Computer Techhnology Institute and Press - DIOPHANTUS (CTI)

Yannis Stamatiou (born in 1968) graduated from the University of Patras, Department of Computer
Engineering and Informatics, with a grade of 8.86/10 (June 1990). In June 1991, he started graduate
studies at the same department under a government scholarship, working towards a PhD Theoretical
Computer Science, which he completed in December 1997. He worked under the supervision of Prof.
Lefteris Kirousis and his PhD thesis was titled Theory and Applications of the Constraint Satisfaction
Problem: Distributed Environment-Parallel and Randomized Algorithms-Nonmonotonic Reasoning. In
1999, he received a Certificate of Postgraduate Studies on Open and Distant Learning Educational
System from the Greek Open University with a grade of 9.10/10. Mr. Stamatiou is currently Associate
Professor at the Department of Business Administration of the University of Patras, Greece and
Consultant (with deputy director responsibilities) on Cryptography and Security for the Security Sector
of the Computer Technology Institute & Press (“Diophantus”) in Patras, Greece.

His interests lie in cryptography, modeling of computer viruses/worms in computer networks,
cryptanalysis and ICT security with a focus in eVoting and eGovernement related security protocols
and systems. He has extensive experience in theoretical and applied computer science with a focus
on cryptography and ICT security. He leads the R&D efforts of the Security Sector of CTI and
coordinates a team of more than 10 junior and senior researchers in basic research as well as
development of security solutions for various R&D projects. He is, also, acting as a Program
Committee member in several security/cryptography related conferences as well as a reviewer for
several peer reviewed scientific journals. He has published over 50 research articles in peer reviewed
international journals and conference proceedings while he has given numerous invited lectures on
cryptography and ICT security related subjects. Papers in which he has coauthored have received, in
total, more than 400 citations, excluding self-citations (Citeseer data). He has supervised more than
20 Master Theses and has acted as advisor for the research efforts of two doctorate students (both
have completed their PhD research) in the field of computer security. Currently, he supervises one
PhD student and three MSc students. Finally, he has also participated as a reviewing expert three
times in EU calls for proposals in security related areas.

With respect to professional experience, Mr. Stamatiou has participated or is participating as a
technical manager, from CTIs side, in the following projects:

IST IP project “ABC4Trust” – Attribute Based Credentials for Trust (2010 – 20013, 10MEuro).
ABC4Trust (https://abc4trust.eu/) addresses the federation and interoperability of existing
technologies that support trustworthy and privacy-preserving authentication, based on Attribute
Based Credentials. The project brings together, among other partners, IBM with its Idemix
authentication system, and Microsoft Research, with its U-prove authentication platform. The project
will integrate and harmonize these two technologies into a single privacy preserving authentication
platform that also includes secure hardware devices such as smart cards, for increased security. CTI,
as a member of the ABC4Trust consortium, will lead one of the two ABC4Trust platform evaluation
pilots. Mr. Stamatiou is responsible for organizing the pilot, developing the necessary Identity
Management System that will be employed in the pilot, installing the combined Idemix and U-prove
identity management systems on the pilot platform and evaluating the pilot results giving feedback to
other consortium partners.

Short term research project titled “Dynamically Reconfigurable block ciphers through parallel
substitution box construction” (from September 8 to September 20, 2008, 4KEuro). This short-term
research project was conducted at the premises of the Barcelona Supercomputing Center (BSC), who
is a member of the European Agency HPC-Europa on High Performance Computing. The project’s
objective was the development of parallel algorithms for the design of s-boxes with high nonlinearity
for use in block ciphers. The algorithms’ implementation was based on the MPICH library on the
parallel computer BSC MareNostrum (10240 processing cores, BladeCenter JS21 Cluster, PPC 970, 2.3
GHz, Myrinet).

Regional Innovation Pole of Western Greece (from 2007 to 2008, 200KEuro). The Regional Innovation
Pole of Western Greece was an association of public and private sector organizations whose goal is to
develop, promote and exploit innovation efforts in Western Greece (RWG). A key objective was to
organize and strengthen the links between the Research /Technology Institutes with Business
Organizations for setting up the framework towards the enhancement of the technological and
innovation achievenements of the Region. Mr. Stamatiou participated as a principal investigator on
the fourth line of research, targeted at the Security of Information Systems and Networks. He
directed the research efforts in the fields of cryptography and ICT security and participated in the
efforts for the implementation of security procedures towards the support of the safe operation of
businesses and organizations.

Electronic voting system – PNYKA (http://www.pnyka.cti.gr, from 2006 to 2008, 250KEuro). This R&D
project, funded by the General Secretariat for Research and Technology, was implemented by the
Research Computer Technology Institute & Press (“Diophantus”) in collaboration with the private
company EXPERTNET. The aim was to design and implement an integrated system for the support of
electronic voting via the Internet, with emphasis on protecting the privacy of citizens. To maximize
the degree of protection of voter privacy, the system incorporates many technological innovations,
such as fully distributed architecture, homomorphic encryption and tallying schemes, group threshold
cryptographic protocols for the voting authorities, and embedded hardware for storing election keys.
It was developed entirely with open source tools so as to facilitate public scrutiny and verifiability.
The PNYKA system was awarded the first prize in the eVoting competition organized by the
Competence Center for Electronic Voting and Participation (http://www.e-voting-competition.at/)
sponsored by the Austrian agency Internet Foundation Austria (IFA). Mr. Stamatiou designed and
implemented all the security sensitive protocols of the system and conducted the formal risk analysis
of its components based on the CORAS risk analysis framework. Also, Mr. Stamatiou presented the
system at the eVoting competition in Austria.

Scientific Consultant of EXPERTNET SA (from 2004 – 2007, total project budget about 1MEuro). Mr.
Stamatiou served as scientific consultant to EXPERNET SA during the company’s participation to four
projects related to security of information systems and eGovernment: (i) IST STREP project e-Mayor.
The aim of the project was to create an integrated platform for the support of online operations of
town halls (at a panEuropean level) and the support of secure exchange of documents among them
(using appropriate cryptographic techniques, and Public Key Infrastructures – PKIs – for authentication
of the documents). (ii) IST eTen project Selis. This project was aimed at implementing a platform for
the secure management of electronic invoices, based on Public Key Infrastructures and appropriate
cryptographic protocols. (iii) IST IP project Intelcities. The aim of the project was to create an open
system, called e-city Platform, for the support of eGovernanve operations with interoperability
capabilities. (iv) Project, supported by GSRT, Bioathletics. This work was aimed at creating a
biometric system to authenticate people entering sports facilities.

Design and development of cryptographic protocols for cryptographically secure sequences of random
numbers for the EXTRA 5 and SUPER 3 OPAP games (from 2001 to 2002, 100KEuro). In this work, Mr.
Stamatiou designed the software and hardware architecture of a system whos aim was to produce
cryptographically secure (in a complexity theoretical sense) for the, then, new games of OPAP named
EXTRA 5 and SUPER 3. Additionally, implemented the most critical parts of the cryptographic system
and managed development team of CTI who performed the final integration. The system designed
and implemented by Mr. Stamatiou contained the following main parts: (i)Three true random number
generators based on physical sources (shot-noise in zener diodes, thermal noise across resistors, and
a software-based one exploiting the randomness in the phase difference between two clock sources in
the motherboard of a personal computer). These three generators were used for seeding the
cryptographically secure ones. (ii) Two cryptographically secure pseudorandom number generators,
BBS and RSA, and two based in suitably modified block ciphers (DES and CAST-128). (iii) Knuth’s M
and B algorithms for combining the outputs of the cryptographically secure generators.

IST STREP project ASPIS (from 2000 to 2002, 500KEuro). This project aimed at producing an
integrated CD/DVD-ROM copy protection platform which includes mechanisms for secure physical
protection from CD/DVD-ROM copying as well as content protection (during storage and transport).
Mr. Stamatiou and his group at CTI had undertaken the tasks of the encryption/decryption of
CD/DVD-ROM contents using dynamically modifiable Feistel-based ciphers (mainly CAST-128), the
watermarking of digital audio files (audio watermarking) and the creation of software libraries for
the support of public key cryptography and corresponding cryptanalysis based on elliptic curves (for
building secure e-commerce applications). Mr. Stamatiou designed and implemented the data
encryption/decryption dynamically modifiable ciphers using Bent Boolean functions for the cipher
sBoxes, With regard to audio file watermarking, Mr. Stamatiou designed and implemented
watermark format and the embedding/extracting process. The resulting watermarking scheme was
based on computationally intractable problems and the theory of threshold phenomena in them. In
this scheme watermarks were seen as graphs within the context of the 3-COLORING problem
generate around the “hard” region of the critical edge to node ratio having a specific coloring only
known to the legitimate owner of the audio file. Knowledge of the coloring (based on Zero Knowledge
Interactive Protocols) implies ownership of the audio file, due to the intractability of discovering a 3-
COLORING in a graph generated around the “hard” region. Finally, Mr. Stamatiou was involved in the
design and implementation of ECC-LIB which is a software library (in C++) that supports algebraic
operations and a rich variety of cryptographic protocols for Elliptic Curve Cryptography in fields of the
form Fp, with p an odd prime, based on the Complex Multiplication method.

IST STREP project “CORAS” (from 2000 to 2003, 1MEuro). This project aimed to develop and
evaluate an integrated platform for risk analysis and management in security critical applications
(e.g. in ecommerce and telemedicine applications). The methodology is based on formal and
semiformal modeling methodologies that can facilitate the risk analysis process from the design to
the implementation of the system. Mr. Stamatiou, leading the CTI team, along with two other project
partners (the Institute for Research and Technology (FORTH) in Heraklion, Crete, and NCT-National
Centre for Telemedicine in Norway), designed and managed the CORAS platform evaluation pilots
targeted at the analysis of the network-based telemedicine application HYGEIANET developed by
FORTH, which linked through a telecommunications infrastructure the hospitals and health centers
throughout Crete. The pilots focused on producing risk models (using variations of the UML Universal
Modeling Language) for the targeted applications. The models were produced and analyzed using the
methodology of the project and the results were reported and analyzed by the doctors at the
University Hospital at Heraklion in Crete.

Design and Implementation of a statistical framework for risk management in forecast betting games
(from 2000 to 2002, 100KEuro). In this project, the goal of CTI was to design and implement a
multifunctional software for the risk management of fixed odds, forecast betting games (e.g. with
football matches) for exploitation by Intralot. This software was able to identify riskysituations (e.g.
sudden increase of bets placed on an indifferent football match) that may lead the betting company to
have significant financial damages. Mr. Stamatiou was the principal designer of the software and,
additionally, implemented himself the critical games database (based on the B+ tree data strructure)
for the collection and quick retrieval of game related information. The software was implemented
using the C + + Builder Enterprise 4.0 of Borland in the WINDOWS NT operating system. Moreover,
Mr. Stamatiou designed and implemented suitable statistical tests (based on hypothesis testing) for
optimizing risk management results as well as aiding the bookmaker in understanding the betting
behavior of players, based on what-if scenarios (both on-lined and off-line in previous betting
competitions stored on B+ trees).