Konstantinos Kalogiannis

Protecting our vehicular journey to the future

Autonomous vehicles and Intelligent Transportation Systems (ITS) are emerging technologies that provide safer and more comfortable transportation, e.g., by reducing traffic, and stop-and-go motions and enabling faster (than human) response times. Importantly, they affect vehicular fuel consumption leading to a decrease in overall emissions. However, these systems need to be made secure to guarantee the safety and privacy of their passengers. Thus, my goal is to one day securely deploy those systems for the benefit of the environment and the society we live in. To that end, I work on the security and privacy aspects of these technologies, their platoon formations, and control algorithms at the Networked Systems Security(NSS) group at the KTH Royal Institute of Technology.

Current solutions can alleviate a subset of the problem but come short concerning sophisticated attacks. Protocols facilitating coordinated maneuvers, such as lane merging and intersection crossing, are susceptible to malicious users manipulating data and generally misbehaving. Vehicles forming platoons are susceptible to internal falsification attacks and their essential maneuvers can be highly-sought targets for attackers. Their privacy footprint is still an open problem despite the existence of schemes that try to protect the vehicular ecosystem (such as mix zones).

As part of my journey to expand my knowledge in the field (through new challenges), my interests also include large software systems security, both in terms of their technical components and in those operating them. Threat analysis and the subsequent risk assessment need to take into account all the attack vectors, software, hardware, or humans, in order to employ the relevant defenses. For example, software systems can be compromised during their implementation or deployment through software supply chain attacks (e.g., the Solar Winds hack). Moreover, despite the effort to train users against social engineering attacks, they are still prevalent. Well-crafted emails only need to fool the user once to compromise the system.