Security issues are deeply important in our everyday lives. Nobody should be able to use your data in malicious ways. Yet, this still happens. Therefore, it is of great importance that research is conducted about these issues, to develop intrusion detection systems and efficient authentication mechanisms hence making our society a safer place.
Katerina Mitrokotsa is one such researcher. She is of Greek origin, and has been working at universities in Switzerland and the Netherlands before arriving in Sweden and Chalmers in August 2013. Currently, she holds a position as Assistant Professor in the Department of Computer Science and Engineering.
Please give us a description of your latest research
There are many applications in our everyday life where security is necessary in order to guarantee reliable and efficient communication. For instance, recent cars have embedded RFID readers and car keys have embedded RFID chips (tags). In such a scenario, the car key has to be close enough to the car in order to unlock and sometimes even start the car.
The modern day car thief doesn’t use a crowbar to break into your car, instead he can perform a type of attacks, called relay, and unlock the car even if the car key is very far away from the car. These attacks have also been launched against bankcards, cards for access control in buildings as well as mobile phones.
The main countermeasure against these attacks is a special type of authentication protocols called distance bounding protocols. So my recent research is focusing on these protocols. These protocols are used to establish an upper bound on the physical distance between a two entities; in the automobile access control example between the car and the key.
More precisely, these protocols are based on measuring the time delay between sending out a challenge (usually just a bit) and receiving back the corresponding response. After completing the protocol the car is able to answer the question: Is this key close enough and is it a legitimate key?
Another research area that interests me a lot is privacy-preserving biometrics. Biometric authentication is often used in access control systems for instance in recent passports. In biometric authentication, biometric templates (i.e. fingerprints, retina scans etc.) are usually stored in databases. However this creates serious concerns about the privacy of biometric authentication. I am interested in designing efficient biometric authentication protocols that guarantee privacy-preservation as well as accuracy in the authentication process which is quite challenging. A possible solution is to encrypt all the biometric information involved in the authentication process.
What is the most important result from your research?
A distance bounding protocol that we have developed in collaboration with other researchers and is provably secure. Now it will be very interesting to see its practical implementation.
Are your results expected or unexpected?
Usually the process of proposing a new authentication protocol or in general a mechanism that may be employed in securing a system is quite long. We start by designing a protocol and then we realise it is not strong enough and we need to modify it to make sure that we have taken into consideration all important parameters. An initial idea might not be working and we may have to alter multiple times our design to reach the wished result.
Are there any possible applications for your research? For whom is it interesting, mostly for other researchers, or also for other groups in our society?
Yes, there are many everyday life applications. My research results are related mainly to wireless communication that we use for instance in access control systems, automobile access, transport systems, e-passports, mobile phones. Thus, it has a direct impact for the wide public as well as for other researchers working in the area of wireless communications. For instance, the distance bounding protocols we have developed could be employed in the automobile industry. I am very much interested in such a possible implementation with Volvo.
There is also an increasing need for applying RFID and security systems in mobile applications, such as medical devices. Nowadays, we start to see these techniques in devices like insulin pumps and pacemakers. Therefore, it is of utmost importance to prevent attacks in those kinds of systems. A denial of service could, in the worst case scenario, be fatal.
Which other researchers do you collaborate with?
I still collaborate with researchers at my previous research groups in Switzerland and the Netherlands, as well as in Spain and in Greece. Here in Chalmers I would be interested in starting collaborations with Andrei Saberfeld related to location privacy, Marina Papatriantafilou related to smart grids, and Tomas Olovsson related to vehicular security.
Which Areas of Advance does your research connect to?
My research has possible applications within many of Chalmers Areas of Advance: ICT of course, but also Transport, Energy and Life Science Engineering.
Could your results be connected to any issue that has been reflected in the media lately?
Yes, lately there have been a lot of reports on attacks, in medical applications, cars and biometrics.
Is your research financed by public means or by businesses/interest groups?
I was recruited through a very competitive process from a program for Information Communication Technology (ICT) Areas of Advance (ICT-AoA) that Chalmers uses to recruit international talent and invests in promising research directions. ICT AoA is also providing funds so that I can hire a PhD student that will be working under my supervision. Furthemore, part of my research is funded by the European Commission through the European project ``BEAT: Biometric Evaluation and Testing”. In the past my research was funded by the European Commission via a Marie Curie Fellowship as well as by the Netherlands Organisation for Research (NWO).
Which future challenges do you find the most exciting?
I find it interesting that we want everything connected. We involve ourselves heavily in social networks, and still we want to maintain some sort of privacy. Sharing has never been easier, but is also a bit scary. Where could my information end up? It brings with it a lot of security, privacy as well as usability challenges. We want easy communication with fewer resources, faster and faster.
Are there any myths in society coupled to your research that you would take the opportunity to debunk?
Everyone wants to be secure. But with more and more applications interconnected, it becomes harder and harder to maintain security. You cannot have a system 100 % secure. There will always be attacks. But expectations must be met. There is a constant battle to fight new problems. Trying to find solutions to challenging attacks is very interesting.
You have moved to Sweden quite recently. What do think about it so far?
I consider Sweden to be a very developed country. Sweden has a good reputation about its social services, research opportunities as well as the opportunities provided to women. I would like to find out if this is really the case.
What do you think about Gothenburg?
I think it is a big enough city, where you can find everything without having the frustration of a very big city. The summer was very pleasant, the winter seems to be quite rainy though.
And what about Chalmers?
I find it very organized and it seems to have attracted a lot of funding recently. That is a sign of quality I would say. I consider it to be a very international and intellectually stimulating environment, where many things happen constantly!