Results 1-11 of 11.
((uid:50032402))

Bookmark and Share    
Full Text
Peer Reviewed
See detailSystematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant messaging
Symeonidis, Iraklis UL; Lenzini, Gabriele UL

in International Conference on Information Systems Security and Privacy, Malta 25-27 February 2020 (2020, February)

Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar ... [more ▼]

Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, and how to comply with comparable system requirements. Assuming a scenario where servers may not be trusted, we review and analyze a list of threats specifically against message delivering, archiving, and contact synchronization. We also describe a list of requirements intended for whom undertakes the task of implementing secure and private messaging. The cryptographic solutions available to mitigate the threats and to comply with the requirements may differ, as the two applications are built on different assumptions and technologies. [less ▲]

Detailed reference viewed: 216 (14 UL)
Full Text
Peer Reviewed
See detailTowards Systematic Specification of Non-Functional Requirements for Sharing Economy Services
Symeonidis, Iraklis UL; Schroers, Jessica; Mustafa A. Mustafa, Mustafa A. et al

in Towards Systematic Specification of Non-Functional Requirements for Sharing Economy Services (2019, May)

Sharing Economy (SE) systems use technologies to enable sharing of physical assets and services among individuals. This allows optimisation of resources, thus contributing to the re-use principle of ... [more ▼]

Sharing Economy (SE) systems use technologies to enable sharing of physical assets and services among individuals. This allows optimisation of resources, thus contributing to the re-use principle of Circular Economy. In this paper, we assess existing SE services and identify their challenges in areas that are not technically connected to their core functionality but are essential in creating trust: information security and privacy, personal data protection and fair economic incentives. Existing frameworks for elicitation of non-functional requirements are heterogeneous in their focus and domain specific. Hence, we propose to develop a holistic methodology for non-functional requirements specification for SE systems following a top-down-top approach. A holistic methodology considering non-functional requirements is essential and can assist in the analysis and design of SE systems in a systematic and unified way applied from the early stages of the system development. [less ▲]

Detailed reference viewed: 135 (4 UL)
Full Text
Peer Reviewed
See detailSC2Share: Smart Contract for Secure Car Sharing
Akash, Madhusudan; Symeonidis, Iraklis UL; A. Mustafa, Mustafa et al

in International Conference on Information Systems Security and Privacy (ICISSP) (2019, January 24)

This paper presents an efficient solution for the booking and payments functionality of a car sharing system that allows individuals to share their personal, underused cars in a completely decentralized ... [more ▼]

This paper presents an efficient solution for the booking and payments functionality of a car sharing system that allows individuals to share their personal, underused cars in a completely decentralized manner, annulling the need of an intermediary. Our solution, named SC2Share, leverages smart contracts and uses them to carry out secure and private car booking and payments. Our experiments on SC2Share on the Ethereum testnet guarantee high security and privacy to its users and confirm that our system is cost-efficient and ready for practical use. [less ▲]

Detailed reference viewed: 655 (13 UL)
Full Text
See detailAnalysis and Design of Privacy-Enhancing Information Sharing Systems
Symeonidis, Iraklis UL

Doctoral thesis (2018)

Recent technological advancements have enabled the collection of large amounts of personal data of individuals at an ever-increasing rate. Service providers, organisations and governments can collect or ... [more ▼]

Recent technological advancements have enabled the collection of large amounts of personal data of individuals at an ever-increasing rate. Service providers, organisations and governments can collect or otherwise acquire rich information about individuals’ everyday lives and habits from big data-silos, enabling profiling and micro-targeting such as in political elections. Therefore, it is important to analyse systems that allow the collection and information sharing between users and to design secure and privacy enhancing solutions. This thesis contains two parts. The aim of the first part is to investigate in detail the effects of the collateral information collection of third-party applications on Facebook. The aim of the second part is to analyse in detail the security and privacy issues of car sharing systems and to design a secure and privacy-preserving solution. In the first part, we present a detailed multi-faceted study on the collateral information collection privacy issues of Facebook applications; providers of third-party applications on Facebook exploit the interdependency between users and their friends. The goal is to (i) study the existence of the problem, (ii) investigate whether Facebook users are concerned about the issue, quantify its (iii) likelihood and (iv) impact of collateral information collection affecting users, (v) identify whether collateral information collection is an issue for the protection of the personal data of Facebook users under the legal framework, and (vi) we propose solutions that aim to solve the problem of collateral information collection. In order to investigate the views of the users, we designed a questionnaire and collected the responses of participants. Employing real data from the Facebook third-party applications ecosystem, we compute the likelihood of collateral information collection affecting users and quantify its significance evaluating the amount of attributes collected by such applications. To investigate whether collateral information collection is an issue in terms of users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency towards collateral information collection. [less ▲]

Detailed reference viewed: 84 (10 UL)
Full Text
Peer Reviewed
See detailCollateral damage of Facebook third-party applications: a comprehensive study
Symeonidis, Iraklis UL; Biczók, Gergely; Shirazi, Fatemeh et al

in Computers and Security (2018), 77

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the ... [more ▼]

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers. [less ▲]

Detailed reference viewed: 162 (9 UL)
Full Text
Peer Reviewed
See detailSePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision
Symeonidis, Iraklis UL; Aly, Abdelrahaman; Mustafa, Mustafa Asan et al

in Symeonidis, Iraklis (Ed.) Computer Security -- ESORICS 2017 (2017)

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without ... [more ▼]

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision. [less ▲]

Detailed reference viewed: 127 (9 UL)
Full Text
Peer Reviewed
See detailCollateral Damage of Online Social Network Applications
Symeonidis, Iraklis UL; Tsormpatzoudi, Pagona; Preneel, Bart

in Symeonidis, Iraklis (Ed.) Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP 2016, Rome, Italy, February 19-21 2016. (2016)

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially ... [more ▼]

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage. [less ▲]

Detailed reference viewed: 211 (2 UL)
Full Text
Peer Reviewed
See detailKeyless car sharing system: A security and privacy analysis
Symeonidis, Iraklis UL; Mustafa, Mustafa A.; Preneel, Bart

in Symeonidis, Iraklis (Ed.) IEEE International Smart Cities Conference, ISC2 2016, Trento Italy, September 12-15, 2016 (2016)

This paper proposes a novel physical keyless car sharing system where users can use and share their cars without the need of physical keys. It also provides a comprehensive security and privacy analysis ... [more ▼]

This paper proposes a novel physical keyless car sharing system where users can use and share their cars without the need of physical keys. It also provides a comprehensive security and privacy analysis of such a system. It first presents a high-level model for a keyless car sharing system, describing its main entities and specifying the necessary functional requirements to allow users to share their cars (with other users) without exchanging physical keys. Based on this model and functional requirements, the paper presents a comprehensive threat analysis of the system. It focuses on the threats affecting the system's security and the users' privacy. This analysis results in a specification of an extensive set of security and privacy requirements for the system. This work can be used as a guide for a future keyless car sharing system design and as a mean to assess the security and privacy risks imposed on users by such systems. [less ▲]

Detailed reference viewed: 183 (7 UL)
Full Text
See detailSecurity Analysis of the Drone Communication Protocol: Fuzzing the MAVLink protocol
Domin, Karel; Symeonidis, Iraklis UL; Marin, Eduard

E-print/Working paper (2016)

The MAVLink protocol, used for bidirectional communication between a drone and a ground control station, will soon become a worldwide standard. The protocol has been the subject of research many times ... [more ▼]

The MAVLink protocol, used for bidirectional communication between a drone and a ground control station, will soon become a worldwide standard. The protocol has been the subject of research many times before. Through this paper, we introduce the method of fuzzing as a complementing technique to the other research, to find vulnerabilities that have not been found before by different techniques. The goal is to identify possible vulnerabilities in the protocol implementation in order to make it more secure. [less ▲]

Detailed reference viewed: 921 (3 UL)
Full Text
Peer Reviewed
See detailCollateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence
Symeonidis, Iraklis UL; Shirazi, Fatemeh; Biczók, Gergely et al

in Symeonidis, Iraklis (Ed.) ICT Systems Security and Privacy Protection (2016)

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user's friends can collect and potentially ... [more ▼]

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user's friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage. [less ▲]

Detailed reference viewed: 150 (4 UL)
Full Text
Peer Reviewed
See detailA Literature Survey and Classifications on Data Deanonymisation
Al-Azizy, Dalal; Millard, David E.; Symeonidis, Iraklis UL et al

in Symeonidis, Iraklis (Ed.) Risks and Security of Internet and Systems - 10th International Conference CRiSIS 2015, Mytilene, Lesbos Island, Greece, July 20-22, 2015, Revised Selected Papers (2015)

The problem of disclosing private anonymous data has become increasingly serious particularly with the possibility of carrying out deanonymisation attacks on publishing data. The related work available in ... [more ▼]

The problem of disclosing private anonymous data has become increasingly serious particularly with the possibility of carrying out deanonymisation attacks on publishing data. The related work available in the literature is inadequate in terms of the number of techniques analysed, and is limited to certain contexts such as Online Social Networks. We survey a large number of state-of-the-art techniques of deanonymisation achieved in various methods and on different types of data. Our aim is to build a comprehensive understanding about the problem. For this survey, we propose a framework to guide a thorough analysis and classifications. We are interested in classifying deanonymisation approaches based on type and source of auxiliary information and on the structure of target datasets. Moreover, potential attacks, threats and some suggested assistive techniques are identified. This can inform the research in gaining an understanding of the deanonymisation problem and assist in the advancement of privacy protection. [less ▲]

Detailed reference viewed: 115 (1 UL)