge sword: any of the participants can be adversarial and pollute thecollected data in an attempt to degrade the MCS system output and, overall,its usefulness. Filtering out faulty reports is challenging, with practically noprior knowledge on the participants trustworthiness, dynamically changingphenomena, and possibly large numbers of compromised devices. This workpresents a holistic framework that can assess user-submitted data and siftmalicious contributions while offering adequate incentives to motivate usersto submit better quality data. With a rigorous assessment of our systemâAZssecurity and privacy protection complemented by a detailed experimentalevaluation, we demonstrate its accuracy, practicality and scalability. Overall,our framework is a comprehensive solution that significantly extends thestate-of-the-art and can catalyze the deployment of MCS applications.

  • 34. Haas, Z. J.
    et al.
    Deng, J.
    Liang, B.
    Papadimitratos, Panagiotis
    Sajama, S.
    Wireless ad hoc networks2003In: Encyclopedia of Telecommunications / [ed] John G. Proakis, John Wiley & Sons, 2003, 1Chapter in book (Other academic)
  • 35. Haas, Zygmunt J.
    et al.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Secure end-to-end communication in mobile ad hoc networks2003Patent (Other (popular science, discussion, etc.))
    Abstract [en]

    A secure routing protocol for an ad hoc network requires only that the communicating end nodes have a security association. The protocol combines a secure route discovery protocol and a secure message transmission (SMT) protocol to provide comprehensive security. The secure routing protocol provides connectivity information through the discovery of one or more routes in the presence of adversaries that actively disrupt the routing operation. A route discovery request is sent from a source node to a destination node, which responds by sending a reply over the same route taken by the request. The source and destination nodes use a shared secret key to verify the authenticity of the request, reply and determined route. Using a discovered plurality of routes, The SMT protocol separates messages to be transmitted into multiple segments and routes the segments across the set of routes simultaneously. The destination node sends feedback to the source which identities which segments were received. The source uses this information to resend segments that were not received and identify failed routes. If not sufficiently many or no routes at all are available, a new route discovery is initiated.

  • 36. Haghani, P.
    et al.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Poturalski, M.
    Aberer, K.
    Hubaux, J. -P
    Efficient and Robust Secure Aggregation for Sensor Networks2007In: Proceedings of the Third IEEE ICNP Workshop on Secure Network Protocols (NPSec), 2007, 1-6 p.Conference paper (Refereed)
    Abstract [en]

    Wireless Sensor Networks (WSNs) rely on in networkaggregation for efficiency, however, this comes at aprice: A single adversary can severely influence the outcomeby contributing an arbitrary partial aggregate value. Securein-network aggregation can detect such manipulation [2]. Butas long as such faults persist, no aggregation result can beobtained. In contrast, the collection of individual sensor nodevalues is robust and solves the problem of availability, yet in an inefficient way. Our work seeks to bridge this gap in secure data collection: We propose a system that enhances availability with an efficiency close to that of in-network aggregation. To achieve this, our scheme relies on costly operations to localize and exclude nodes that manipulate the aggregation, but only when a failure is detected. The detection of aggregation disruptions and the removal of faulty nodes provides robustness. At the same time, after removing faulty nodes, the WSN can enjoy low cost (secure) aggregation. Thus, the high exclusion cost is amortized, and efficiency increases.

  • 37. Harsch, C.
    et al.
    Festag, A.
    Papadimitratos, P.
    Secure Position-Based Routing for VANETs2007In: Proceedings of the IEEE 66th Vehicular Technology Conference (VTC-Fall), 2007, 26-30 p.Conference paper (Refereed)
  • 38. Hollick, Matthias
    et al.
    Nita-Rotaru, Cristina
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Perrig, Adrian
    Schmid, Stefan
    Toward a Taxonomy and Attacker Model for Secure Routing Protocols2017In: Computer communication review, ISSN 0146-4833, E-ISSN 1943-5819, Vol. 47, no 1, 43-48 p.Article in journal (Refereed)
    Abstract [en]

    A secure routing protocol represents a foundational building block of a dependable communication system. Unfortunately, currently no taxonomy exists to assist in the design and analysis of secure routing protocols. Based on the Dagstuhl Seminar 15102, this paper initiates the study of more structured approaches to describe secure routing protocols and the corresponding attacker models, in an effort to better understand existing secure routing protocols, and to provide a framework for designing new protocols. We decompose the routing system into its key components based on a functional model of routing. This allows us to classify possible attacks on secure routing protocols. Using our taxonomy, we observe that the most eective attacks target the information in the control plane. Accordingly, unlike classic attackers whose capabilities are often described in terms of computation complexity we propose to classify the power of an attacker with respect to the reach, that is, the extent to which the attacker can influence the routing information indirectly, beyond the locations under its direct control.

  • 39.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Khodaei, Mohammad
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Security and Privacy in Vehicular Social Networks2016In: Vehicular Social Networks, Taylor & Francis Group, 2016Chapter in book (Other academic)
  • 40.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Khodaei, Mohammad
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Security and Privacy in Vehicular Social Networks2016In: Vehicular Social Networks, Taylor & Francis Group, 2016Chapter in book (Other academic)
  • 41.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Poster: Bloom Filter based certificate validation for VANET2017In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Association for Computing Machinery (ACM), 2017, 273-274 p.Conference paper (Refereed)
    Abstract [en]

    Security and privacy are important properties that have to be considered for the adoption of Vehicular Ad-hoc Networks (VANETs). Short-lived credentials, termed pseudonyms, are used to ensure message integrity and authentication while preserving vehicle (thus, their passengers') privacy. However, this introduces extra communication and computation overhead: pseudonyms have to be attached to the messages and signatures on pseudonyms and messages need to be verified before they can be accepted. In this poster, we are concerned with computation overhead for pseudonym validation. We preload vehicular On-Board Units (OBUs) with a Bloom Filter (BF) to facilitate pseudonym validation while traditional approach (i.e., signature verification on pseudonyms) can still be preserved as a fallback approach. We evaluate our scheme on automotive testbed with a preliminary implementation. Our scheme provides low processing delay for pseudonym validation at a cost of communication overhead for pre-downloading the BF.

  • 42.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Poster: Bloom Filter based certificate validation for VANET2017In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Association for Computing Machinery (ACM), 2017, 273-274 p.Conference paper (Refereed)
    Abstract [en]

    Security and privacy are important properties that have to be considered for the adoption of Vehicular Ad-hoc Networks (VANETs). Short-lived credentials, termed pseudonyms, are used to ensure message integrity and authentication while preserving vehicle (thus, their passengers') privacy. However, this introduces extra communication and computation overhead: pseudonyms have to be attached to the messages and signatures on pseudonyms and messages need to be verified before they can be accepted. In this poster, we are concerned with computation overhead for pseudonym validation. We preload vehicular On-Board Units (OBUs) with a Bloom Filter (BF) to facilitate pseudonym validation while traditional approach (i.e., signature verification on pseudonyms) can still be preserved as a fallback approach. We evaluate our scheme on automotive testbed with a preliminary implementation. Our scheme provides low processing delay for pseudonym validation at a cost of communication overhead for pre-downloading the BF.

  • 43.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Proactive certificate validation for VANETs2017In: IEEE Vehicular Networking Conference, VNC, IEEE Computer Society, 2017, 7835974Conference paper (Refereed)
    Abstract [en]

    Security and privacy in Vehicular Ad-hoc Networks (VANETs) mandates use of short-lived credentials (pseudonyms) and cryptographic key pairs. This implies significant computational overhead for vehicles, needing to validate often numerous such pseudonyms within a short period. To alleviate such a bottleneck that could even place vehicle safety at risk, we propose a proactive pseudonym validation approach based on Bloom Filters (BFs). We show that our scheme could liberate computational resources for other (safety- and time-critical) operations with reasonable communication overhead without compromising security and privacy.

  • 44.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Proactive certificate validation for VANETs2017In: IEEE Vehicular Networking Conference, VNC, IEEE Computer Society, 2017, 7835974Conference paper (Refereed)
    Abstract [en]

    Security and privacy in Vehicular Ad-hoc Networks (VANETs) mandates use of short-lived credentials (pseudonyms) and cryptographic key pairs. This implies significant computational overhead for vehicles, needing to validate often numerous such pseudonyms within a short period. To alleviate such a bottleneck that could even place vehicle safety at risk, we propose a proactive pseudonym validation approach based on Bloom Filters (BFs). We show that our scheme could liberate computational resources for other (safety- and time-critical) operations with reasonable communication overhead without compromising security and privacy.

  • 45.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Resilient collaborative privacy for Location-Based services2015In: 20th Nordic Conference on Secure IT Systems, NordSec 2015, Springer, 2015, 47-63 p.Conference paper (Refereed)
    Abstract [en]

    Location-based Services (LBSs) provide valuable services, with convenient features for users. However, the information disclosed through each request harms user privacy. This is a concern particularly with honest-but-curious LBS servers, which could, by collecting requests, track users and infer additional sensitive user data. This is the motivation of both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome the disadvantages of centralized schemes, eliminating anonymizers and enhancing users’ control over sensitive information. However, an insecure decentralized system could pose even more serious security threats than privacy leakage. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. Our design leverages architectures proposed for large scale mobile systems, while it incurs minimal changes to LBS servers as it can be deployed in parallel to the LBS servers. This further motivates the adoption of our design, in order to cater to the needs of privacy-sensitive users. We provide an analysis of security and privacy concerns and countermeasures, as well as a performance evaluation of basic protocol operations showing the practicality of our design.

  • 46.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Resilient privacy protection for location-based services through decentralization2017In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Association for Computing Machinery (ACM), 2017, 253-258 p.Conference paper (Refereed)
    Abstract [en]

    Location-based Services (LBSs) provide valuable features but can also reveal sensitive user information. Decentralized privacy protection removes the need for a so-called anonymizer, but relying on peers is a double-edged sword: adversaries could mislead with fictitious responses or even collude to compromise their peers' privacy. We address here exactly this problem: we strengthen the decentralized LBS privacy approach, securing peer-to-peer (P2P) interactions. Our scheme can provide precise timely P2P responses by passing proactively cached Point of Interest (POI) information. It reduces the exposure both to the honest-but-curious LBS servers and peer nodes. Our scheme allows P2P responses to be validated with very low fraction of queries affected even if a significant fraction of nodes are compromised. The exposure can be kept very low even if the LBS server or a large set of colluding curious nodes collude with curious identity management entities.

  • 47.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Resilient privacy protection for location-based services through decentralization2017In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Association for Computing Machinery (ACM), 2017, 253-258 p.Conference paper (Refereed)
    Abstract [en]

    Location-based Services (LBSs) provide valuable features but can also reveal sensitive user information. Decentralized privacy protection removes the need for a so-called anonymizer, but relying on peers is a double-edged sword: adversaries could mislead with fictitious responses or even collude to compromise their peers' privacy. We address here exactly this problem: we strengthen the decentralized LBS privacy approach, securing peer-to-peer (P2P) interactions. Our scheme can provide precise timely P2P responses by passing proactively cached Point of Interest (POI) information. It reduces the exposure both to the honest-but-curious LBS servers and peer nodes. Our scheme allows P2P responses to be validated with very low fraction of queries affected even if a significant fraction of nodes are compromised. The exposure can be kept very low even if the LBS server or a large set of colluding curious nodes collude with curious identity management entities.

  • 48.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Resilient privacy protection for location-based services through decentralization2017In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Association for Computing Machinery (ACM), 2017, 253-258 p.Conference paper (Refereed)
    Abstract [en]

    Location-based Services (LBSs) provide valuable features but can also reveal sensitive user information. Decentralized privacy protection removes the need for a so-called anonymizer, but relying on peers is a double-edged sword: adversaries could mislead with fictitious responses or even collude to compromise their peers' privacy. We address here exactly this problem: we strengthen the decentralized LBS privacy approach, securing peer-to-peer (P2P) interactions. Our scheme can provide precise timely P2P responses by passing proactively cached Point of Interest (POI) information. It reduces the exposure both to the honest-but-curious LBS servers and peer nodes. Our scheme allows P2P responses to be validated with very low fraction of queries affected even if a significant fraction of nodes are compromised. The exposure can be kept very low even if the LBS server or a large set of colluding curious nodes collude with curious identity management entities.

  • 49.
    Jin, Hongyu
    et al.
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering (EES), Communication Networks.
    Scaling VANET Security Through Cooperative Message Verification2015In: 2015 IEEE VEHICULAR NETWORKING CONFERENCE (VNC), IEEE , 2015, 275-278 p.Conference paper (Refereed)
    Abstract [en]

    VANET security introduces significant processing overhead for resource-constrained On-Board Units (OBUs). Here, we propose a novel scheme that allows secure Vehicular Communication (VC) systems to scale well beyond network densities for which existing optimization approaches could be workable, without compromising security (and privacy).

  • 50. Kafsi, M.
    et al.
    Papadimitratos, Panagiotis
    Dousse, O.
    Alpcan, T.
    Hubaux, J. -P
    VANET Connectivity Analysis2008In: Proceedings of the IEEE Workshop on Automotive Networking and Applications (Autonet), IEEE , 2008Conference paper (Refereed)
123 1 - 50 of 140
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf