Denial-of-service attacks in wireless networks using off-the-shelf hardware

Wireless network technologies offer ubiquitous broadband access to millions of users at an affordable cost. However, the broadband nature of the wireless medium make these networks vulnerable to a number of attacks. Malicious interference at the physical layer, and extended packet collisions at the medium access layer can cause significant DoS attacks. In this work, we show how off-the-shelf hardware can be used to create devastating DoS attacks in a IEEE 802.11 network. Moreover, we present two algorithms for attack detection that are based on the cumulative sum algorithm. © 2014 Springer International Publishing Switzerland

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

A tool for monitoring and maintaining system trustworthiness at runtime

Trustworthiness of software systems is a key factor in their acceptance and effectiveness. This is especially the case for cyber-physical systems, where incorrect or even sub-optimal functioning of the system may have detrimental effects. In addition to designing systems with trustworthiness in mind, monitoring and maintaining trustworthiness at runtime is critical to identify issues that could negatively affect a system's trustworthiness. In this paper, we present a fully operational tool for system trustworthiness maintenance, covering a comprehensive set of quality attributes. It automatically detects, and in some cases mitigates, trustworthiness threatening events. The use of such a tool can enable complex software systems to support runtime adaptation and self-healing, thus reducing the overall upkeep cost and complexity

WARDOG: Awareness detection watchbog for Botnet infection on the host device

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG – an awareness and digital forensic system that informs the end-user of the botnet’s infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field

NextGEM: Next-Generation Integrated Sensing and Analytical System for Monitoring and Assessing Radiofrequency Electromagnetic Field Exposure and Health

The evolution of emerging technologies that use Radio Frequency Electromagnetic Field (RF-EMF) has increased the interest of the scientific community and society regarding the possible adverse effects on human health and the environment. This article provides NextGEM's vision to assure safety for EU citizens when employing existing and future EMF-based telecommunication technologies. This is accomplished by generating relevant knowledge that ascertains appropriate prevention and control/actuation actions regarding RF-EMF exposure in residential, public, and occupational settings. Fulfilling this vision, NextGEM commits to the need for a healthy living and working environment under safe RF-EMF exposure conditions that can be trusted by people and be in line with the regulations and laws developed by public authorities. NextGEM provides a framework for generating health-relevant scientific knowledge and data on new scenarios of exposure to RF-EMF in multiple frequency bands and developing and validating tools for evidence-based risk assessment. Finally, NextGEM's Innovation and Knowledge Hub (NIKH) will offer a standardized way for European regulatory authorities and the scientific community to store and assess project outcomes and provide access to findable, accessible, interoperable, and reusable (FAIR) data