Research Interests

  • Smartphone Security
  • Anomaly Detection (Machine Learning)
  • Intrusion Detection and Prevention Systems
  • IoT Security
  • Cloud security
  • Mobile Applications and Services Security

Publications

Filter by type:

Sort by year:

User privacy and modern mobile services: Are they on the same path?

Dimitrios Damoupolos, Georgios Kambourakis, Marios Anagnostopoulos, Stefanos Gritzalis, James H. Park
Information Systems Frontiers, Springer, 2010

Abstract

Perhaps, the most important parameter for any mobile application or service is the way it is delivered and experienced by the end-users, who usually, in due course, decide to keep it on their software portfolio or not. Most would agree that security and privacy have both a crucial role to play toward this goal. In this context, the current paper revolves around a key question: Do modern mobile applications respect the privacy of the end-user? The focus is on the iPhone platform security and especially on user’s data privacy. By the implementation of a DNS poisoning malware and two real attack scenarios on the popular Siri and Tethering services, we demonstrate that the privacy of the end-user is at stake.

iSAM: An iPhone Stealth Airborne Malware

Dimitrios Damoupolos, G. Kambourakis, S. Gritzalis
Conference Papers IFIP Advances in Information and Communication Technology, Vol. 354, Springer

Abstract

Modern and powerful mobile devices comprise an attractive target for any potential intruder or malicious code. The usual goal of an attack is to acquire users’ sensitive data or compromise the device so as to use it as a stepping stone (or bot) to unleash a number of attacks to other targets. In this paper, we focus on the popular iPhone device. We create a new stealth and airborne malware namely iSAM able to wirelessly infect and self-propagate to iPhone devices. iSAM incorporates six different malware mechanisms, and is able to connect back to the iSAM bot master server to update its programming logic or to obey commands and unleash a synchronized attack. Our analysis unveils the internal mechanics of iSAM and discusses the way all iSAM components contribute towards achieving its goals. Although iSAM has been specifically designed for iPhone it can be easily modified to attack any iOS-based device.

Introducing Touchstroke: Keystroke-based Authentication System for Smartphones

Dimitrios Damoupolos, G. Kambourakis, D. Papamartzivanos, M. Pavlidakis
Journals Security and Communication Networks, Vol. 9, No. 6, pp. 542-554, 2016, Wiley

Abstract

Keystroke dynamics is a well-investigated behavioral biometric based on the way and rhythm in which someone interacts with a keyboard or keypad when typing characters. This paper explores the potential of this modality but for touchscreen- equipped smartphones. The main research question posed is whether “touchstroking” can be effective in building the biometric profile of a user, in terms of typing pattern, for future authentication. To reach this goal, we implemented a touchstroke system in the Android platform and executed different scenarios under disparate methodologies to estimate its effectiveness in authenticating the end-user. Apart from typical classification features used in legacy keystroke systems, we introduce two novel ones, namely, speed and distance. From the experiments, it can be argued that touchstroke dynamics can be quite competitive, at least, when compared to similar results obtained from keystroke evaluation studies. As far as we are aware of, this is the first time this newly arisen behavioral trait is put into focus.

Let’s Meet! A participatory-based discovery and rendezvous mobile marketing framework

Dimitrios Damoupolos, Lampros Ntalkos, Georgios Kambourakis
Journals Telematics and Informatics, Vol. 32, No. 4, pp. 539-563, 2015, Elsevier

Abstract

Modern mobile devices are nowadays powerful enough and can be used toward defining a new channel of communication with potential consumers. This channel is commonly known as mobile marketing and there is already a number of mobile marketing apps, whose aim is to increase the sales of some product or service. In this context, the Let's Meet! framework presented in this paper is essentially a mobile marketing app. The app groups two or more persons, who basically do not know each other, having as sole criterion their common interest in an offer about a product or a service. Its main objective is to bring them together, so that they can purchase and enjoy an offer, which otherwise could not afford. One of the highlights of our proposal is that all sensitive user data are transmitted in a secure manner, and thus confidentiality is preserved. Users' privacy is also given great consideration. This means for example that the exact geographic locations of the users are never shared with others. For user authentication, Let's Meet! supports both a complete anonymous mode and OAuth 2.0. The framework's main objective, which is to bring the users together, is guaranteed by means of a one-time coupon, generated by the OCRA algorithm, while the final face-to-face user group meeting is achieved through Wi-Fi Direct technology. Moreover, the app implements a smart queueing system for increasing its efficiency. Every possible effort is made to maximize both the number of products being sold and the number of users that eventually enjoy an offer. Finally, a user rating system has been adopted, which rewards any user attitude that helps towards improving the framework's competence. The above qualities make Let's Meet! a novel proposal when considering similar works in the literature so far.

Exposing mobile malware from the inside (or what is your mobile app really doing?)

Dimitrios Damoupolos, Georgios Kambourakis, Stefanos Gritzalis, Sang Oh Park
Journals Peer-to-Peer Networking and Applications, Vol. 7, No. 4, pp. 687-697, 2014, Springer

Abstract

It is without a doubt that malware especially designed for modern mobile platforms is rapidly becoming a serious threat. The problem is further multiplexed by the growing convergence of wired, wireless and cellular networks, since virus writers can now develop sophisticated malicious software that is able to migrate across network domains. This is done in an effort to exploit vulnerabilities and services specific to each network. So far, research in dealing with this risk has concentrated on the Android platform and mainly considered static solutions rather than dynamic ones. Compelled by this fact, in this paper, we contribute a fully-fledged tool able to dynamically analyze any iOS software in terms of method invocation (i.e., which API methods the application invokes and under what order), and produce exploitable results that can be used to manually or automatically trace software’s behavior to decide if it contains malicious code or not. By employing real life malware we assessed our tool both manually, as well as, via heuristic techniques and the results we obtained seem highly accurate in detecting malicious code.

User privacy and modern mobile services: Are they on the same path?

Dimitrios Damoupolos, Georgios Kambourakis, M. Anagnostopoulos, Stefanos Gritzalis, J. H. Park
Journals Personal and Ubiquitous Computing, Vol. 17, No. 7, pp. 1437-1448, 2013, Springer

Abstract

Perhaps, the most important parameter for any mobile application or service is the way it is delivered and experienced by the end-users, who usually, in due course, decide to keep it on their software portfolio or not. Most would agree that security and privacy have both a crucial role to play toward this goal. In this context, the current paper revolves around a key question: Do modern mobile applications respect the privacy of the end-user? The focus is on the iPhone platform security and especially on user’s data privacy. By the implementation of a DNS poisoning malware and two real attack scenarios on the popular Siri and Tethering services, we demonstrate that the privacy of the end-user is at stake.

A critical review of 7 years of Mobile Device Forensics

Dimitrios Damoupolos, Konstantia Barmpatsalou, Georgios Kambourakis, Vasilios Katos
Journals Digital Investigation, Vol. 10, No. 4, pp. 323-349, 2013, Elsevier

Abstract

Mobile Device Forensics (MF) is an interdisciplinary field consisting of techniques applied to a wide range of computing devices, including smartphones and satellite navigation systems. Over the last few years, a significant amount of research has been conducted, concerning various mobile device platforms, data acquisition schemes, and information extraction methods. This work provides a comprehensive overview of the field, by presenting a detailed assessment of the actions and methodologies taken throughout the last seven years. A multilevel chronological categorization of the most significant studies is given in order to provide a quick but complete way of observing the trends within the field. This categorization chart also serves as an analytic progress report, with regards to the evolution of MF. Moreover, since standardization efforts in this area are still in their infancy, this synopsis of research helps set the foundations for a common framework proposal. Furthermore, because technology related to mobile devices is evolving rapidly, disciplines in the MF ecosystem experience frequent changes. The rigorous and critical review of the state-of-the-art in this paper will serve as a resource to support efficient and effective reference and adaptation.

From Keyloggers to Touchloggers: Take the Rough with the Smooth

Dimitrios Damoupolos, Georgios Kambourakis, Stefanos Gritzalis
Journals Computers & Security, Vol. 32, pp. 102-114, 2013, Elsevier

Abstract

The proliferation of touchscreen devices brings along several interesting research challenges. One of them is whether touchstroke-based analysis (similar to keylogging) can be a reliable means of profiling the user of a mobile device. Of course, in such a setting, the coin has two sides. First, one can employ the output produced by such a system to feed machine learning classifiers and later on intrusion detection engines. Second, aggressors can install touchloggers to harvest user's private data. This malicious option has been also extensively exploited in the past by legacy keyloggers under various settings, but has been scarcely assessed for soft keyboards. Compelled by these separate but interdependent aspects, we implement the first-known native and fully operational touchlogger for ultramodern smartphones and especially for those employing the proprietary iOS platform. The results we obtained for the first objective are very promising showing an accuracy in identifying misuses, and thus post-authenticating the user, in an amount that exceeds 99%. The virulent personality of such software when used maliciously is also demonstrated through real-use cases.

MILC: A Secure and Privacy-Preserving Mobile Instant Locator with Chatting

Dimitrios Damoupolos, Athanasios Loukas, Sofia A. Menesidou, Maria E. Skarkala, Georgios Kambourakis, Stefanos Gritzalis
Journals Information System Frontiers, Vol. 14, No. 3, pp. 481-497, 2012, Springer

Abstract

The key issue for any mobile application or service is the way it is delivered and experienced by users, who eventually may decide to keep it on their software portfolio or not. Without doubt, security and privacy have both a crucial role to play towards this goal. Very recently, Gartner has identified the top ten of consumer mobile applications that are expected to dominate the market in the near future. Among them one can earmark location-based services in number 2 and mobile instant messaging in number 9. This paper presents a novel application namely MILC that blends both features. That is, MILC offers users the ability to chat, interchange geographic co-ordinates and make Splashes in real-time. At present, several implementations provide these services separately or jointly, but none of them offers real security and preserves the privacy of the end-users at the same time. On the contrary, MILC provides an acceptable level of security by utilizing both asymmetric and symmetric cryptography, and most importantly, put the user in control of her own personal information and her private sphere. The analysis and our contribution are threefold starting from the theoretical background, continuing to the technical part, and providing an evaluation of the MILC system. We present and discuss several issues, including the different services that MILC supports, system architecture, protocols, security, privacy etc. Using a prototype implemented in Google’s Android OS, we demonstrate that the proposed system is fast performing, secure, privacy-preserving and potentially extensible.

Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers

Dimitrios Damoupolos, Sofia A. Menesidou, Georgios Kambourakis, Maria Papadaki, Nathan Clarke, Stefanos Gritzalis
Journals Security and Communication Networks, Vol. 5, No. 1, pp. 3-14, 2012, Wile

Abstract

Mobile devices have evolved and experienced an immense popularity over the last few years. This growth however has exposed mobile devices to an increasing number of security threats. Despite the variety of peripheral protection mechanisms described in the literature, authentication and access control cannot provide integral protection against intrusions. Thus, a need for more intelligent and sophisticated security controls such as intrusion detection systems (IDSs) is necessary. Whilst much work has been devoted to mobile device IDSs, research on anomaly-based or behaviour-based IDS for such devices has been limited leaving several problems unsolved. Motivated by this fact, in this paper, we focus on anomaly-based IDS for modern mobile devices. A dataset consisting of iPhone users data logs has been created, and various classification and validation methods have been evaluated to assess their effectiveness in detecting misuses. Specifically, the experimental procedure includes and cross-evaluates four machine learning algorithms (i.e. Bayesian networks, radial basis function, K-nearest neighbours and random Forest), which classify the behaviour of the end-user in terms of telephone calls, SMS and Web browsing history. In order to detect illegitimate use of service by a potential malware or a thief, the experimental procedure examines the aforementioned services independently as well as in combination in a multimodal fashion. The results are very promising showing the ability of at least one classifier to detect intrusions with a high true positive rate of 99.8%. Copyright © 2011 John Wiley & Sons, Ltd.

Evaluation of Anomaly-Based IDS for Mobile Devices Using Machine Learning Classifiers

Dimitrios Damoupolos, L. Spiliotopoulou, Y. Charalabidis, M. Maragoudakis, S. Gritzalis
Conference Papers HICSS-50 2017 Hawaii International Conference on System Sciences, T. Bui, R. Sprague, (eds), pp. 2835–2844, January 2017, Hawaii, USA, IEEE CPS Conference Publishing Services

WYSISNWIV: What You Scan Is Not What I Visit

Dimitrios Damoupolos, Q. Yang, G. Portokalidis
Conference Papers International Symposium on Recent Advances in Intrusion Detection (RAID), (to appear)

Abstract

A variety of attacks, including remote-code execution exploits, malware, and phishing, are delivered to users over the web. Users are lured to malicious websites through spam delivered over email and instant messages, and by links injected in search engines and popular benign websites. In response to such attacks, many initiatives, such as Google's Safe Browsing, are trying to make the web a safer place by scanning URLs to automatically detect and blacklist malicious pages. Such blacklists are then used to block dangerous content, take down domains hosting malware, and warn users that have clicked on suspicious links. However, they are only useful, when scanners and browsers address the web the same way. This paper presents a study that exposes differences on how browsers and scanners parse URLs. These differences leave users vulnerable to malicious web content, because the same URL leads the browser to one page, while the scanner follows the URL to scan another page. We experimentally test all major browsers and URL scanners, as well as various applications that parse URLs, and discover multiple discrepancies. In particular, we discover that pairing Firefox with the blacklist produced by Google's Safe Browsing, leaves Firefox users exposed to malicious content hosted under URLs including the backslash character. The problem is a general one and affects various applications and URL scanners. Even though, the solution is technically straightforward, it requires that multiple parties follow the same standard when parsing URLs. Currently, the standard followed by an application, seems to be unconsciously dictated by the URL parser implementation it is using, while most browsers have strayed from the URL RFC.

A cloud-based architecture to crowdsource mobile app privacy leaks

Dimitrios Damoupolos, Dimitrios Papamartzivanos, Georgios Kambourakis
Conference Papers The 18th Panhellenic Conference on Informatics (PCI 2014), special session on Security and Privacy Issues in the Cloud Computing Era, pp. 1-6, October 2014, Athens, Greece, ACM press

Abstract

Most would agree that modern app-markets have been flooded with applications that not only threaten the security of the OS uperficially, but also in their majority, trample on user’s privacy through the exposure of sensitive information not necessarily needed for their operation. In this context, the current work revolves around 3 key questions: Is there a way for the end-user to easily track - the many times - hidden privacy leaks occurring due to the way mobile apps operate? Can crowdsourcing provide the end-user with a quantitative assessment per app in terms of privacy exposure level? And if yes, in which way a cloud-based crowdsourcing mechanism can detect and alert for changes in the apps’ behavior? Motivated by the aforementioned questions, we design a cloud-based system that operates under a crowdsourcing logic, with the aim to provide i) a real-time privacy-flow tracking service, ii) a collaborative infrastructure for exchanging information related to apps’ privacy exposure level, and iii) potentially a behavior-driven detection mechanism in an effort to take advantage of the crowdsourcing data to its maximum efficasy.

The Best of Both Worlds. A Framework for the Synergistic Operation of Host and Cloud Anomaly-based IDS for Smartphones

Dimitrios Damoupolos, Georgios Kambourakis, Georgios Portokalidis
Conference Papers The 7th European Workshop on Systems Security (EuroSec 2014), April 2014, Amsterdam, The Netherlands, ACM Press

Abstract

Smartphone ownership and usage has seen massive growth in the past years. As a result, their users have attracted unwanted attention from malicious entities and face many security challenges, including malware and privacy issues. This paper concentrates on IDS carefully designed to cater to the security needs of modern mobile platforms. Two main research issues are tackled: (a) the definition of an architecture which can be used towards implementing and deploying such a system in a dual-mode (host/cloud) manner and irrespectively of the underlying platform, and (b) the evaluation of a proof-of-concept anomaly-based IDS implementation that incorporates dissimilar detection features, with the aim to assess its performance qualities when running on state-of-the-art mobile hardware on the host device and on the cloud. This approach allow us to argue in favor of a hybrid host/cloud IDS arrangement (as it assembles the best characteristics of both worlds) and to provide quantitative evaluation facts on if and in which cases machine learning-driven detection is affordable when executed on-device.

A competent post-authentication and non-repudiation biometric-based scheme for m-Learning

Dimitrios Damoupolos, Georgios Kambourakis
Conference Papers , The 10th IASTED International Conference on Web-based Education (WBE 2013), V. Uskov, (ed), pp. 821-827, February 2013, Innsbruck, Austria, ACTA Press

Abstract

As mobile learning (mLearning) gains momentum, so does the worry of the parties involved to mLearning activities regarding the security and privacy level of the underlying systems and practices. Indeed, the basically spontaneous nature of mLearning and the variety of out-of-control devices that are used for supporting its activities, makes it prone to a plethora of attacks such as masquerading and man-in-the-middle. Thus, the provision of some sort of post- authentication and non-repudiation service in an effort to deter and repel ill-motivated activities may be of particular value in such realms. Compelled by this fact, in this paper, we introduce a dynamic signature-based biometric scheme to enable the offering of both of the aforementioned services in mLearning domains. We argue that our solution is both practical and lightweight. Its feasibility is also demonstrated through the use of machine learning techniques.

Lifting the veil on mobile malware: A complete dynamic solution for iOS

Dimitrios Damoupolos, Georgios Kambourakis, Stefanos Gritzalis, Sang Oh Park
Conference Papers The 2012 Summer FTRA International Symposium on Advances in Cryptography, Security and Applications for Future Computing (ACSA-Summer), June 2012, Vancouver, Canada, FTRA

Abstract

It is without a doubt that malware especially designed for modern mobile platforms is rapidly becoming a serious threat. So far, research for dealing with this risk has concentrated on the Android platform and mainly considered static solutions rather than dynamic ones. Compelled by this fact, in this paper, we contribute a fully-fledged tool able to dynamically analyze any iOS software in terms of method invocation (i.e., which API methods the application invokes and under what order), and produce exploitable results that can be used to manually or automatically trace its behavior to decide if it contains malicious code or not. By employing real life malware we assessed our tool both manually as well as via heuristic techniques and the results we obtained are highly accurate in detecting malicious code.

User-privacy and modern smartphones: A Siri(ous) dilemma

Dimitrios Damoupolos, Georgios Kambourakis, M. Anagnostopoulos, Stefanos Gritzalis, J. H. Park
Conference Papers FTRA AIM 2012 International Conference on Advanced IT, Engineering and Management, S. Rho, N. Chilamkurti, W.-E. Chen, S.-O. Park, (eds), February 2012, Seoul, FTRA

Abstract

The focus of this paper is on iPhone platform security and especially on user’s data privacy. We are designing and implementing a new malware that takes over the iOS mDNS protocol and exposes user's privacy information by capitalizing on the new Siri facility. The attack architecture also includes a proxy server which acts as man-in-themiddle between the device and the Apple's original Siri server.

Intrusion Detection and Prevention for Mobile Ecosystems

Dimitrios Damoupolos, Georgios Kambourakis, A. Shabatai, C. Kolias
Book Series in Security, Privacy and Trust, CRC Press, ISBN: 9781138033573