Education

Research Interests

Teaching Activities

Journals


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


E. Rekleitis, P. Rizomiliotis, S. Gritzalis, How to Protect Security and Privacy in the Internet of Things: A Policy-based RFID tag management protocol, Security and Communication Networks, Vol. 7, No. 12, pp. 2669-2683, 2014, Wiley, http://onlinelibrary.wiley.com/doi/10.10..., indexed in SCI-E, IF = 0.72
 

Abstract
Radio-frequency identification (RFID) technology constitutes an important part of what has become known as the Internet of Things (IoT) that is accessible and interconnected machines and everyday objects that form a dynamic and complex environment. To secure the IoT in a cost-efficient manner, we need to build security and privacy into the design of its components. Moreover, mechanisms should be constructed that will allow both individuals and organizations to actively manage their “things” and information in a highly flux environment. The contributions of this paper are twofold: We first discuss the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems. Second, we propose a novel secure and privacy-preserving tag management protocol that can support such policies. Our protocol has a modular design that allows it to support a set of desirable management operations (viz. tag authentication, delegation, and ownership transfer) while imposing minimal hardware and computational requirements on the tag side. Furthermore, inspired by the European Network and Information Security Agency's Flying 2.0 study, we describe a near-future air travel scenario to further explain and demonstrate the inner workings of our proposal.

P. Rizomiliotis, E. Rekleitis, S. Gritzalis, Security Analysis of the Song-Mitchell Authentication Protocol for Low-Cost RFID tags, IEEE Communications Letters, Vol. 13, No. 4, pp. 274-276, 2009, IEEE Press, http://ieeexplore.ieee.org/xpl/articleDe..., indexed in SCI-E, IF = 1.463
 

Abstract
In this paper, we describe an attack against one of the most efficient authentication protocols for low-cost RFID tags recently proposed by Song and Mitchell. A weak attacker, i.e. an attacker that has no access to the internal data of a tag, is able to impersonate a legitimate reader/server, and to desynchronize a tag. The attack is very efficient and has minimal computational complexity. Finally, we propose a simple solution to fix the flaw.

Conferences


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


P. Rizomiliotis, E. Rekleitis, S. Gritzalis, Designing secure RFID authentication protocols is (still) a non-trivial task, NSS 2011 5th International Conference on Network and Systems Security, P. Samarati, S. Foresti, J. Hu, (eds), pp. 73-80, Sep, 2011, Milan, Italy, IEEE CPS Conference Publishing Services, http://ieeexplore.ieee.org/xpl/login.jsp...
 

Abstract
In the last few years, a plethora of RFID authentication protocols have been proposed and several security analyses have been published creating the impression that designing such a protocol must be, more or less, a straightforward task. In this paper, we investigate the security of two recently proposed schemes, showing that designing a secure RFID authentication protocol is still a demanding process. One is a mature work; in the sense that it has predecessors that have been extensively analyzed, while the other is a fresh proposal. Our security analysis demonstrates that both are weak, as they suffer from a similar desychronization attack. In addition we prove the existence of a fatal tag impersonation attack against the second one.

E. Rekleitis, P. Rizomiliotis, S. Gritzalis, A holistic approach to RFID security and privacy, SecIoT 2010 1st International Workshop on the Security of the Internet of Things, J. Zhou. et al., (eds), Dec, 2010, Tokyo, Japan, http://www.researchgate.net/publication/...
 

Abstract
RFID technology constitutes an important part of what has become known as the IoT; i.e accessible and interconnected machines and everyday objects that form a dynamic and complex environment. In order to be able to secure the IoT in a cost-efficient manner we need to build security and privacy into the design of its components. Thus, in this paper, we first introduce the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems, and with this in mind, we propose a novel secure and privacy preserving tag management protocol to implement such policies. The new protocol has a modular design in order to support all the basic management operations (tag authentication, delegation and ownership transfer), while imposing minimal hardware and computational requirements on the tag side.

E. Rekleitis, P. Rizomiliotis, S. Gritzalis, An Agent Based Back-end RFID Tag Management System, TrustBus’10 7th International Conference on Trust, Privacy and Security in Digital Business, S.Katsikas, J.Lopez, M. Soriano , (eds), pp. 165-176, Aug, 2010, Bilbao, Spain, Springer Berlin Heidelberg, http://link.springer.com/content/pdf/10....
 

Abstract
Motivated by the plethora of RFID security protocols and the interoperability problems that this diversity causes, we propose a software agent-based platform that allows an RFID back-end subsystem to integrate and manage heterogeneous tags that are based on non-standardized implementations. In addition, we introduce a new suite of lightweight tag management protocols that support tag authentication, time-based tag delegation and ownership transfer. The protocols can take advantage of the proposed agent-based platform and do satisfy all the standard security and privacy requirements.

Books


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


Chapters in Books


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.


[1]
E. Rekleitis, P. Rizomiliotis, S. Gritzalis, Privacy Threats and countermeasures in RFID environments, chapter in: Privacy and Information and Communication Technologies: Technical and Legal Issues, C. Lambrinoudakis, L. Mitrou, S. Gritzalis, S. K. Katsikas, (eds), pp. 193-220, 2010, Athens, Greece, Papasotiriou Pubs. (in Greek),

Conferences Proceedings Editor


Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.