Cyber Security Research Group

Publications

Conferences

2016

Antonis Michalas and Kassaye Yitbarek Yigzaw. “LocLess: Do You Really Care Your Cloud Files Are?”. Cloud Security and Data Privacy by Design (CloudSPD’16), Workshop co-located with the 9th IEEE/ACM International Conference on Utility and Cloud Computing, Luxembourg, December 12-15, 2016.

Physical location of data in cloud storage is a problem that gains a lot of attention not only from the actual cloud providers but also from the end users' who lately raise many concerns regarding the privacy of their data. It is a common practice that cloud service providers create replicate users' data across multiple physical locations. However, moving data in different countries means that basically the access rights are transferred based on the local laws of the corresponding country. In other words, when a cloud service provider stores users' data in a different country then the transferred data is subject to the data protection laws of the country where the servers are located. In this paper, we propose LocLess, a protocol which is based on a symmetric searchable encryption scheme for protecting users' data from unauthorized access even if the data is transferred to different locations. The idea behind LocLess is that "Once data is placed on the cloud in an unencrypted form or encrypted with a key that is known to the cloud service provider, data privacy becomes an illusion". Hence, the proposed solution is solely based on encrypting data with a key that is only known to the data owner. 

@INPROCEEDINGS{Michalas:16:SSE:LocLess,

author = {A. Michalas and K. Y. Yigzaw},
booktitle = {2016 IEEE/ACM 9th International Conference on Utility and Cloud Computing (UCC)},
title = {LocLess: Do You Really Care Your Cloud Files Are?},
year = {2015},
pages = {618-623},
month  = {Dec},

Antonis Michalas. “Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud”. Proceedings of the 11th IEEE International Conference for Internet Technology and Secured Transactions (ICITST-2016), Barcelona, Spain, December 5-7, 2016.

Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain - a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.

@INPROCEEDINGS{Michalas:16:SharingInRain,

author = {A. Michalas},
booktitle = {2016 International Conference for Internet Technology And Secured Transactions},
title  = {Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud},
year = {2016},
pages = {589-595},

month

= {Dec}, }

Antonis Michalas and Thanassis Giannetsos. “The Data of Things: Strategies, Patterns and Practice of Cloud-based Participatory Sensing”. International Conference on Innovations in Info-business and Technology (ICIIT),  Sri Lanka, March 4-5, 2016. (Position Paper)

The broad capabilities of current mobile devices have paved the way for Mobile Crowd Sensing (MCS) applications. The success of this emerging paradigm strongly depends on the quality of received data which, in turn, is contingent to mass user participation; the broader the participation, the more useful these systems become. However, there is an ongoing trend that tries to integrate MCS applications with emerging computing paradigms such as cloud computing. The intuition is that such a transition can significantly improve the overall efficiency while at the same time it offers stronger security and privacy-preserving mechanisms for the end-user. In this position paper, we dwell on the underpinnings of incorporating cloud computing techniques to facilitate the vast amount of data collected in MCS applications. That is, we present a list of core system, security and privacy requirements that must be met if such a transition is to be successful. To this end, we first address several competing challenges not previously considered in the literature such as the scarce energy resources of battery-powered mobile devices as well as their limited computational resources that they often prevent the use of computationally heavy cryptographic operations and thus offering limited security services to the end-user. Finally, we present a use case scenario as a comprehensive example. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security and privacy do not hinder the migration of MCS systems to the cloud.

@inproceedings{Michalas:16:DataThings,

title = {The Data of Things: Strategies, Patterns and Practice of Cloud-based Participatory Sensing},
author = {Michalas, Antonis and Giannetsos, Thanassis},
booktitle = {Proceedings of the 1st International Conference on Innovations in InfoBusineess and Technology},
location = {Colombo, Sri Lanka},
year = {2016}

2015

Antonis Michalas and Rafael Dowsley. “Towards Trusted eHealth Services in the Cloud”. Cloud Security and Data Privacy by Design (CloudSPD’15), Workshop co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing, Limassol, Cyprus, 
December 7-10, 2015.

As adoption of eHealth solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. In this paper, we present a forward-looking design for a privacy-preserving eHealth cloud system. The proposed solution, is based on a Symmetric Searchable Encryption scheme that allows patients of an electronic healthcare system to securely store encrypted versions of their medical data and search directly on them without having to decrypt them first. As a result, the proposed protocol offers better protection than the current available solutions and paves the way for the next generation of eHealth systems.

@INPROCEEDINGS{Michalas:15:SSE:Health,

author = {A. Michalas and R. Dowsley},
booktitle = {2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)},
title = {Towards Trusted eHealth Services in the Cloud},
year = {2015},
pages = {618-623},
keywords

 

= {cloud computing;cryptographic protocols;data protection;electronic health records;health care;trusted computing;cloud computing;cost reduction;data search;efficiency improvement;electronic healthcare system;encrypted medical data storage;forward-looking design;medical health record management;privacy-preserving e-health cloud system;security risks;symmetric searchable encryption scheme;trusted e-health services;Cloud computing;Encryption;Medical services;Protocols;Reliability;Cloud Computing;EHR Protection;Searchable Encryption;Security;Storage Protection;eHealth},
doi = {10.1109/UCC.2015.108},
month
 
= {Dec},
}

Y. Verginadis, Antonis Michalas , P. Gouvas, G. Schiefer, G. Hubsch and I. Paraskakis. 
“PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services”. 
In the 5th International Conference on Cloud Computing and Services Science (CLOSER’15), 
20-22 May, 2015, Lisbon, Portugal. (Position Paper)

The valuable transformation of organizations that adopt cloud computing is indisputably accompanied by a number of security threats that should be considered. In this paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword – a novel holistic, data privacy and security by design, framework that aspires to alleviate them. The envisaged framework intends to maximize and fortify the trust of individual, professional and corporate users to cloud services. Specifically, PaaSword involves a context-aware security model, the necessary policies enforcement and governance mechanisms along with a physical distribution, encryption and query middleware, aimed at facilitating the implementation of secure and transparent cloud-based applications.

@conference{Michalas:15:PaaSword,

author
 
= {Yiannis Verginadis and Antonis Michalas and Panagiotis Gouvas and Gunther Schiefer and Gerald Hübsch and Iraklis Paraskakis},
title = {PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services},
booktitle = {Proceedings of the 5th International Conference on Cloud Computing and Services Science},
year = {2015},
pages = {206-213},
doi = {10.5220/0005489302060213},
isbn
 
= {978-989-758-104-5},
}

2014

Antonis Michalas, Nicolae Paladi and Christian Gehrmann. “Security Aspects of e-Health Systems Migration to the Cloud”. Proceedings of the 16th IEEE International Conference on E-health Networking, Application & Services (Healthcom), October 15 - 18, 2014, Natal, Brazil.

As adoption of e-health solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud.

@inproceedings{Michalas:14:Healthcom,

title = {Security aspects of e-Health systems migration to the cloud},
author = {Michalas, Antonis and Paladi, Nicolae and Gehrmann, Christian},
booktitle = {e-Health Networking, Applications and Services (Healthcom), 2014 IEEE 16th International Conference on},
pages = {212--218},
year = {2014},
organization = {IEEE}
}

Nicolae Paladi, Antonis Michalas and Christian Gehrmann. “Domain Based Storage Protection with Secure Access Control for the Cloud". 
The 2014 International Workshop on Security in Cloud Computing, held in conjunction with the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), June 3, 2014, Kyoto, Japan. 

Cloud computing has evolved from a promising concept to one of the fastest growing segments of the IT industry. However, many businesses and individuals continue to view cloud computing as a technology that risks exposing their data to unauthorized users. We introduce a data confidentiality and integrity protection mechanism for Infrastructure-as-a-Service (IaaS) clouds, which relies on trusted computing principles to provide transparent storage isolation between IaaS clients. We also address the absence of reliable data sharing mechanisms, by providing an XML-based language framework which enables clients of IaaS clouds to securely share data and clearly define access rights granted to peers. The proposed improvements have been prototyped as a code extension for a popular cloud platform.

@inproceedings{Michalas:14:DBSP,

author = {Paladi, Nicolae and Michalas, Antonis and Gehrmann, Christian},
title = {Domain Based Storage Protection with Secure Access Control for the Cloud},
booktitle = {Proceedings of the 2014 International Workshop on Security in Cloud Computing},
series = {ASIACCS '14},
year = {2014},
isbn = {978-1-4503-2805-0},
location = {Kyoto, Japan},
pages = {},
numpages = {8},
publisher = {ACM},
address = {New York, NY, USA},
keywords
 
= {Cloud Computing; Security; IaaS; Storage Protection},
}

Antonis Michalas and Nikos Komninos. “The Lord of the Sense: A Privacy Preserving Reputation System for Participatory Sensing Applications”. Proceedings of the 19th IEEE International Conference on Communications (ISCC’2014), Madeira, Portugal, 2014.

Electronic devices we use on a daily basis collect sensitive information without preserving user's privacy. In this paper, we propose the lord of the sense (LotS), a privacy preserving reputation system for participatory sensing applications. Our system maintains the privacy and anonymity of information with the use of cryptographic techniques and combines voting approaches to support users' reputation. Furthermore, LotS maintains accountability by tracing back a misbehaving user while maintaining k-anonymity. A detailed security analysis is presented with the current advantages and disadvantages of our system.

@inproceedings{Michalas:14:Lord,

title  = {The lord of the sense: A privacy preserving reputation system for participatory sensing applications},
author = {Michalas, Antonis and Komninos, Nikos},
booktitle  = {Computers and Communication (ISCC), 2014 IEEE Symposium},
pages = {1--6},
year = {2014}
organization = {IEEE}

Nicolae Paladi and  Antonis Michalas. “One of Our Hosts in Another Country: Challenges of Data Geolocation in Cloud Storage”. 
Proceedings of the 6th IEEE Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE),  May 11 - 14, 2014, Aalborg, Denmark. (Invited)

Physical location of data in cloud storage is an increasingly urgent problem. In a short time, it has evolved from the concern of a few regulated businesses to an important consideration for many cloud storage users. One of the characteristics of cloud storage is fluid transfer of data both within and among the data centres of a cloud provider. However, this has weakened the guarantees with respect to control over data replicas, protection of data in transit and physical location of data. This paper addresses the lack of reliable solutions for data placement control in cloud storage systems. We analyse the currently available solutions and identify their shortcomings. Furthermore, we describe a high-level architecture for a trusted, geolocation-based mechanism for data placement control in distributed cloud storage systems, which are the basis of an on-going work to define the detailed protocol and a prototype of such a solution. This mechanism aims to provide granular control over the capabilities of tenants to access data placed on geographically dispersed storage units comprising the cloud storage.

@INPROCEEDINGS{Michalas:14:One:of:Our:Hosts,

author = "Paladi, N. and Michalas, A.",
booktitle
 
= "Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE), 2014 4th International Conference on",
title = {{``One of our hosts in another country'': Challenges of data geolocation in cloud storage}},
year = "2014",
month = "May",
pages = "1-6",

2012

Antonis Michalas and Menelaos Bakopoulos. “SecGOD - Google Docs: Now I Feel Safer!”. Proceedings of the 7th IEEE International Conference for Internet Technology and Secured Transactions (ICITST-2012), London, UK, 2012.

This paper presents SecGOD. A tool that protects the privacy of documents created with online office suites. SecGOD is implemented as a Greasemonkey java-script making it deployable on all popular greesemonkey compatible browsers and utilizes symmetric key encryption. All operations run on the client side, with SecGOD operating invisibly as concerned by the cloud, with no changes needed to the code that is provided to the cloud server provider. Finally, the effectiveness of SecGOD is demonstrated by conducting extensive experiments measuring the processing time for the three versions of AES (128, 192, 256 bits).

@INPROCEEDINGS{Michalas:12:SecGod,

author = {A. Michalas and M. Bakopoulos},
booktitle = {2012 International Conference for Internet Technology And Secured Transactions},
title = {SecGOD Google Docs: Now I Feel Safer!},
year = {2012},
pages = {589-595},
keywords

 

= {Java;cloud computing;cryptography;data privacy;document handling;AES;SecGOD Google Docs;advance encryption standard;cloud computing;cloud server provider;document privacy protection;greasemonkey java-script;greesemonkey compatible browsers;online office suites;symmetric key encryption;Cloud computing;Encryption;Google;Protocols;Servers;Cloud Computing;Cloud Services;Privacy;Security;Software as a Service},     
month = {Dec}, }

Antonis Michalas, Menelaos Bakopoulos, Nikos Komninos and Neeli R. Prasad. “Secure & Trusted Communication in Emergency Situations”. Proceedings of the 35th IEEE Sarnoff Symposium, Newark, New Jersey, USA, 2012.

In this paper we propose SETS, a protocol with main aim to provide secure and private communication during emergency situations. SETS achieves security of the exchanged information, attack resilience and user's privacy. In addition, SETS can be easily adapted for mobile devices, since field experimental results show the effectiveness of the protocol on actual smart-phone platforms.

@INPROCEEDINGS{Michalas:12:Emergency,

author = {A. Michalas and M. Bakopoulos and N. Komninos and N. R. Prasad},
booktitle = {Sarnoff Symposium (SARNOFF), 2012 35th IEEE},
title = {Secure amp; trusted communication in emergency situations},
year = {2012},
pages = {1-5},
keywords

 

= {mobile radio;protocols;smart phones;telecommunication security;attack resilience;emergency situations;exchanged
information;mobile devices;protocol;secure & trusted communication;user privacy;Encryption;Mobile handsets;Privacy;Protocols;Public key;Crisis Management;Emergency Handling;Privacy;Security;Trust},
doi = {10.1109/SARNOF.2012.6222751},
month
 
= {May},
}

Tassos Dimitriou and  Antonis Michalas. “Multi-Party Trust Computation in Decentralised Environments”. Proceedings of the 5th IFIP International Conference on New Technologies, Mobility & Security (NTMS’12), Istanbul, Turkey, 2012.

In this paper, we describe a decentralized privacy- preserving protocol for securely casting trust ratings in distributed reputation systems. Our protocol allows n participants to cast their votes in a way that preserves the privacy of individual values against both internal and external attacks. The protocol is coupled with an extensive theoretical analysis in which we formally prove that our protocol is resistant to collusion against as many as n-1 corrupted nodes in the semi-honest model. The behavior of our protocol is tested in a real P2P network by measuring its communication delay and processing overhead. The experimental results uncover the advantages of our protocol over previous works in the area; without sacrificing security, our decentralized protocol is shown to be almost one order of magnitude faster than the previous best protocol for providing anonymous feedback.

@INPROCEEDINGS{Michalas:12:StR,

author = {T. Dimitriou and A. Michalas},
booktitle = {2012 5th International Conference on New Technologies, Mobility and Security (NTMS)},
title = {Multi-Party Trust Computation in Decentralized Environments},
year = {2012},
pages = {1-5},
keywords

 

= {computer network security;cryptographic protocols;data privacy;peer-to-peer computing;trusted computing;P2P network;communication delay;decentralized privacy-preserving protocol;distributed reputation systems;multiparty trust computation;processing overhead;semihonest model;trust ratings;Delay;Encryption;Peer to peer computing;Privacy;Protocols},
doi = {10.1109/NTMS.2012.6208686},
ISSN = {2157-4952},
month
 
= {May},
}

People

Find out who is involved with the Cyber Security Research Group.

Student projects

Find out about the our student projects.

Contact

Get in touch to get more information about Cyber Security Research Group.