- Postboks 191, Gjøvik NO-2802, Norway
- +4791138581
- University of Piraeus, Digital Systems (DS), Faculty Memberadd
- Sokratis K. Katsikas is the Director of the Norwegian Center for Cybersecurity in Critical Sectors and Professor with... moreSokratis K. Katsikas is the Director of the Norwegian Center for Cybersecurity in Critical Sectors and Professor with the Department of Information Security and Communication Technology, Norwegian University of Science and Technology. His research interests lie in the area of information and communication systems security. In 2019 he has awarded a Doctorate Honoris Causa by the Dept. of Production and Management Engineering of the Democritus University of Thrace, Greece. He has authored or co-authored more than 280 journal publications, book chapters and conference proceedings publications and he has participated in more than 70 funded national and international Redit
The increasing integration of information technology with operational technology leads to the formation of Cyber-Physical Systems (CPSs) that intertwine physical and cyber components and connect to each other. This interconnection enables... more
The increasing integration of information technology with operational technology leads to the formation of Cyber-Physical Systems (CPSs) that intertwine physical and cyber components and connect to each other. This interconnection enables the offering of functionality beyond the combined offering of each individual component, but at the same time increases the cyber risk of the overall system, as such risk propagates between and aggregates at component systems. The complexity of the resulting systems in many cases leads to difficulty in analyzing cyber risk. Additionally, the selection of cybersecurity controls that will effectively and efficiently treat the cyber risk is commonly performed manually, or at best with limited automated decision support. In this paper, we extend our previous work in [1] to analyze attack paths between CPSs on one hand, and we improve the method proposed therein for selecting a set of security controls that minimizes both the residual risk and the cost ...
Research Interests:
A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry... more
A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and Cyber-Physical Systems, providing security against cyber-physical attacks is a serious challenge which calls for cybersecurity risk assessment methods capable of investigating the tight interactions and interdependencies between the cyber and the physical components in such systems. However, existing risk assessment methods do not consider this specific characteristic of CPSs. In this paper, we propose a dependency-based, domain-agnostic cybersecurity risk assessment method that leverages a model of the CPS under study that captures dependencies among the system components. The proposed method identifies possible attack paths against critical components of a CPS by taking an attacker’s viewpoint and prioritizes these paths according to their...
Research Interests:
Research Interests:
There is intense activity of the maritime industry towards making remotely controlled and autonomous ships sail in the near future; this activity constitutes the instantiation of the Industry 4.0 process in the maritime industry. Yet, a... more
There is intense activity of the maritime industry towards making remotely controlled and autonomous ships sail in the near future; this activity constitutes the instantiation of the Industry 4.0 process in the maritime industry. Yet, a reference model of the architecture of such vessels that will facilitate the “shipping 4.0” process has not yet been defined. In this paper we extend the existing Maritime Architectural Framework to allow the description of the cyber-enabled ships (C-ESs), and we demonstrate the use of the extended framework by developing descriptions of the architecture of variants of the Cyber-enabled ship. The results can be used not only to systematically describe the architecture of Cyber-enabled ships in a harmonized manner, but also to identify standardization gaps, and to elicit the cybersecurity requirements of the C-ES ecosystem.
Research Interests:
Research Interests:
... 1 Security and privacy: convergence or contradiction?
Constitutional rights: beyond the security challenges Lilian Mitrou/S. Katsikas University of the Aegean Page 2. Mitrou/Katsikas, Rights beyond the security challenges 2... more
... 1 Security and privacy: convergence or contradiction?
Constitutional rights: beyond the security challenges Lilian Mitrou/S. Katsikas University of the Aegean Page 2. Mitrou/Katsikas, Rights beyond the security challenges 2 Security ...
The automatic identification system (AIS), despite its importance in worldwide navigation at sea, does not provide any defence mechanisms against deliberate misuse, e.g., by sea pirates, terrorists, business adversaries, or smugglers.... more
The automatic identification system (AIS), despite its importance in worldwide navigation at sea, does not provide any defence mechanisms against deliberate misuse, e.g., by sea pirates, terrorists, business adversaries, or smugglers. Previous work has proposed an international maritime identity-based cryptographic infrastructure (mIBC) as the foundation upon which the offer of advanced security capabilities for the conventional AIS can be built. The proposed secure AIS (SecAIS) does not require any modifications to the existing AIS infrastructure, which can still be used for normal operations. Security-enhanced AIS messages enjoying source authentication, encryption, and legitimate pseudo-anonymization can be handled on an as-needed basis. This paper reports on a proof-of-concept implementation of the SecAIS. Specifically, we report on the implementation of the SecAIS over an mIBC founded on the RFC6507 (ECCSI) and the RFC6508 (SAKKE) standards, and we discuss the results of perfor...
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability.... more
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness program offer an insight into the program's effectiveness on the audience and organization, an invaluable piece of information for the continuous improvement of the program. Further, it provides the information required by the management and sponsor to decide on whether to invest in the program or not. Despite these advantages, there does not exist a common understanding of what factors to measure and how to measure them during the evaluation process. As a result, we have proposed evaluation metrics for the purpose. In order to do so, we performed a literature review of 32 papers mainly to extract the following data: (i) what factors d...
Research Interests:
Cloud computing is a normal evolution of distributed computing combined with Service-oriented architecture, leveraging most of the GRID features and Virtualization merits. The technology foundations for cloud computing led to a new... more
Cloud computing is a normal evolution of distributed computing combined with Service-oriented architecture, leveraging most of the GRID features and Virtualization merits. The technology foundations for cloud computing led to a new approach of reusing what was achieved in GRID computing with support from virtualization. The Third International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2012), held between July 22 and 27, 2012, in Nice, France, intended to prospect the applications supported by the new paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the challenges to be fixed, especially on security, privacy, and inter- and intra-clouds protocols. We welcomed technical papers presenting research and practical results, position papers addressing the pros and cons of specific proposals, such as those being discussed in the standard fora or in industry consortia, survey papers addressing t...
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of... more
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of e-navigation testbeds including some recognized by the IALA exist, they pertain to parts only of the Integrated Navigation System (INS) concept. Moreover, existing e-navigation and bridge testbeds do not have a cybersecurity testing functionality, therefore they cannot be used for assessing the cybersecurity posture of the INS. With cybersecurity concerns on the rise in the maritime domain, it is important to provide such capability. In this paper we review existing bridge testbeds, IMO regulations, and international standards, to first define a reference architecture for the INS and then to develop design specifications for an INS Cyber-Physical Range, i.e., an INS testbed with cybersecurity testing functionality.
Research Interests:
The modern day society driven by a variety of electronic devices and high-speed internet is changing its perception and practice of paper currency, mode of economic and financial transactions, and so on. The usage of cash is increasingly... more
The modern day society driven by a variety of electronic devices and high-speed internet is changing its perception and practice of paper currency, mode of economic and financial transactions, and so on. The usage of cash is increasingly reducing because of the ease of payments facilitated by cards, mobile phone apps and contact-less chips, online payment systems, etc. Furthermore, cryptotokens (cryptocurrencies), such as bitcoin, have fueled the interest of society and policymakers in investigating the usefulness and limitations of a central bank-backed electronic fiat currency. Also, blockchain/distributed ledger technology, the technology enabling the cryptotokens, has gained a lot of attention from almost all the sections of the society for its ability in providing a decentralized transaction verification process while maintaining the features similar to the traditional cash currency. This chapter presents an overview of the concepts and potential features, potential primary mod...
Research Interests:
Falling of the elderly has become an important issue in today's aging society. As a result, active protecting devices are being developed to protect the fallers’ body from severe injuries. The key task of the protecting devices is the... more
Falling of the elderly has become an important issue in today's aging society. As a result, active protecting devices are being developed to protect the fallers’ body from severe injuries. The key task of the protecting devices is the exact detection of a falling event in Activities of Daily Living (ADL). In this study, a methodology for detecting the fall event is proposed using the accelerometer and the gyro-sensor of an active protecting device. The results of fall detection using the methodology proposed in this study were detected before impact and are accurate more than 99.9 % for ADL. Keywords-fall detection; double threshold algorithm; ADL; fall injury; Savitzky-Golay filter.
The Internet of Things (IoT) has changed the traditional computing models. While it has enabled multiple new computing applications, it has also raised significant issues regarding security and privacy. We are gradually shifting to using... more
The Internet of Things (IoT) has changed the traditional computing models. While it has enabled multiple new computing applications, it has also raised significant issues regarding security and privacy. We are gradually shifting to using extended computing architectures, the nodes of which may be lightweight devices limited in hardware resources, scattered in terms of network topology and too diverse in terms of hardware and software to be efficiently administered and managed. Additionally, such nodes usually store, process and transmit sensitive private data of their users; thus, the risk of a security breach is significantly high. Blockchain technology, introduced through Bitcoin, enables the development of secure decentralized systems. It offers guarantees regarding data integrity, application logic integrity and service availability, while it lags behind in terms of privacy and efficiency. Because of the decentralized architecture of blockchain systems, there seems to be a good ...
Contemporary Critical Infrastructures (CIs), such as the power grid, comprise cyber physical systems that are tightly coupled, to form a complex system of interconnected components with interacting dependencies. Modelling methodologies... more
Contemporary Critical Infrastructures (CIs), such as the power grid, comprise cyber physical systems that are tightly coupled, to form a complex system of interconnected components with interacting dependencies. Modelling methodologies have been suggested as proper tools to provide better insight into the dependencies and behavioural characteristics of these complex systems. In order to facilitate the study of interconnections in and among critical infrastructures, and to provide a clear view of the interdependencies among their cyber and physical components, this paper proposes a novel method, based on a graphical model called Modified Dependency Structure Matrix (MDSM). The MDSM provides a compact perspective of both inter-dependency and intra-dependency between subsystems of one complex system or two distinct systems. Additionally, we propose four parameters that allow the quantitative assessment of the characteristics of dependencies, including multi-order dependencies in large ...
Research Interests:
Research Interests:
Research Interests:
Cyber security is a concern of each citizen, especially when it comes to novel technologies surrounding us in our daily lives. Fighting a cyber battle while enjoying your cup of coffee and observing gentle lights dimming when you move... more
Cyber security is a concern of each citizen, especially when it comes to novel technologies surrounding us in our daily lives. Fighting a cyber battle while enjoying your cup of coffee and observing gentle lights dimming when you move from the kitchen to the sitting room to review your today's running training, is no longer science fiction.<br> A multitude of the cyber security solutions are currently under development to satisfy the increasing demand on threats and vulnerabilities identification and private data leakage detection tools. Within this domain, ubiquitous decision making to facilitate the life of the regular end-users is a key feature here. In this paper we present an approach called Negative to Positive modelling to automate the threat-based risk assessment process, tailored specifically to the smart home environments. The calculation model application is demonstrated on derived threat-triggered evaluation scenarios, which were established from analysing the ...
Research Interests:
Research Interests:
Wireless Sensor Networks (WSNs) have been studied in depth for several decades. Their main role is to provide bridges between the virtual world of information technology and the real physical world. They promise unprecedented new... more
Wireless Sensor Networks (WSNs) have been studied in depth for several decades. Their main role is to provide bridges between the virtual world of information technology and the real physical world. They promise unprecedented new abilities to observe and understand large-scale, real-world phenomena at a fine spatio-temporal resolution. However, this potential does not come for free; WSNs have been known to be vulnerable to several types of attacks aiming at compromising their security. Among these types, Denial of Service (DoS) attacks stand out, as most WSNs are vulnerable to such attacks, which affect the routing behavior. This paper introduces a simulation platform, based on the network simulator ns-2, that allows the in-depth study of DoS attacks against WSNs. We simulate and analyze the performance of routing protocols for WSNs using a scenario-based experiment, in order to analyze the network's behavior under all the simulated attacks, namely Blackhole, Flooding, Rushing and Selective Forwarding. The analysis involves several network characteristics and is aimed towards identifying easily measured features that can be used for efficiently detecting and classifying DoS attacks in WSNs.
Research Interests:
Enterprise recovery planning, also known as Disaster Recovery or Business Continuity Planning, is a necessity that will keep an organisation in business following a disaster affecting one or more of its information systems. In Health... more
Enterprise recovery planning, also known as Disaster Recovery or Business Continuity Planning, is a necessity that will keep an organisation in business following a disaster affecting one or more of its information systems. In Health Care, organisations have very little time to recover, due to the nature of their business: life and health. This paper aims to reveal the reasons that make disaster recovery planning necessary, the benefits of the existence of such a plan for the organisation, and the essential action that must be taken towards the development and establishment of a disaster recovery plan.
Health Care Establishments (HCE) are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS).... more
Health Care Establishments (HCE) are today highly dependent upon Information and Communications Technologies (ICT). This increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to this effort, but they could become the cause of portability and interoperability problems. Moreover, policies that fail to take into account all the aspects of HIS security, the legal and regulatory requirements, and the existence of several stakeholders may lead to ineffective or inefficient security measures. Policies of a special category, named Generic Security Policies (GSP), should be developed to provide policy-level harmonisation and guidance to policy-makers within HCE. Six such policies are comparatively reviewed herein.
Research Interests:
Research Interests:
Research Interests:
Wireless Sensor Networks (WSN) are large systems that consist of low-cost, and resource-constrained sensor nodes. These networks are susceptible to many kinds of attacks as they have limited memory, battery life and computational power.... more
Wireless Sensor Networks (WSN) are large systems that consist of low-cost, and resource-constrained sensor nodes. These networks are susceptible to many kinds of attacks as they have limited memory, battery life and computational power. Intrusion Detection is a solution to secure WSNs against several kinds of attacks. In this paper, we review types of attacks against WSNs and relevant intrusion detection approaches so that the attack detection capabilities of the latter are identified.
Research Interests:
Research Interests: Information Systems, Computer Science, Ethics, International Cooperation, Computer Security, and 12 moreMedicine, Greece, Disclosure, Europe, Data Protection, Medical systems, Patient Rights, Codes of Ethics, Public health systems and services research, Internationality, Public Policy, and Government Regulation
Research Interests:
This paper analyses the results of a recent survey performed among medical establishment personnel in Greece, evaluates information security legislation existing in other countries and incorporates guidelines of international societies to... more
This paper analyses the results of a recent survey performed among medical establishment personnel in Greece, evaluates information security legislation existing in other countries and incorporates guidelines of international societies to propose principles governing a future legal framework. Furthermore, it presents a design methodology for designing secure information systems and provides an example of the use of this methodology in designing a database oriented secure medical information system with access rights incorporated.
Research Interests:
Research Interests: Information Systems, Algorithms, Communication, Medical Informatics, Digital Signature, and 15 moreAccess Control, Computer Security, Cryptography, Library and Information Studies, Humans, Europe, Computer User Interface Design, Information Storage and Retrieval, Digital Signatures, Medical Application, Pilot Projects, Internet, for Health, Information System, and Information Protection
Research Interests:
Healthcare Establishments (HCEs) have developed a major dependency on Information and Communications Technologies (ICT) in the last decade. The increasing reliance upon ICT has stressed the need to foster security in Healthcare... more
Healthcare Establishments (HCEs) have developed a major dependency on Information and Communications Technologies (ICT) in the last decade. The increasing reliance upon ICT has stressed the need to foster security in Healthcare Information Systems (HIS). Security policies may have a significant contribution to make to this effort, but they could cause portability and inter-operability problems. Moreover, policies that fail to take into account all the aspects of HIS security, the legal and regulatory requirements, and the effect of several stakeholders, may lead to ineffective and inefficient security measures. We argue that policies of a special category, named Generic Security Policies (GSPs), should be developed to provide policy-level harmonization and guidance to policy-makers within HCEs. We have reviewed five policies that appear as candidates and have used the results of this review to compile a set of guidelines for potential developers of GSPs.
Research Interests:
Research Interests:
Research Interests: Information Security, Digital Signature, Access Control, Distributed Storage, World Wide Web, and 8 moreUser authentication, Certificate Authority, Computers Security, Healthcare Information System Market, Trusted Third Party, Access Control List, Commercial Off-The-Shelf, and Medical Information System
Page 1. 2nd International Conference on Experiments/Process/System Modelling/Simulation & Optimization 2nd IC-EpsMsO Athens, 4-7 July, 2007 ?? IC-EpsMsO MULTIVARIATE ARMA ORDER ESTIMATION VIA MULTI-MODEL PARTITION THEORY Stylianos Sp.... more
Page 1. 2nd International Conference on Experiments/Process/System Modelling/Simulation & Optimization 2nd IC-EpsMsO Athens, 4-7 July, 2007 ?? IC-EpsMsO MULTIVARIATE ARMA ORDER ESTIMATION VIA MULTI-MODEL PARTITION THEORY Stylianos Sp. ...
Traditional business practice depends on trust relations between the transacting parties. One of the most important aspects of this trust is the quality of the offered services or products. The Web currently constitutes an enabler for... more
Traditional business practice depends on trust relations between the transacting parties. One of the most important aspects of this trust is the quality of the offered services or products. The Web currently constitutes an enabler for Electronic Commerce, providing a global transaction platform that does not require physical presence. However, transferring trust from the physical world to the electronic one is a process that requires a trust infrastructure to be provided by the electronic world. We believe that current infrastructure ...
Research Interests:
Research Interests:
Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased... more
Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, ...
Research Interests:
An important aspect of research on software objects, components, and component-based applications concerns their interoperation. When there is a need for two or more software components, based on different technologies, to interoperate... more
An important aspect of research on software objects, components, and component-based applications concerns their interoperation. When there is a need for two or more software components, based on different technologies, to interoperate the mission target is to make the components hide the fact that the other components are functioning under a different technology without changing their characteristics and behavior. In this paper we describe basic strategies for bridging the gap between the three basic middleware remoting technologies (CORBA, DCOM, and RMI) and present our approach for a Java-based Object Mediator architecture.
Research Interests: Middleware and Components
Virginia, USA We introduce the concept of an “open healthcare environment”, which is an electronic domain in which multiple healthcare entities need to interact but do not necessarily have complete knowledge of each other. In this... more
Virginia, USA We introduce the concept of an “open healthcare environment”, which is an electronic domain in which multiple healthcare entities need to interact but do not necessarily have complete knowledge of each other. In this setting, we show that a tool like OC (Open Collaboration), a tool being developed to support a variety of electronic collaboration needs, may be useful. OC is built on the open-source JXTA and MyJXTA toolkits. Group and role information is propagated in a peer-to-peer fashion, and peers can share files and send instant messages to any peer who is a member of an appropriate group or role.
The reporting of incidents of misconduct, violence, sexual assault, harassment, and other types of crime that constitute a major concern in modern society is of significant value when investigating such incidents. Unfortunately, people... more
The reporting of incidents of misconduct, violence, sexual assault, harassment, and other types of crime that constitute a major concern in modern society is of significant value when investigating such incidents. Unfortunately, people involved in such incidents, either as witnesses or victims, are often reluctant to report them when such reporting demands revealing the reporter’s true identity. In this paper, we propose an online reporting system that leverages Identity-Based Cryptography (IBC) and offers data authentication, data integrity, and data confidentiality services to both eponymous and anonymous users. The system, called ARIBC, is founded on a certificate-less, public-key, IBC infrastructure, implemented by employing the Sakai–Kasahara approach and by following the IEEE 1363.3-2013 standard. We develop a proof-of-concept implementation of the proposed scheme, and demonstrate its applicability in environments with constrained human, organizational and/or computational res...
Research Interests:
Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2019) -- Security and Privacy Requirements Engineering (SECPRE 2019) -- Security, Privacy, Organizations, and Systems Engineering (SPOSE 2019) -- Attacks and... more
Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2019) -- Security and Privacy Requirements Engineering (SECPRE 2019) -- Security, Privacy, Organizations, and Systems Engineering (SPOSE 2019) -- Attacks and Defenses for Internet-of-Things (ADIoT 2019).
Research Interests:
Recent innovations in the smart city domain include new autonomous transportation solutions such as buses and cars, while Autonomous Passenger Ships (APS) are being considered for carrying passengers across urban waterways. APS integrate... more
Recent innovations in the smart city domain include new autonomous transportation solutions such as buses and cars, while Autonomous Passenger Ships (APS) are being considered for carrying passengers across urban waterways. APS integrate several interconnected systems and services that are required to communicate in a reliable manner to provide safe and secure real-time operations. In this paper, we discuss the APS context, stakeholders, regulations, standards and functions in order to identify communication and cybersecurity requirements towards designing a secure communication architecture suitable for APS.