Tsakountakis Aleksandros
atsak@aegean.gr
Tsakountakis Alexandros was born in Heraklion, Greece in 1982. Mr Tsakountakis holds a Diploma in Information and Communication Systems Engineering (2005), a MSc in Information and Communication Systems Security (2007) and a Ph.D. in Information and Communication Systems Security (2009) from the University of the Aegean.
His main research interests include wireless network security, internet telephony security and intrusion detection systems.
Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or mass reproduced without the explicit permission of the copyright holder.
Journals
A. Tsakountakis, G. Kambourakis, S. Gritzalis, SIPA: Generic and Secure Accounting for SIP, Security and Communication Networks, Vol. 5, No. 9, pp. 1006-1027, 2012, Wiley, http://onlinelibrary.wiley.com/doi/..., indexed in SCI-E, IF = 0.311
Download Abstract
Authentication, authorization, and accounting services provide the framework on top of which a reliable, secure, and robust accounting system can be built. In a previous work of ours, we have presented a flexible and, most importantly, generic accounting scheme for next generation networks. In this paper, we substantially improve our previous work by providing the required Diameter application namely SIP-Accounting (SIPA) that enables the use of our accounting scheme for Session Initiation Protocol (SIP) services. Additionally, in an effort to protect the service providers and the end users against accounting frauds, we implement an add-on mechanism referred to as SIPA+ to combat attacks targeting the core accounting functions and the integrity of the respective accounting messages. Using the implemented SIPA and SIPA+ prototypes, we conducted a complete set of experiments testing several configurations and two distinct scenarios. The results reveal that the proposed accounting system and its security add-on are fully operable in SIP environments without incurring much cost in terms of performance and overhead.
Authentication, authorization, and accounting services provide the framework on top of which a reliable, secure, and robust accounting system can be built. In a previous work of ours, we have presented a flexible and, most importantly, generic accounting scheme for next generation networks. In this paper, we substantially improve our previous work by providing the required Diameter application namely SIP-Accounting (SIPA) that enables the use of our accounting scheme for Session Initiation Protocol (SIP) services. Additionally, in an effort to protect the service providers and the end users against accounting frauds, we implement an add-on mechanism referred to as SIPA+ to combat attacks targeting the core accounting functions and the integrity of the respective accounting messages. Using the implemented SIPA and SIPA+ prototypes, we conducted a complete set of experiments testing several configurations and two distinct scenarios. The results reveal that the proposed accounting system and its security add-on are fully operable in SIP environments without incurring much cost in terms of performance and overhead.
A. Tsakountakis, G. Kambourakis, S. Gritzalis, A Generic Accounting Scheme for Next Generation Networks, Computer Networks, Vol. 53, No. 14, pp. 2408-2426, 2009, Elsevier, http://www.sciencedirect.com/scienc..., indexed in SCI-E, IF = 1.201
Abstract
Accounting is generally considered as one of the most challenging issues in modern and future mobile networks. As multi-domain complex heterogeneous environments are becoming a common terrain, accounting procedures performed by network and service providers have turned into a key aspect. However, in order for these networks to reliably deliver modern real-time services, they should, among other things, provide accurate accounting services, particularly billing. This work elaborates on the accounting process, proposing a novel and robust accounting system. The requirements of the proposed mechanism are defined and all the accounting scenarios that the system should cope with are examined. All the proposed accounting extensions are implemented by means of Diameter AVPs and commands. Our mechanism is generic and capitalizes on the existing AAA infrastructure, thus providing secure means to transfer and store sensitive billing data. More importantly, it can be easily incorporated into the providers’ existing mechanisms regardless of the underlying network technology. At the same time, its generic nature allows for interoperability between different network operators and service providers. Through extensive experimentation, we can also infer that our scheme is lightweight, scalable, and easy to implement requiring only minor modifications to the core Diameter protocol.
Accounting is generally considered as one of the most challenging issues in modern and future mobile networks. As multi-domain complex heterogeneous environments are becoming a common terrain, accounting procedures performed by network and service providers have turned into a key aspect. However, in order for these networks to reliably deliver modern real-time services, they should, among other things, provide accurate accounting services, particularly billing. This work elaborates on the accounting process, proposing a novel and robust accounting system. The requirements of the proposed mechanism are defined and all the accounting scenarios that the system should cope with are examined. All the proposed accounting extensions are implemented by means of Diameter AVPs and commands. Our mechanism is generic and capitalizes on the existing AAA infrastructure, thus providing secure means to transfer and store sensitive billing data. More importantly, it can be easily incorporated into the providers’ existing mechanisms regardless of the underlying network technology. At the same time, its generic nature allows for interoperability between different network operators and service providers. Through extensive experimentation, we can also infer that our scheme is lightweight, scalable, and easy to implement requiring only minor modifications to the core Diameter protocol.
Conferences
A. Tsakountakis, G. Kambourakis, S. Gritzalis, A new Accounting Mechanism for Modern and Future AAA Services, IFIP SEC 2008 23rd International Information Security Conference , pp. 693-697, 2008, Springer, http://link.springer.com/content/pd...
Abstract
Accounting along with Authentication and Authorization comprise the concept of AAA provided by IETF (Internet Engineering Task Force). In heterogeneous environments, where different administrative domains and different wired and wireless technologies are utilized, those principles are often hard and complex to correctly implement and evaluate. Specifically, accounting which is our topic of interest, is in many cases a complicated procedure since many aspects need to be taken into consideration. In this respect, a distributed, flexible, robust, secure and generic accounting system needs to be implemented in order to provide the ability to determine which user has acquired which services and for how long at each operator domain. This work examines different scenarios applicable to such 3G/4G hybrid mobile environments and suggests a novel, generic mechanism to support accounting.
Accounting along with Authentication and Authorization comprise the concept of AAA provided by IETF (Internet Engineering Task Force). In heterogeneous environments, where different administrative domains and different wired and wireless technologies are utilized, those principles are often hard and complex to correctly implement and evaluate. Specifically, accounting which is our topic of interest, is in many cases a complicated procedure since many aspects need to be taken into consideration. In this respect, a distributed, flexible, robust, secure and generic accounting system needs to be implemented in order to provide the ability to determine which user has acquired which services and for how long at each operator domain. This work examines different scenarios applicable to such 3G/4G hybrid mobile environments and suggests a novel, generic mechanism to support accounting.
A. Tsakountakis, G. Kambourakis, S. Gritzalis, On RSN-oriented Wireless Intrusion Detection, 2nd OTM International Symposium on Information Security (IS), pp. 1601-1615, 2007, Lecture Notes in Computer Science LNCS, Springer, http://link.springer.com/content/pd...
Abstract
Robust Security Network (RSN) epitomised by IEEE 802.11i substandard is promising what it stands for; robust and effective protection for mission critical Wireless Local Area Networks (WLAN). However, despite the fact that 802.11i overhauls the IEEE’s 802.11 security standard several weaknesses still remain. In this context, the complementary assistance of Wireless Intrusion Detection Systems (WIDS) to deal with existing and new threats is greatly appreciated. In this paper we focus on 802.11i intrusion detection, discuss what is missing, what the possibilities are, and experimentally explore ways to make them intertwine and co-work. Our experiments employing well known open source attack tools and custom made software reveal that most 802.11i specific attacks can be effectively recognised, either directly or indirectly. We also consider and discuss Distributed Wireless Intrusion Detection (DIDS), which seems to fit best in RSN networks.
Robust Security Network (RSN) epitomised by IEEE 802.11i substandard is promising what it stands for; robust and effective protection for mission critical Wireless Local Area Networks (WLAN). However, despite the fact that 802.11i overhauls the IEEE’s 802.11 security standard several weaknesses still remain. In this context, the complementary assistance of Wireless Intrusion Detection Systems (WIDS) to deal with existing and new threats is greatly appreciated. In this paper we focus on 802.11i intrusion detection, discuss what is missing, what the possibilities are, and experimentally explore ways to make them intertwine and co-work. Our experiments employing well known open source attack tools and custom made software reveal that most 802.11i specific attacks can be effectively recognised, either directly or indirectly. We also consider and discuss Distributed Wireless Intrusion Detection (DIDS), which seems to fit best in RSN networks.
A. Tsakountakis, G. Kambourakis, S. Gritzalis, Towards Effective Wireless Intrusion Detection in IEEE 802.11i, 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (in conjunction with the IEEE ICPS, pp. 37-42, 2007, IEEE CPS, http://ieeexplore.ieee.org/xpl/arti...
Abstract
The proliferation of wireless devices and the availability of wireless applications and services constantly raise new security concerns. Towards this direction, wireless intrusion detection systems (WIDS) can assist a great deal to proactively and reactively protect wireless networks, thus discouraging or repealing potential adversaries. In this paper we discuss the major wireless attack categories concerning IEEE 802.11 family networks and in particular the latest 802.11i security standard. We elaborate on 802.11 specific attacks and experimentally explore how these outbreaks can be effectively mitigated or thwarted by a properly designed WIDS. Among specially crafted software for both WIDS's modules as well as for attack generators, our test-bed embraces the majority of well known open source attack tools. Test results show that the proposed WIDS modules are able to effectively detect, either directly or indirectly, most attacks.
The proliferation of wireless devices and the availability of wireless applications and services constantly raise new security concerns. Towards this direction, wireless intrusion detection systems (WIDS) can assist a great deal to proactively and reactively protect wireless networks, thus discouraging or repealing potential adversaries. In this paper we discuss the major wireless attack categories concerning IEEE 802.11 family networks and in particular the latest 802.11i security standard. We elaborate on 802.11 specific attacks and experimentally explore how these outbreaks can be effectively mitigated or thwarted by a properly designed WIDS. Among specially crafted software for both WIDS's modules as well as for attack generators, our test-bed embraces the majority of well known open source attack tools. Test results show that the proposed WIDS modules are able to effectively detect, either directly or indirectly, most attacks.