-
Electric Vehicle Charging: a Survey on the Security Issues and Challenges of the Open Charge Point Protocol (OCPP)
Authors:
Z. Garofalaki,
D. Kosmanos,
S. Moschoyiannis,
D. Kallergis,
C. Douligeris
Abstract:
The increased use of smart Electric Vehicles (EVs) and Plug-in Electric Vehicles (PEV) opened a new area of research and development. The number of EV charging sites has considerably increased in residential as well as in public areas. Within these EV charging sites, various entities need to communicate in a secure and efficient way. The Open Charge Point Protocol (OCPP) offers a way to coordinate…
▽ More
The increased use of smart Electric Vehicles (EVs) and Plug-in Electric Vehicles (PEV) opened a new area of research and development. The number of EV charging sites has considerably increased in residential as well as in public areas. Within these EV charging sites, various entities need to communicate in a secure and efficient way. The Open Charge Point Protocol (OCPP) offers a way to coordinate this communication and is already being used in many implementations. However, only the latest OCPP 2.0 version of the protocol includes certain security features. In this article, we present the entities that take part in an OCPP-based smart charging scenario, we identify security issues and threats and present solutions that have been proposed by scholars.We identify open security issues for OCPP and propose future research directions for the security enhancement of the protocol.
△ Less
Submitted 5 July, 2022;
originally announced July 2022.
-
Cybersecurity Revisited: Honeytokens meet Google Authenticator
Authors:
Vasilis Papaspirou,
Maria Papathanasaki,
Leandros Maglaras,
Ioanna Kantzavelou,
Christos Douligeris,
Mohamed Amine Ferrag,
Helge Janicke
Abstract:
Although sufficient authentication mechanisms were enhanced by the use of two or more factors that resulted in new multi factor authentication schemes, more sophisticated and targeted attacks have shown they are also vulnerable. This research work proposes a novel two factor authentication system that incorporates honeytokens into the two factor authentication process. The current implementation c…
▽ More
Although sufficient authentication mechanisms were enhanced by the use of two or more factors that resulted in new multi factor authentication schemes, more sophisticated and targeted attacks have shown they are also vulnerable. This research work proposes a novel two factor authentication system that incorporates honeytokens into the two factor authentication process. The current implementation collaborates with Google authenticator. The novelty and simplicity of the presented approach aims at providing additional layers of security and protection into a system and thus making it more secure through a stronger and more efficient authentication mechanism.
△ Less
Submitted 15 December, 2021;
originally announced December 2021.
-
A novel Two-Factor HoneyToken Authentication Mechanism
Authors:
Vassilis Papaspirou,
Leandros Maglaras,
Mohamed Amine Ferrag,
Ioanna Kantzavelou,
Helge Janicke,
Christos Douligeris
Abstract:
The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regar…
▽ More
The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed. The proposed research work aims at enhancing this security mechanism, prevent penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.
△ Less
Submitted 20 January, 2021; v1 submitted 16 December, 2020;
originally announced December 2020.
-
CAPODAZ: A Containerised Authorisation and Policy-driven Architecture using Microservices
Authors:
Dimitrios Kallergis,
Zacharenia Garofalaki,
Georgios Katsikogiannis,
Christos Douligeris
Abstract:
The microservices architectural approach has important benefits regarding the agile applications' development and the delivery of complex solutions. However, to convey the information and share the data amongst services in a verifiable and stateless way, there is a need to enable appropriate access control methods and authorisations. In this paper, we study the use of policy-driven authorisations…
▽ More
The microservices architectural approach has important benefits regarding the agile applications' development and the delivery of complex solutions. However, to convey the information and share the data amongst services in a verifiable and stateless way, there is a need to enable appropriate access control methods and authorisations. In this paper, we study the use of policy-driven authorisations with independent fine-grained microservices in the case of a real-world machine-to-machine (M2M) scenario using a hybrid cloud-based infrastructure and Internet of Things (IoT) services. We also model the authentication flows which facilitate the message exchanges between the involved entities, and we propose a containerised authorisation and policy-driven architecture (CAPODAZ) using the microservices paradigm. The proposed architecture implements a policy-based management framework and integrates in an on-going work regarding a Cloud-IoT intelligent transportation service. For the in-depth quantitative evaluation, we treat multiple distributions of users' populations and assess the proposed architecture against other similar microservices. The numerical results based on the experimental data show that there exists significant performance preponderance in terms of latency, throughput and successful requests.
△ Less
Submitted 30 April, 2020; v1 submitted 21 April, 2020;
originally announced April 2020.
-
A Policy-Aware Model for Intelligent Transportation Systems
Authors:
Zacharenia Garofalaki,
Dimitrios Kallergis,
Georgios Katsikogiannis,
Christos Douligeris
Abstract:
Recent advancements in the field of smart machine-to-machine (M2M) communications impose the necessity to improve the service delivery by enforcing appropriate security rules. Due to the large number of connected devices, the criticality of the M2M applications, and the network stability weaknesses, we need to consider and analyse the security aspects and establish a flexible policy-aware architec…
▽ More
Recent advancements in the field of smart machine-to-machine (M2M) communications impose the necessity to improve the service delivery by enforcing appropriate security rules. Due to the large number of connected devices, the criticality of the M2M applications, and the network stability weaknesses, we need to consider and analyse the security aspects and establish a flexible policy-aware architecture. This paper explores the relevant architectural challenges in this environment and proposes a Policy-Aware smart M2M Architecture (PAArc) based on ETSI M2M communications functional architecture. We explore the policy-based management aspects to improve the security of the M2M components and services and to mitigate the security concerns that arise by evaluating an Intelligent Transportation System use case. It is shown that the policy enforcement enables enhanced security management capabilities, increased agility, and better service levels in the field of smart M2M communications.
△ Less
Submitted 1 July, 2017; v1 submitted 15 June, 2017;
originally announced June 2017.
-
Software in e-Learning Architecture, Processes and Management
Authors:
Michael Mpasios,
Dimitrios Kallergis,
Konstantinos Chimos,
Theodoros Karvounidis,
Christos Douligeris
Abstract:
Our entire society is becoming more and more dependent on technology and specifically on software. The integration of e-learning software systems into our day by day life especially in e-learning applications generates modifications upon the society and, at the same time, the society itself changes the process of software development. This circle of continuous determination engenders a highly dyna…
▽ More
Our entire society is becoming more and more dependent on technology and specifically on software. The integration of e-learning software systems into our day by day life especially in e-learning applications generates modifications upon the society and, at the same time, the society itself changes the process of software development. This circle of continuous determination engenders a highly dynamic environment. Lehman describes the software development environment as being characterized by a high, necessary and inevitable pressure for change. Changes are reflected in specific uncertainties which impact the success and performance of the software project development.
△ Less
Submitted 19 October, 2014;
originally announced October 2014.
-
Pirus: A Web-based File Hosting Service with Object Oriented Logic in Cloud Computing
Authors:
Dimitrios Kallergis,
Konstantinos Chimos,
Vizikidis Stefanos,
Theodoros Karvounidis,
Christos Douligeris
Abstract:
In this paper a new Web-based File Hosting Service with Object Oriented Logic in Cloud Computing called Pirus was developed. The service will be used by the academic community of the University of Piraeus giving users the ability to remotely store and access their personal files with no security compromises. It also offers the administrators the ability to manage users and roles. The objective was…
▽ More
In this paper a new Web-based File Hosting Service with Object Oriented Logic in Cloud Computing called Pirus was developed. The service will be used by the academic community of the University of Piraeus giving users the ability to remotely store and access their personal files with no security compromises. It also offers the administrators the ability to manage users and roles. The objective was to deliver a fully operational service, using state-of-the-art programming techniques to enable scalability and future development of the existing functionality. The use of technologies such as .NET Framework, C# programming language, CSS and jQuery, MSSQL for database hosting and the support of Virtualization and Cloud Computing will contribute significantly in compatibility, code reuse, reliability and reduce of maintenance costs and resources. The service was installed and tested in a controlled environment to ascertain the required functionality and the offered reliability and safety with complete success.
The technologies used and supported, allow future work in upgrading and extending the service. Changes and improvements, in hardware and software, in order to convert the service to a SaaS (Software as a Service) Cloud application is a logical step in order to efficiently offer the service to a wider community. Improved and added functionality offered by further development will leverage the user experience.
△ Less
Submitted 18 October, 2014;
originally announced October 2014.
-
Towards an Effective Intrusion Response Engine Combined with Intrusion Detection in Ad Hoc Networks
Authors:
Aikaterini Mitrokotsa,
Nikos Komninos,
Christos Douligeris
Abstract:
In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The…
▽ More
In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet drop** attacks.
△ Less
Submitted 13 July, 2008;
originally announced July 2008.
-
Intrusion Detection in Mobile Ad Hoc Networks Using Classification Algorithms
Authors:
Aikaterini Mitrokotsa,
Manolis Tsagkaris,
Christos Douligeris
Abstract:
In this paper we present the design and evaluation of intrusion detection models for MANETs using supervised classification algorithms. Specifically, we evaluate the performance of the MultiLayer Perceptron (MLP), the Linear classifier, the Gaussian Mixture Model (GMM), the Naive Bayes classifier and the Support Vector Machine (SVM). The performance of the classification algorithms is evaluated…
▽ More
In this paper we present the design and evaluation of intrusion detection models for MANETs using supervised classification algorithms. Specifically, we evaluate the performance of the MultiLayer Perceptron (MLP), the Linear classifier, the Gaussian Mixture Model (GMM), the Naive Bayes classifier and the Support Vector Machine (SVM). The performance of the classification algorithms is evaluated under different traffic conditions and mobility patterns for the Black Hole, Forging, Packet Drop**, and Flooding attacks. The results indicate that Support Vector Machines exhibit high accuracy for almost all simulated attacks and that Packet Drop** is the hardest attack to detect.
△ Less
Submitted 13 July, 2008;
originally announced July 2008.
-
Intrusion Detection Using Cost-Sensitive Classification
Authors:
Aikaterini Mitrokotsa,
Christos Dimitrakakis,
Christos Douligeris
Abstract:
Intrusion Detection is an invaluable part of computer networks defense. An important consideration is the fact that raising false alarms carries a significantly lower cost than not detecting at- tacks. For this reason, we examine how cost-sensitive classification methods can be used in Intrusion Detection systems. The performance of the approach is evaluated under different experimental conditio…
▽ More
Intrusion Detection is an invaluable part of computer networks defense. An important consideration is the fact that raising false alarms carries a significantly lower cost than not detecting at- tacks. For this reason, we examine how cost-sensitive classification methods can be used in Intrusion Detection systems. The performance of the approach is evaluated under different experimental conditions, cost matrices and different classification models, in terms of expected cost, as well as detection and false alarm rates. We find that even under unfavourable conditions, cost-sensitive classification can improve performance significantly, if only slightly.
△ Less
Submitted 13 July, 2008;
originally announced July 2008.